CN109617692B - Anonymous login method and system based on block chain - Google Patents

Anonymous login method and system based on block chain Download PDF

Info

Publication number
CN109617692B
CN109617692B CN201811526788.4A CN201811526788A CN109617692B CN 109617692 B CN109617692 B CN 109617692B CN 201811526788 A CN201811526788 A CN 201811526788A CN 109617692 B CN109617692 B CN 109617692B
Authority
CN
China
Prior art keywords
user
login
attribute information
parameter
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811526788.4A
Other languages
Chinese (zh)
Other versions
CN109617692A (en
Inventor
刘云霞
李汝佳
王永浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Zhaoxi Network Technology Co ltd
Zhengzhou Normal University
Original Assignee
Shanghai Zhaoxi Network Technology Co ltd
Zhengzhou Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Zhaoxi Network Technology Co ltd, Zhengzhou Normal University filed Critical Shanghai Zhaoxi Network Technology Co ltd
Priority to CN201811526788.4A priority Critical patent/CN109617692B/en
Publication of CN109617692A publication Critical patent/CN109617692A/en
Application granted granted Critical
Publication of CN109617692B publication Critical patent/CN109617692B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Abstract

The invention discloses an anonymous login method based on a block chain, which comprises the steps of initializing an authorization server, generating a corresponding block chain address by an obtained public key, and sending an authorization certificate to a user; enumerating all attribute information of the user, obtaining an identity parameter and a verification parameter of the user, and solidifying the identity parameter and the verification parameter into a block chain by using an authorization certificate; according to login conditions issued by a system, selecting required attribute information to generate a user login certificate; the system receives the user login credentials, verifies the user login credentials according to the user identity parameters and/or the verification parameters, and confirms whether the current user meets login conditions. The invention also discloses an anonymous login system based on the block chain. Aiming at the defects of the current anonymous login system, the technical scheme of the invention adopts a Hash algorithm, an asymmetric encryption algorithm and the like to encrypt the personal attribute information, and stores the personal attribute information in the block chain, so that the personal attribute information of the user can be protected to the maximum extent on the premise of ensuring the safety authentication of the identity of the user.

Description

Anonymous login method and system based on block chain
Technical Field
The invention belongs to the field of computer system security, and particularly relates to an anonymous login method and system based on a block chain.
Background
In the 21 st century, with the continuous development of information technology, the information security problem is prominent. How to ensure the security of information systems has become a problem of social concern. The information security mainly comprises the following five aspects of ensuring the confidentiality, authenticity, integrity, unauthorized copying and security of a parasitic system. The information security itself includes a wide range, including how to prevent the leakage of the secret of the business enterprise, prevent the browsing of bad information by teenagers, the leakage of personal information, etc.
Therefore, the information security system in the network environment is the key for ensuring information security, and includes a computer security operating system, various security protocols, security mechanisms (digital signatures, message authentication, data encryption, etc.), and up to security systems, such as UniNAC, DLP, etc., the global security can be threatened as long as security vulnerabilities exist. Information security means that an information system (including hardware, software, data, people, physical environment and infrastructure thereof) is protected and is not damaged, changed and leaked due to accidental or malicious reasons, the system continuously, reliably and normally operates, information service is not interrupted, and finally service continuity is realized.
Under the demand, anonymous login technology is necessary. The anonymous login is a process of entering an operating system or an application program in an anonymous mode, and under the condition of anonymous login, an access requester does not need to submit all personal information. There are two current anonymous login methods: there are authorized anonymous logins (e.g., password authentication schemes) and unauthorized anonymous logins (e.g., hacking). The core idea of authorized login is to separate authentication of a user from login of the user, taking an OAuth 2.0 user open authorization protocol as an example, information of the user is placed in a centralized authorization server, and when the user needs to access a third-party system, the third-party system requires the user to obtain an authorization token like the centralized authorization server.
However, in this process, there are the following problems: (1) the centralized authorization server stores all information of the user, once the data is attacked and trapped by a hacker, all the information is exposed, and the current events of user information leakage caused by attacking and trapping of the centralized server are endless in recent years; (2) such login schemes do not provide anonymous login functionality, and if the authorization server and the third-party system are in series, the user can be easily traced. That is, the user's information still has multiple uncontrolled ways of disclosure.
Disclosure of Invention
In view of the above-mentioned drawbacks and needs of the prior art, the present invention provides a block chain-based anonymous login method, which at least partially solves the above-mentioned problems. Aiming at the condition that the existing anonymous login system can not be realized, the technical scheme of the invention adopts a Hash algorithm, an asymmetric encryption algorithm and the like to encrypt the personal attribute information and stores the personal attribute information in the block chain, so that the personal attribute information of the user can be protected to the maximum extent on the premise of ensuring the safety authentication of the identity of the user.
To achieve the above object, according to one aspect of the present invention, there is provided an anonymous login method based on block chains, comprising
S1 initializes the authorization server, generates the corresponding block chain address according to the public key obtained after initialization, and sends the authorization certificate to the user;
s2 enumerating all attribute information of the user, performing hash operation on the attribute information to obtain identity parameters and verification parameters of the user, and solidifying the identity parameters and the verification parameters into a block chain by using an authorization certificate;
s3, according to the login condition issued by the system, selecting the required attribute information to generate a user login certificate, and submitting the user login certificate to the system requesting login;
and the S4 system receives the user login certificate, verifies the user login certificate according to the user identity parameter and/or the verification parameter and confirms whether the current user meets the login condition.
As a preferable aspect of the present invention, step S1 includes,
s11, determining security parameters and/or encryption algorithm, initializing and disclosing the public key of the authorization server;
s12, obtaining the corresponding block chain address according to the public key, and correspondingly storing the authorized user information;
s13 the authorization server randomly generates a number of random numbers and distributes them to the user as authorization credentials.
As a preferable aspect of the present invention, step S2 includes,
s21 enumerating all attribute information of the user, and acquiring an attribute information list of the user;
s22, according to the safety parameters, the verification parameters of the user are obtained by combining the attribute information;
s23, sending the distributed authorization voucher, the identity parameter and the verification parameter to an authorization server;
s24, signature processing is carried out on the identity parameter and the verification parameter which pass the authorization, and the identity parameter and the verification parameter are solidified and stored in the block chain.
As a preferable aspect of the present invention, step S3 includes,
s31, according to the service requirement, disclosing the login condition, the login condition puts forward the requirement to one or more attribute information of the user;
s32, the user requesting to log in selects the corresponding attribute information to generate the corresponding hash value and/or verification parameter according to the log-in condition;
s33, generating a login certificate, wherein the login certificate comprises attribute information meeting login conditions, a hash value of the attribute information, authentication parameters, and identity parameters and verification parameters of a user.
As a preferable aspect of the present invention, step S4 includes,
s41, receiving a user login certificate, and determining that the identity parameter and the verification parameter of the user are stored in the block chain;
s42, carrying out hash calculation on the attribute information of the user, and determining that the attribute information is consistent with the corresponding attribute hash value in the verification parameter;
s43, according to the attribute information, the verification parameter and the verification parameter of the user, determining that the login certificate provided by the current user is consistent with the identity parameter stored in the block chain, namely the verification is passed.
According to one aspect of the invention, an anonymous login system based on a block chain is provided, which is characterized by comprising
The initial module is used for initializing the authorization server, generating a corresponding block chain address according to a public key obtained after initialization, and sending an authorization certificate to a user;
the authorization module is used for enumerating all attribute information of the user, carrying out hash operation on the attribute information to obtain an identity parameter and a verification parameter of the user, and solidifying the identity parameter and the verification parameter into a block chain by using an authorization certificate;
the login module is used for selecting the required attribute information to generate a user login certificate according to the login condition issued by the system and submitting the user login certificate to the system requesting login;
and the verification module is used for receiving the user login certificate by the system, verifying the user login certificate according to the user identity parameter and/or the verification parameter and confirming whether the current user meets the login condition.
As a preferred embodiment of the present invention, the step initialization module comprises,
the initialization module is used for determining security parameters and/or encryption algorithms, initializing and disclosing a public key of the authorization server;
the block chain module is used for acquiring a corresponding block chain address according to the public key and correspondingly storing the authorized user information;
and the authorization voucher module is used for randomly generating a plurality of random numbers by the authorization server and distributing the random numbers to the user as an authorization voucher.
As a preferred embodiment of the present invention, the authorization module includes,
the attribute module is used for enumerating all attribute information of the users and acquiring an attribute information list of the users;
the parameter module is used for acquiring the verification parameters of the user according to the safety parameters and in combination with the attribute information;
the request module is used for sending the distributed authorization voucher, the identity parameter and the verification parameter to the authorization server;
and the signature module is used for carrying out signature processing on the identity parameters and the verification parameters which pass the authorization and storing the identity parameters and the verification parameters into the block chain in a curing way.
As a preferable aspect of the present invention, the login module includes,
the system comprises a condition module, a log-in module and a log-in module, wherein the condition module is used for disclosing log-in conditions according to business requirements, and the log-in conditions make requirements on one or more attribute information of a user;
the attribute information module is used for selecting corresponding attribute information to generate a corresponding hash value and/or a corresponding verification parameter according to the login condition by the user requesting login;
and the login certificate module is used for generating a login certificate, wherein the login certificate comprises attribute information meeting login conditions, a hash value of the attribute information, verification parameters, and identity parameters and verification parameters of the user.
As a preferable aspect of the present invention, the verification module includes,
the parameter verification module is used for receiving a user login certificate and determining that the identity parameter and the verification parameter of the user are stored in the block chain;
the attribute verification module is used for carrying out Hash calculation on the attribute information of the user and determining that the attribute information is consistent with the corresponding attribute Hash value in the verification parameter;
and the identity authentication module is used for determining that the login certificate provided by the current user is consistent with the identity parameter stored in the block chain according to the attribute information, the verification parameter and the authentication parameter of the user, namely the authentication is passed.
Generally, compared with the prior art, the above technical solution conceived by the present invention has the following beneficial effects:
1) compared with the common equal login method, the technical scheme of the invention provides an anonymous login method, and the third-party resource system only knows whether the user has the right to login and does not know the specific information of the user. Even if the authorization server and the third-party system are communicated, the privacy information of the user cannot be known.
2) Compared with the common equal login method, the technical scheme of the invention has the advantages that the user data is stored in a distributed mode, the user data is stored by the user, the authorization server does not need to store any content, and an attacker still cannot damage the privacy of the user even if the attacker invades the authorization server.
3) Compared with a common login method for repeatedly using an authorization server, the technical scheme of the invention has the advantages that the user generates the anonymous login certificate, the user can automatically determine when and where to generate the anonymous certificate required by the user, the interaction with the authorization server is not needed, and the login process is greatly optimized.
Drawings
FIG. 1 is an overview of an information structure according to an embodiment of the present invention;
FIG. 2 is an exemplary diagram of a Merkle Tree in accordance with an embodiment of the present invention;
fig. 3 is a flowchart of login authentication according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other. The present invention will be described in further detail with reference to specific embodiments.
As shown in fig. 3, an embodiment of the technical solution of the present invention provides an anonymous login method based on a block chain, which is mainly characterized in that a user first performs authentication and authorization through an authorization server, then performs hash operation on personal attribute information to generate a specific hash value, and stores corresponding information in the block chain. When a user needs to log in a system (or a third-party system), the identity of the user can be verified through the verification information stored on the block chain by only providing part of attribute information and the hash value of part of attribute information, so that the anonymous login of the user is realized.
It should be particularly noted that, in the anonymous login in this embodiment, the name is not simply hidden, but the identity of the user is partially covered and encrypted, and only part of the user attribute information needs to be provided during login, so that whether the login condition is met or not can be determined through part of the identity information provided by the user. Therefore, only a certain crowd range can be determined according to part of identity information provided by the user, and specific user identity cannot be actually determined. That is, the user who requests to log in is hidden in the crowd meeting a certain condition range, so as to achieve the aim of anonymity.
Specifically, as shown in fig. 1, in this embodiment, first, a public key and a private key of an authorization server are initialized according to security parameters, an asymmetric encryption algorithm, and the like, the public key of the authorization server is published, and a corresponding block chain address ADR is obtained according to the public key. The initialized authorization server randomly generates a plurality of random numbers and randomly distributes the random numbers to the users. In the present embodiment, it is preferable to express the random number as { Rand0,Rand1,......,Randm-1,Randm}。
Further, the user enumerates all attribute information of the user, such as name, birth date, gender and nationality, so as to obtain a set { attr } of all attributes of the user0,attr1,.......,attrn-1,attrnAnd calculating to obtain Merkle Root according to the attribute set of the user
Figure BDA0001904649390000051
The Merkle Root in this example is shown in fig. 2.
For any user, Merkle Root in this embodiment
Figure BDA0001904649390000052
(identity parameters of the user) preferably has the following calculation:
Figure BDA0001904649390000053
specifically, a hash operation is performed on all attribute information of the user, and a Merkle Root (hash value) representing the identity of the user is finally obtained. The principle is that hash operations are continuously performed on adjacent attributes, and iterative hash operations are performed on the obtained results. Because any character string is subjected to continuous hash operation, the probability of obtaining the same hash value (hash collision) is extremely low, and thus the hash value of the attribute can be used as the identity verification identifier of the user.
Taking fig. 2 as an example to explain the above scheme, assuming that the identity of the user can be confirmed according to several items of attribute information, i.e. the name, date of birth, gender and nationality of the user, these attribute information are divided into two groups, and iterative hash operations are respectively performed until the last Merkle Root is obtained. That is, attr which will represent the name as in FIG. 20And attr representing birth date1Performing Hash operation to obtain Hash (attr)0,attr1) Similarly, Hash (attr) of the sex attribute information and the nationality attribute information is obtained2,attr3) And then Hash (attr) is applied again0,attr1) And Hash (attr)2,attr3) And carrying out hash operation, wherein the obtained hash value is the Merkle Root in the figure 2.
Since the hash operation is performed on any character string, the probability of (hash collision) for obtaining the same hash value is extremely small, so that the Merkle Root can be used as the identification credential of the user. Preferably, in this embodiment, a hash operation is performed on each attribute information, that is, for the user i, the hash value of the jth attribute information has the following expression:
hashij=Hash(attrij)。
further, on the basis of the Merkle Tree in fig. 2, the user selects parameters as required to generate verification parameters (commit ω) of the user according to the requirementsi) Has the following expression:
Figure BDA0001904649390000061
wherein G is ZpThe subgroup of order q above, the random generator G is selected<g0>=...<gj>H is g0 aR is a random number and aux is an arbitrary number, which will be used to replace the login authentication code in the future. The parameter a is a privacy parameter and is owned only by the user, and other parameters are public parameters.
Then, the user transmits the Merkle Root, the random number obtained by the allocation, and the verification parameter together to the authorization server. The authorization server firstly reads the random number provided by the user, judges whether the random number is in the random number list distributed to the user by the authorization server, if so, the data provided by the user is further processed and then sent to the block chain, otherwise, the authorization request of the user is rejected.
For the user whose random number meets the judgment requirement, the authorization server firstly signs the random number and then sends the random number, and the specific process is as follows:
Figure BDA0001904649390000062
Figure BDA0001904649390000063
transaction=GenTran(version,input,output,data:userdata+signature)
after the data parameters are confirmed by the block chain link points of certain data, the data parameters are permanently solidified into the block chain, and anyone can not modify the identity authentication information of the user, namely, the user completes the binding process of the property information of the user. As a preference of this embodiment, in order to increase the untraceability and the irrelevability, the above steps may be selected to be performed multiple times, that is, the identity parameter and the verification parameter obtained according to the user attribute information are subjected to signature processing multiple times and are solidified and saved in the block chain. In other words, the technical solution in this embodiment allows a user to perform authentication using multiple sets of hash values (for example, different hash algorithms are used for the same attribute information to obtain different hash values, and the like), where each hash value may be different from each other, but is an accurate real identity parameter of the user.
It should be emphasized that, in the implementation process of the above embodiment, the user may lose the anonymity mechanism of the user by using the same anonymous credential for multiple times, and more specifically, if the same user logs in the same system for multiple times by using the same anonymous credential (for example, only displaying the age), the system may push back the anonymous credential, where the same anonymous credential belongs to the same user, in order to better achieve the anti-tracking property and the anti-association property of logging in the system, in this embodiment, the user is allowed to authenticate on different authorization servers, and use the anonymous credential endorsed by different authorization servers under different login requests.
In this technology, a user can start anonymous access to a third-party system, and the specific process is as follows:
firstly, the third party system issues actual service requirements, and marks the login conditions of the system, such as only allowing people of a certain group to log in, or not allowing people of a certain age group to log in, and the like, and the third party system can be freely set according to the requirements. That is to say, a certain threshold condition may be set for the user login, and may be single attribute information (such as age, gender, or nationality) of the user, or a combination of multiple attribute information (such as age + gender), which is not specifically limited in the technical solution of the present invention, and the specific attribute category in this embodiment is also only used for describing the technical solution of the present invention, and is not considered to be a specific limitation on the technical solution of the present invention.
Then, the user selects the required attribute information to generate a login certificate according to the actual requirement of the third-party system, and then the login certificate is provided for the third-party system. In this embodiment, the attribute information login credentials are preferably as follows:
Figure BDA0001904649390000071
wherein, the authcode is a login verification code, and it needs to be stated that the hash isijAnd τijIs attribute attrjVerification parameter of (1), here τijAlgorithm, τ, calculated as the standard Merkle proofijThe calculation formula is preferably as follows,
Figure BDA0001904649390000072
wherein, gamma isiThe algorithm adopts the Pedson commitment algorithm, because only the user knows the privacy parameter a and the decomposition problem of discrete logarithm, only the user can rapidly calculate the gammaiThe calculation formula is preferably as follows:
hrg0 aux=hrg0 authcode
g0 arg0 aux=g0 ar′g0 authcode
Figure BDA0001904649390000081
in other words, the login credentials include the following information: the third party verifies the identity of the user according to the information.
In this embodiment, the verification process of the third-party system is preferably as follows:
the third-party resource system firstly scans the block chain according to the information in the login certificate to obtain
Figure BDA0001904649390000082
And ωiAnd comparing whether the login request is consistent with the login certificate or not, if not, directly refusing the login request, and if so, entering the next step. Then the hash is matchedijAuthentication, i.e. verifying the hashij=Hash(attrij) If yes, continue to check for tauijAnd
Figure BDA0001904649390000083
verification is carried out, and further (omega) is carried outi,Γi) And verifying, wherein if any one parameter information is not satisfied, the user is refused to log in, and only if the parameter information in the login certificate is verified to pass, the user requesting the login at present is allowed to log in anonymously.
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (8)

1. An anonymous login method based on a block chain is characterized by comprising
S1 initializes the authorization server, generates the corresponding block chain address according to the public key obtained after initialization, and sends the authorization certificate to the user;
s2 enumerates all attribute information of the user, performs hash operation on the attribute information to obtain an identity parameter and a verification parameter of the user, and solidifies the identity parameter and the verification parameter into the blockchain by using the authorization credential, which specifically includes:
s21 enumerating all attribute information of the user, and acquiring an attribute information list of the user;
s22, according to the safety parameters, the verification parameters of the user are obtained by combining the attribute information;
s23, sending the distributed authorization voucher, the identity parameter and the verification parameter to an authorization server;
s24, signature processing is carried out on the identity parameters and the verification parameters which pass the authorization, and the identity parameters and the verification parameters are solidified and stored in the block chain;
s3, according to the login condition issued by the system, selecting the required attribute information and generating the corresponding hash value and/or verification parameter, generating the user login certificate by the attribute information, the hash value and the verification parameter of the attribute information, the identity parameter and the verification parameter of the user which accord with the login condition, and submitting the user login certificate to the system requesting login;
and the S4 system receives the user login certificate, verifies the user login certificate according to the user identity parameter and/or the verification parameter and confirms whether the current user meets the login condition.
2. The anonymous login method based on block chain as claimed in claim 1, wherein said step S1 comprises,
s11, determining security parameters and/or encryption algorithm, initializing and disclosing the public key of the authorization server;
s12, obtaining the corresponding block chain address according to the public key, and correspondingly storing the authorized user information;
s13 the authorization server randomly generates a number of random numbers and distributes them to the user as authorization credentials.
3. The anonymous login method based on the blockchain according to any one of claims 1 to 2, wherein the step S3 includes,
s31, according to the service requirement, disclosing the login condition, the login condition puts forward the requirement to one or more attribute information of the user;
s32, the user requesting to log in selects the corresponding attribute information to generate the corresponding hash value and/or verification parameter according to the log-in condition;
s33, generating a login certificate, wherein the login certificate comprises attribute information meeting login conditions, a hash value of the attribute information, authentication parameters, and identity parameters and verification parameters of a user.
4. The anonymous login method based on the blockchain according to any one of claims 1 to 2, wherein the step S4 includes,
s41, receiving a user login certificate, and determining that the identity parameter and the verification parameter of the user are stored in the block chain;
s42, carrying out hash calculation on the attribute information of the user, and determining that the attribute information is consistent with the corresponding attribute hash value in the verification parameter;
s43, according to the attribute information, the verification parameter and the verification parameter of the user, determining that the login certificate provided by the current user is consistent with the identity parameter stored in the block chain, namely the verification is passed.
5. An anonymous login system based on a blockchain is characterized by comprising
The initial module is used for initializing the authorization server, generating a corresponding block chain address according to a public key obtained after initialization, and sending an authorization certificate to a user;
the authorization module is used for enumerating all attribute information of a user, performing hash operation on the attribute information to obtain an identity parameter and a verification parameter of the user, and solidifying the identity parameter and the verification parameter into a block chain by using an authorization certificate, and the authorization module comprises:
the attribute module is used for enumerating all attribute information of the users and acquiring an attribute information list of the users;
the parameter module is used for acquiring the verification parameters of the user according to the safety parameters and in combination with the attribute information;
the request module is used for sending the distributed authorization voucher, the identity parameter and the verification parameter to the authorization server;
the signature module is used for carrying out signature processing on the identity parameters and the verification parameters which pass the authorization and storing the identity parameters and the verification parameters into the block chain in a solidified manner;
the login module is used for selecting the required attribute information according to the login condition issued by the system, generating a corresponding hash value and/or verification parameter, generating a user login certificate by the attribute information meeting the login condition, the hash value and the verification parameter of the attribute information and the identity parameter and the verification parameter of the user, and submitting the user login certificate to the system requesting login;
and the verification module is used for receiving the user login certificate by the system, verifying the user login certificate according to the user identity parameter and/or the verification parameter and confirming whether the current user meets the login condition.
6. The anonymous login system based on the blockchain according to claim 5, wherein the step initial module comprises,
the initial module is used for determining security parameters and/or encryption algorithms, and initializing and disclosing a public key of the authorization server;
the block chain module is used for acquiring a corresponding block chain address according to the public key and correspondingly storing the authorized user information;
and the authorization voucher module is used for randomly generating a plurality of random numbers by the authorization server and distributing the random numbers to the user as an authorization voucher.
7. The anonymous login system based on the blockchain according to any one of claims 5 to 6, wherein the login module comprises,
the system comprises a condition module, a log-in module and a log-in module, wherein the condition module is used for disclosing log-in conditions according to business requirements, and the log-in conditions make requirements on one or more attribute information of a user;
the attribute information module is used for selecting corresponding attribute information to generate a corresponding hash value and/or a corresponding verification parameter according to the login condition by the user requesting login;
and the login certificate module is used for generating a login certificate, wherein the login certificate comprises attribute information meeting login conditions, a hash value of the attribute information, verification parameters, and identity parameters and verification parameters of the user.
8. The anonymous login system based on a blockchain according to any one of claims 5 to 6, wherein the authentication module comprises,
the parameter verification module is used for receiving a user login certificate and determining that the identity parameter and the verification parameter of the user are stored in the block chain;
the attribute verification module is used for carrying out Hash calculation on the attribute information of the user and determining that the attribute information is consistent with the corresponding attribute Hash value in the verification parameter;
and the identity authentication module is used for determining that the login certificate provided by the current user is consistent with the identity parameter stored in the block chain according to the attribute information, the verification parameter and the authentication parameter of the user, namely the authentication is passed.
CN201811526788.4A 2018-12-13 2018-12-13 Anonymous login method and system based on block chain Active CN109617692B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811526788.4A CN109617692B (en) 2018-12-13 2018-12-13 Anonymous login method and system based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811526788.4A CN109617692B (en) 2018-12-13 2018-12-13 Anonymous login method and system based on block chain

Publications (2)

Publication Number Publication Date
CN109617692A CN109617692A (en) 2019-04-12
CN109617692B true CN109617692B (en) 2022-04-26

Family

ID=66008085

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811526788.4A Active CN109617692B (en) 2018-12-13 2018-12-13 Anonymous login method and system based on block chain

Country Status (1)

Country Link
CN (1) CN109617692B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111047763A (en) * 2019-12-05 2020-04-21 全链通有限公司 Electronic voting method, device and storage medium based on block chain
CN110958253A (en) * 2019-12-05 2020-04-03 全链通有限公司 Electronic voting method, device and storage medium based on block chain
CN111355726B (en) * 2020-02-26 2021-02-02 登录易(深圳)科技有限公司 Identity authorization login method and device, electronic equipment and storage medium
CN111614687A (en) * 2020-05-26 2020-09-01 牛津(海南)区块链研究院有限公司 Identity verification method, system and related device
CN111600900B (en) * 2020-05-26 2022-09-02 牛津(海南)区块链研究院有限公司 Single sign-on method, server and system based on block chain
CN112367174B (en) * 2020-11-06 2023-04-07 深圳前海微众银行股份有限公司 Block chain consensus method and device based on attribute values
CN113011960A (en) * 2020-11-30 2021-06-22 腾讯科技(深圳)有限公司 Block chain-based data access method, device, medium and electronic equipment
CN113326327B (en) * 2021-06-15 2022-04-19 支付宝(杭州)信息技术有限公司 Block chain-based certificate query method, system and device
CN114268472B (en) * 2021-12-10 2023-12-15 杭州溪塔科技有限公司 User authentication method and system of application system based on block chain

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107181765A (en) * 2017-07-25 2017-09-19 光载无限(北京)科技有限公司 Network digital identity identifying method based on block chain technology
CN107391944A (en) * 2017-07-27 2017-11-24 北京太云科技有限公司 A kind of electronic health record shared system based on block chain
CN108259438A (en) * 2016-12-29 2018-07-06 中移(苏州)软件技术有限公司 A kind of method and apparatus of the certification based on block chain technology
CN108809953A (en) * 2018-05-22 2018-11-13 飞天诚信科技股份有限公司 A kind of method and device of the anonymous Identity certification based on block chain
CN108881301A (en) * 2018-08-02 2018-11-23 珠海宏桥高科技有限公司 A kind of identity identifying method based on block chain
CN108959911A (en) * 2018-06-14 2018-12-07 联动优势科技有限公司 A kind of key chain generates, verification method and its device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10587609B2 (en) * 2016-03-04 2020-03-10 ShoCard, Inc. Method and system for authenticated login using static or dynamic codes
US20180108024A1 (en) * 2016-06-03 2018-04-19 Chronicled, Inc Open registry for provenance and tracking of goods in the supply chain

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108259438A (en) * 2016-12-29 2018-07-06 中移(苏州)软件技术有限公司 A kind of method and apparatus of the certification based on block chain technology
CN107181765A (en) * 2017-07-25 2017-09-19 光载无限(北京)科技有限公司 Network digital identity identifying method based on block chain technology
CN107391944A (en) * 2017-07-27 2017-11-24 北京太云科技有限公司 A kind of electronic health record shared system based on block chain
CN108809953A (en) * 2018-05-22 2018-11-13 飞天诚信科技股份有限公司 A kind of method and device of the anonymous Identity certification based on block chain
CN108959911A (en) * 2018-06-14 2018-12-07 联动优势科技有限公司 A kind of key chain generates, verification method and its device
CN108881301A (en) * 2018-08-02 2018-11-23 珠海宏桥高科技有限公司 A kind of identity identifying method based on block chain

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
"Blockchain-based Identity Management with Mobile Device";Gao Z , Xu L;《CryBlock"18: Proceedings of the 1st Workshop on Cryptocurrencies and Blockchains for Distributed Systems》;20180615;全文 *
"Implementing Authenticated Identity with Trusted Key and Auth0";Keith Kowal;《https://auth0.com/blog/authenticated-identity-trusted-key-auth0/》;20171106;全文 *
Nazrul M. Ahmad ; Siti Fatimah Abdul Razak."Improving Identity Management of Cloud-Based IoT Applications Using Blockchain".《2018 International Conference on Intelligent and Advanced System (ICIAS)》.2018, *
刘敖迪 ; 杜学绘 ; 王娜 ; 李少卓."区块链技术及其在信息安全领域的研究进展".《软件学报》.2018, *
宋宪荣 ; 张猛."网络可信身份认证技术问题研究".《网络空间安全》.2018, *

Also Published As

Publication number Publication date
CN109617692A (en) 2019-04-12

Similar Documents

Publication Publication Date Title
CN109617692B (en) Anonymous login method and system based on block chain
US11496310B2 (en) Methods and systems for universal storage and access to user-owned credentials for trans-institutional digital authentication
US11606352B2 (en) Time-based one time password (TOTP) for network authentication
Mukta et al. Blockchain-based verifiable credential sharing with selective disclosure
JP2020528695A (en) Blockchain authentication via hard / soft token verification
CN110874464A (en) Method and equipment for managing user identity authentication data
KR102219277B1 (en) System and method for controlling the delivery of authenticated content
CN111027036B (en) Identity association method based on block chain
CN112000744B (en) Signature method and related equipment
CN109951296A (en) A kind of remote data integrity verification method based on short signature
CN104125199B (en) A kind of anonymous authentication method and system based on attribute
KR20210072794A (en) Consensus-based voting for network member identification employing a blockchain-based identity signature mechanism
CN111835526B (en) Method and system for generating anonymous credential
US20210241270A1 (en) System and method of blockchain transaction verification
KR102227578B1 (en) Method for serving certificate based on zero knowledge proof by using blockchain network, and server and terminal for using them
CN110020869B (en) Method, device and system for generating block chain authorization information
CN113360943A (en) Block chain private data protection method and device
CN105187405A (en) Reputation-based cloud computing identity management method
JP2014529124A (en) Method for managing and inspecting data from various identity domains organized into structured sets
CN109450636B (en) Integrity verification method for group data in cloud storage
CN110572392A (en) Identity authentication method based on HyperLegger network
US20210035249A1 (en) Systems/protocol for creating an interconnected web of strong identities
CN110851804A (en) Alliance chain identity authentication method based on electronic contract
CN112036884B (en) Signature method and related equipment
CN110943846B (en) Heterogeneous identity federation user reputation value transmission method based on ring signature technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant