CN111210224A - Access control method and device in block chain network - Google Patents
Access control method and device in block chain network Download PDFInfo
- Publication number
- CN111210224A CN111210224A CN201911336560.3A CN201911336560A CN111210224A CN 111210224 A CN111210224 A CN 111210224A CN 201911336560 A CN201911336560 A CN 201911336560A CN 111210224 A CN111210224 A CN 111210224A
- Authority
- CN
- China
- Prior art keywords
- user
- evidence
- data
- public
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
- G06Q20/06—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
- G06Q20/065—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
Abstract
The present document relates to a method and system for access control in a blockchain network, the method comprising: acquiring identity authentication request information of a user, wherein the identity authentication request comprises indication information of privacy evidence of the user; determining to-be-verified public evidence corresponding to the indication information of the privacy evidence; judging whether the public evidence to be verified is consistent with the public evidence of the user to obtain a judgment result, wherein the public evidence is used for proving that the user has the public information of the private key of the user; and if the judgment result is that the public evidence to be verified is consistent with the public evidence of the user, sending the information that the identity authentication of the user passes.
Description
Technical Field
The present disclosure relates to the field of information processing, and in particular, to a method and an apparatus for access control in a blockchain network.
Background
In cryptocurrency, once the private key of the user is lost, the cryptocurrency in the address account is lost, and to solve this problem, Bitcoin proposes a mnemonic method in BIP39(Bitcoin Improvement offers). 12, 15, 18, 21 or 24 words may be generated using the BIP39 algorithm, which are referred to as mnemonics because they are easy for humans to remember. When the user key is lost, the original sequence of the mnemonic words is restored to realize the key restoration function.
In practical application, the mnemonics are randomly generated by the system and are not defined by the user, so that the user needs to spend time to memorize the sequence of the mnemonics, and the sequence of the mnemonics is easy to forget, thereby influencing the success rate of the key recovery operation.
Disclosure of Invention
To overcome any technical problems in the related art, a method and an apparatus for access control in a blockchain network are provided.
In one aspect of this document, a method for access control in a blockchain network is provided, including:
acquiring identity authentication request information of a user, wherein the identity authentication request comprises indication information of privacy evidence of the user;
determining to-be-verified public evidence corresponding to the indication information of the privacy evidence;
judging whether the public evidence to be verified is consistent with the public evidence of the user to obtain a judgment result, wherein the public evidence is used for proving that the user has the public information of the private key of the user;
and if the judgment result is that the public evidence to be verified is consistent with the public evidence of the user, sending the information that the identity authentication of the user passes.
In an exemplary embodiment, after the sending the information that the identity of the user passes the authentication, the method further includes:
and receiving new address information sent by the user and storing the address information.
In an exemplary embodiment, the determining the public evidence to be verified corresponding to the indication information of the private evidence includes:
acquiring an evidence conversion strategy corresponding to the user, wherein the evidence conversion strategy is used for converting the indication information of the received privacy evidence into a public evidence;
and converting the indication information of the received privacy evidence into the to-be-verified public evidence by using the evidence conversion strategy.
There is provided an access control device in a blockchain network, comprising:
the system comprises an acquisition module, a verification module and a verification module, wherein the acquisition module is used for acquiring identity verification request information of a user, and the identity verification request comprises indication information of privacy evidence of the user;
the first determining module is used for determining the to-be-verified public evidence corresponding to the indication information of the privacy evidence;
the judging module is used for judging whether the public evidence to be verified is consistent with the public evidence of the user to obtain a judging result, wherein the public evidence is used for proving that the user has the public information of the private key of the user;
and the control module is used for sending the information that the identity authentication of the user passes if the judgment result is that the public evidence to be verified is consistent with the public evidence of the user.
In one exemplary embodiment, the apparatus further comprises:
and the management module is used for receiving the new address information sent by the user and storing the address information after the information that the identity authentication of the user passes is sent.
In one exemplary embodiment, the first determining module includes:
the first obtaining unit is used for obtaining an evidence conversion strategy corresponding to the user, wherein the evidence conversion strategy is used for converting the indication information of the received privacy evidence into a public evidence;
and the conversion unit is used for converting the indication information of the received privacy evidence into the to-be-verified public evidence by using the evidence conversion strategy.
A computer-readable storage medium having stored thereon a computer program which, when executed, implements the steps of the method of any one of the above.
A computer device comprising a processor, a memory and a computer program stored on the memory, the processor, when executing the computer program, implementing the steps of the method of any one of the preceding.
In another aspect of this document, there is provided a method of access control in a blockchain network, comprising:
after detecting that the private key is lost, sending an identity authentication request to other nodes in the block chain network, wherein the identity authentication request comprises indication information of privacy evidence of a user;
and after the result of receiving the identity authentication request fed back by the other nodes is that the identity authentication is passed, triggering the reset operation of the secret key to obtain the new public key and the new private key of the user.
In an exemplary embodiment, after the triggering the reset operation of the key and obtaining the new public key and private key of the user, the method further includes:
determining new address information of the user according to the new public key of the user;
and sending the new address information to the other nodes.
In an exemplary embodiment, the determining new address information of the user according to the new public key of the user includes:
acquiring new public evidence of the user;
taking a new public key and a new public evidence corresponding to the user as calculation data, and calculating the calculation data by using a preset Hash calculation strategy to obtain first data;
calculating the first data by using a preset integrity checking strategy to obtain second data;
calculating the first data by using a preset first hash processing strategy to obtain third data, processing the third data by using a preset second hash processing strategy to obtain fourth data, and selecting n bytes from the fourth data as a check code, wherein n is an integer greater than or equal to 1;
forming fifth data according to the second data, the check code and the pre-acquired version information, wherein the fifth data is used as data required by address calculation;
and processing the fifth data by using a preset code conversion strategy to obtain address information.
An access control device in a blockchain network, comprising:
the system comprises a first sending module, a second sending module and a third sending module, wherein the first sending module is used for sending an identity authentication request to other nodes in a block chain network after detecting that a private key is lost, and the identity authentication request comprises indication information of privacy evidence of a user;
and the triggering module is used for triggering the resetting operation of the secret key after the result of receiving the identity authentication request fed back by the other nodes is that the identity authentication is passed, so as to obtain the new public key and the new private key of the user.
In one exemplary embodiment, the apparatus further comprises:
the second determining module is used for determining new address information of the user according to the new public key of the user after obtaining the new public key and the new private key of the user;
and the second sending module is used for sending the new address information to the other nodes.
In one exemplary embodiment, the second determining module includes:
the acquisition unit is used for acquiring new public evidence of the user;
the first computing unit is used for computing the computing data by using a preset Hash computing strategy by taking a new public key and a new public evidence corresponding to the user as the computing data to obtain first data;
the second calculation unit is used for calculating the first data by using a preset integrity check strategy to obtain second data;
the third calculation unit is used for calculating the first data by using a preset first hash processing strategy to obtain third data, processing the third data by using a preset second hash processing strategy to obtain fourth data, and selecting n bytes from the fourth data as a check code, wherein n is an integer greater than or equal to 1;
the combination unit is used for forming fifth data according to the second data, the check code and the version information acquired in advance, and the fifth data is used as data required by address calculation;
and the processing unit is used for processing the fifth data by using a preset code conversion strategy to obtain address information.
A computer-readable storage medium having stored thereon a computer program which, when executed, implements the steps of the method of any one of the above.
A computer device comprising a processor, a memory and a computer program stored on the memory, the processor, when executing the computer program, implementing the steps of the method of any one of the preceding.
In the case of the solution illustrated herein,
it is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, are included to provide a further understanding of the disclosure, and are incorporated in and constitute a part of this specification. In the drawings:
fig. 1 is a flow diagram illustrating a method of access control in a blockchain network in accordance with an exemplary embodiment.
Fig. 2 is a flow chart illustrating another method of access control in a blockchain network in accordance with an example embodiment.
Fig. 3 is a schematic diagram illustrating a method of generating an address according to an example embodiment.
Fig. 4 is a block diagram illustrating an access control device in a blockchain network according to an example embodiment.
Fig. 5 is a block diagram illustrating another access control device in a blockchain network in accordance with an example embodiment.
FIG. 6 is a block diagram illustrating a computer device according to an example embodiment.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the drawings of the embodiments of the present invention, and it is obvious that the described embodiments are some but not all of the embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments herein without making any creative effort, shall fall within the scope of protection. It should be noted that the embodiments and features of the embodiments may be arbitrarily combined with each other without conflict.
The core problem to be solved is how to prove that the user is me after the private key of the user is lost, and the digital assets are transferred to the updated address account, and meanwhile, the method can also solve the problem of updating the key pair when the private key of the user is leaked.
The keys are presented in pairs, consisting of a private key and a public key. Where the public key is like the bank's account number and the private key is like the password controlling the account number or the check's signature. In the blockchain system, possession of the private key has ownership and control of the account.
In order to solve the problem that a private key of a user is lost, a private evidence and a public evidence are introduced, when the private key of the user is lost, the user can be proved to have the lost private key through the private evidence known by the user and the public evidence obtained by each node of a block chain network, and therefore digital assets in the address of the lost private key are transferred to a new address.
Fig. 1 is a flow diagram illustrating a method of access control in a blockchain network in accordance with an exemplary embodiment. The method shown in fig. 1 comprises:
in an exemplary embodiment, the indication information of the privacy evidence may be the privacy evidence or a value calculated on the privacy evidence according to a preset calculation policy.
After the private key is lost, compared with the difficulty of proving the identity by the user in the related art, the method exemplarily provided herein triggers the identity verification request by means of the privacy evidence of the user, and completes the identity authentication of the user.
in an exemplary embodiment, the determined manner may be accomplished by calculation of public evidence via a third party platform; for example, after receiving the indication information of the privacy evidence, the indication information of the privacy evidence is sent to a third-party platform, and a calculation result of the third-party platform on the indication information of the privacy evidence is received to obtain the corresponding public evidence to be verified.
In an exemplary embodiment, the method can also be obtained by:
acquiring an evidence conversion strategy corresponding to the user, wherein the evidence conversion strategy is used for converting the indication information of the received privacy evidence into a public evidence;
and converting the indication information of the received privacy evidence into the to-be-verified public evidence by using the evidence conversion strategy.
The evidence conversion policy may be obtained from the user in advance, or may be obtained from a third-party platform request, and the node receiving the authentication request completes the calculation operation.
103, judging whether the public evidence to be verified is consistent with the public evidence of the user to obtain a judgment result, wherein the public evidence is used for proving that the user has the public information of the private key of the user;
and comparing whether the public evidences are consistent or not to serve as a standard for whether the identity authentication is passed or not.
And step 104, if the judgment result is that the public evidence to be verified is consistent with the public evidence of the user, sending the information that the identity authentication of the user passes.
And when the public evidence to be verified is consistent with the public evidence of the user, the claimed identity of the user is real, and the data interaction operation with the user can be continued.
In an exemplary embodiment, after the sending the information that the identity of the user passes the authentication, the method further includes:
and receiving new address information sent by the user and storing the address information.
By receiving the new address information, the transaction is reestablished with the user who has completed the rekeying, ensuring the security of the transaction.
In the method provided by the exemplary embodiment of the present disclosure, identity verification request information of a user is obtained, where the identity verification request includes indication information of a privacy evidence of the user, a public evidence to be verified corresponding to the indication information of the privacy evidence is determined, and it is then determined whether the public evidence to be verified is consistent with the public evidence of the user, so as to obtain a determination result, where the public evidence is used to prove that the user possesses the public information of a private key of the user, and if the determination result is that the public evidence to be verified is consistent with the public evidence of the user, information that the identity of the user passes authentication is sent, so as to achieve a purpose of verifying the identity of the user who loses the private key.
Fig. 2 is a flow chart illustrating another method of access control in a blockchain network in accordance with an example embodiment. The method of fig. 2, comprising:
in an exemplary embodiment, the indication information of the privacy evidence may be the privacy evidence or a value calculated on the privacy evidence according to a preset calculation policy.
After the private key is lost, compared with the difficulty of proving the identity by the user in the related art, the method exemplarily provided herein triggers the identity verification request by means of the privacy evidence of the user, and completes the identity authentication of the user.
And verifying the identity of the user through other nodes, and triggering the reset operation of the secret key when the identity authentication is completed and the authentication result is passed, so as to obtain a new secret key.
In an exemplary embodiment, after the triggering the reset operation of the key and obtaining the new public key and private key of the user, the method further includes:
determining new address information of the user according to the new public key of the user;
and sending the new address information to the other nodes.
In an exemplary embodiment, the determining new address information of the user according to the new public key of the user includes:
acquiring new public evidence of the user;
taking a new public key and a new public evidence corresponding to the user as calculation data, and calculating the calculation data by using a preset Hash calculation strategy to obtain first data;
calculating the first data by using a preset integrity checking strategy to obtain second data;
calculating the first data by using a preset first hash processing strategy to obtain third data, processing the third data by using a preset second hash processing strategy to obtain fourth data, and selecting n bytes from the fourth data as a check code, wherein n is an integer greater than or equal to 1;
forming fifth data according to the second data, the check code and the pre-acquired version information, wherein the fifth data is used as data required by address calculation;
and processing the fifth data by using a preset code conversion strategy to obtain address information.
In the method provided by the exemplary embodiment of the present disclosure, after detecting that the private key is lost, an identity authentication request is sent to other nodes in the blockchain network, where the identity authentication request includes indication information of privacy evidence of a user, and after receiving a result of receiving the identity authentication request fed back by the other nodes, that is, after the identity authentication passes, a reset operation on the secret key is triggered, so as to obtain a new public key and a new private key of the user, thereby achieving an objective of verifying the identity of the user who loses the private key.
The following is illustrated with respect to the methods provided herein by way of example, the methods comprising:
step A01, obtaining identity authentication request information of a user, wherein the identity authentication request comprises indication information of privacy evidence of the user;
in an exemplary embodiment, each user needs to generate a user private key K _ pri, a user public key K _ pub, a privacy evidence (private evidence) E _ pri, a public evidence (public evidence) E _ pub, and an address Add, where the user private key K _ pri and the privacy evidence E _ pri are secret information known only to the user, and the user public key K _ pub, the public evidence E _ pub, and the address are public. Wherein:
the user private key K _ pri is a randomly selected 256-bit number;
the public key is a point multiplication operation result corresponding to an elliptic curve cryptosystem, and consists of 2 numbers with 256 bits, and the public key can be directly expressed as the first 256 bits (namely, a horizontal axis value) through a mathematical association relation between the two values.
The privacy evidence is generally formed by freely composing secret information related to personal identity information (such as information of birthday, identification card number and the like) and a private key of the user or other information, so that the user cannot forget the privacy evidence easily, and the length of the privacy evidence changes along with the change of an algorithm; wherein, the indication information of the privacy evidence can be the privacy evidence Epri,1Or a value f (E) calculated from the privacy evidencepri,i);
Public evidence is public information that can be used to prove that it owns a user's private key;
the address is a data fingerprint generated by the user public key and the public evidence and is used for determining the wallet address of the user, wherein the address does not correspond to the user public key, and can also correspond to other payment objects, such as scripts and the like.
The information length is 256 because an elliptic curve encryption system is adopted, and in specific practical use, other encryption systems can be adopted, and the data length can also be determined according to the requirements of an encryption algorithm.
The following description will take the SHA256 algorithm as an example of the Hash function, and the Hash function may be used without being limited to the algorithm.
Fig. 3 is a schematic diagram illustrating a method of generating an address according to an example embodiment. As shown in fig. 3, the generation method includes:
1. calculating the calculation Data by using a Hash256 algorithm by taking a user public key and public evidence as calculation Data to obtain Data _ 1;
2. the Data _1 is processed as follows:
a. calculating the Data _1 by using a RIPEMD160 algorithm to obtain Data _ 2;
b. calculating the Data _1 by using a Hash256 algorithm to obtain Data _ 3; calculating the Data _3 by using a Hash256 algorithm to obtain Data _4, and selecting n bytes in the Data _4 as a check code, wherein n is an integer greater than or equal to 1, for example, selecting the first 4 bytes in the Data _4 as the check code;
3. taking the Data _2, the check code and the pre-acquired version information as Data required by address calculation;
4. and processing data required by address calculation by adopting Base58Check coding to obtain address information.
Step A02, determining the public evidence to be verified corresponding to the indication information of the privacy evidence;
user receives privacy evidence Epri,iOr a value f (E) calculated from the privacy evidencepri,i) Thereafter, equation E can be verifiedpri, iP=Epub,iOr f (E)pri,i)P=Epub,iIf the equation is established, where P represents a point on the elliptic curve in the elliptic curve-based public key encryption algorithm, if the equation is establishedThen "i am me" may be proven, otherwise "i am not me". However, the present invention is not limited to this public key encryption algorithm, and the rest of the public key encryption algorithms may also be verified in a similar manner.
Step A03, judging whether the public evidence to be verified is consistent with the public evidence of the user to obtain a judgment result, wherein the public evidence is used for proving that the user has the public information of the private key of the user;
and A04, if the judgment result is that the public evidence to be verified is consistent with the public evidence of the user, sending the information that the identity authentication of the user passes.
In an exemplary embodiment, by users U who are not trusted with each otheriForming a blockchain network U ═ U1,U2,…,UnWhere each user U in the blockchain network is distinguishedi(i ═ 1,2, … n) all possess five-membered information (K)pri,i,Kpub,i,Epri,i,Epub,i,Addi). If the user U1Key K ofpri,1Lost, on receipt of user U1Privacy evidence E ofpri,1Or a value f (E) calculated from the privacy evidencepri,i) Thereafter, the equation E is verified using the received informationpub,iIf yes, it is determined that the user is really U1Otherwise, the request is denied.
User receives privacy evidence Epri,iOr a value f (E) calculated from the privacy evidencepri,i) Thereafter, equation E can be verifiedpri, iP=Epub,iOr f (E)pri,i)P=Epub,iAnd whether the equation is established or not is P, wherein P represents a point on the elliptic curve based on the elliptic curve public key encryption algorithm, if the equation is established, the 'I is me', otherwise the 'I is not me'. Here, the present invention is not limited to such a public key encryption algorithm, and the rest of the public key encryption algorithms may be verified by a similar method.
After the private key of the user is lost, the authenticity of the identity declared by the user is proved, namely the problem of 'I am me', and the number assets in the account with the lost private key can be transferred to the address of a new account.
After proving "I am me", to transfer the digital assets in the lost key account to the new account address, at user U1Generating a new five-tuple information set, (K ') before sending evidence to the rest of the network nodes'pri,i,K′pub,i,E′pri,i,E′pub,i,Add′i) And the new address and the transaction information are also sent to the other network nodes while the evidence is sent.
The downward compatibility of the system is a very important problem, and the account created by the old version can be continuously operated on the new version without forced upgrading by the user, which brings great convenience to the user. Because of the specificity of the address, if downward compatibility cannot be realized, a great problem is brought to the existing address, and the later software cannot be iterated and upgraded.
Existing users have ternary information sets (K) in cryptocurrency systems or blockchain systemspri,KpubAdd) where KpriIs the user's private key, KpubIs the user public key and Add is the address calculated from the user public key. In order to realize the key resetting function, the user calculates the privacy evidence E of the user according to the identity information and the private key of the userpriAnd calculating a public evidence E according to the privacy evidence of the userpubAnd a new address Add and transferring the digital assets in the old address to the new address.
The privacy evidence can be freely composed of personal identity information (such as information of birthday, identification card number and the like), personal private key data or other information according to the own requirements of the user, so that the user cannot easily forget the privacy evidence.
After the user loses the private key, the ownership of the lost key address can be verified in a way that proves possession of the privacy evidence, and the user key can be reset.
The method provided by the example of the text provides privacy evidence EpriAnd public evidence EpubThe concept of (2) grouping the ternary information (K) of the userpri,KpubAdd) to the five-tuple information set (K)pri,Kpub,Epri,EpubAdd) fromAnd after the user loses the secret key, the effective transfer of the digital assets in the address account with the lost secret key can be realized by a method of resetting the secret key.
In addition, from KpubAnd EpubThe method for calculating the Add can effectively correlate the user public key, the public evidence and the address, so that anyone can verify the corresponding relation among the user public key, the public evidence and the address.
In addition, when the digital asset is transferred from the lost account to a new address after the secret key is reset, the digital asset is published together with the transaction information containing the identity evidence, the reset private key, the reset public key, the reset privacy evidence, the reset public evidence, the reset address and the signature, which is different from the traditional transaction public information.
Fig. 4 is a block diagram illustrating an access control device in a blockchain network according to an example embodiment. The apparatus shown in fig. 4 comprises:
an obtaining module 401, configured to obtain authentication request information of a user, where the authentication request includes indication information of privacy evidence of the user;
a first determining module 402, configured to determine a to-be-verified public evidence corresponding to the indication information of the privacy evidence;
the judging module 403 is configured to judge whether the public evidence to be verified is consistent with the public evidence of the user, and obtain a judgment result, where the public evidence is used to prove that the user has public information of the private key of the user;
and the control module 404 is configured to send information that the identity authentication of the user passes if the determination result is that the public evidence to be verified is consistent with the public evidence of the user.
In one exemplary embodiment, the apparatus further comprises:
and the management module is used for receiving the new address information sent by the user and storing the address information after the information that the identity authentication of the user passes is sent.
In an exemplary embodiment, the first determining module 402 includes:
the first obtaining unit is used for obtaining an evidence conversion strategy corresponding to the user, wherein the evidence conversion strategy is used for converting the indication information of the received privacy evidence into a public evidence;
and the conversion unit is used for converting the indication information of the received privacy evidence into the to-be-verified public evidence by using the evidence conversion strategy.
The device provided by the exemplary embodiment herein obtains identity verification request information of a user, where the identity verification request includes indication information of a privacy evidence of the user, determines a public evidence to be verified corresponding to the indication information of the privacy evidence, and then determines whether the public evidence to be verified is consistent with the public evidence of the user, so as to obtain a determination result, where the public evidence is used to prove that the user owns the public information of a private key of the user, and if the determination result is that the public evidence to be verified is consistent with the public evidence of the user, sends information that the identity of the user passes authentication, so as to achieve the purpose of verifying the identity of the user who loses the private key.
Fig. 5 is a block diagram illustrating another access control device in a blockchain network in accordance with an example embodiment. The apparatus shown in fig. 5 comprises:
a first sending module 501, configured to send an identity authentication request to other nodes in a blockchain network after detecting that a private key is lost, where the identity authentication request includes indication information of a privacy evidence of a user;
the triggering module 502 is configured to trigger a reset operation on a secret key after the result of receiving the identity authentication request fed back by the other node is that the identity authentication passes, so as to obtain a new public key and a new private key of the user.
In one exemplary embodiment, the apparatus further comprises:
the second determining module is used for determining new address information of the user according to the new public key of the user after obtaining the new public key and the new private key of the user;
and the second sending module is used for sending the new address information to the other nodes.
In one exemplary embodiment, the second determining module includes:
the acquisition unit is used for acquiring new public evidence of the user;
the first computing unit is used for computing the computing data by using a preset Hash computing strategy by taking a new public key and a new public evidence corresponding to the user as the computing data to obtain first data;
the second calculation unit is used for calculating the first data by using a preset integrity check strategy to obtain second data;
the third calculation unit is used for calculating the first data by using a preset first hash processing strategy to obtain third data, processing the third data by using a preset second hash processing strategy to obtain fourth data, and selecting n bytes from the fourth data as a check code, wherein n is an integer greater than or equal to 1;
the combination unit is used for forming fifth data according to the second data, the check code and the version information acquired in advance, and the fifth data is used as data required by address calculation;
and the processing unit is used for processing the fifth data by using a preset code conversion strategy to obtain address information.
In the method provided by the exemplary embodiment of the present disclosure, after detecting that the private key is lost, an identity authentication request is sent to other nodes in the blockchain network, where the identity authentication request includes indication information of privacy evidence of a user, and after receiving a result of receiving the identity authentication request fed back by the other nodes, that is, after the identity authentication passes, a reset operation on the secret key is triggered, so as to obtain a new public key and a new private key of the user, thereby achieving an objective of verifying the identity of the user who loses the private key.
The exemplary embodiments herein provide a computer readable storage medium having stored thereon a computer program, which when executed, performs the steps of any of the methods shown in fig. 1.
The exemplary embodiments herein provide a computer readable storage medium having stored thereon a computer program which, when executed, implements the steps of any of the methods illustrated in fig. 2.
The exemplary embodiments herein provide a computer device comprising a processor, a memory and a computer program stored on the memory, the processor implementing the steps of any of the methods shown in fig. 1 when executing the computer program.
A computer device according to an exemplary embodiment herein comprises a processor, a memory, and a computer program stored on the memory, the processor implementing the steps of any of the methods shown in fig. 2 when executing the computer program.
FIG. 6 is a block diagram illustrating a computer device 600 according to an example embodiment. For example, the computer device 600 may be provided as a server. Referring to fig. 6, the computer device 600 includes a processor 601, and the number of processors may be set to one or more as necessary. The computer device 600 further comprises a memory 602 for storing instructions, such as application programs, executable by the processor 601. The number of the memories can be set to one or more according to needs. Which may store one or more application programs. The processor 601 is configured to execute instructions to perform the relevant steps.
As will be appreciated by one skilled in the art, the embodiments herein may be provided as a method, apparatus (device), or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media having computer-usable program code embodied in the medium. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, including, but not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by the computer, and the like. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices) and computer program products according to embodiments herein. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that an article or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such article or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of additional like elements in the article or device comprising the element.
While the preferred embodiments herein have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following appended claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of this disclosure.
It will be apparent to those skilled in the art that various changes and modifications may be made herein without departing from the spirit and scope thereof. Thus, it is intended that such changes and modifications be included herein, provided they come within the scope of the appended claims and their equivalents.
Claims (16)
1. A method for access control in a blockchain network, comprising:
acquiring identity authentication request information of a user, wherein the identity authentication request comprises indication information of privacy evidence of the user;
determining to-be-verified public evidence corresponding to the indication information of the privacy evidence;
judging whether the public evidence to be verified is consistent with the public evidence of the user to obtain a judgment result, wherein the public evidence is used for proving that the user has the public information of the private key of the user;
and if the judgment result is that the public evidence to be verified is consistent with the public evidence of the user, sending the information that the identity authentication of the user passes.
2. The method according to claim 1, wherein after the sending the information that the identity of the user passes the authentication, the method further comprises:
and receiving new address information sent by the user and storing the address information.
3. The method according to claim 1 or 2, wherein the determining the public evidence to be verified corresponding to the indication information of the private evidence comprises:
acquiring an evidence conversion strategy corresponding to the user, wherein the evidence conversion strategy is used for converting the indication information of the received privacy evidence into a public evidence;
and converting the indication information of the received privacy evidence into the to-be-verified public evidence by using the evidence conversion strategy.
4. A method for access control in a blockchain network, comprising:
after detecting that the private key is lost, sending an identity authentication request to other nodes in the block chain network, wherein the identity authentication request comprises indication information of privacy evidence of a user;
and after the result of receiving the identity authentication request fed back by the other nodes is that the identity authentication is passed, triggering the reset operation of the secret key to obtain the new public key and the new private key of the user.
5. The method of claim 4, wherein after triggering a reset operation on the key to obtain a new public key and private key of the user, the method further comprises:
determining new address information of the user according to the new public key of the user;
and sending the new address information to the other nodes.
6. The method of claim 5, wherein the determining new address information of the user according to the new public key of the user comprises:
acquiring new public evidence of the user;
taking a new public key and a new public evidence corresponding to the user as calculation data, and calculating the calculation data by using a preset Hash calculation strategy to obtain first data;
calculating the first data by using a preset integrity checking strategy to obtain second data;
calculating the first data by using a preset first hash processing strategy to obtain third data, processing the third data by using a preset second hash processing strategy to obtain fourth data, and selecting n bytes from the fourth data as a check code, wherein n is an integer greater than or equal to 1;
forming fifth data according to the second data, the check code and the pre-acquired version information, wherein the fifth data is used as data required by address calculation;
and processing the fifth data by using a preset code conversion strategy to obtain address information.
7. An access control apparatus in a blockchain network, comprising:
the system comprises an acquisition module, a verification module and a verification module, wherein the acquisition module is used for acquiring identity verification request information of a user, and the identity verification request comprises indication information of privacy evidence of the user;
the first determining module is used for determining the to-be-verified public evidence corresponding to the indication information of the privacy evidence;
the judging module is used for judging whether the public evidence to be verified is consistent with the public evidence of the user to obtain a judging result, wherein the public evidence is used for proving that the user has the public information of the private key of the user;
and the control module is used for sending the information that the identity authentication of the user passes if the judgment result is that the public evidence to be verified is consistent with the public evidence of the user.
8. The apparatus of claim 7, further comprising:
and the management module is used for receiving the new address information sent by the user and storing the address information after the information that the identity authentication of the user passes is sent.
9. The method of claim 7 or 8, wherein the first determining module comprises:
the first obtaining unit is used for obtaining an evidence conversion strategy corresponding to the user, wherein the evidence conversion strategy is used for converting the indication information of the received privacy evidence into a public evidence;
and the conversion unit is used for converting the indication information of the received privacy evidence into the to-be-verified public evidence by using the evidence conversion strategy.
10. An access control apparatus in a blockchain network, comprising:
the system comprises a first sending module, a second sending module and a third sending module, wherein the first sending module is used for sending an identity authentication request to other nodes in a block chain network after detecting that a private key is lost, and the identity authentication request comprises indication information of privacy evidence of a user;
and the triggering module is used for triggering the resetting operation of the secret key after the result of receiving the identity authentication request fed back by the other nodes is that the identity authentication is passed, so as to obtain the new public key and the new private key of the user.
11. The apparatus of claim 10, further comprising:
the second determining module is used for determining new address information of the user according to the new public key of the user after obtaining the new public key and the new private key of the user;
and the second sending module is used for sending the new address information to the other nodes.
12. The apparatus of claim 11, wherein the second determining module comprises:
the acquisition unit is used for acquiring new public evidence of the user;
the first computing unit is used for computing the computing data by using a preset Hash computing strategy by taking a new public key and a new public evidence corresponding to the user as the computing data to obtain first data;
the second calculation unit is used for calculating the first data by using a preset integrity check strategy to obtain second data;
the third calculation unit is used for calculating the first data by using a preset first hash processing strategy to obtain third data, processing the third data by using a preset second hash processing strategy to obtain fourth data, and selecting n bytes from the fourth data as a check code, wherein n is an integer greater than or equal to 1;
the combination unit is used for forming fifth data according to the second data, the check code and the version information acquired in advance, and the fifth data is used as data required by address calculation;
and the processing unit is used for processing the fifth data by using a preset code conversion strategy to obtain address information.
13. A computer-readable storage medium, on which a computer program is stored which, when executed, carries out the steps of the method according to any one of claims 1 to 3.
14. A computer-readable storage medium, on which a computer program is stored which, when executed, carries out the steps of the method according to any one of claims 4 to 6.
15. A computer device comprising a processor, a memory and a computer program stored on the memory, the processor implementing the steps of the method according to any one of claims 1-3 when executing the computer program.
16. A computer device comprising a processor, a memory and a computer program stored on the memory, the processor implementing the steps of the method according to any one of claims 4-6 when executing the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911336560.3A CN111210224A (en) | 2019-12-23 | 2019-12-23 | Access control method and device in block chain network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911336560.3A CN111210224A (en) | 2019-12-23 | 2019-12-23 | Access control method and device in block chain network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111210224A true CN111210224A (en) | 2020-05-29 |
Family
ID=70786325
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911336560.3A Pending CN111210224A (en) | 2019-12-23 | 2019-12-23 | Access control method and device in block chain network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111210224A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107066893A (en) * | 2017-02-28 | 2017-08-18 | 腾讯科技(深圳)有限公司 | The treating method and apparatus of accounts information in block chain |
| CN108512661A (en) * | 2018-04-02 | 2018-09-07 | 成都零光量子科技有限公司 | A kind of safety protecting method of block chain private key for user |
| CN109560936A (en) * | 2018-11-08 | 2019-04-02 | 四川链安信科技有限公司 | The method that private key is lost or identity data is stolen problem is protected and handled for digital asset private key |
| US20200127835A1 (en) * | 2017-06-13 | 2020-04-23 | nChain Holdings Limited | Computer-implemented system and method providing a decentralised protocol for the recovery of cryptographic assets |
-
2019
- 2019-12-23 CN CN201911336560.3A patent/CN111210224A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107066893A (en) * | 2017-02-28 | 2017-08-18 | 腾讯科技(深圳)有限公司 | The treating method and apparatus of accounts information in block chain |
| US20190229927A1 (en) * | 2017-02-28 | 2019-07-25 | Tencent Technology (Shenzhen) Company Ltd | Method and apparatus for processing account information in block chain, storage medium, and electronic apparatus |
| US20200127835A1 (en) * | 2017-06-13 | 2020-04-23 | nChain Holdings Limited | Computer-implemented system and method providing a decentralised protocol for the recovery of cryptographic assets |
| CN108512661A (en) * | 2018-04-02 | 2018-09-07 | 成都零光量子科技有限公司 | A kind of safety protecting method of block chain private key for user |
| CN109560936A (en) * | 2018-11-08 | 2019-04-02 | 四川链安信科技有限公司 | The method that private key is lost or identity data is stolen problem is protected and handled for digital asset private key |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110419053B (en) | System and method for information protection | |
| CN109493020B (en) | Block chain based secure transaction method and device | |
| CN110741600B (en) | Computer-implemented system and method for providing a decentralised protocol for retrieving encrypted assets | |
| JP6841911B2 (en) | Information protection systems and methods | |
| RU2735439C2 (en) | System and method for protecting information | |
| JP5710075B2 (en) | Certificate validation | |
| JP2020522051A (en) | Block recognition | |
| EP3563553A1 (en) | Method for signing a new block in a decentralized blockchain consensus network | |
| US10846372B1 (en) | Systems and methods for trustless proof of possession and transmission of secured data | |
| US20220215355A1 (en) | Method for directly transmitting electronic coin data records between terminals and payment system | |
| US20180158058A1 (en) | Apparatus and method to prevent execution of an unauthorized transaction via a distributed database | |
| CN110096903B (en) | Asset verification method based on block chain and block chain network system | |
| JP2020500458A (en) | Information protection system and method | |
| US20160269397A1 (en) | Reissue of cryptographic credentials | |
| CN113411188B (en) | Electronic contract signing method, electronic contract signing device, storage medium and computer equipment | |
| JP2007522739A (en) | One-way authentication | |
| CN112380584B (en) | Block chain data updating method and device, electronic equipment and storage medium | |
| CN104821941A (en) | Smart card password authentication and password changing method | |
| CN110719172B (en) | Signature method, signature system and related equipment in block chain system | |
| KR20120091618A (en) | Digital signing system and method using chained hash | |
| CN110363528B (en) | Collaborative address generation method, collaborative address generation device, transaction signature method, transaction signature device and storage medium | |
| CN112347516A (en) | Asset certification method and device based on block chain | |
| CN111311260A (en) | Method and device for resetting account private key | |
| CN111353780A (en) | Authorization verification method, device and storage medium | |
| WO2017174141A1 (en) | Method for providing a proof-of-retrievability |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |