CN109815657B - Identity authentication method and device based on alliance chain, computer readable storage medium and terminal equipment - Google Patents
Identity authentication method and device based on alliance chain, computer readable storage medium and terminal equipment Download PDFInfo
- Publication number
- CN109815657B CN109815657B CN201811529919.4A CN201811529919A CN109815657B CN 109815657 B CN109815657 B CN 109815657B CN 201811529919 A CN201811529919 A CN 201811529919A CN 109815657 B CN109815657 B CN 109815657B
- Authority
- CN
- China
- Prior art keywords
- block
- node
- chain
- identity
- block chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000004891 communication Methods 0.000 claims abstract description 66
- 238000012544 monitoring process Methods 0.000 claims abstract description 17
- 230000008520 organization Effects 0.000 claims description 62
- 230000006399 behavior Effects 0.000 claims description 44
- 238000004590 computer program Methods 0.000 claims description 21
- 238000012795 verification Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 230000003993 interaction Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
Abstract
The invention is suitable for the technical field of block chains, and provides an identity authentication method and terminal equipment based on a alliance chain, wherein the identity authentication method comprises the following steps: submitting the identity identification data and the joining request of the first blockchain node to a creation block in a alliance chain; if the authentication passing information returned by the creation block is received, monitoring whether a communication request of a second block chain node is received; if a communication request of a second block chain node is received, acquiring the identity identification data of the second block chain node from the communication request, and performing identity authentication on the second block chain node according to the identity identification data of the second block chain node; and if the identity authentication of the second blockchain node passes, returning the data corresponding to the communication request to the second blockchain node. By the method, the reliability of the identity authentication method based on the alliance chain is effectively improved.
Description
Technical Field
The invention relates to the technical field of block chains, in particular to an identity authentication method and terminal equipment based on a alliance chain.
Background
In a federation chain, trusted identity authentication is typically performed using a digital Certificate (which is issued by an electronic Certificate Authority (CA)). In order to distinguish between multiple participating organizations in a federation chain and multiple federation chain nodes participating in each organization, a common approach is to construct a separate root CA for each organization to represent one organization in the federation chain and issue a digital certificate for each node in the organization by the root CA to prove the identity of the node in the organization. When the alliance chain authenticates the identity of the node, the node is judged to belong to which organization by verifying the effective issuing root CA of the digital certificate of the node.
An organization may participate in a plurality of different federation chains, that is, an organization may have a plurality of root CAs, and then each node in the organization may have a digital certificate issued by a different root CA, that is, each node corresponds to a plurality of digital certificates, which may result in a higher error rate when performing identity authentication on the nodes in the organization, and further result in a lower reliability of the identity authentication.
Disclosure of Invention
In view of this, embodiments of the present invention provide an identity authentication method and a terminal device based on a federation chain, so as to solve the problem that the existing identity authentication method based on a federation chain has low reliability.
In a first aspect of the embodiments of the present invention, an identity authentication method based on a federation chain is provided, which may include:
submitting the identity identification data and an adding request of the first block chain node to a created block in a federation chain, wherein the adding request is used for indicating the created block to perform identity authentication on the first block chain link point according to the identity identification data, and returning authentication passing information to the block chain link point after the identity authentication passes, and the authentication passing information is used for indicating that the created block adds the first block chain link point to a corresponding federation chain organization according to the identity identification data;
if the authentication passing information returned by the creation block is received, monitoring whether a communication request of a second block chain node is received;
if a communication request of a second block chain node is received, acquiring the identity identification data of the second block chain node from the communication request, and performing identity authentication on the second block chain node according to the identity identification data of the second block chain node;
and if the identity authentication of the second blockchain node passes, returning the data corresponding to the communication request to the second blockchain node.
In a second aspect of the embodiments of the present invention, an identity authentication apparatus based on a federation chain is provided, where the apparatus includes:
a submitting unit, configured to submit identity data of the first block chain node and an adding request to a created block in a federation chain, where the adding request is used to instruct the created block to perform identity authentication on the first block chain link point according to the identity data, and return authentication passing information to the block chain link point after the identity authentication passes, where the authentication passing information is used to indicate that the created block has added the first block chain link point to a corresponding federation chain organization according to the identity data;
the monitoring unit is used for monitoring whether a communication request of a second block link node is received or not if the authentication passing information returned by the creation block is received;
the authentication unit is used for acquiring the identity data of a second block chain node from a communication request if the communication request of the second block chain node is received, and performing identity authentication on the second block chain node according to the identity data of the second block chain node;
and the returning unit is used for returning the data corresponding to the communication request to the second blockchain node if the identity authentication of the second blockchain node passes.
In a third aspect of the embodiments of the present invention, a computer-readable storage medium is provided, where a computer program is stored, and when the computer program is executed by a processor, the computer program implements the following steps:
submitting the identity identification data and an adding request of the first block chain node to a created block in a federation chain, wherein the adding request is used for indicating the created block to perform identity authentication on the first block chain link point according to the identity identification data, and returning authentication passing information to the block chain link point after the identity authentication passes, and the authentication passing information is used for indicating that the created block adds the first block chain link point to a corresponding federation chain organization according to the identity identification data;
if the authentication passing information returned by the creation block is received, monitoring whether a communication request of a second block chain node is received;
if a communication request of a second block chain node is received, acquiring the identity identification data of the second block chain node from the communication request, and performing identity authentication on the second block chain node according to the identity identification data of the second block chain node;
and if the identity authentication of the second blockchain node passes, returning the data corresponding to the communication request to the second blockchain node.
In a fourth aspect of the embodiments of the present invention, there is provided a terminal device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the following steps:
submitting the identity identification data and an adding request of the first block chain node to a created block in a federation chain, wherein the adding request is used for indicating the created block to perform identity authentication on the first block chain link point according to the identity identification data, and returning authentication passing information to the block chain link point after the identity authentication passes, and the authentication passing information is used for indicating that the created block adds the first block chain link point to a corresponding federation chain organization according to the identity identification data;
if the authentication passing information returned by the creation block is received, monitoring whether a communication request of a second block chain node is received;
if a communication request of a second block chain node is received, acquiring the identity identification data of the second block chain node from the communication request, and performing identity authentication on the second block chain node according to the identity identification data of the second block chain node;
and if the identity authentication of the second blockchain node passes, returning data corresponding to the communication request to the second blockchain node.
Compared with the prior art, the embodiment of the invention has the following beneficial effects:
the embodiment of the invention submits the identity identification data to the creature block in the alliance chain through the first block chain node and requests to join the alliance chain so as to realize the authentication of the creature block to the first block chain node; after the founding block passes the authentication, monitoring a communication request of a second block chain node in the alliance chain, and performing identity authentication on the second block chain node according to the identity identification data of the second block chain node to realize the authentication of the first block chain node on the second block chain node; and returning data to the second block link point after the authentication is passed. By the method, data interaction between the first block chain link point and the second block chain link point can be realized only through double authentication, and the reliability of the identity authentication method based on the alliance chain is effectively improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic flow chart of an implementation of an identity authentication method based on a federation chain according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a federation chain-based identity authentication apparatus provided by an embodiment of the present invention;
fig. 3 is a schematic diagram of a terminal device according to an embodiment of the present invention.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present invention with unnecessary detail.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to a determination" or "in response to a detection". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
In order to illustrate the technical means of the present invention, the following description is given by way of specific examples.
Fig. 1 is a schematic flow chart of an implementation process of an identity authentication method based on a federation chain according to an embodiment of the present invention, where as shown in the figure, the method may include the following steps:
step S101, identity identification data and an adding request of the first block chain node are submitted to a created block in a federation chain, wherein the adding request is used for indicating the created block to perform identity authentication on the first block chain link point according to the identity identification data, and authentication passing information is returned to the block chain link point after the identity authentication passes, and the authentication passing information is used for indicating that the created block adds the first block chain link point to a corresponding federation chain organization according to the identity identification data.
In practical application, a blockchain node a wants to join a federation chain B, and first needs to pass the identity authentication rule recorded in the creation block of the federation chain B. And after the alliance chain system creation block receives the adding request, acquiring the identity identification data of the block chain node A, and comparing the identity identification data with the identity authentication rule recorded in the alliance chain creation block.
Here, the identification data of the blockchain node a may be a digital certificate issued by a CA authority representing the identity of a member of a federation chain organization, and the identification data of the node may be placed in the digital certificate DN entry or a custom digital certificate extension.
And the identity identification data is extension item information in the digital certificate of the block link point.
The extension item information includes:
the name of the federation chain, the identity of the federation chain organization, the name of the block link point, and the type of block link point.
The name of the federation chain represents a federation chain network to which the block link node belongs, the identifier of the federation chain organization represents a federation chain organization to which the block link node belongs, the name of the block chain node represents a unique identifier name of the block chain node in the organization, and the type of the block chain node represents a transaction type which can be processed by the block chain node, for example, the block chain node A can execute a payment transaction and the block chain node B can execute a collection transaction.
Of course, other extension items of the digital certificate may be added, as long as the information that can be used to describe the identity of the blockchain node can be used as the extension item. A legitimate CA authority cannot create a legitimate root CA without restrictions, but there is no requirement for extension information. Therefore, the identification data of the blockchain nodes are placed in the digital certificate expansion items, when one organization has a plurality of root CAs, only one digital certificate is needed for the nodes in the organization, and the expansion items of the digital certificates can include the information of all the root CAs to which the nodes belong, so that the management of the blockchain nodes is facilitated.
In one embodiment, the creating block performs identity authentication on the first block link point according to the identity data, and the identity authentication includes:
and judging whether the name of the alliance chain in the identity identification data is the same as the name of the alliance chain corresponding to the creature block.
And if the name of the alliance chain in the identity identification data is the same as the name of the alliance chain corresponding to the creature block, judging whether the identity of the alliance chain organization in the identity identification data exists in a preset organization member list stored in the creature block.
And if the identifier of the alliance chain organization in the identity identifier data exists in the preset organization member list stored in the creation block, passing the identity authentication of the first block chain node.
And the creature block performs identity authentication on the link point of the first block based on the first duplicate identity authentication of the alliance chain. Only after the certification of the creation block, the first block link point can be added into the alliance chain to which the creation block belongs, and only after the first block link point is added into the alliance chain, the first block link point can perform data interaction with each block link point in the alliance chain.
And step S102, if the authentication passing information returned by the creature block is received, monitoring whether a communication request of a second block chain node is received.
After the creation block passes the identity authentication of the first block link node, the first block link point may be added to the federation chain to which the creation block belongs, and then the first block link point may perform data interaction with other nodes in the federation chain, that is, the second block link point. However, before data interaction, the first block link point needs to authenticate the second block link point, i.e. the second authentication is repeated. The following steps are performed.
Step S103, if a communication request of a second block chain node is received, acquiring the identity data of the second block chain node from the communication request, and performing identity authentication on the second block chain node according to the identity data of the second block chain node.
In one embodiment, the authenticating the second blockchain node according to the identification data of the second blockchain node includes:
and S1031, verifying whether the name of the federation chain in the extension item information of the second blockchain node is the same as the name of the federation chain in the extension item information of the first blockchain node.
This step is used to verify whether the first block link point and the second block link point belong to the same federation chain.
Optionally, the verifying whether the name of the federation chain in the extension item information of the second blockchain node is the same as the name of the federation chain in the extension item information of the first blockchain node includes:
converting the name of the alliance chain in the extension item information of the first blockchain node into a first character string, and converting the name of the alliance chain in the extension item information of the second blockchain node into a second character string.
And respectively comparing each character in the first character string with the corresponding character in the second character string.
And if each character of the first character string is the same as the corresponding character of the second character string, determining that the name of the alliance chain in the extension item information of the second block chain node is the same as the name of the alliance chain in the extension item information of the first block chain node.
S1032, if the name of the federation chain in the extension item information of the second blockchain node is the same as the name of the federation chain in the extension item information of the first blockchain node, verifying whether the identifier of federation chain organization in the extension item information of the second blockchain node exists in a preset organization member list stored in the created block.
This step is used to verify whether the first and second blockchain nodes belong to the same federation chain organization.
And step S1033, if the identifier of the federation link organization in the extension item information of the second block link node exists in the preset organization member list stored in the founding block, determining whether the node behavior corresponding to the communication request matches the node behavior corresponding to the type of the block link node in the extension item information of the second block link node.
This step is used to verify whether the currently initiated request behavior of the second block link point conforms to its own node behavior. For example, assuming that the node type of blockchain node B is a money receiving transaction, but blockchain node B initiates a payment transaction to blockchain node a, the behavior of blockchain node B does not match its node type, and the transaction is not allowed.
Optionally, the determining whether the node behavior corresponding to the communication request meets the node behavior corresponding to the type of the blockchain node in the extension item information of the second blockchain node includes:
and acquiring a behavior list corresponding to the type of the blockchain node in the extension item information of the second blockchain node, and acquiring a request code contained in the communication request.
And searching whether the request code exists in the behavior list.
And if the request code exists in the behavior list, judging that the node behavior corresponding to the communication request accords with the node behavior corresponding to the type of the block chain node in the extension item information of the second block chain node.
For example, assuming that the blockchain node B initiates a payment transaction, the request information corresponding to the payment transaction is 002, and the behavior list of the blockchain node B is only 001, which indicates that the blockchain node B is not allowed to initiate the payment transaction.
S1034, if the node behavior corresponding to the communication request conforms to the node behavior corresponding to the type of the blockchain node in the extension item information of the second blockchain node, passing the identity authentication of the second blockchain node.
At this step, the identity authentication of the first block link node to the second block link node is completed, i.e. the second re-authentication is completed.
And step S104, if the identity authentication of the second block chain node passes, returning the data corresponding to the communication request to the second block chain node.
The embodiment of the invention submits the identity identification data to the creature block in the alliance chain through the first block chain node and requests to join the alliance chain so as to realize the authentication of the creature block to the first block chain node; after the creature block passes the authentication, monitoring a communication request of a second block chain node in the alliance chain, and performing identity authentication on the second block chain node according to the identity identification data of the second block chain node so as to realize the authentication of the first block chain node on the second block chain node; and returning data to the second block link point after the authentication is passed. By the method, data interaction between the first block chain link point and the second block chain link point can be realized only through double authentication, and the reliability of the identity authentication method based on the alliance chain is effectively improved.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
Fig. 2 is a schematic diagram of an identity authentication apparatus based on a federation chain according to an embodiment of the present invention, and for convenience of description, only a part related to the embodiment of the present invention is shown.
The identity authentication device based on the federation chain shown in fig. 2 may be a software unit, a hardware unit, or a combination of software and hardware unit built in the existing terminal equipment, or may be integrated into the terminal equipment as an independent pendant, or may exist as an independent terminal equipment.
The identity authentication device 2 based on the alliance chain comprises:
a submitting unit 21, configured to submit the identity data of the first block link node and an adding request to a creature block in a federation chain, where the adding request is used to instruct the creature block to perform identity authentication on the first block link point according to the identity data, and return authentication passing information to the block link point after the identity authentication passes, where the authentication passing information is used to indicate that the creature block has added the first block link point to a corresponding federation chain organization according to the identity data.
And the monitoring unit 22 is configured to monitor whether a communication request of the second block link node is received if the authentication passing information returned by the creating block is received.
The authentication unit 23 is configured to, if a communication request of a second blockchain node is received, obtain identity data of the second blockchain node from the communication request, and perform identity authentication on the second blockchain node according to the identity data of the second blockchain node.
A returning unit 24, configured to return, if the identity authentication of the second blockchain node passes, data corresponding to the communication request to the second blockchain node.
And the identity identification data is extension item information in the digital certificate of the block link point.
The extension item information includes:
the name of the federation chain, the identity of the federation chain organization, the name of the block link point, and the type of block link point.
Optionally, the authentication unit 23 includes:
and the first verification module is used for verifying whether the name of the alliance chain in the extension item information of the second block chain node is the same as the name of the alliance chain in the extension item information of the first block chain node.
And a second verification module, configured to verify whether an identifier of a federation chain organization in the extension item information of the second block chain node exists in a preset organization member list stored in the creature block if a name of a federation chain in the extension item information of the second block chain node is the same as a name of a federation chain in the extension item information of the first block chain node.
A third verification module, configured to determine, if an identifier of a federation chain organization in the extension item information of the second block chain node exists in a preset organization member list stored in the created block, whether a node behavior corresponding to the communication request matches a node behavior corresponding to a type of the block chain node in the extension item information of the second block chain node.
And the first passing module is used for passing the identity authentication of the second blockchain node if the node behavior corresponding to the communication request accords with the node behavior corresponding to the type of the blockchain node in the extension item information of the second blockchain node.
Optionally, the first verification module includes:
and the conversion submodule is used for converting the name of the alliance chain in the extension item information of the first blockchain node into a first character string and converting the name of the alliance chain in the extension item information of the second blockchain node into a second character string.
And the comparison sub-module is used for respectively comparing each character in the first character string with the corresponding character in the second character string.
And the first judging submodule is used for judging that the name of the alliance chain in the extension item information of the second block chain node is the same as the name of the alliance chain in the extension item information of the first block chain node if each character of the first character string is the same as the corresponding character in the second character string.
Optionally, the third verification sub-module includes:
and the obtaining sub-module is configured to obtain a behavior list corresponding to the type of the blockchain node in the extension item information of the second blockchain node, and obtain a request code included in the communication request.
And the searching submodule is used for searching whether the request code exists in the behavior list.
And a second determining submodule, configured to determine that a node behavior corresponding to the communication request conforms to a node behavior corresponding to the type of the blockchain node in the extension item information of the second blockchain node if the request code exists in the behavior list.
Optionally, the submitting unit 21 includes:
and the first judging module is used for judging whether the name of the alliance chain in the identity identification data is the same as the name of the alliance chain corresponding to the creature block.
And the second judging module is used for judging whether the identifier of the alliance chain organization in the identity identification data exists in a preset organization member list stored in the creation block or not if the name of the alliance chain in the identity identification data is the same as the name of the alliance chain corresponding to the creation block.
And the second passing module is used for passing the identity authentication of the first block chain node if the identifier of the alliance chain organization in the identity identification data exists in a preset organization member list stored in the creation block.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
Fig. 3 is a schematic diagram of a terminal device according to an embodiment of the present invention. As shown in fig. 3, the terminal device 3 of this embodiment includes: a processor 30, a memory 31 and a computer program 32 stored in said memory 31 and executable on said processor 30. The processor 30, when executing the computer program 32, implements the steps in the above-mentioned embodiments of the federation chain-based identity authentication method, such as the steps S101 to S104 shown in fig. 1. Alternatively, the processor 30, when executing the computer program 32, implements the functions of the modules/units in the above-mentioned device embodiments, such as the functions of the modules 21 to 24 shown in fig. 2.
Illustratively, the computer program 32 may be partitioned into one or more modules/units that are stored in the memory 31 and executed by the processor 30 to implement the present invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution process of the computer program 32 in the terminal device 3. For example, the computer program 32 may be divided into a submitting unit, a monitoring unit, an authentication unit, and a returning unit, and the specific functions of each unit are as follows:
and the submitting unit is used for submitting the identity identification data and an adding request of the first block chain node to a created block in a federation chain, wherein the adding request is used for indicating the created block to perform identity authentication on the first block chain link point according to the identity identification data, and returning authentication passing information to the block chain link point after the identity authentication passes, and the authentication passing information is used for indicating that the created block adds the first block chain link point to a corresponding federation chain organization according to the identity identification data.
And the monitoring unit is used for monitoring whether a communication request of the second block link node is received or not if the authentication passing information returned by the creation block is received.
And the authentication unit is used for acquiring the identity data of the second block chain node from the communication request and performing identity authentication on the second block chain link point according to the identity data of the second block chain node if the communication request of the second block chain node is received.
And the returning unit is used for returning the data corresponding to the communication request to the second blockchain node if the identity authentication of the second blockchain node passes.
And the identity identification data is extension item information in the digital certificate of the block link point.
The extension item information includes:
the name of the federation chain, the identity of the federation chain organization, the name of the block link point, and the type of block link point.
Optionally, the authentication unit includes:
and the first verification module is used for verifying whether the name of the alliance chain in the extension item information of the second blockchain node is the same as the name of the alliance chain in the extension item information of the first blockchain node.
And the second verification module is configured to verify whether the identifier of the federation chain organization in the extension item information of the second blockchain node exists in a preset organization member list stored in the creation block if the name of the federation chain in the extension item information of the second blockchain node is the same as the name of the federation chain in the extension item information of the first blockchain node.
A third verification module, configured to, if an identifier of a federation link organization in the extension item information of the second block link node exists in a preset organization member list stored in the founding block, determine whether a node behavior corresponding to the communication request matches a node behavior corresponding to a type of the block link node in the extension item information of the second block link node.
And the first passing module is used for passing the identity authentication of the second blockchain node if the node behavior corresponding to the communication request conforms to the node behavior corresponding to the type of the blockchain node in the extension item information of the second blockchain node.
Optionally, the first verification module includes:
and the conversion sub-module is used for converting the name of the alliance chain in the extension item information of the first block chain node into a first character string and converting the name of the alliance chain in the extension item information of the second block chain node into a second character string.
And the comparison sub-module is used for respectively comparing each character in the first character string with the corresponding character in the second character string.
And the first judging submodule is used for judging that the name of the alliance chain in the extension item information of the second block chain node is the same as the name of the alliance chain in the extension item information of the first block chain node if each character of the first character string is the same as the corresponding character in the second character string.
Optionally, the third verification sub-module includes:
and the obtaining sub-module is configured to obtain a behavior list corresponding to the type of the blockchain node in the extension item information of the second blockchain node, and obtain a request code included in the communication request.
And the searching submodule is used for searching whether the request code exists in the behavior list.
And a second determining submodule, configured to determine that a node behavior corresponding to the communication request conforms to a node behavior corresponding to a type of a blockchain node in the extension item information of the second blockchain node if the request code exists in the behavior list.
Optionally, the submitting unit includes:
and the first judging module is used for judging whether the name of the alliance chain in the identity identification data is the same as the name of the alliance chain corresponding to the creature block.
And the second judging module is used for judging whether the identifier of the alliance chain organization in the identity identification data exists in a preset organization member list stored in the creation block or not if the name of the alliance chain in the identity identification data is the same as the name of the alliance chain corresponding to the creation block.
And the second passing module is used for passing the identity authentication of the first block chain node if the identifier of the alliance chain organization in the identity identification data exists in a preset organization member list stored in the creation block.
The terminal device 3 may be a computing device such as a desktop computer, a notebook, a palm computer, and a cloud server. The terminal device may include, but is not limited to, a processor 30, a memory 31. It will be understood by those skilled in the art that fig. 3 is only an example of the terminal device 3, and does not constitute a limitation to the terminal device 3, and may include more or less components than those shown, or combine some components, or different components, for example, the terminal device may also include an input-output device, a network access device, a bus, etc.
The Processor 30 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 31 may be an internal storage unit of the terminal device 3, such as a hard disk or a memory of the terminal device 3. The memory 31 may also be an external storage device of the terminal device 3, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the terminal device 3. Further, the memory 31 may also include both an internal storage unit and an external storage device of the terminal device 3. The memory 31 is used for storing the computer program and other programs and data required by the terminal device. The memory 31 may also be used to temporarily store data that has been output or is to be output.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other ways. For example, the above-described embodiments of the apparatus/terminal device are merely illustrative, and for example, the division of the modules or units is only one logical division, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, read-Only Memory (ROM), random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain other components which may be suitably increased or decreased as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media which may not include electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.
Claims (8)
1. An identity authentication method based on a federation chain is applied to a first blockchain node, and the method comprises the following steps:
submitting the identity identification data and an adding request of the first block chain node to a created block in a federation chain, wherein the adding request is used for indicating the created block to perform identity authentication on the first block chain link point according to the identity identification data, and returning authentication passing information to the first block chain link point after the identity authentication passes, and the authentication passing information is used for indicating that the created block adds the first block chain link point to a corresponding federation chain organization according to the identity identification data;
if the authentication passing information returned by the creation block is received, monitoring whether a communication request of a second block chain node is received;
if a communication request of a second block chain node is received, acquiring the identity identification data of the second block chain node from the communication request, and performing identity authentication on the second block chain node according to the identity identification data of the second block chain node;
if the identity authentication of the second blockchain node passes, returning data corresponding to the communication request to the second blockchain node;
the identity identification data is extension item information in a digital certificate of the block link point, and the extension item information comprises a name of a federation chain, an identification organized by the federation chain, a name of the block link point and a type of the block link point.
2. A federation chain-based identity authentication method as claimed in claim 1, wherein said authenticating the second blockchain link node according to the identity data of the second blockchain node comprises:
verifying whether the name of the alliance chain in the extension item information of the second block chain node is the same as the name of the alliance chain in the extension item information of the first block chain node;
if the name of the alliance chain in the extension item information of the second block chain node is the same as the name of the alliance chain in the extension item information of the first block chain node, verifying whether the identifier of the alliance chain organization in the extension item information of the second block chain node exists in a preset organization member list stored in the creation block;
if the identifier of the alliance link organization in the extension item information of the second block link node exists in a preset organization member list stored in the creation block, judging whether the node behavior corresponding to the communication request accords with the node behavior corresponding to the type of the block link node in the extension item information of the second block link node;
and if the node behavior corresponding to the communication request accords with the node behavior corresponding to the type of the blockchain node in the extension item information of the second blockchain node, the identity authentication of the second blockchain node is passed.
3. The federation chain-based identity authentication method of claim 2, wherein the verifying whether the name of a federation chain in the extension item information of the second blockchain node is the same as the name of a federation chain in the extension item information of the first blockchain node comprises:
converting the name of the alliance chain in the extension item information of the first blockchain node into a first character string, and converting the name of the alliance chain in the extension item information of the second blockchain node into a second character string;
comparing each character in the first character string with the corresponding character in the second character string respectively;
and if each character of the first character string is the same as the corresponding character of the second character string, determining that the name of the alliance chain in the extension item information of the second block chain node is the same as the name of the alliance chain in the extension item information of the first block chain node.
4. The identity authentication method based on a federation chain as claimed in claim 2, wherein the determining whether the node behavior corresponding to the communication request conforms to the node behavior corresponding to the type of blockchain node in the extension item information of the second blockchain node comprises:
acquiring a behavior list corresponding to the type of the blockchain node in the extension item information of the second blockchain node, and acquiring a request code contained in the communication request;
searching whether the request code exists in the behavior list or not;
and if the request code exists in the behavior list, judging that the node behavior corresponding to the communication request accords with the node behavior corresponding to the type of the block chain node in the extension item information of the second block chain node.
5. The federation chain-based identity authentication method of claim 1, wherein the creating block performing identity authentication on the first block link point according to the identity data comprises:
judging whether the name of the alliance chain in the identity identification data is the same as the name of the alliance chain corresponding to the creation block or not;
if the name of the alliance chain in the identity identification data is the same as the name of the alliance chain corresponding to the created block, judging whether the identity of the alliance chain organization in the identity identification data exists in a preset organization member list stored in the created block;
and if the identifier of the alliance chain organization in the identity identification data exists in a preset organization member list stored in the creature block, passing the identity authentication of the first block chain node.
6. An apparatus for identity authentication based on a federation chain, the apparatus comprising:
a submitting unit, configured to submit the identity data of the first block link node and an adding request to a creature block in a federation chain, where the adding request is used to instruct the creature block to perform identity authentication on the first block link point according to the identity data, and return authentication passing information to the first block link point after the identity authentication passes, where the authentication passing information is used to indicate that the creature block has added the first block link point to a corresponding federation chain organization according to the identity data;
the monitoring unit is used for monitoring whether a communication request of a second block link node is received or not if the authentication passing information returned by the creating block is received;
the authentication unit is used for acquiring the identity data of a second block chain node from a communication request if the communication request of the second block chain node is received, and performing identity authentication on the second block chain node according to the identity data of the second block chain node;
a returning unit, configured to return, if the identity authentication of the second blockchain node passes, data corresponding to the communication request to the second blockchain node;
the identity identification data is extension item information in a digital certificate of the block chain link point, and the extension item information comprises a name of a federation chain, an identification organized by federation chains, a name of the block chain link point and a type of the block chain link point.
7. A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, carries out the steps of the federation chain-based identity authentication method of any one of claims 1 to 5.
8. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the following steps when executing the computer program:
submitting the identity identification data and an adding request of the first block chain node to a created block in a federation chain, wherein the adding request is used for indicating the created block to perform identity authentication on the first block chain link point according to the identity identification data and returning authentication passing information to the first block chain link point after the identity authentication passes, and the authentication passing information is used for indicating that the created block adds the first block chain link point to a corresponding federation chain organization according to the identity identification data;
if the authentication passing information returned by the creation block is received, monitoring whether a communication request of a second block chain node is received;
if a communication request of a second block chain node is received, acquiring the identity identification data of the second block chain node from the communication request, and performing identity authentication on the second block chain node according to the identity identification data of the second block chain node;
if the identity authentication of the second blockchain node passes, returning data corresponding to the communication request to the second blockchain node;
the identity identification data is extension item information in a digital certificate of the block chain link point, and the extension item information comprises a name of a federation chain, an identification organized by federation chains, a name of the block chain link point and a type of the block chain link point.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811529919.4A CN109815657B (en) | 2018-12-14 | 2018-12-14 | Identity authentication method and device based on alliance chain, computer readable storage medium and terminal equipment |
| PCT/CN2019/122453 WO2020119506A1 (en) | 2018-12-14 | 2019-12-02 | Identity authentication method based on alliance chain, and terminal device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811529919.4A CN109815657B (en) | 2018-12-14 | 2018-12-14 | Identity authentication method and device based on alliance chain, computer readable storage medium and terminal equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109815657A CN109815657A (en) | 2019-05-28 |
| CN109815657B true CN109815657B (en) | 2022-10-28 |
Family
ID=66602943
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811529919.4A Active CN109815657B (en) | 2018-12-14 | 2018-12-14 | Identity authentication method and device based on alliance chain, computer readable storage medium and terminal equipment |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN109815657B (en) |
| WO (1) | WO2020119506A1 (en) |
Families Citing this family (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109815657B (en) * | 2018-12-14 | 2022-10-28 | 深圳壹账通智能科技有限公司 | Identity authentication method and device based on alliance chain, computer readable storage medium and terminal equipment |
| CN110177109B (en) * | 2019-06-04 | 2020-05-12 | 北京理工大学 | Double-proxy cross-domain authentication system based on identification password and alliance chain |
| CN110278255B (en) * | 2019-06-13 | 2021-10-15 | 深圳前海微众银行股份有限公司 | Method and device for communication between IOT (Internet of things) devices based on block chain |
| CN110430235B (en) * | 2019-06-28 | 2020-11-03 | 创新先进技术有限公司 | Method, apparatus, storage medium and computing device for cross-chain transmission of authenticatable messages |
| US11251966B2 (en) | 2019-06-28 | 2022-02-15 | Advanced New Technologies Co., Ltd. | Sending cross-chain authenticatable messages |
| US11356282B2 (en) | 2019-06-28 | 2022-06-07 | Advanced New Technologies Co., Ltd. | Sending cross-chain authenticatable messages |
| CN110311790B (en) | 2019-06-28 | 2020-07-28 | 阿里巴巴集团控股有限公司 | Method and device for sending authenticable message in cross-link mode |
| CN110602051B (en) * | 2019-08-15 | 2022-03-29 | 深圳壹账通智能科技有限公司 | Information processing method based on consensus protocol and related device |
| CN110620776B (en) * | 2019-09-24 | 2021-11-26 | 腾讯科技(深圳)有限公司 | Data transfer information transmission method and device |
| CN113206817B (en) * | 2020-02-03 | 2022-07-12 | 中移物联网有限公司 | Equipment connection confirmation method and block chain network |
| CN111294356B (en) * | 2020-02-11 | 2022-09-06 | 深圳壹账通智能科技有限公司 | Block chain-based method and system for organizing uplink of nodes |
| CN111737707B (en) * | 2020-05-14 | 2022-09-27 | 云南云烁巴克云科技有限公司 | Block chain based verification package generation and verification method, server and electronic equipment |
| CN113972991A (en) * | 2020-07-23 | 2022-01-25 | 南京理工大学 | Cross-domain identity authentication method based on multistage alliance chain |
| CN112633878A (en) * | 2020-08-31 | 2021-04-09 | 上海添玑网络服务有限公司 | Real estate alliance chain terminal application platform and application method |
| CN111985929A (en) * | 2020-09-03 | 2020-11-24 | 深圳壹账通智能科技有限公司 | Transaction verification method and device in block chain, node equipment and storage medium |
| CN112287361A (en) * | 2020-09-11 | 2021-01-29 | 杭州鸽子蛋网络科技有限责任公司 | Data governance method, system, electronic device and storage medium |
| CN112733121A (en) * | 2021-01-13 | 2021-04-30 | 京东数科海益信息科技有限公司 | Data acquisition method, device, equipment and storage medium |
| CN112861090B (en) * | 2021-03-18 | 2023-01-31 | 深圳前海微众银行股份有限公司 | Information processing method, device, equipment, storage medium and computer program product |
| CN113114634A (en) * | 2021-03-24 | 2021-07-13 | 武汉卓尔信息科技有限公司 | Credible data management method based on alliance chain and alliance chain |
| CN113225736B (en) * | 2021-03-24 | 2024-02-02 | 湖南宸瀚信息科技有限责任公司 | Unmanned aerial vehicle cluster node authentication method and device, storage medium and computer equipment |
| CN114095246B (en) * | 2021-11-18 | 2024-01-23 | 国网河北省电力有限公司电力科学研究院 | Network access identity authentication method of power distribution terminal |
| CN114978529A (en) * | 2022-05-10 | 2022-08-30 | 平安国际智慧城市科技股份有限公司 | Block chain-based identity verification method and related equipment |
| CN114640475B (en) * | 2022-05-19 | 2022-09-06 | 广东省绿算技术有限公司 | Decentralized identity authentication method and device, computer equipment and storage medium |
| CN115601053B (en) * | 2022-12-16 | 2023-08-22 | 浪潮云洲工业互联网有限公司 | Method and equipment for proving safety and credibility and protecting back-to-back origin |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789920A (en) * | 2016-11-25 | 2017-05-31 | 深圳前海微众银行股份有限公司 | The joint connecting method and device of block chain |
| CN107426157A (en) * | 2017-04-21 | 2017-12-01 | 杭州趣链科技有限公司 | A kind of alliance's chain authority control method based on digital certificate and ca authentication system |
| CN107592292A (en) * | 2017-07-26 | 2018-01-16 | 阿里巴巴集团控股有限公司 | A kind of block chain communication method between nodes and device |
| CN107733855A (en) * | 2017-08-31 | 2018-02-23 | 中国科学院信息工程研究所 | A kind of block catenary system and application process that can support publicly-owned chain, alliance's chain and privately owned chain simultaneously |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050114447A1 (en) * | 2003-10-24 | 2005-05-26 | Kim Cameron | Method and system for identity exchange and recognition for groups and group members |
| WO2017219007A1 (en) * | 2016-06-17 | 2017-12-21 | Weimer Jonathan | Blockchain systems and methods for user authentication |
| CN108389130B (en) * | 2018-03-02 | 2020-02-14 | 合肥学院 | Method for generating multi-transaction mode alliance chain |
| CN108416589A (en) * | 2018-03-08 | 2018-08-17 | 深圳前海微众银行股份有限公司 | Connection method, system and the computer readable storage medium of block chain node |
| CN109815657B (en) * | 2018-12-14 | 2022-10-28 | 深圳壹账通智能科技有限公司 | Identity authentication method and device based on alliance chain, computer readable storage medium and terminal equipment |
-
2018
- 2018-12-14 CN CN201811529919.4A patent/CN109815657B/en active Active
-
2019
- 2019-12-02 WO PCT/CN2019/122453 patent/WO2020119506A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789920A (en) * | 2016-11-25 | 2017-05-31 | 深圳前海微众银行股份有限公司 | The joint connecting method and device of block chain |
| CN107426157A (en) * | 2017-04-21 | 2017-12-01 | 杭州趣链科技有限公司 | A kind of alliance's chain authority control method based on digital certificate and ca authentication system |
| CN107592292A (en) * | 2017-07-26 | 2018-01-16 | 阿里巴巴集团控股有限公司 | A kind of block chain communication method between nodes and device |
| CN107733855A (en) * | 2017-08-31 | 2018-02-23 | 中国科学院信息工程研究所 | A kind of block catenary system and application process that can support publicly-owned chain, alliance's chain and privately owned chain simultaneously |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109815657A (en) | 2019-05-28 |
| WO2020119506A1 (en) | 2020-06-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109815657B (en) | Identity authentication method and device based on alliance chain, computer readable storage medium and terminal equipment | |
| CA3030813C (en) | Method for providing smart contract-based certificate service, and server employing same | |
| CN109672683B (en) | Binding method and binding device of Internet of things equipment and terminal equipment | |
| CN107609848B (en) | Intellectual property licensing method and system based on Internet of things | |
| WO2020088108A1 (en) | Blockchain-based data attestation method and apparatus, and electronic device | |
| CN113537984A (en) | Content verification method and device based on block chain and electronic equipment | |
| EP3779760B1 (en) | Blockchain-based data processing method and apparatus, and electronic device | |
| CN111612600B (en) | Block chain auction method, equipment, storage medium and block chain system | |
| CN113472720B (en) | Digital certificate key processing method, device, terminal equipment and storage medium | |
| CN112464212B (en) | Data authority control reconstruction method based on mature complex service system | |
| CN110661779B (en) | Block chain network-based electronic certificate management method, system, device and medium | |
| CN111431908B (en) | Access processing method and device, management server and readable storage medium | |
| CN109145651B (en) | Data processing method and device | |
| CN113126996B (en) | Code auditing method, device and system | |
| CN112307331A (en) | Block chain-based college graduate intelligent recruitment information pushing method and system and terminal equipment | |
| CN110365626B (en) | User login security authentication method for anti-collision library, terminal equipment and storage medium | |
| CN112037055B (en) | Transaction processing method, device, electronic equipment and readable storage medium | |
| CN111833059B (en) | Data asset management method in data bank and data bank system | |
| CN111260364B (en) | Block chain-based extensible quick payment method and system | |
| CN111817859A (en) | Data sharing method, device, equipment and storage medium based on zero knowledge proof | |
| CN111476640A (en) | Authentication method, system, storage medium and big data authentication platform | |
| CN109067551A (en) | A kind of real name identification method, computer readable storage medium and terminal device | |
| CN112039893B (en) | Private transaction processing method and device, electronic equipment and readable storage medium | |
| CN114978677A (en) | Asset access control method, device, electronic equipment and computer readable medium | |
| CN113094732A (en) | Certificate storage data verification method, verification device, certificate storage method and certificate storage device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |