CN108989354B - Identity verification method and device - Google Patents
Identity verification method and device Download PDFInfo
- Publication number
- CN108989354B CN108989354B CN201811034387.7A CN201811034387A CN108989354B CN 108989354 B CN108989354 B CN 108989354B CN 201811034387 A CN201811034387 A CN 201811034387A CN 108989354 B CN108989354 B CN 108989354B
- Authority
- CN
- China
- Prior art keywords
- block
- field
- user
- new
- time interval
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
Abstract
The disclosure provides an identity verification method and device, and relates to the technical field of identity authentication. The server side and the user side store a block chain related to user login information, when a user logs in, a block sent to the user side by the server side last time is searched and decrypted to obtain a time interval, a new block is generated according to the time interval and sent to the server side, after the server side receives a login request and the block sent by the user side, the new block is generated in a mode corresponding to the user side, the new block is compared with the block sent by the user, the user identity is verified, and the safety of user identity verification is guaranteed.
Description
Technical Field
The present disclosure relates to the field of identity authentication technologies, and in particular, to an identity verification method and apparatus.
Background
With the development of scientific and technological technology, when people use network resources and access a network application system, in order to ensure the security of information, the identity of a user is often verified.
Disclosure of Invention
In view of the above, the present disclosure provides an identity authentication method and apparatus.
The identity authentication method is applied to a server side interacting with a user side; the server stores a block chain related to user login information, the block chain comprises a plurality of blocks, the blocks comprise a second field and a third field, the second field is data of the blocks and comprises user identity information, user current login information and a time interval, and the third field is block generation time; the method comprises the following steps:
and receiving a login request of a user and a first block sent by the user side.
And searching a second block generated by the last login of the user according to the login request and the first block.
And decrypting the second field and the third field of the second block to obtain a first time interval.
Generating a third block according to the first time interval.
And comparing the third block with the first block, and if the third block is consistent with the first block, judging that the user identity authentication is passed.
Further, the method further comprises: setting a new time interval after the user authentication is passed.
And generating a new block again according to the new time interval and the current login information, and encrypting a second field and a third field of the new block.
The new tile is saved locally.
Further, the block further comprises a first field and a fourth field; wherein the content of the first and second substances,
the first field is the hash value of the last block.
And the fourth field is a hash value of the block, and the hash value is obtained by calculating the first field, the second field and the third field through a hash function.
Further, the step of generating a third block according to the first time interval comprises:
and acquiring the fields of the blocks generated by the last login of the user.
Adding the first time interval to a field value in the field to generate a new field.
A hash value is computed on the new field by using a hash function to produce a third chunk.
The present disclosure provides an identity authentication method, which is applied to a user side interacting with a server side; the user side stores a block chain related to user login information, the block chain comprises a plurality of blocks, the blocks comprise a second field and a third field, the second field is data of the blocks and comprises user identity information, user current login information and a time interval, and the third field is block generation time; the method comprises the following steps:
and sending a login request to the server, and receiving a fourth block sent by the server, wherein the fourth block is generated during last login and is stored in the server.
And decrypting the second field and the third field of the fourth block to obtain a second time interval.
And generating a new block according to the second time interval, and sending the new block to the server side for identity verification.
Further, the method further comprises:
and when the user identity passes the verification, setting a new time interval so that the server generates a new block according to the new time interval, stores the new block in the local of the server and sends the new block to the user side when logging in next time.
Further, the block further comprises a first field and a fourth field; wherein.
The first field is the hash value of the last block.
And the fourth field is the hash value of the block, and the hash value is obtained by calculating the first field, the second field and the third field through a hash function.
Further, the step of generating a new block according to the second time interval and sending the new block to the server for identity verification includes:
and acquiring a third field in a fourth block sent by the server.
Adding the second time interval to a field value in the third field to produce a new third field.
A hash value is computed over the new third field according to a hash function to produce the new chunk.
Comparing a third field value in the new block with the current time, and if the third field value is within a set range, sending the new block to the server; if the current time is not within the set range, the process of generating the new third field is repeated to continue generating the new block until the comparison value of the third field value in the generated new block and the current time is within the set range.
The present disclosure provides an authentication device, which is applied to a server interacting with a client; the identity authentication device comprises a receiving module, a searching module, a first storage module, a first execution module, an authentication module and a first generation module.
The first storage module is used for storing a block chain related to user login information, the block chain comprises a plurality of blocks, each block comprises a first field, a second field, a third field and a fourth field, the first field is a hash value of the last block, the second field is data of the block and comprises user identity information, user login information and a time interval, the third field is block generation time, the fourth field is a hash value of the block, and the hash value is obtained by calculating the first field, the second field and the third field through a hash function.
The receiving module is used for receiving a login request of a user and a first block sent by the user side.
The searching module is used for searching a second block generated by the last login of the user according to the login request and the first block.
The first execution module is used for decrypting the second field and the third field of the second block to obtain a first time interval.
The first generating module is used for generating a third block according to the first time interval.
The verification module is used for comparing the first block with the third block to perform identity verification.
The identity authentication device provided by the present disclosure is applied to a client side of server side interaction, and includes a second storage module, a second execution module, and a second generation module.
The second storage module is used for storing a block chain related to user login information, the block chain comprises a plurality of blocks, each block comprises a first field, a second field, a third field and a fourth field, the first field is a hash value of the last block, the second field is data of the block and comprises user identity information, user login information and a time interval, the third field is block generation time, the fourth field is a hash value of the block, and the hash value is obtained by calculating the first field, the second field and the third field through a hash function.
The second execution module is configured to send a login request to the server, decrypt a second field and a third field of a fourth block to obtain a second time interval, where the fourth block is sent to the user side through the server during the current login; the fourth block is generated when logging in last time and is stored in the server.
And the second generation module is used for generating a new block according to the second time interval and sending the new block to the server side for identity verification.
According to the identity authentication method and device, a server stores a block chain related to user login information, after receiving a login request and a first block sent by a user side, the server searches a second block generated by the last login of a user according to the login request and the first block, and decrypts a second field and a third field of the second block to obtain a first time interval; the third block is generated at the first time interval and compared with the first block, so that the identity of the user is verified, the security of the identity verification can be ensured without frequently changing the login password of the user, and the malicious login can be tracked according to the block chain.
In order to make the aforementioned objects, features and advantages of the present disclosure more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
To more clearly illustrate the technical solutions of the present disclosure, the drawings needed for the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present disclosure, and therefore should not be considered as limiting the scope, and those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic flow chart of an authentication method provided in the present disclosure.
Fig. 2 is a block diagram illustrating an authentication method according to the present disclosure.
Fig. 3 is a block chain diagram illustrating an authentication method according to the present disclosure.
Fig. 4 is another schematic flow chart of the identity verification method provided in the present disclosure.
Fig. 5 is a schematic flow chart of an authentication method provided in the present disclosure.
Fig. 6 is a schematic flow chart of an authentication method provided in the present disclosure.
Fig. 7 is a schematic flow chart of an authentication device provided in the present disclosure.
Fig. 8 is a block diagram of an authentication device provided in the present disclosure.
Fig. 9 is another block diagram of an authentication device provided in the present disclosure.
Icon: 10-a first authentication device; 11-a first storage module; 12-a receiving module; 13-a lookup module; 14-a first execution module; 15-a first generation module; 16-a verification module; 20-a second authentication means; 21-a second storage module; 22-a second execution module; 23-second generation module.
Detailed Description
The technical solutions in the present disclosure will be described clearly and completely with reference to the accompanying drawings in the present disclosure, and it is to be understood that the described embodiments are only a part of the embodiments of the present disclosure, and not all of the embodiments. The components of the present disclosure, as generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present disclosure, presented in the figures, is not intended to limit the scope of the claimed disclosure, but is merely representative of selected embodiments of the disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the disclosure without making creative efforts, shall fall within the protection scope of the disclosure.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
Identity authentication techniques are an effective solution to the process of validating the identity of an operator in a computer network. All information in the computer network world including identity information of users is represented by a specific group of data, computers can only identify the digital identities of the users, and all authorization of the users is also authorization for the digital identities of the users. How to ensure that an operator who operates with digital identity is the legal owner of the digital identity, that is to say, the physical identity of the operator is ensured to be corresponding to the digital identity, and the identity authentication technology is used for solving the problem and has a very important role as a first gateway for protecting network assets.
At present, there are many authentication modes, but most of them require users to frequently change login passwords during authentication, so as to ensure the security of authentication, and even if there is a leak in the system, the malicious login cannot be found or tracked in time when the malicious login occurs.
Based on the above research, the present disclosure provides an identity authentication method and apparatus.
Please refer to fig. 1, which is a schematic flowchart of an authentication method according to the present disclosure, the method is applied to a server interacting with a client; the server stores a block chain related to user login information, the block chain comprises a plurality of blocks, each block comprises a second field and a third field, the second field is data of the block and comprises user identity information, user login information and a time interval, and the third field is block generation time. The specific process shown in FIG. 1 will be described in detail below.
Step S10: and receiving a login request of a user and a first block sent by the user side.
Step S11: and searching a second block generated by the last login of the user according to the login request and the first block.
Step S12: and decrypting the second field and the third field of the second block to obtain a first time interval.
The server side calculates a secret key according to a set calculation method, the calculated secret key is shared by the server side and the user side, and the calculated secret key is stored in the server side and the user side. And when the user logs in next time, after the server receives the login request and the first block, decrypting the second field and the third field of the second block through a key to obtain the first time interval.
Step S13: generating a third block according to the first time interval.
Step S14: and comparing the third block with the first block, and judging whether the third block is consistent with the first block.
If the third block is consistent with the first block, that is, the information included in the third block is consistent with the information included in the first block, it is determined that the user identity authentication is passed, step S15 is executed, and if the third block is inconsistent with the first block, that is, the information included in the third block is inconsistent with the information included in the first block, step S141 is executed.
Step S141: the authentication is not passed.
Step S15: setting a new time interval after the user authentication is passed.
And if the new time interval is not set, the server side defaults that the new time interval is the same as the first time interval.
Step S16: and generating a new block again according to the new time interval and the current login information.
When a new block is generated, the new block also includes user information and the like in addition to the new time interval and the current login information, the new time interval is used as a new login condition for a condition that the user logs in to generate the new block next time, the current login information includes the current login time, and the current login time is subject to the local time.
Step S17: the new tile is saved locally.
And when the user logs in next time, the server side sends the new block to the user side, and the server side verifies the user identity again according to the new block.
Further, referring to fig. 2 in combination, the block further includes a first field and a fourth field; wherein, the first field is the hash value of the last block; the second field is data of the block and comprises identity information of the user, the login information of the user and a time interval; the third field is a block generation time; and the fourth field is the hash value of the block, and the hash value is obtained by calculating the first field, the second field and the third field through a hash function.
The second field is data of the block, wherein the identity information of the user is information recorded when the user logs in for the first time, such as a user name; the user login information comprises the login time; the time interval is used as a condition for the next login. When the block is stored, the second field is encrypted by using a key, so that the security of data is ensured.
The third field is the time generated by the block, the time precision can be set to be hours, minutes, seconds, milliseconds and the like, the time precision is determined by the self condition of the server, and when the block is stored, the third field is encrypted by using a secret key, so that the safety of data is ensured.
The hash value of the chunk is calculated from the fields of the chunk by a hash function, which may be MD4, MD5, SHA-1, SHA-256, etc. Since the first field is the hash value of the previous block and the fourth field is the hash value of the current block, in order to avoid malicious tampering of the blocks, the blocks may be grouped into a chain, as shown in fig. 3, and the validity of each block may be verified.
Further, referring to fig. 3, fig. 3 is a block chain diagram of the identity authentication method provided by the present disclosure, when a block is authenticated, hash values may be calculated for the first field, the second field, and the third field, the calculated hash values are compared with the fourth field, if the calculated hash values are equal to the fourth field, the block is considered not to be maliciously tampered and is a normal calculation result of a legitimate user end, and if the calculated hash values are not equal to the fourth field, the block is considered to be maliciously tampered and is not a normal calculation result of the legitimate user end. Furthermore, the whole block chain can be verified, by comparing whether the first field is equal to the fourth field of the previous block or not, if the first field is equal to the fourth field of the previous block, the block is considered to be legal, and after the block is legal, the validity of the previous block can be verified through a sample-through method, and then the block chain can be verified to the initial module to track the whole block chain.
Referring to fig. 4, the step of the server generating the third block according to the first time interval includes:
step S131: and acquiring the fields of the blocks generated by the last login of the user.
When the server receives a login request and a first block sent by the user, the server searches for the last block generated in the last login of the user, namely the second block, and decrypts a second field and a third field of the block to obtain a first time interval stored in the second field and generation time stored in the third field.
Step S132: adding the first time interval to a field value in the field to generate a new field.
The server generates a new third field by adding the first time interval to the third field of the last block in the block generated by the last login of the user, that is, the block generation time, and the new third field is used as the third field of the third block, for example, the last login of the user, and the block generation time is 9: 00, at a time interval of 5 minutes, at 9: 00 plus five minutes, i.e. 9: 05, then the new third field is 9: 05. for another example, if the user last logged in, the time to generate the tile is 10: 00, time interval 5 minutes, 10: 00 plus five minutes, i.e. 10: 05, then the new third field is 10: 05, then again 10: 05 plus minutes, i.e. 10: and 10, generating a new third field again, repeatedly adding the time interval on the last time basis, and continuously generating the new third field until the current time.
Step S133: a hash value is computed on the new field by using a hash function to produce a third chunk.
And calculating a hash value of the new third field, the second field of the second block and the fourth field of the second block, taking the calculated hash value as a new fourth field, taking the fourth field of the second block as the first field of the new block, taking the second field of the second block as the second field of the new block, taking the new third field as the third field of the new block and taking the new fourth field as the fourth field of the new block, so that the new block is formed.
And when a new third field is generated, calculating a hash value through a hash function to generate a new block, repeatedly generating the new block until the generation time of the block is close to the current time, taking the block as a third block, comparing the third block with the first block sent by the user side, and further verifying the identity of the user.
The server side stores a block chain related to user login information, searches a second block generated by the last login of a user according to a login request and a first block after receiving the login request and the first block sent by the user side, and decrypts a second field and a third field of the second block to obtain a first time interval; the third block is generated at the first time interval and is compared with the first block, so that the identity of the user is verified, the security of the identity verification can be ensured without frequently changing the login password of the user, and the malicious login can be tracked according to the legality of the block chain verification block,
please refer to fig. 5, which is a flowchart illustrating an authentication method according to the present disclosure, the method is applied to a user side interacting with a server side; the user side stores a block chain related to user login information, the block chain comprises a plurality of blocks, the blocks comprise a second field and a third field, the second field is data of the blocks and comprises user identity information, user login information and a time interval, and the third field is block generation time. The specific flow shown in fig. 5 will be described in detail below.
Step S20: and sending a login request to the server, and receiving a fourth block sent by the server.
The fourth block is generated and stored in the server side during last login, when the server side sends the fourth block to the user side, the server side also stores the same block as the fourth block, and the fourth block is a block generated last in the last login process of the user. When the user logs in, the server side sends the fourth block to the user side after receiving a login request of the user, and then the user changes different user sides, and can also perform identity verification through the block, so that the user can log in normally, and the security of the identity verification is provided.
Step S21: and decrypting the second field and the third field of the fourth block to obtain a second time interval.
The user sets a login password when logging in for the first time, the server calculates a key according to the password by a set calculation method, the calculated key is shared by the server and the user side, the calculated key is stored in the server and the user side, and the user cannot know the key.
For example, the user sets the login password as 123456 when logging in for the first time, the key calculated according to the hash function is 654321, the user only needs to input 123456 when logging in for the next time, and the user side restores the login password 123456 to the key 654321 according to the hash function, and further decrypts the second field and the third field of the block.
It will be appreciated that the second time interval is the same as the first time interval.
Step S22: and generating a new block according to the second time interval, and sending the new block to the server side for identity verification.
It can be understood that the new block is the first block mentioned in the above process, and after receiving the new block and the login request sent by the ue, the server searches for the block generated by the server at the last login, and performs the corresponding processes from step S10 to step S17.
Step S23: and when the user identity passes the verification, setting a new time interval so that the server generates a new block according to the new time interval and stores the local of the server for sending to the user side when logging in next time.
The new time interval can be set by the user, and if the user does not set the new time interval by himself, the new time interval can be set by the server.
Further, the block stored at the user side includes a first field, a second field, a third field and a fourth field; the first field is the hash value of the last block; the second field is data of the block and comprises identity information of the user, the login information of the user and a time interval; the third field is a block generation time; and the fourth field is the hash value of the block, and the hash value is obtained by calculating the first field, the second field and the third field through a hash function.
Since the blocks stored at the ue are identical to the blocks stored at the server and can also form a block chain, reference can be made to the above description of the server block and the block chain.
Referring to fig. 6, the step of generating a new block according to the second time interval and sending the new block to the server for identity verification includes:
step S221: and acquiring a third field in a fourth block sent by the server.
And the user side receives the fourth block sent by the server side, inputs a login password, restores the login password into a secret key according to a set calculation method, and further decrypts the second field and the third field of the fourth block to obtain the second time interval and the time generated by the third field.
Step S222: adding the second time interval to a field value in the third field to produce a new third field.
The ue uses the third field of the fourth block, i.e. the block generation time, and adds the second time interval to this time to form a new third field, where the new third field is used as the third field of the new block, for example, the block generation time is 9: 00, at a time interval of 5 minutes, at 9: 00 plus five minutes, i.e. 9: 05, then the new third field is 9: 05, for another example, if the user last logged in, the time to generate the block is 10: 00, time interval 5 minutes, 10: 00 plus five minutes, i.e. 10: 05, then the new third field is 10: 05, then again 10: 05 plus minutes, i.e. 10: and 10, generating a new third field again, repeatedly adding the time interval on the last time basis, and continuously generating the new third field until the current time.
Step S223: generating the new chunk by computing a hash value for the new third field using a hash function.
And calculating a hash value of the new third field, the second field of the fourth block and the fourth field of the fourth block, taking the calculated hash value as the new fourth field, taking the fourth field of the fourth block as the first field of the new block, taking the second field of the fourth block as the second field of the new block, taking the new third field as the third field of the new block, and taking the new fourth field as the fourth field of the new block, so that the new block is formed.
Step S224: and comparing the third field value in the new block with the current time to judge whether the third field value is within a set range.
And when a new third field is generated, calculating the hash value through the hash function to generate a new block, repeatedly generating the new block until the generation time of the block is close to the current time, and comparing the third field of the block with the current time.
The setting range can be set by itself, and if the setting range is within the setting range, step S225 is executed to send the new block to the server. If not, the process returns to step S221, and continues to generate a new block until the comparison value between the third field value in the generated new block and the current time is within the set range.
Step S225: and sending the new block to the server.
It can be understood that the new block is the first block mentioned in the above process, and when the new block is sent to the server, the server performs the processes corresponding to the above steps S10 to S14, so as to verify the identity. In this process, the ue also stores the regenerated blocks, and the blocks stored by the ue include the block sent by the server to the ue and the generated blocks.
The above-mentioned process is a process of performing identity authentication for ordinary login of a user, and when the user logs in for the first time, please refer to fig. 7, which is a schematic diagram of a process of first login of the user, and the specific process shown in fig. 7 will be described in detail below.
Step S30: and (4) registering the user.
When a new user registers, the user needs to set a login password of the user, and the server side and the user side calculate a secret key according to the login password and a set calculation method. The key is based on a symmetric cipher (optional cipher algorithm when the system is realized), is used for encrypting subsequent information and encrypting the block field in the process, and is shared by the user and the verifier.
For another example, when a user logs in with a public computer, the server stores the identity information block chains of multiple persons, and further when the user logs in, the server needs to search the identity information block chain corresponding to the user from the identity information block chains of multiple persons. For example, when a user logs in, a login request is sent to a server, the login request comprises a user name of the user, after the server receives the login request sent by the user, according to the user name of the user, an identity information block chain corresponding to the user name is searched from the identity information block chains of multiple persons, and after the identity information block chain corresponding to the user name is searched, a block finally generated by last login is sent to the user.
Step S31: and (5) initializing.
The server initializes, generating an initial block for a subsequent verification process, wherein a first field of the block is specified by the server, e.g., fixed to 0 or other value.
Step S32: the user logs in automatically for the first time.
And the user logs in the system automatically after the user successfully registers.
Step S33: and setting the next login condition.
After the user successfully logs in, a time interval needs to be set, the server generates an initial block according to the time interval and the current login information, and the server stores the initial block locally and sends the initial block to the user side for storage. At the next login, a new tile is generated by time interval, and the generation of the tile will be used for the verification of the user login.
The initial block is generated in the memory, and only after the user successfully logs in and sets the condition for generating the next block, namely the time interval, the initial block is generated and written into the hard disk for storage, and the generation time of the initial block is the first login time of the user.
Step S35: the next time the user logs in.
Step S36: and judging whether the verification is passed or not.
This step may refer to the process of authenticating identity described above. And if the verification is passed, setting the condition of the next login. If the authentication fails, the authentication fails.
The identity authentication method is applied to a user side interacting with a server side, the user side stores a block chain related to user login information, sends a login request, takes out a fourth block generated by the user login last time, and decrypts a second field and a third field of the fourth block to obtain a second time interval; and generating a new block at a second time interval, sending the new block to the server, generating the block by the server according to the time interval, and comparing the new block with the block generated by the server, so that the identity of the user is verified, the security of identity verification can be ensured without frequently replacing a login password by the user, and malicious login can be tracked according to the validity of the block chain verification block.
Referring to fig. 8, a first authentication device 10 provided by the present disclosure is applied to a server interacting with a user side, where the first authentication device 10 is configured to perform steps S10 to S17 in the flowchart of fig. 1. The first authentication device 10 comprises a receiving module 12, a searching module 13, a first storing module 11, a first executing module 14, an authentication module 16 and a first generating module 15.
The first storage module 11 is configured to store a block chain related to user login information, where the block chain includes multiple blocks, each block includes a first field, a second field, a third field, and a fourth field, the first field is a hash value of a previous block, the second field is data of the block, and includes identity information of a user, the current login information of the user, and a time interval, the third field is block generation time, the fourth field is a hash value of the block, and the hash value is obtained by calculating the first field, the second field, and the third field through a hash function.
The receiving module 12 is configured to receive a login request and a first block of a user sent by the user side.
The searching module 13 is configured to search for a second block generated by the user in the last login according to the login request and the first block.
The first execution module 14 is configured to decrypt the second field and the third field of the second block to obtain a first time interval.
The first generating module 15 is configured to generate a third block according to the first time interval.
The verification module 16 is configured to compare the first block with the third block for identity verification.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific operation of the first authentication apparatus 10 described above may refer to the corresponding processes in the foregoing method steps S10 to S17, and will not be described in too much detail herein.
Referring to fig. 9, a second authentication device 20 provided by the present disclosure is applied to a user side of a server side interaction, where the second authentication device 20 is configured to execute steps S20 to S25 in the flowchart illustrated in fig. 5. The second identity authentication device 20 includes a second storage module 21, a second execution module 22, and a second generation module 23.
The second storage module 21 is configured to store a block chain related to user login information, where the block chain includes multiple blocks, each block includes a first field, a second field, a third field, and a fourth field, the first field is a hash value of a previous block, the second field is data of the block, and includes identity information of a user, the user login information of this time, and a time interval, the third field is block generation time, the fourth field is a hash value of the block, and the hash value is obtained by calculating the first field, the second field, and the third field through a hash function.
The second execution module 22 is configured to send a login request to the server, and decrypt the second field and the third field of the fourth block to obtain a second time interval, where the fourth block is obtained by sending the fourth block to the user side when the server logs in this time, and the fourth block is generated when the server logs in last time and is stored in the server.
The second generating module 23 is configured to generate a new block according to the second time interval, and send the new block to the server for identity verification, where as can be understood, the new block is the first block mentioned in the foregoing process.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific operation of the second authentication apparatus 20 described above may refer to the corresponding processes in the foregoing steps S20 through S25, and will not be described in detail herein.
In summary, according to the identity authentication method and apparatus provided by the present disclosure, the server and the client store a block chain related to user login information at the same time, when the user logs in, the server searches for a block sent to the client by the server last time, decrypts the second field and the third field of the block to obtain a time interval, generates a new block according to the time interval, and sends the new block to the server, after receiving a login request and the block sent by the client, the server also generates a new block in the same process as the client, compares the new block with the block sent by the user, and further authenticates the user identity, so that the security of the identity authentication can be ensured without frequently changing a login password by the user, and malicious login can be tracked according to the block chain.
In the several embodiments provided in the present disclosure, it should be understood that the disclosed apparatus and method may be implemented in other manners. The apparatus and method embodiments described above are illustrative only, as the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present disclosure may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part. The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present disclosure may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, an electronic device 10, or a network device) to execute all or part of the steps of the method according to the embodiments of the present disclosure. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element. Furthermore, the terms "first," "second," and the like are used merely to distinguish one description from another, and are not to be construed as indicating or implying relative importance.
The foregoing is illustrative of only alternative embodiments of the present disclosure and is not intended to limit the disclosure, which may be modified and varied by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present disclosure should be included in the protection scope of the present disclosure.
Claims (10)
1. An identity authentication method is characterized in that the method is applied to a server side interacting with a user side; the server stores a block chain related to user login information, the block chain comprises a plurality of blocks, each block comprises a second field and a third field, the second field is data of the block and comprises user identity information, user current login information and a time interval, and the third field is block generation time; the method comprises the following steps:
receiving a login request of a user and a first block sent by the user side;
searching a second block generated by the last login of the user according to the login request and the first block;
decrypting a second field and a third field of the second block to obtain a first time interval;
generating a third block according to the first time interval;
and comparing the fields of the third block and the first block, and if the fields of the third block and the first block are consistent, judging that the user identity authentication is passed.
2. The method of identity verification according to claim 1, the method further comprising:
setting a new time interval after the user identity authentication is passed;
generating a new block again according to the new time interval and the current login information, and encrypting a second field and a third field of the new block;
the new tile is saved locally.
3. The identity verification method of claim 1, wherein the block further comprises a first field and a fourth field; wherein the content of the first and second substances,
the first field is the hash value of the last block;
and the fourth field is a hash value of the block, and the hash value is obtained by calculating the first field, the second field and the third field through a hash function.
4. The identity verification method of claim 3, wherein the step of generating the third block according to the first time interval comprises:
acquiring a field of a block generated by the last login of the user;
adding the first time interval to a field value in the field to generate a new field;
a hash value is computed on the new field by using a hash function to produce a third chunk.
5. An identity authentication method is characterized in that the method is applied to a user side interacting with a server side; the user side stores a block chain related to user login information, the block chain comprises a plurality of blocks, each block comprises a second field and a third field, the second field is data of the block and comprises user identity information, user current login information and a time interval, and the third field is block generation time; the method comprises the following steps:
sending a login request to the server, and receiving a fourth block sent by the server, wherein the fourth block is generated during last login and is stored in the server;
decrypting the second field and the third field of the fourth block to obtain a second time interval;
and generating a new block according to the second time interval, and sending the new block to the server side for identity verification.
6. The method of identity verification according to claim 5, the method further comprising:
and after the user identity authentication is passed, setting a new time interval so that the server generates a new block according to the new time interval and stores the new block in the local of the server for sending to the user side when logging in next time.
7. The identity verification method of claim 5, wherein the block further comprises a first field and a fourth field; wherein the content of the first and second substances,
the first field is the hash value of the last block;
and the fourth field is a hash value of the block, and the hash value is obtained by calculating the first field, the second field and the third field through a hash function.
8. The identity authentication method of claim 7, wherein the step of generating a new block according to the second time interval and sending the new block to the server for identity authentication comprises:
acquiring a third field in a fourth block sent by the server;
adding the second time interval to a field value in the third field to produce a new third field;
calculating a hash value for the new third field according to a hash function to generate the new block;
comparing a third field value in the new block with the current time, and if the third field value is within a set range, sending the new block to the server; if the current time is not within the set range, the process of generating the new third field is repeated to continue generating the new block until the comparison value of the third field value in the generated new block and the current time is within the set range.
9. An identity authentication device is characterized in that the identity authentication device is applied to a server side interacting with a user side; the identity authentication device comprises a receiving module, a searching module, a first storage module, a first execution module, an authentication module and a first generation module;
the first storage module is used for storing a block chain related to user login information, the block chain comprises a plurality of blocks, each block comprises a first field, a second field, a third field and a fourth field, the first field is a hash value of the last block, the second field is data of the block and comprises user identity information, user login information and a time interval, the third field is block generation time, the fourth field is a hash value of the block, and the hash value is obtained by calculating the first field, the second field and the third field through a hash function;
the receiving module is used for receiving a login request of a user and a first block sent by the user side;
the searching module is used for searching a second block generated by the last login of the user according to the login request and the first block;
the first execution module is used for decrypting a second field and a third field of the second block to obtain a first time interval;
the first generating module is used for generating a third block according to the first time interval;
the verification module is used for comparing fields of the first block and the third block, and if the fields of the third block and the first block are consistent, the user identity verification is judged to be passed.
10. An identity authentication device is applied to a user side of server side interaction, and comprises a second storage module, a second execution module and a second generation module;
the second storage module is used for storing a block chain related to user login information, the block chain comprises a plurality of blocks, each block comprises a first field, a second field, a third field and a fourth field, the first field is a hash value of the last block, the second field is data of the block and comprises user identity information, user login information and a time interval, the third field is block generation time, the fourth field is a hash value of the block, and the hash value is obtained by calculating the first field, the second field and the third field through a hash function;
the second execution module is configured to send a login request to the server, decrypt a second field and a third field of a fourth block to obtain a second time interval, where the fourth block is sent to the user side through the server during the current login; the fourth block is generated during last login and is stored in the server;
and the second generation module is used for generating a new block according to the second time interval and sending the new block to the server side for identity verification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811034387.7A CN108989354B (en) | 2018-09-03 | 2018-09-03 | Identity verification method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811034387.7A CN108989354B (en) | 2018-09-03 | 2018-09-03 | Identity verification method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108989354A CN108989354A (en) | 2018-12-11 |
| CN108989354B true CN108989354B (en) | 2021-06-15 |
Family
ID=64544912
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811034387.7A Active CN108989354B (en) | 2018-09-03 | 2018-09-03 | Identity verification method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108989354B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106533696A (en) * | 2016-11-18 | 2017-03-22 | 江苏通付盾科技有限公司 | Block chain-based identity authentication methods, authentication server and user terminal |
| EP3236403A3 (en) * | 2016-04-22 | 2017-11-01 | Sony Corporation | Client, server, method and identity verification system |
| CN108259438A (en) * | 2016-12-29 | 2018-07-06 | 中移(苏州)软件技术有限公司 | A kind of method and apparatus of the certification based on block chain technology |
| WO2018143983A1 (en) * | 2017-02-01 | 2018-08-09 | Equifax, Inc. | Verifying an identity based on multiple distributed data sources using a blockchain to safeguard the identity |
-
2018
- 2018-09-03 CN CN201811034387.7A patent/CN108989354B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3236403A3 (en) * | 2016-04-22 | 2017-11-01 | Sony Corporation | Client, server, method and identity verification system |
| CN106533696A (en) * | 2016-11-18 | 2017-03-22 | 江苏通付盾科技有限公司 | Block chain-based identity authentication methods, authentication server and user terminal |
| CN108259438A (en) * | 2016-12-29 | 2018-07-06 | 中移(苏州)软件技术有限公司 | A kind of method and apparatus of the certification based on block chain technology |
| WO2018143983A1 (en) * | 2017-02-01 | 2018-08-09 | Equifax, Inc. | Verifying an identity based on multiple distributed data sources using a blockchain to safeguard the identity |
Non-Patent Citations (2)
| Title |
|---|
| "Blockchain-based Identity Management with Mobile Device";Zhimin Gao;《Proceedings of the 1st Workshop on Cryptocurrencies and Blockchains for Distributed Systems》;20180630;全文 * |
| "基于可信计算的车载网认证方案";文松;《湖北文理学院学报》;20170831;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108989354A (en) | 2018-12-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106612180B (en) | Method and device for realizing session identification synchronization | |
| US20130318357A1 (en) | System and Method for Secure Software Update | |
| US20080025515A1 (en) | Systems and Methods for Digitally-Signed Updates | |
| CN108965222B (en) | Identity authentication method, system and computer readable storage medium | |
| CN111444499B (en) | User identity authentication method and system | |
| KR20080105872A (en) | Method and apparatus for authenticating between clients using session key shared with server | |
| Rahmawati et al. | Digital signature on file using biometric fingerprint with fingerprint sensor on smartphone | |
| US11412068B2 (en) | User and user device authentication | |
| Grimes | Hacking multifactor authentication | |
| WO2013142802A1 (en) | Offline authentication with embedded authorization attributes | |
| CN113472521A (en) | Block chain-based real-name digital identity management method, signature device and verification device | |
| Manthiramoorthy et al. | Comparing several encrypted cloud storage platforms | |
| CN111917535A (en) | Data encryption storage method and device and server | |
| CN110188545B (en) | Data encryption method and device based on chained database | |
| EP3076584A1 (en) | Hashed data retrieval method | |
| CN111934862B (en) | Server access method and device, readable medium and electronic equipment | |
| CN108989354B (en) | Identity verification method and device | |
| CN114070571B (en) | Method, device, terminal and storage medium for establishing connection | |
| Alattar et al. | Anti-continuous collisions user-based unpredictable iterative password salted hash encryption | |
| Hande et al. | An analysis on data Accountability and Security in cloud | |
| CN109088720B (en) | Encrypted file duplicate removal method and device based on hybrid cloud storage | |
| Drake et al. | Designing a User-Experience-First, Privacy-Respectful, high-security mutual-multifactor authentication solution | |
| CN115600248B (en) | Data privacy protection authentication method, device and system based on key information hiding | |
| CN117408846B (en) | School educational administration data processing system based on cloud computing | |
| CN112887098B (en) | Data security method based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |