CN110166255A - Auth method, equipment and storage medium based on alliance's block chain - Google Patents

Auth method, equipment and storage medium based on alliance's block chain Download PDF

Info

Publication number
CN110166255A
CN110166255A CN201910466906.5A CN201910466906A CN110166255A CN 110166255 A CN110166255 A CN 110166255A CN 201910466906 A CN201910466906 A CN 201910466906A CN 110166255 A CN110166255 A CN 110166255A
Authority
CN
China
Prior art keywords
user
service node
block chain
node
alliance
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910466906.5A
Other languages
Chinese (zh)
Inventor
路成业
王凌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Iallchain Co Ltd
Original Assignee
Iallchain Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Iallchain Co Ltd filed Critical Iallchain Co Ltd
Priority to CN201910466906.5A priority Critical patent/CN110166255A/en
Publication of CN110166255A publication Critical patent/CN110166255A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks

Abstract

The present invention provides a kind of auth method based on alliance's block chain, equipment and storage medium.This method includes that first service node receives the user identifier that user node is sent;The first broadcast message of broadcast in alliance's block chain, the first broadcast message include the first block chain mark of user identifier and first service node;Receive second broadcast message of the second service node based on the first broadcast message feedback in alliance's block chain, second broadcast message is second service node broadcast message transmitted after verifying user identifier registered on it, includes the second block chain mark and the first encryption data of second service node in the second broadcast message;First encryption data is sent to user node, so that user node is decrypted from the first encryption data based on user key obtains validating documents;The validating documents that user node is sent are received, and are based on validating documents, are provided services to the user.The present invention improves the safety and efficiency of authentication.

Description

Auth method, equipment and storage medium based on alliance's block chain
Technical field
The present embodiments relate to block chain technical field more particularly to a kind of authentication sides based on alliance's block chain Method, equipment and storage medium.
Background technique
There are many Internet Service Providers (Internet Service Provider, abbreviation on the internet ISP)/Web content service provider (Internet Content Provider, abbreviation ICP), each user are enjoying ISP/ICP It must be registered on the ISP/ICP before the service of offer, for example currently everyone generally has wechat, Alipay etc. each Kind of APP, and if each APP is registered, and if the account registered on different APP as password, is easy to Library attack is hit, the safety of account is lower, and if the account registered on different APP, password are different, and hold very much Easily pass into silence, give for change again account, password it is cumbersome.
Summary of the invention
The embodiment of the present invention provides a kind of auth method based on alliance's block chain, equipment and storage medium, to When improving user using Internet service, the efficiency and safety of authentication avoid user from remembering a large number of users name and password Trouble, solve the problems, such as the username and password of the multiple Internet services of user it is consistent caused by be easy hit library attack.
In a first aspect, the embodiment of the present invention provides a kind of auth method based on alliance's block chain, this method comprises:
First service node in alliance's block chain receives the user identifier that user node is sent;The user identifier does not exist It was registered on the first service node;The first service node broadcasts the first broadcast message in alliance's block chain, First broadcast message includes the first block chain mark of the user identifier and the first service node;First clothes Business node is received the second service node in alliance's block chain and is disappeared based on the second broadcast of the first broadcast message feedback Breath, second broadcast message are that the second service node is transmitted after verifying the user identifier and registering on it Broadcast message, it is described second broadcast message in include the second service node the second block chain mark and first encryption number It is the second service node according to the corresponding user key of the registered user identifier according to, first encryption data, Validating documents encryption is obtained using preset algorithm, includes the private key by the second service node in the validating documents The user identifier of signature and the first block chain mark;The first service node sends first encryption data To the user node, so that the user node is decrypted from first encryption data based on the user key obtains institute State validating documents;The first service node receives the validating documents that the user node is sent, and is based on the verifying Voucher provides services to the user.
In one embodiment, the first service node in alliance's block chain receives the user that user node is sent Mark and user key, comprising:
First service node in alliance's block chain receives the user name that user node is sent to its IP address and user is close Key.
In one embodiment, the user identifier and the first block chain mark in first broadcast message By the private key signature process of the first service node.
In one embodiment, the first service node receives the validating documents that the user node is sent, And the validating documents are based on, it provides services to the user, comprising:
The first service node receives the validating documents that the user node is sent, and is based on the second service The second block chain mark of node obtains the public key of the second service node from the account book of alliance's block chain;Based on institute The public key for stating second service node verifies the signature in the validating documents, if being verified, provides a user clothes Business.
Second aspect, the embodiment of the present invention provide a kind of service node, and the service node is suitable for a kind of alliance's block Chain, the service node include:
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as being executed by the processor following Operation:
Receive the user identifier that user node is sent;The user identifier registered not on the service node;Institute The first broadcast message of broadcast in alliance's block chain is stated, first broadcast message includes the user identifier and the service node The first block chain mark;The second service node in alliance's block chain is received based on the first broadcast message feedback Second broadcast message, second broadcast message are that the second service node registered on it in the verifying user identifier Broadcast message transmitted later, include in second broadcast message second service node the second block chain mark and First encryption data, first encryption data are that the second service node is corresponding according to the registered user identifier User key obtains validating documents encryption using preset algorithm, includes passing through the second service in the validating documents The user identifier of the private key signature of node and the first block chain mark;First encryption data is sent to described User node, so that the user node is decrypted from first encryption data based on the user key obtains the verifying Voucher;The validating documents that the user node is sent are received, and are based on the validating documents, are provided services to the user.
In one embodiment, the processor is executing the user identifier and user key for receiving user node transmission Operation when, be used for: receiving the user name that sends to its IP address of user node and user key.
In one embodiment, the user identifier and the first block chain mark in first broadcast message By the private key signature process of the first service node.
In one embodiment, the processor is executing the validating documents for receiving the user node and sending, And the validating documents are based on, when the operation provided services to the user, it is used for:
Receive the validating documents that the user node is sent, and the second block chain based on the second service node Mark obtains the public key of the second service node from the account book of alliance's block chain;Based on the second service node Public key verifies the signature in the validating documents, if being verified, provides services to the user.
The third aspect, the embodiment of the present invention provide a kind of alliance's block chain, which includes above-mentioned second aspect The service node.
Fourth aspect, the embodiment of the present invention provide a kind of computer readable storage medium, are stored thereon with computer program, The computer program is executed by processor to realize method described in first aspect.
Provided in an embodiment of the present invention in the auth method of alliance's block chain, equipment and storage medium, alliance First service node in block chain receives the user identifier that user node is sent, and the first broadcast of broadcast in alliance's block chain Message includes the first block chain mark of the user identifier and first service node in the first broadcast message;Second service node After receiving the first broadcast message, whether the user identifier carried in the first broadcast message of detection registered on it, if registration The second broadcast message that then feedback includes the second block chain mark of the first encryption data and second service node is crossed, wherein first Encryption data is second service node according to the corresponding user key of the registered user identifier, using preset algorithm to verifying What credentials encryption obtained, validating documents include the user identifier and the first block chain mark by the private key signature of second service node Know, first service node is sent to user node after receiving the second broadcast message, by the first encryption data, so that user saves Decryption obtains validating documents o'clock from the first encryption data, and validating documents are sent to first service node, first service section Point provides service according to validating documents for user.Technical solution based on the embodiment of the present invention, as long as user is in area, alliance User name and user key are had registered on any service node on block chain, so that it may log in connection using the user name and user key Other service nodes on alliance's block chain, and the service of the service node is enjoyed, a large number of users name is remembered so as to avoid user With the trouble of key, the convenience of authentication is improved, also, due to not needing in the verification process of the embodiment of the present invention The participation of random number, therefore, safety problem and user node caused by avoidable random number is intercepted get random The problem of number asynchronous with the random number that service node is issued caused authentication error.
Detailed description of the invention
Fig. 1 is a kind of schematic diagram of communication system provided in an embodiment of the present invention;
Fig. 2 is a kind of flow chart of the auth method based on alliance's block chain provided in an embodiment of the present invention;
Fig. 3 is a kind of execution method flow diagram of step 205 provided in an embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram of service node provided in an embodiment of the present invention.
Through the above attached drawings, it has been shown that the specific embodiment of the disclosure will be hereinafter described in more detail.These attached drawings It is not intended to limit the scope of this disclosure concept by any means with verbal description, but is by referring to specific embodiments Those skilled in the art illustrate the concept of the disclosure.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all implementations consistent with this disclosure.On the contrary, they be only with it is such as appended The example of the consistent device and method of some aspects be described in detail in claims, the disclosure.
Auth method provided in an embodiment of the present invention based on alliance's block chain, it is intended to solve in the prior art if The account that user registers in different application programs (APP) is as password, it is easy to be hit library attack, the safety of account It is lower, and if the account registered on different APP, password are different, and be easy to pass into silence, give account, close for change again The cumbersome technical problem of code, particularly, the embodiment of the present invention also focuses on the basis of solving above-mentioned technical problem Improve the efficiency and safety of authentication.This method can be adapted for communication system shown in FIG. 1.As shown in Figure 1, the communication System includes: first service node 11, second service node 12, user node 13, third service node 14, the 4th service node 15 and the 5th service node 16, wherein first service node 11, second service node 12, user node 13, third service Node 14, the 4th service node 15 and the 5th service node 16 belong to same alliance's block chain.Wherein, second service node 12, third service node 14, the 4th service node 15 and the 5th service node 16 can provide different services for user, For example, second service node 12, third service node 14, the 4th service node 15 and the 5th service node 16 can be with It is respectively configured to provide " pushing away spy " service, " facebook " service, " wechat " service and " Alipay " service, it is only for examples to say certainly Bright rather than unique restriction.In addition, only schematically illustrate herein, structure and the area, alliance of alliance's block chain are not limited The node number of block chain.
How technical solution of the present invention and technical solution of the present invention are solved with specifically embodiment below above-mentioned Technical problem is described in detail.These specific embodiments can be combined with each other below, for the same or similar concept Or process may repeat no more in certain embodiments.Below in conjunction with attached drawing, the embodiment of the present invention is described.
Fig. 2 is a kind of flow chart of the auth method based on alliance's block chain provided in an embodiment of the present invention.The party Method is suitable for a kind of alliance's block chain, and the structure of alliance's block chain is referred to Fig. 1, and specific step is as follows for this method:
First service node in step 201, alliance's block chain receives the user identifier that user node is sent;The user Mark registered not on the first service node.
Step 202, the first service node broadcast the first broadcast message in alliance's block chain, and described first is wide Broadcast the first block chain mark that message includes the user identifier and the first service node.
Step 203, the first service node receive the second service node in alliance's block chain and are based on described the Second broadcast message of one broadcast message feedback, second broadcast message are that the second service node is verifying the user Mark registered broadcast message transmitted later on it, included the second service node in second broadcast message Second block chain mark and the first encryption data.
Wherein, first encryption data is that the second service node is corresponding according to the registered user identifier User key obtains validating documents encryption using preset algorithm, includes passing through the second service in the validating documents The user identifier of the private key signature of node and the first block chain mark.
First encryption data is sent to the user node by step 204, the first service node, so that described User node is decrypted from first encryption data based on the user key and obtains the validating documents.
Step 205, the first service node receive the validating documents that the user node is sent, and based on described Validating documents provide services to the user.
By taking Fig. 1 as an example, second service node 12, third service node 14, the 4th service node 15, Yi Ji in Fig. 1 The building of five service nodes 16 forms alliance's block chain, and provides authentication service for other service nodes or user node.It should Preserved in the wound generation block of alliance's block chain second service node 12, third service node 14, the 4th service node 15 and The information such as the block chain mark of the 5th service node 16, public key, IP address, second service node 12, third service node 14, Four service nodes 15 and the 5th service node 16 carry out alliance's block chain collectively as the original node of this alliance block chain Management, includes whether that some service node is allowed to access this alliance block chain etc..
User by the mode under block chain chain carries out the registration of user name and key or in alliance's block chain It was registered on some service node, in this example, it is assumed that user registered on second service node 12, but not in the first clothes It is engaged in registering on node 11.
Exemplary, in the present embodiment, the node in alliance's block chain states the block chain of itself in alliance's block chain Mark, for example, second service node 12 needs to state the area of itself in alliance's block chain after accessing alliance's block chain Block chain mark, which is published to alliance's block chain using the mode of broadcast message and private key signature, and is recorded in alliance's block In the account book of chain.
When user node 13 requests the service of the first service node 11 in alliance's block chain, first by user's input User identifier or even user key are sent to first service node 11.Specifically, user node 13 to first in the present embodiment Service node 11 is sent there are many modes of data, for example in a kind of possible mode, user node 13 can be marked user Knowledge or user identifier and user key carry in broadcast message, are sent to after which is used its private key signature In alliance's block chain;Or in alternatively possible mode, user node 13 can also be according to the area of first service node 11 Block chain mark (can be inputted and be obtained by user) obtains the IP address of first service node 11 from the account book of alliance's block chain, and According to the IP address, the user identifier of user's input or user identifier and user key are sent to first service node 11.
First service node 11 is after the user identifier for receiving the transmission of user node 13, certainly with it by the user identifier The first block chain mark of body carries in the first broadcast message, and the first broadcast message uses the private key label of first service node 11 It is broadcast in alliance's block chain after name.
Second service node 12 is wide to first according to the public key of first service node 11 after receiving the first broadcast message The signature broadcast in message is verified, if being verified, whether the user identifier carried in the first broadcast message of detection is at it It is upper to register, if registering, the first block chain of the user identifier and first service node is identified using the private key of itself It carries out signature and is verified voucher, then, searched according to the user identifier and obtain the corresponding user key of the user identifier, according to The user key encrypts validating documents using preset algorithm, obtains the first encryption data, and second service node 12 uses After the private key of itself signs to the first encryption data, the second block chain of signed data and second service node mark is taken Band is broadcast on alliance's block chain in the second broadcast message.
First service node 11 is wide to second using the public key of second service node 12 after receiving the second broadcast message The signature broadcast in message is verified, if being verified, the first encryption data is broadcast on alliance's block chain, or by One encryption data is sent in the IP address of user node 13.
User node 13 is after receiving the first encryption data, according to the user key of user's input to the first encryption data It is decrypted, and the validating documents that decryption obtains is sent to first service node 11.
After first service node 11 receives validating documents, provided services to the user based on the validating documents.
What needs to be explained here is that although in the above-described embodiments, the interactive process with second service node is by first What service node was completed, but be not excluded in other embodiments, which can also be completed by user node, process It is similar, it repeats no more herein.
In this example, the user identifier that the first service node reception user node in alliance's block chain is sent, and Broadcast first broadcasts the message in alliance's block chain, includes the first of the user identifier and first service node in the first broadcast message Block chain mark;After second service node receives the first broadcast message, the user identifier carried in the first broadcast message is detected Whether registered on it, feedback included the second block chain mark of the first encryption data and second service node if registering Second broadcast message, wherein the first encryption data is second service node according to the corresponding user of the registered user identifier Key obtains validating documents encryption using preset algorithm, and validating documents include the private key signature by second service node User identifier and the first block chain mark, first service node is after receiving the second broadcast message, by the first encryption data It is sent to user node, so that user node is decrypted from the first encryption data obtains validating documents, and validating documents are sent First service node is given, first service node provides service according to validating documents for user.Based on technology provided in this embodiment Scheme, as long as user has registered user name and user key on any service node on alliance's block chain, so that it may which using should User name and user key log in other service nodes on alliance's block chain, and enjoy the service of the service node, to keep away Exempt from the trouble that user remembers a large number of users name and key, improves the convenience of authentication, also, due in the present embodiment Verification process in do not need the participation of random number, therefore, can avoid random number and be intercepted caused safety problem, Yi Jiyong The random number that family node is got it is asynchronous with the random number that service node is issued caused by authentication error the problem of.
Fig. 3 is a kind of execution method flow diagram of step 205 provided in an embodiment of the present invention, as shown in figure 3, in Fig. 2 reality On the basis of applying example, this method comprises:
Step 301, the first service node receive the validating documents that the user node is sent, and based on described The second block chain mark of second service node obtains the public affairs of the second service node from the account book of alliance's block chain Key.
Step 302, the public key based on the second service node verify the signature in the validating documents, if testing Card passes through, then provides services to the user.
The present embodiment can prevent validating documents to be forged, raising is tested by verifying to the private key in validating documents The safety and reliability of card.
Fig. 4 is a kind of structural schematic diagram of service node provided in an embodiment of the present invention, which is suitable for one kind Alliance's block chain, service node provided in an embodiment of the present invention can execute the above-mentioned auth method based on alliance's block chain Execution embodiment of the method process flow.As shown in figure 4, service node 40 includes: memory 41, processor 42, computer Program and communication interface 43;Wherein, the computer program stores in the memory, and is configured as being held by processor 42 The following operation of row:
Receive the user identifier that user node is sent;The user identifier registered not on the service node;Institute The first broadcast message of broadcast in alliance's block chain is stated, first broadcast message includes the user identifier and the service node The first block chain mark;The second service node in alliance's block chain is received based on the first broadcast message feedback Second broadcast message, second broadcast message are that the second service node registered on it in the verifying user identifier Broadcast message transmitted later, include in second broadcast message second service node the second block chain mark and First encryption data, first encryption data are that the second service node is corresponding according to the registered user identifier User key obtains validating documents encryption using preset algorithm, includes passing through the second service in the validating documents The user identifier of the private key signature of node and the first block chain mark;First encryption data is sent to described User node, so that the user node is decrypted from first encryption data based on the user key obtains the verifying Voucher;The validating documents that the user node is sent are received, and are based on the validating documents, are provided services to the user.
In one embodiment, the processor is executing the user identifier and user key for receiving user node transmission Operation when, be used for: receiving the user name that sends to its IP address of user node and user key.
In one embodiment, the user identifier and the first block chain mark in first broadcast message By the private key signature process of the first service node.
In one embodiment, the processor is executing the validating documents for receiving the user node and sending, And the validating documents are based on, when the operation provided services to the user, it is used for:
Receive the validating documents that the user node is sent, and the second block chain based on the second service node Mark obtains the public key of the second service node from the account book of alliance's block chain;Based on the second service node Public key verifies the signature in the validating documents, if being verified, provides services to the user.
The service node of embodiment illustrated in fig. 4 can be used for executing the technical solution of above method embodiment, realization principle Similar with technical effect, details are not described herein again.
The embodiment of the present invention also provides a kind of alliance's block chain, which includes as described in above-mentioned Fig. 4 embodiment Service node.
In addition, the embodiment of the present invention also provides a kind of computer readable storage medium, it is stored thereon with computer program, institute Computer program is stated to be executed by processor to realize the auth method based on alliance's block chain described in above-described embodiment Execution method.
In several embodiments provided by the present invention, it should be understood that disclosed device and method can pass through it Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, only Only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can be tied Another system is closed or is desirably integrated into, or some features can be ignored or not executed.Another point, it is shown or discussed Mutual coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or logical of device or unit Letter connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of hardware adds SFU software functional unit.
The above-mentioned integrated unit being realized in the form of SFU software functional unit can store and computer-readable deposit at one In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a computer It is each that equipment (can be personal computer, server or the network equipment etc.) or processor (processor) execute the present invention The part steps of embodiment the method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (Read- Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. it is various It can store the medium of program code.
Those skilled in the art can be understood that, for convenience and simplicity of description, only with above-mentioned each functional module Division progress for example, in practical application, can according to need and above-mentioned function distribution is complete by different functional modules At the internal structure of device being divided into different functional modules, to complete all or part of the functions described above.On The specific work process for stating the device of description, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution The range of scheme.

Claims (10)

1. a kind of auth method based on alliance's block chain, which is characterized in that the described method includes:
First service node in alliance's block chain receives the user identifier that user node is sent;The user identifier is not described It was registered on first service node;
The first service node broadcasts the first broadcast message in alliance's block chain, and first broadcast message includes institute State the first block chain mark of user identifier and the first service node;
The first service node receives the second service node in alliance's block chain and is based on first broadcast message instead Second broadcast message of feedback, second broadcast message are that the second service node is infused on it in the verifying user identifier Volume crosses broadcast message transmitted later, includes the second block chain mark of the second service node in second broadcast message Knowledge and the first encryption data, first encryption data is the second service node according to the registered user identifier pair The user key answered obtains validating documents encryption using preset algorithm, includes passing through described second in the validating documents The user identifier of the private key signature of service node and the first block chain mark;
First encryption data is sent to the user node by the first service node, so that the user node is based on The user key is decrypted from first encryption data and obtains the validating documents;
The first service node receives the validating documents that the user node is sent, and is based on the validating documents, to User provides service.
2. the method according to claim 1, wherein the first service node in alliance's block chain is received and is used The user identifier and user key that family node is sent, comprising:
First service node in alliance's block chain receives the user name and user key that user node is sent to its IP address.
3. the method according to claim 1, wherein the user identifier and institute in first broadcast message The first block chain mark is stated by the private key signature process of the first service node.
4. being sent the method according to claim 1, wherein the first service node receives the user node The validating documents, and be based on the validating documents, provide services to the user, comprising:
The first service node receives the validating documents that the user node is sent, and is based on the second service node The second block chain mark the public key of the second service node is obtained from the account book of alliance's block chain;
Public key based on the second service node verifies the signature in the validating documents, if being verified, to User provides service.
5. a kind of service node, the service node is suitable for a kind of alliance's block chain, which is characterized in that the service node packet It includes:
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as executing following operation by the processor:
Receive the user identifier that user node is sent;The user identifier registered not on the service node;
The first broadcast message of broadcast in alliance's block chain, first broadcast message includes the user identifier and described First block chain of service node identifies;
Second broadcast message of the second service node based on the first broadcast message feedback in alliance's block chain is received, Second broadcast message is that the second service node is transmitted after verifying the user identifier and registering on it It broadcasts the message, the second block chain mark and first in second broadcast message including the second service node encrypts number It is the second service node according to the corresponding user key of the registered user identifier according to, first encryption data, Validating documents encryption is obtained using preset algorithm, includes the private key by the second service node in the validating documents The user identifier of signature and the first block chain mark;
First encryption data is sent to the user node, so that the user node is based on the user key from institute It states decryption in the first encryption data and obtains the validating documents;
The validating documents that the user node is sent are received, and are based on the validating documents, are provided services to the user.
6. service node according to claim 5, which is characterized in that the processor is executing reception user node transmission User identifier and user key operation when, be used for:
Receive the user name and user key that user node is sent to its IP address.
7. service node according to claim 5, which is characterized in that the user identifier in first broadcast message The private key signature process by the first service node is identified with the first block chain.
8. service node according to claim 5, which is characterized in that the processor is executing the reception user node The validating documents sent, and the validating documents are based on, when the operation provided services to the user, it is used for:
Receive the validating documents that the user node is sent, and the mark of the second block chain based on the second service node The public key of the second service node is obtained from the account book of alliance's block chain;
Public key based on the second service node verifies the signature in the validating documents, if being verified, to User provides service.
9. a kind of alliance's block chain, which is characterized in that including the service node as described in any one of claim 5-8.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program Such as method of any of claims 1-4 is realized when being executed by processor.
CN201910466906.5A 2019-05-30 2019-05-30 Auth method, equipment and storage medium based on alliance's block chain Pending CN110166255A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910466906.5A CN110166255A (en) 2019-05-30 2019-05-30 Auth method, equipment and storage medium based on alliance's block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910466906.5A CN110166255A (en) 2019-05-30 2019-05-30 Auth method, equipment and storage medium based on alliance's block chain

Publications (1)

Publication Number Publication Date
CN110166255A true CN110166255A (en) 2019-08-23

Family

ID=67630330

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910466906.5A Pending CN110166255A (en) 2019-05-30 2019-05-30 Auth method, equipment and storage medium based on alliance's block chain

Country Status (1)

Country Link
CN (1) CN110166255A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110544101A (en) * 2019-09-10 2019-12-06 苏州阿尔山数字科技有限公司 SM 9-based alliance chain identity authentication method
CN111465001A (en) * 2020-04-01 2020-07-28 中国联合网络通信集团有限公司 Registration method and device
CN111565186A (en) * 2020-04-29 2020-08-21 中国联合网络通信集团有限公司 Message publishing method and device
CN111625606A (en) * 2020-06-24 2020-09-04 卓尔智联(武汉)研究院有限公司 Alliance link data processing method and device and electronic equipment
CN112153624A (en) * 2020-10-14 2020-12-29 中国联合网络通信集团有限公司 Roaming method and device
WO2022068240A1 (en) * 2020-09-29 2022-04-07 平安科技(深圳)有限公司 Data processing method, node device, and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070289006A1 (en) * 2001-03-22 2007-12-13 Novell, Inc. Cross domain authentication and security services using proxies for http access
CN101478396A (en) * 2008-12-04 2009-07-08 黄希 Uni-directional cross-domain identity verification based on low correlation of private cipher key and application thereof
CN106357644A (en) * 2016-09-21 2017-01-25 江苏通付盾科技有限公司 Method, system and server for authenticating identities on basis of block chain networks
CN108768663A (en) * 2018-05-31 2018-11-06 中国地质大学(武汉) A kind of block chain access control method and its processing system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070289006A1 (en) * 2001-03-22 2007-12-13 Novell, Inc. Cross domain authentication and security services using proxies for http access
CN101478396A (en) * 2008-12-04 2009-07-08 黄希 Uni-directional cross-domain identity verification based on low correlation of private cipher key and application thereof
CN106357644A (en) * 2016-09-21 2017-01-25 江苏通付盾科技有限公司 Method, system and server for authenticating identities on basis of block chain networks
CN108768663A (en) * 2018-05-31 2018-11-06 中国地质大学(武汉) A kind of block chain access control method and its processing system

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110544101A (en) * 2019-09-10 2019-12-06 苏州阿尔山数字科技有限公司 SM 9-based alliance chain identity authentication method
CN111465001A (en) * 2020-04-01 2020-07-28 中国联合网络通信集团有限公司 Registration method and device
CN111465001B (en) * 2020-04-01 2023-05-02 中国联合网络通信集团有限公司 Registration method and device
CN111565186A (en) * 2020-04-29 2020-08-21 中国联合网络通信集团有限公司 Message publishing method and device
CN111565186B (en) * 2020-04-29 2022-04-29 中国联合网络通信集团有限公司 Message publishing method and device
CN111625606A (en) * 2020-06-24 2020-09-04 卓尔智联(武汉)研究院有限公司 Alliance link data processing method and device and electronic equipment
CN111625606B (en) * 2020-06-24 2021-06-25 卓尔智联(武汉)研究院有限公司 Alliance link data processing method and device and electronic equipment
WO2022068240A1 (en) * 2020-09-29 2022-04-07 平安科技(深圳)有限公司 Data processing method, node device, and storage medium
CN112153624A (en) * 2020-10-14 2020-12-29 中国联合网络通信集团有限公司 Roaming method and device

Similar Documents

Publication Publication Date Title
CN110166255A (en) Auth method, equipment and storage medium based on alliance's block chain
CN110213046A (en) Auth method, equipment and storage medium based on alliance's block chain
Chen et al. Oauth demystified for mobile application developers
CN105119722B (en) A kind of auth method, equipment and system
CN104199654B (en) The call method and device of open platform
CN104869102B (en) Authorization method, device and system based on xAuth agreement
CN105262748B (en) Identity authentication method and system are carried out to user terminal in wide area network
CN110213264A (en) Auth method, equipment and storage medium based on alliance's block chain
CN104199657B (en) The call method and device of open platform
CN109618341A (en) A kind of digital signature authentication method, system, device and storage medium
CN110198316A (en) Auth method, equipment and storage medium based on alliance's block chain
CN110225017A (en) Auth method, equipment and storage medium based on alliance's block chain
CN107493291A (en) A kind of identity identifying method and device based on safety element SE
CN111131416A (en) Business service providing method and device, storage medium and electronic device
Alhaidary et al. Vulnerability analysis for the authentication protocols in trusted computing platforms and a proposed enhancement of the offpad protocol
Gkaniatsou et al. Low-level attacks in bitcoin wallets
CN116112187B (en) Remote proving method, device, equipment and readable storage medium
CN110138558A (en) Transmission method, equipment and the computer readable storage medium of session key
CN103051598A (en) Method, user equipment and packet access gateway for secure access to Internet services
CN109495458A (en) A kind of method, system and the associated component of data transmission
CN110213047A (en) Transmission method, equipment and the computer readable storage medium of session key
CN110176994A (en) Session cipher key distributing method, equipment and storage medium based on alliance's block chain
Aiash A formal analysis of authentication protocols for mobile devices in next generation networks
Reimair et al. MoCrySIL-Carry your Cryptographic keys in your pocket
Huang et al. Mutual authentications to parties with QR-code applications in mobile systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20190823

WD01 Invention patent application deemed withdrawn after publication