CN110166255A - Auth method, equipment and storage medium based on alliance's block chain - Google Patents
Auth method, equipment and storage medium based on alliance's block chain Download PDFInfo
- Publication number
- CN110166255A CN110166255A CN201910466906.5A CN201910466906A CN110166255A CN 110166255 A CN110166255 A CN 110166255A CN 201910466906 A CN201910466906 A CN 201910466906A CN 110166255 A CN110166255 A CN 110166255A
- Authority
- CN
- China
- Prior art keywords
- user
- service node
- block chain
- node
- alliance
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/16—Arrangements for providing special services to substations
- H04L12/18—Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
Abstract
The present invention provides a kind of auth method based on alliance's block chain, equipment and storage medium.This method includes that first service node receives the user identifier that user node is sent;The first broadcast message of broadcast in alliance's block chain, the first broadcast message include the first block chain mark of user identifier and first service node;Receive second broadcast message of the second service node based on the first broadcast message feedback in alliance's block chain, second broadcast message is second service node broadcast message transmitted after verifying user identifier registered on it, includes the second block chain mark and the first encryption data of second service node in the second broadcast message;First encryption data is sent to user node, so that user node is decrypted from the first encryption data based on user key obtains validating documents;The validating documents that user node is sent are received, and are based on validating documents, are provided services to the user.The present invention improves the safety and efficiency of authentication.
Description
Technical field
The present embodiments relate to block chain technical field more particularly to a kind of authentication sides based on alliance's block chain
Method, equipment and storage medium.
Background technique
There are many Internet Service Providers (Internet Service Provider, abbreviation on the internet
ISP)/Web content service provider (Internet Content Provider, abbreviation ICP), each user are enjoying ISP/ICP
It must be registered on the ISP/ICP before the service of offer, for example currently everyone generally has wechat, Alipay etc. each
Kind of APP, and if each APP is registered, and if the account registered on different APP as password, is easy to
Library attack is hit, the safety of account is lower, and if the account registered on different APP, password are different, and hold very much
Easily pass into silence, give for change again account, password it is cumbersome.
Summary of the invention
The embodiment of the present invention provides a kind of auth method based on alliance's block chain, equipment and storage medium, to
When improving user using Internet service, the efficiency and safety of authentication avoid user from remembering a large number of users name and password
Trouble, solve the problems, such as the username and password of the multiple Internet services of user it is consistent caused by be easy hit library attack.
In a first aspect, the embodiment of the present invention provides a kind of auth method based on alliance's block chain, this method comprises:
First service node in alliance's block chain receives the user identifier that user node is sent;The user identifier does not exist
It was registered on the first service node;The first service node broadcasts the first broadcast message in alliance's block chain,
First broadcast message includes the first block chain mark of the user identifier and the first service node;First clothes
Business node is received the second service node in alliance's block chain and is disappeared based on the second broadcast of the first broadcast message feedback
Breath, second broadcast message are that the second service node is transmitted after verifying the user identifier and registering on it
Broadcast message, it is described second broadcast message in include the second service node the second block chain mark and first encryption number
It is the second service node according to the corresponding user key of the registered user identifier according to, first encryption data,
Validating documents encryption is obtained using preset algorithm, includes the private key by the second service node in the validating documents
The user identifier of signature and the first block chain mark;The first service node sends first encryption data
To the user node, so that the user node is decrypted from first encryption data based on the user key obtains institute
State validating documents;The first service node receives the validating documents that the user node is sent, and is based on the verifying
Voucher provides services to the user.
In one embodiment, the first service node in alliance's block chain receives the user that user node is sent
Mark and user key, comprising:
First service node in alliance's block chain receives the user name that user node is sent to its IP address and user is close
Key.
In one embodiment, the user identifier and the first block chain mark in first broadcast message
By the private key signature process of the first service node.
In one embodiment, the first service node receives the validating documents that the user node is sent,
And the validating documents are based on, it provides services to the user, comprising:
The first service node receives the validating documents that the user node is sent, and is based on the second service
The second block chain mark of node obtains the public key of the second service node from the account book of alliance's block chain;Based on institute
The public key for stating second service node verifies the signature in the validating documents, if being verified, provides a user clothes
Business.
Second aspect, the embodiment of the present invention provide a kind of service node, and the service node is suitable for a kind of alliance's block
Chain, the service node include:
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as being executed by the processor following
Operation:
Receive the user identifier that user node is sent;The user identifier registered not on the service node;Institute
The first broadcast message of broadcast in alliance's block chain is stated, first broadcast message includes the user identifier and the service node
The first block chain mark;The second service node in alliance's block chain is received based on the first broadcast message feedback
Second broadcast message, second broadcast message are that the second service node registered on it in the verifying user identifier
Broadcast message transmitted later, include in second broadcast message second service node the second block chain mark and
First encryption data, first encryption data are that the second service node is corresponding according to the registered user identifier
User key obtains validating documents encryption using preset algorithm, includes passing through the second service in the validating documents
The user identifier of the private key signature of node and the first block chain mark;First encryption data is sent to described
User node, so that the user node is decrypted from first encryption data based on the user key obtains the verifying
Voucher;The validating documents that the user node is sent are received, and are based on the validating documents, are provided services to the user.
In one embodiment, the processor is executing the user identifier and user key for receiving user node transmission
Operation when, be used for: receiving the user name that sends to its IP address of user node and user key.
In one embodiment, the user identifier and the first block chain mark in first broadcast message
By the private key signature process of the first service node.
In one embodiment, the processor is executing the validating documents for receiving the user node and sending,
And the validating documents are based on, when the operation provided services to the user, it is used for:
Receive the validating documents that the user node is sent, and the second block chain based on the second service node
Mark obtains the public key of the second service node from the account book of alliance's block chain;Based on the second service node
Public key verifies the signature in the validating documents, if being verified, provides services to the user.
The third aspect, the embodiment of the present invention provide a kind of alliance's block chain, which includes above-mentioned second aspect
The service node.
Fourth aspect, the embodiment of the present invention provide a kind of computer readable storage medium, are stored thereon with computer program,
The computer program is executed by processor to realize method described in first aspect.
Provided in an embodiment of the present invention in the auth method of alliance's block chain, equipment and storage medium, alliance
First service node in block chain receives the user identifier that user node is sent, and the first broadcast of broadcast in alliance's block chain
Message includes the first block chain mark of the user identifier and first service node in the first broadcast message;Second service node
After receiving the first broadcast message, whether the user identifier carried in the first broadcast message of detection registered on it, if registration
The second broadcast message that then feedback includes the second block chain mark of the first encryption data and second service node is crossed, wherein first
Encryption data is second service node according to the corresponding user key of the registered user identifier, using preset algorithm to verifying
What credentials encryption obtained, validating documents include the user identifier and the first block chain mark by the private key signature of second service node
Know, first service node is sent to user node after receiving the second broadcast message, by the first encryption data, so that user saves
Decryption obtains validating documents o'clock from the first encryption data, and validating documents are sent to first service node, first service section
Point provides service according to validating documents for user.Technical solution based on the embodiment of the present invention, as long as user is in area, alliance
User name and user key are had registered on any service node on block chain, so that it may log in connection using the user name and user key
Other service nodes on alliance's block chain, and the service of the service node is enjoyed, a large number of users name is remembered so as to avoid user
With the trouble of key, the convenience of authentication is improved, also, due to not needing in the verification process of the embodiment of the present invention
The participation of random number, therefore, safety problem and user node caused by avoidable random number is intercepted get random
The problem of number asynchronous with the random number that service node is issued caused authentication error.
Detailed description of the invention
Fig. 1 is a kind of schematic diagram of communication system provided in an embodiment of the present invention;
Fig. 2 is a kind of flow chart of the auth method based on alliance's block chain provided in an embodiment of the present invention;
Fig. 3 is a kind of execution method flow diagram of step 205 provided in an embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram of service node provided in an embodiment of the present invention.
Through the above attached drawings, it has been shown that the specific embodiment of the disclosure will be hereinafter described in more detail.These attached drawings
It is not intended to limit the scope of this disclosure concept by any means with verbal description, but is by referring to specific embodiments
Those skilled in the art illustrate the concept of the disclosure.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all implementations consistent with this disclosure.On the contrary, they be only with it is such as appended
The example of the consistent device and method of some aspects be described in detail in claims, the disclosure.
Auth method provided in an embodiment of the present invention based on alliance's block chain, it is intended to solve in the prior art if
The account that user registers in different application programs (APP) is as password, it is easy to be hit library attack, the safety of account
It is lower, and if the account registered on different APP, password are different, and be easy to pass into silence, give account, close for change again
The cumbersome technical problem of code, particularly, the embodiment of the present invention also focuses on the basis of solving above-mentioned technical problem
Improve the efficiency and safety of authentication.This method can be adapted for communication system shown in FIG. 1.As shown in Figure 1, the communication
System includes: first service node 11, second service node 12, user node 13, third service node 14, the 4th service node
15 and the 5th service node 16, wherein first service node 11, second service node 12, user node 13, third service
Node 14, the 4th service node 15 and the 5th service node 16 belong to same alliance's block chain.Wherein, second service node
12, third service node 14, the 4th service node 15 and the 5th service node 16 can provide different services for user,
For example, second service node 12, third service node 14, the 4th service node 15 and the 5th service node 16 can be with
It is respectively configured to provide " pushing away spy " service, " facebook " service, " wechat " service and " Alipay " service, it is only for examples to say certainly
Bright rather than unique restriction.In addition, only schematically illustrate herein, structure and the area, alliance of alliance's block chain are not limited
The node number of block chain.
How technical solution of the present invention and technical solution of the present invention are solved with specifically embodiment below above-mentioned
Technical problem is described in detail.These specific embodiments can be combined with each other below, for the same or similar concept
Or process may repeat no more in certain embodiments.Below in conjunction with attached drawing, the embodiment of the present invention is described.
Fig. 2 is a kind of flow chart of the auth method based on alliance's block chain provided in an embodiment of the present invention.The party
Method is suitable for a kind of alliance's block chain, and the structure of alliance's block chain is referred to Fig. 1, and specific step is as follows for this method:
First service node in step 201, alliance's block chain receives the user identifier that user node is sent;The user
Mark registered not on the first service node.
Step 202, the first service node broadcast the first broadcast message in alliance's block chain, and described first is wide
Broadcast the first block chain mark that message includes the user identifier and the first service node.
Step 203, the first service node receive the second service node in alliance's block chain and are based on described the
Second broadcast message of one broadcast message feedback, second broadcast message are that the second service node is verifying the user
Mark registered broadcast message transmitted later on it, included the second service node in second broadcast message
Second block chain mark and the first encryption data.
Wherein, first encryption data is that the second service node is corresponding according to the registered user identifier
User key obtains validating documents encryption using preset algorithm, includes passing through the second service in the validating documents
The user identifier of the private key signature of node and the first block chain mark.
First encryption data is sent to the user node by step 204, the first service node, so that described
User node is decrypted from first encryption data based on the user key and obtains the validating documents.
Step 205, the first service node receive the validating documents that the user node is sent, and based on described
Validating documents provide services to the user.
By taking Fig. 1 as an example, second service node 12, third service node 14, the 4th service node 15, Yi Ji in Fig. 1
The building of five service nodes 16 forms alliance's block chain, and provides authentication service for other service nodes or user node.It should
Preserved in the wound generation block of alliance's block chain second service node 12, third service node 14, the 4th service node 15 and
The information such as the block chain mark of the 5th service node 16, public key, IP address, second service node 12, third service node 14,
Four service nodes 15 and the 5th service node 16 carry out alliance's block chain collectively as the original node of this alliance block chain
Management, includes whether that some service node is allowed to access this alliance block chain etc..
User by the mode under block chain chain carries out the registration of user name and key or in alliance's block chain
It was registered on some service node, in this example, it is assumed that user registered on second service node 12, but not in the first clothes
It is engaged in registering on node 11.
Exemplary, in the present embodiment, the node in alliance's block chain states the block chain of itself in alliance's block chain
Mark, for example, second service node 12 needs to state the area of itself in alliance's block chain after accessing alliance's block chain
Block chain mark, which is published to alliance's block chain using the mode of broadcast message and private key signature, and is recorded in alliance's block
In the account book of chain.
When user node 13 requests the service of the first service node 11 in alliance's block chain, first by user's input
User identifier or even user key are sent to first service node 11.Specifically, user node 13 to first in the present embodiment
Service node 11 is sent there are many modes of data, for example in a kind of possible mode, user node 13 can be marked user
Knowledge or user identifier and user key carry in broadcast message, are sent to after which is used its private key signature
In alliance's block chain;Or in alternatively possible mode, user node 13 can also be according to the area of first service node 11
Block chain mark (can be inputted and be obtained by user) obtains the IP address of first service node 11 from the account book of alliance's block chain, and
According to the IP address, the user identifier of user's input or user identifier and user key are sent to first service node 11.
First service node 11 is after the user identifier for receiving the transmission of user node 13, certainly with it by the user identifier
The first block chain mark of body carries in the first broadcast message, and the first broadcast message uses the private key label of first service node 11
It is broadcast in alliance's block chain after name.
Second service node 12 is wide to first according to the public key of first service node 11 after receiving the first broadcast message
The signature broadcast in message is verified, if being verified, whether the user identifier carried in the first broadcast message of detection is at it
It is upper to register, if registering, the first block chain of the user identifier and first service node is identified using the private key of itself
It carries out signature and is verified voucher, then, searched according to the user identifier and obtain the corresponding user key of the user identifier, according to
The user key encrypts validating documents using preset algorithm, obtains the first encryption data, and second service node 12 uses
After the private key of itself signs to the first encryption data, the second block chain of signed data and second service node mark is taken
Band is broadcast on alliance's block chain in the second broadcast message.
First service node 11 is wide to second using the public key of second service node 12 after receiving the second broadcast message
The signature broadcast in message is verified, if being verified, the first encryption data is broadcast on alliance's block chain, or by
One encryption data is sent in the IP address of user node 13.
User node 13 is after receiving the first encryption data, according to the user key of user's input to the first encryption data
It is decrypted, and the validating documents that decryption obtains is sent to first service node 11.
After first service node 11 receives validating documents, provided services to the user based on the validating documents.
What needs to be explained here is that although in the above-described embodiments, the interactive process with second service node is by first
What service node was completed, but be not excluded in other embodiments, which can also be completed by user node, process
It is similar, it repeats no more herein.
In this example, the user identifier that the first service node reception user node in alliance's block chain is sent, and
Broadcast first broadcasts the message in alliance's block chain, includes the first of the user identifier and first service node in the first broadcast message
Block chain mark;After second service node receives the first broadcast message, the user identifier carried in the first broadcast message is detected
Whether registered on it, feedback included the second block chain mark of the first encryption data and second service node if registering
Second broadcast message, wherein the first encryption data is second service node according to the corresponding user of the registered user identifier
Key obtains validating documents encryption using preset algorithm, and validating documents include the private key signature by second service node
User identifier and the first block chain mark, first service node is after receiving the second broadcast message, by the first encryption data
It is sent to user node, so that user node is decrypted from the first encryption data obtains validating documents, and validating documents are sent
First service node is given, first service node provides service according to validating documents for user.Based on technology provided in this embodiment
Scheme, as long as user has registered user name and user key on any service node on alliance's block chain, so that it may which using should
User name and user key log in other service nodes on alliance's block chain, and enjoy the service of the service node, to keep away
Exempt from the trouble that user remembers a large number of users name and key, improves the convenience of authentication, also, due in the present embodiment
Verification process in do not need the participation of random number, therefore, can avoid random number and be intercepted caused safety problem, Yi Jiyong
The random number that family node is got it is asynchronous with the random number that service node is issued caused by authentication error the problem of.
Fig. 3 is a kind of execution method flow diagram of step 205 provided in an embodiment of the present invention, as shown in figure 3, in Fig. 2 reality
On the basis of applying example, this method comprises:
Step 301, the first service node receive the validating documents that the user node is sent, and based on described
The second block chain mark of second service node obtains the public affairs of the second service node from the account book of alliance's block chain
Key.
Step 302, the public key based on the second service node verify the signature in the validating documents, if testing
Card passes through, then provides services to the user.
The present embodiment can prevent validating documents to be forged, raising is tested by verifying to the private key in validating documents
The safety and reliability of card.
Fig. 4 is a kind of structural schematic diagram of service node provided in an embodiment of the present invention, which is suitable for one kind
Alliance's block chain, service node provided in an embodiment of the present invention can execute the above-mentioned auth method based on alliance's block chain
Execution embodiment of the method process flow.As shown in figure 4, service node 40 includes: memory 41, processor 42, computer
Program and communication interface 43;Wherein, the computer program stores in the memory, and is configured as being held by processor 42
The following operation of row:
Receive the user identifier that user node is sent;The user identifier registered not on the service node;Institute
The first broadcast message of broadcast in alliance's block chain is stated, first broadcast message includes the user identifier and the service node
The first block chain mark;The second service node in alliance's block chain is received based on the first broadcast message feedback
Second broadcast message, second broadcast message are that the second service node registered on it in the verifying user identifier
Broadcast message transmitted later, include in second broadcast message second service node the second block chain mark and
First encryption data, first encryption data are that the second service node is corresponding according to the registered user identifier
User key obtains validating documents encryption using preset algorithm, includes passing through the second service in the validating documents
The user identifier of the private key signature of node and the first block chain mark;First encryption data is sent to described
User node, so that the user node is decrypted from first encryption data based on the user key obtains the verifying
Voucher;The validating documents that the user node is sent are received, and are based on the validating documents, are provided services to the user.
In one embodiment, the processor is executing the user identifier and user key for receiving user node transmission
Operation when, be used for: receiving the user name that sends to its IP address of user node and user key.
In one embodiment, the user identifier and the first block chain mark in first broadcast message
By the private key signature process of the first service node.
In one embodiment, the processor is executing the validating documents for receiving the user node and sending,
And the validating documents are based on, when the operation provided services to the user, it is used for:
Receive the validating documents that the user node is sent, and the second block chain based on the second service node
Mark obtains the public key of the second service node from the account book of alliance's block chain;Based on the second service node
Public key verifies the signature in the validating documents, if being verified, provides services to the user.
The service node of embodiment illustrated in fig. 4 can be used for executing the technical solution of above method embodiment, realization principle
Similar with technical effect, details are not described herein again.
The embodiment of the present invention also provides a kind of alliance's block chain, which includes as described in above-mentioned Fig. 4 embodiment
Service node.
In addition, the embodiment of the present invention also provides a kind of computer readable storage medium, it is stored thereon with computer program, institute
Computer program is stated to be executed by processor to realize the auth method based on alliance's block chain described in above-described embodiment
Execution method.
In several embodiments provided by the present invention, it should be understood that disclosed device and method can pass through it
Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, only
Only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can be tied
Another system is closed or is desirably integrated into, or some features can be ignored or not executed.Another point, it is shown or discussed
Mutual coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or logical of device or unit
Letter connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of hardware adds SFU software functional unit.
The above-mentioned integrated unit being realized in the form of SFU software functional unit can store and computer-readable deposit at one
In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a computer
It is each that equipment (can be personal computer, server or the network equipment etc.) or processor (processor) execute the present invention
The part steps of embodiment the method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (Read-
Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. it is various
It can store the medium of program code.
Those skilled in the art can be understood that, for convenience and simplicity of description, only with above-mentioned each functional module
Division progress for example, in practical application, can according to need and above-mentioned function distribution is complete by different functional modules
At the internal structure of device being divided into different functional modules, to complete all or part of the functions described above.On
The specific work process for stating the device of description, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent
Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to
So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into
Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution
The range of scheme.
Claims (10)
1. a kind of auth method based on alliance's block chain, which is characterized in that the described method includes:
First service node in alliance's block chain receives the user identifier that user node is sent;The user identifier is not described
It was registered on first service node;
The first service node broadcasts the first broadcast message in alliance's block chain, and first broadcast message includes institute
State the first block chain mark of user identifier and the first service node;
The first service node receives the second service node in alliance's block chain and is based on first broadcast message instead
Second broadcast message of feedback, second broadcast message are that the second service node is infused on it in the verifying user identifier
Volume crosses broadcast message transmitted later, includes the second block chain mark of the second service node in second broadcast message
Knowledge and the first encryption data, first encryption data is the second service node according to the registered user identifier pair
The user key answered obtains validating documents encryption using preset algorithm, includes passing through described second in the validating documents
The user identifier of the private key signature of service node and the first block chain mark;
First encryption data is sent to the user node by the first service node, so that the user node is based on
The user key is decrypted from first encryption data and obtains the validating documents;
The first service node receives the validating documents that the user node is sent, and is based on the validating documents, to
User provides service.
2. the method according to claim 1, wherein the first service node in alliance's block chain is received and is used
The user identifier and user key that family node is sent, comprising:
First service node in alliance's block chain receives the user name and user key that user node is sent to its IP address.
3. the method according to claim 1, wherein the user identifier and institute in first broadcast message
The first block chain mark is stated by the private key signature process of the first service node.
4. being sent the method according to claim 1, wherein the first service node receives the user node
The validating documents, and be based on the validating documents, provide services to the user, comprising:
The first service node receives the validating documents that the user node is sent, and is based on the second service node
The second block chain mark the public key of the second service node is obtained from the account book of alliance's block chain;
Public key based on the second service node verifies the signature in the validating documents, if being verified, to
User provides service.
5. a kind of service node, the service node is suitable for a kind of alliance's block chain, which is characterized in that the service node packet
It includes:
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as executing following operation by the processor:
Receive the user identifier that user node is sent;The user identifier registered not on the service node;
The first broadcast message of broadcast in alliance's block chain, first broadcast message includes the user identifier and described
First block chain of service node identifies;
Second broadcast message of the second service node based on the first broadcast message feedback in alliance's block chain is received,
Second broadcast message is that the second service node is transmitted after verifying the user identifier and registering on it
It broadcasts the message, the second block chain mark and first in second broadcast message including the second service node encrypts number
It is the second service node according to the corresponding user key of the registered user identifier according to, first encryption data,
Validating documents encryption is obtained using preset algorithm, includes the private key by the second service node in the validating documents
The user identifier of signature and the first block chain mark;
First encryption data is sent to the user node, so that the user node is based on the user key from institute
It states decryption in the first encryption data and obtains the validating documents;
The validating documents that the user node is sent are received, and are based on the validating documents, are provided services to the user.
6. service node according to claim 5, which is characterized in that the processor is executing reception user node transmission
User identifier and user key operation when, be used for:
Receive the user name and user key that user node is sent to its IP address.
7. service node according to claim 5, which is characterized in that the user identifier in first broadcast message
The private key signature process by the first service node is identified with the first block chain.
8. service node according to claim 5, which is characterized in that the processor is executing the reception user node
The validating documents sent, and the validating documents are based on, when the operation provided services to the user, it is used for:
Receive the validating documents that the user node is sent, and the mark of the second block chain based on the second service node
The public key of the second service node is obtained from the account book of alliance's block chain;
Public key based on the second service node verifies the signature in the validating documents, if being verified, to
User provides service.
9. a kind of alliance's block chain, which is characterized in that including the service node as described in any one of claim 5-8.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
Such as method of any of claims 1-4 is realized when being executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910466906.5A CN110166255A (en) | 2019-05-30 | 2019-05-30 | Auth method, equipment and storage medium based on alliance's block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910466906.5A CN110166255A (en) | 2019-05-30 | 2019-05-30 | Auth method, equipment and storage medium based on alliance's block chain |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110166255A true CN110166255A (en) | 2019-08-23 |
Family
ID=67630330
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910466906.5A Pending CN110166255A (en) | 2019-05-30 | 2019-05-30 | Auth method, equipment and storage medium based on alliance's block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110166255A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110544101A (en) * | 2019-09-10 | 2019-12-06 | 苏州阿尔山数字科技有限公司 | SM 9-based alliance chain identity authentication method |
CN111465001A (en) * | 2020-04-01 | 2020-07-28 | 中国联合网络通信集团有限公司 | Registration method and device |
CN111565186A (en) * | 2020-04-29 | 2020-08-21 | 中国联合网络通信集团有限公司 | Message publishing method and device |
CN111625606A (en) * | 2020-06-24 | 2020-09-04 | 卓尔智联(武汉)研究院有限公司 | Alliance link data processing method and device and electronic equipment |
CN112153624A (en) * | 2020-10-14 | 2020-12-29 | 中国联合网络通信集团有限公司 | Roaming method and device |
WO2022068240A1 (en) * | 2020-09-29 | 2022-04-07 | 平安科技(深圳)有限公司 | Data processing method, node device, and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070289006A1 (en) * | 2001-03-22 | 2007-12-13 | Novell, Inc. | Cross domain authentication and security services using proxies for http access |
CN101478396A (en) * | 2008-12-04 | 2009-07-08 | 黄希 | Uni-directional cross-domain identity verification based on low correlation of private cipher key and application thereof |
CN106357644A (en) * | 2016-09-21 | 2017-01-25 | 江苏通付盾科技有限公司 | Method, system and server for authenticating identities on basis of block chain networks |
CN108768663A (en) * | 2018-05-31 | 2018-11-06 | 中国地质大学(武汉) | A kind of block chain access control method and its processing system |
-
2019
- 2019-05-30 CN CN201910466906.5A patent/CN110166255A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070289006A1 (en) * | 2001-03-22 | 2007-12-13 | Novell, Inc. | Cross domain authentication and security services using proxies for http access |
CN101478396A (en) * | 2008-12-04 | 2009-07-08 | 黄希 | Uni-directional cross-domain identity verification based on low correlation of private cipher key and application thereof |
CN106357644A (en) * | 2016-09-21 | 2017-01-25 | 江苏通付盾科技有限公司 | Method, system and server for authenticating identities on basis of block chain networks |
CN108768663A (en) * | 2018-05-31 | 2018-11-06 | 中国地质大学(武汉) | A kind of block chain access control method and its processing system |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110544101A (en) * | 2019-09-10 | 2019-12-06 | 苏州阿尔山数字科技有限公司 | SM 9-based alliance chain identity authentication method |
CN111465001A (en) * | 2020-04-01 | 2020-07-28 | 中国联合网络通信集团有限公司 | Registration method and device |
CN111465001B (en) * | 2020-04-01 | 2023-05-02 | 中国联合网络通信集团有限公司 | Registration method and device |
CN111565186A (en) * | 2020-04-29 | 2020-08-21 | 中国联合网络通信集团有限公司 | Message publishing method and device |
CN111565186B (en) * | 2020-04-29 | 2022-04-29 | 中国联合网络通信集团有限公司 | Message publishing method and device |
CN111625606A (en) * | 2020-06-24 | 2020-09-04 | 卓尔智联(武汉)研究院有限公司 | Alliance link data processing method and device and electronic equipment |
CN111625606B (en) * | 2020-06-24 | 2021-06-25 | 卓尔智联(武汉)研究院有限公司 | Alliance link data processing method and device and electronic equipment |
WO2022068240A1 (en) * | 2020-09-29 | 2022-04-07 | 平安科技(深圳)有限公司 | Data processing method, node device, and storage medium |
CN112153624A (en) * | 2020-10-14 | 2020-12-29 | 中国联合网络通信集团有限公司 | Roaming method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110166255A (en) | Auth method, equipment and storage medium based on alliance's block chain | |
CN110213046A (en) | Auth method, equipment and storage medium based on alliance's block chain | |
Chen et al. | Oauth demystified for mobile application developers | |
CN105119722B (en) | A kind of auth method, equipment and system | |
CN104199654B (en) | The call method and device of open platform | |
CN104869102B (en) | Authorization method, device and system based on xAuth agreement | |
CN105262748B (en) | Identity authentication method and system are carried out to user terminal in wide area network | |
CN110213264A (en) | Auth method, equipment and storage medium based on alliance's block chain | |
CN104199657B (en) | The call method and device of open platform | |
CN109618341A (en) | A kind of digital signature authentication method, system, device and storage medium | |
CN110198316A (en) | Auth method, equipment and storage medium based on alliance's block chain | |
CN110225017A (en) | Auth method, equipment and storage medium based on alliance's block chain | |
CN107493291A (en) | A kind of identity identifying method and device based on safety element SE | |
CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
Alhaidary et al. | Vulnerability analysis for the authentication protocols in trusted computing platforms and a proposed enhancement of the offpad protocol | |
Gkaniatsou et al. | Low-level attacks in bitcoin wallets | |
CN116112187B (en) | Remote proving method, device, equipment and readable storage medium | |
CN110138558A (en) | Transmission method, equipment and the computer readable storage medium of session key | |
CN103051598A (en) | Method, user equipment and packet access gateway for secure access to Internet services | |
CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
CN110213047A (en) | Transmission method, equipment and the computer readable storage medium of session key | |
CN110176994A (en) | Session cipher key distributing method, equipment and storage medium based on alliance's block chain | |
Aiash | A formal analysis of authentication protocols for mobile devices in next generation networks | |
Reimair et al. | MoCrySIL-Carry your Cryptographic keys in your pocket | |
Huang et al. | Mutual authentications to parties with QR-code applications in mobile systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190823 |
|
WD01 | Invention patent application deemed withdrawn after publication |