CN111654377A - SM 9-based block chain link point admission verification method and system - Google Patents
SM 9-based block chain link point admission verification method and system Download PDFInfo
- Publication number
- CN111654377A CN111654377A CN202010426343.XA CN202010426343A CN111654377A CN 111654377 A CN111654377 A CN 111654377A CN 202010426343 A CN202010426343 A CN 202010426343A CN 111654377 A CN111654377 A CN 111654377A
- Authority
- CN
- China
- Prior art keywords
- module
- block chain
- identity
- verification
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3265—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Abstract
The invention discloses a block chain link point admission verification method and a block chain link point admission verification system based on SM9, wherein the block chain link point admission verification method comprises an SM9 key generation module, a key distribution module, an information storage module, a service module, a processing module, an initialization verification module, a password service module and a block chain identity verification module; the SM9 key generation module generates keys for the block chain nodes, thereby simplifying the complex process of key management of a PKI/CA certificate system; the key distribution module is arranged to provide a public key based on the identification for the block chain link point, so that the operation of analyzing the certificate and verifying the validity of the certificate and the certificate chain in a PKI/CA certificate system is omitted, and the time of verifying the node by the block chain is reduced; the block chain link point admission verification method simplifies the identity structure and the flow of an admittance person, and further improves the overall efficiency of block chain link point initialization and the addition of a new node to a block chain network.
Description
Technical Field
The invention relates to the technical field of block chains, in particular to a block chain link point admission verification method and system based on SM 9.
Background
SM9 is used primarily for user authentication in commercial cryptography. However, most of the block chain platforms in the current stage adopt the PKI/CA-based identity admission verification mechanism, but the following problems exist in adopting the PKI/CA-based identity admission verification mechanism:
1. the complexity of block chain node access is overhigh due to a complex communication process and a complex key management process in a PKI/CA certificate system;
2. an identity access verification mechanism based on a PKI/CA certificate system needs to verify a large number of certificate validity and certificate chains, so that the time for verifying access by block chain link points is prolonged;
3. in the block link point admission verification method based on the identity admission verification mechanism of the PKI/CA certificate system, as the number of certificates organized under an organization mechanism and a mechanism is too large, complex identity entities are required to be constructed for admission at the block link points, and therefore the efficiency of block link point initialization and new node addition is reduced.
Disclosure of Invention
The invention aims to overcome the defects in the prior art and provides a block link point admission verification method and system based on SM9, which can simplify the complexity of key management, shorten the time for block link point admission verification and improve the efficiency of block link point initialization and new node addition.
The purpose of the invention is realized by the following technical scheme:
a block link point admission verification system based on SM9 includes: the system comprises an SM9 key generation module, a key distribution module, an information storage module, a service module, a processing module, an initialization verification module, a password service module and a block chain identity verification module;
the SM9 key generation module is connected with the key distribution module, the key distribution module is connected with the information storage module, the service module is connected with the information storage module, the processing module is connected with the information storage module, the initialization verification module is connected with the processing module, the password service module is connected with the initialization verification module, and the block chain identity verification module is connected with the key distribution module.
In one embodiment, the information storage module includes an organization structure identity unit and a node identity unit, the organization structure identity unit is connected with the processing module, and the organization structure identity unit is connected with the node identity unit.
In one embodiment, the system further comprises a writing module, the writing module is connected with the service module, and the writing module is used for writing the block node information into the created block.
In one embodiment, the system further comprises a blockchain network, and the blockchain network is respectively connected with the SM9 key generation module and the initialization verification module.
In one embodiment, the system further comprises a query module, wherein the query module is connected with the blockchain network.
The block link point admission verification method based on SM9 of the block link point admission verification system based on SM9 in any one of the above embodiments includes the following steps:
s1001, an SM9 key generation module generates cipher material information and sends the cipher material information to a key distribution module;
s1002, the secret key distribution module respectively sends the cipher material information to a plurality of first nodes to be added, and meanwhile, the information storage module generates a plurality of identity admission certificates according to the plurality of first nodes to be added;
s1003, the processing module collects all the first nodes to be added to construct an identity set and sends the identity set to the initialization verification module and the service module;
s1004, the initialization verification module analyzes the identity set to obtain a public key identifier, calls a password service module to verify according to the public key identifier to generate feedback information, and sends the feedback information to the initialization verification module and the processing module;
s1005, the initialization verification module and the processing module generate verification information after processing, and the verification information is sent to the service module;
s1006, the service module writes the identity set into a founding block according to the verification information.
In one embodiment, the keying material information includes SM9 private key information and user public key identification information.
In one embodiment, in the step, the service module writes the identity set into an founder block according to the verification information, and further includes the following steps:
s1008, the second node to be added sends a key application request to the key distribution module;
s1009, the key distribution module responds to the key application request and performs verification operation on the second node to be added so as to verify the validity of the second node to be added;
s1010, after the verification is passed, the key distribution module generates a calling instruction and sends the calling instruction to the SM9 key generation module;
s1011, the SM9 secret key generating module executes the calling instruction according to the user identification of the second node to be added and the preset parameter, generates a user signature private key and a public key identification, and sends the user signature private key and the public key identification to the secret key distribution module for storage;
s1012, the key distribution module receives the user signature private key sent by the SM9 key generation module, and sends the user signature private key to the second node to be added;
and S1013, the second node to be added signs the user identification according to the user signature private key to generate an identity certificate, and sends the identity certificate to a block chain network.
In one embodiment, in the step, the second node to be added signs the user identifier according to the user signature private key to generate an identity credential, and sends the identity credential to the blockchain network, further including the following steps:
s1014, the block chain network receives the identity certificate, analyzes the identity certificate, calls a query module to query a configuration block in a block chain, verifies whether the identity of the second node to be added is stored in the configuration block, and sends a query request to the key distribution module if the identity of the second node to be added is not stored in the configuration block;
s1015, the key distribution module responds to the query request, generates query result information, and sends the query result information to the block chain network;
and S1016, the block chain network judges the query result information.
In one embodiment, the determining, by the blockchain network, the query result information in the step specifically includes the following steps:
s1017, the block chain network judges whether the public key identification is stored in the key distribution module, if not, the unauthorized joining information is generated; if so, calling the block chain identity verification module to perform verification operation;
and S1018. the block chain identity verification module analyzes the identity certificate to generate processed information, and sends the processed information to the block chain network, and meanwhile, the block chain network updates the configuration block, so that the second node to be added is added into the block chain network.
Compared with the prior art, the invention has the following advantages and beneficial effects:
the invention relates to a block chain node access verification method and a block chain node access verification system based on SM 9.A secret key is generated for a block chain node through an SM9 secret key generation module, so that the complex process that a PKI/CA certificate system submits the secret key to a secret key center in a PKI/CA certificate system only after the secret key is audited by a CA system is simplified, and the secret key is more convenient to manage; furthermore, the key distribution module is arranged to provide a public key based on the identification for the block chain link point, so that the operation of analyzing the certificate and verifying the validity of the certificate and the certificate chain in a PKI/CA certificate system is omitted, and the time for verifying the node by the block chain is reduced; furthermore, the block chain node admission verification method simplifies the identity structure and the flow of an admittance person, and further improves the overall efficiency of block chain node initialization and the addition of a new node to a block chain network.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a schematic structural diagram of a block link point admission verification method system based on SM9 according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of an information storage module according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating steps of a block link point admission verification method based on SM9 according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a key distribution module according to an embodiment of the invention;
fig. 5 is a flowchart illustrating a block link point initialization admission and authentication procedure based on SM9 according to an embodiment of the present invention;
FIG. 6 is a block link point identity set storage diagram according to an embodiment of the present invention;
fig. 7 is a schematic diagram of a dynamic admission and verification admission verification process of a block chain node based on SM9 according to an embodiment of the present invention.
Detailed Description
To facilitate an understanding of the invention, the invention will now be described more fully with reference to the accompanying drawings. Preferred embodiments of the present invention are shown in the drawings. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete.
It will be understood that when an element is referred to as being "secured to" another element, it can be directly on the other element or intervening elements may also be present. When an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may also be present. The terms "vertical," "horizontal," "left," "right," and the like as used herein are for illustrative purposes only and do not represent the only embodiments.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein in the description of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
Referring to fig. 1, a block link point admission verification system 10 based on SM9 includes: the system comprises an SM9 key generation module 100, a key distribution module 200, an information storage module 300, a service module 400, a processing module 500, an initialization verification module 600, a cryptographic service module 700 and a blockchain identity verification module 800; the SM9 key generation module 100 is connected to the key distribution module 200, the key distribution module 200 is connected to the information storage module 300, the service module 400 is connected to the information storage module 300, the processing module 500 is connected to the information storage module 300, the initialization verification module 600 is connected to the processing module 500, the cryptographic service module 700 is connected to the initialization verification module 600, and the blockchain identity verification module 600 is connected to the key distribution module 200.
Specifically, in one embodiment, the information storage module 300 includes an organization structure identity unit and a node identity unit, the organization structure identity unit is connected with the processing module 500, and the organization structure identity unit is connected with the node identity unit.
It should be noted that the SM9 key generation module 100 is a unified key center for SM9, and is used for generating keys for the tile chain nodes; the key distribution module 200 is configured to provide an identifier-based public key for the block link node to simplify the certificate management process; referring to fig. 2, the information storage module 300 is a block chain identity admission certificate structure based on SM9, which includes an organization structure identity unit and a node identity unit, the admission certificate is a trust basis for a block chain node to join a block chain network, and only a block chain node having a certificate is authorized by the block chain can join the block chain network 900, further, the organization structure identity unit refers to identity information of an organization managed by the block chain node, which includes an identification of the block chain organization based on SM9 and a signature value of a private key pair identification part of the block chain organization SM9, and the node identity unit includes an identification of the block chain organization, an identification of the block chain node itself SM9 and a signature value of the block chain node based on the private key pair identification part of the SM9, further, the node identity unit is identity information of an original chain creator, which is a structure mode authorized by the block chain, the block chain initialization sum is a necessary condition for subsequent dynamic joining of block chain nodes.
Referring to fig. 1, in a further embodiment, the SM 9-based block link point admission verification system 10 further includes a write module 800, the write module 800 is connected to the service module 400, and the write module 800 is configured to write block node information into the created block.
It should be noted that the created block is a block 0 file stored in the block chain ledger, and includes identity configuration information of all nodes in all block chains, and the writing module 800 is configured to write the identities of all block node information organized and organized by all block chains into the created block.
Referring to fig. 1, further, in an embodiment, the SM 9-based block link point admission verification system 10 further includes a block link network 900, and the block link network 900 is connected to the SM9 key generation module 100 and the initialization verification module 600 respectively.
It should be noted that the block chain network 900 has a plurality of block chain organizations, and the block chain organization has a specific physical organization, and a plurality of block chain nodes are allowed to exist under each organization of the block chain network 900. Further, the blockchain node is the smallest unit that forms the blockchain network 900, and it is an entity that participates in functions such as trading, mining, and computing in the blockchain network 900.
Referring to fig. 1, further, in one embodiment, the SM 9-based block-chain node admission verification system 10 further includes a query module 1000, and the query module 1000 is connected to the block-chain network 900.
It should be noted that the query module 1000 is used for querying the latest configuration block in the block chain. The configuration block refers to a block storing all block chain organizations of the block chain and identity information of the block chain nodes.
Thus, the block chain node admission verification system 10 based on the SM9 generates the keys for the block chain nodes through the SM9 key generation module 100, simplifies the complex process that the keys are submitted to the key center inside the PKI/CA certificate system only after the PKI/CA certificate system is audited through the CA system, and enables the keys to be managed more conveniently; further, the key distribution module 200 is configured to provide a public key based on the identifier for the blockchain node, so that operations of parsing the certificate and verifying the validity of the certificate and the certificate chain in a PKI/CA certificate system are omitted, and the time for verifying the blockchain node is reduced; furthermore, the block chain node admission verification method simplifies the identity structure and the flow of an admittance person, and further improves the overall efficiency of block chain node initialization and adding a new node to the block chain network 900.
Referring to fig. 3, 4 and 5, the SM 9-based block link point admission verification method of the SM 9-based block link point admission verification system 10 based on any one of the above embodiments includes the following steps:
s1001, SM9 the key generation module 100 generates cryptographic material information, and sends the cryptographic material information to the key distribution module 200;
s1002, the key distribution module 200 sends the cryptographic material information to a plurality of first nodes to be joined, and the information storage module 300 generates a plurality of identity admission vouchers according to the plurality of first nodes to be joined;
s1003, the processing module 500 collects each first node to be added to construct an identity set, and sends the identity set to the initialization verification module 600 and the service module 400;
s1004, the initialization verification module 600 parses the identity set to obtain a public key identifier, and invokes the cryptographic service module 700 to perform verification according to the public key identifier, generate feedback information, and send the feedback information to the initialization verification module 600 and the processing module 500;
s1005, initializing the verification module 600 and the processing module 500, generating verification information after processing, and sending the verification information to the service module 400;
s1006, the service module 400 writes the identity set into the founding block according to the verification information
Specifically, in one embodiment, the keying material information includes SM9 private key information and user public key identification information.
In step S1007, the service module 400 sends the identity set to the writing module 800 according to the verification information, and writes the identity set to the created block. Further, the public key identifier in the content is user public key identification information. The method is an admission verification process for initializing a plurality of block chain nodes, namely a process for adding the block chain nodes into a block chain network. First, referring to fig. 4, an SM9 key generation module 100 is called to construct an overall model of a key distribution module, where the key distribution module 200 generates SM9 private key information and user public key identification information for a plurality of first nodes to be added, m in fig. 4 is the number of block chain organizations, n is the number of first nodes to be added managed under each block chain organization, and m × n SM9 private key information and m × n user public key identification information can be generated for all the first nodes to be added in a configuration manner. Further, referring to fig. 5, after the initialization verification module 600 completes verification, the service module 400 writes the identities of all block node information organized and organized by all block chains into a created block, the created block is marked with a block 0, and the created block is also the first configuration block, and the organization information and the identity information constructed by fig. 2 are stored in the created block in the form of fig. 6, and subsequently provide a basis for checking and verifying the addition of new nodes.
It should be further noted that, in step S1004, the initialization verification module 600 analyzes the identity set, obtains a public key identifier therein, and invokes the cryptographic service module 700 to perform verification according to the public key identifier, the cryptographic service module 700 performs signature verification according to preset parameters and a user identifier of the first to-be-added block chain node, and generates feedback information, and then the cryptographic service module 700 sends the feedback information to the initialization verification module 600 to perform the next step; further, in step S1005, the initialization verification module 600 performs service processing on the feedback information, generates parsing information, sends the parsing information to the processing module 500 for verification operation, and simultaneously generates verification information, and sends the verification information to the service module 400 for the next step operation.
Referring to fig. 7, further, in an embodiment, the step of the service module 400 writing the identity set into the creation block according to the verification information further includes the following steps:
s1008, the second node to be added sends a key application request to the key distribution module 200;
s1009, the key distribution module 200 responds to the key application request, and performs verification operation on the second node to be joined so as to verify the validity of the second node to be joined;
s1010, after the verification is passed, the key distribution module 200 generates a call instruction and sends the call instruction to the SM9 key generation module 100;
s1011, the SM9 key generating module 100 executes a call instruction according to the user identifier and the preset parameter of the second node to be added, generates a user signature private key and a public key identifier, and sends the user signature private key and the public key identifier to the key distributing module 200 for storage;
s1012, the key distribution module 200 receives the user signature private key sent by the key generation module 100 from the SM9, and sends the user signature private key to the second node to be added;
and S1013, the second node to be added performs signature operation on the user identifier according to the user signature private key to generate an identity certificate, and sends the identity certificate to the block chain network 900.
Referring to fig. 7, specifically, after the second node to be added signs the user identifier according to the user signature private key to generate the identity credential and sends the identity credential to the blockchain network 900, the method further includes the following steps:
s1014, the blockchain network 900 receives the identity credential, performs parsing operation on the identity credential, and invokes the query module 1000 to query the configuration block in the blockchain, and verifies whether the identity of the second node to be joined is stored in the configuration block, if not, sends a query request to the key distribution module 200;
s1015, the key distribution module 200 responds to the query request, generates query result information, and sends the query result information to the blockchain network 900;
s1016, the block chain network 900 performs a judgment operation on the query result information.
More specifically, the determining operation performed on the query result information by the blockchain network 900 in step includes the following steps:
s1017, the blockchain network 900 determines whether the public key identifier is stored in the key distribution module 200, and if not, generates unauthorized addition information; if yes, calling the block chain identity authentication module 800 to perform authentication operation;
s1018, the blockchain identity verifying module 800 performs parsing operation on the identity credential to generate processed information, and sends the processed information to the blockchain network 900, and meanwhile, the blockchain network 900 performs update operation on the configuration block, so that the second node to be added joins the blockchain network 900.
It should be noted that the above method is a dynamic admission verification process for a node of a block chain, where it is to be explained in step S1014 that the query module 1000 is configured to query a latest configuration block in the block chain to verify whether an identity of the second node to be admitted exists and the configuration block. Further, in step S1018, the method specifically includes the following steps: and the block chain identity verification module carries out verification operation on the processed information, and if the signature verification fails, risk information is generated and sent to a second node to be added. The risk information here means that the information may be at risk of being tampered.
Thus, according to the block chain node admission verification method based on SM9, the SM9 key generation module 100 is used for generating keys for the block chain nodes, so that the complex process that the keys are submitted to the key center inside a PKI/CA certificate system only after the PKI/CA certificate system is audited by a CA system is simplified, and the keys are more convenient to manage; further, the key distribution module 200 is configured to provide a public key based on the identifier for the blockchain node, so that operations of parsing the certificate and verifying the validity of the certificate and the certificate chain in a PKI/CA certificate system are omitted, and the time for verifying the blockchain node is reduced; furthermore, the block chain node admission verification method simplifies the identity structure and the flow of an admittance person, and further improves the overall efficiency of block chain node initialization and adding a new node to the block chain network 900.
Compared with the prior art, the invention has the following advantages:
according to the block chain link point admission verification method and system based on SM9, the SM9 key generation module 100 is used for generating keys for the block chain link points, so that the complex process that the keys are submitted to the key center inside a PKI/CA certificate system only after the PKI/CA certificate system is audited by a CA system is simplified, and the keys are more convenient to manage; further, the key distribution module 200 is configured to provide a public key based on the identifier for the blockchain node, so that operations of parsing the certificate and verifying the validity of the certificate and the certificate chain in a PKI/CA certificate system are omitted, and the time for verifying the blockchain node is reduced; furthermore, the block chain node admission verification method simplifies the identity structure and the flow of an admittance person, and further improves the overall efficiency of block chain node initialization and adding a new node to the block chain network 900.
The above embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A block link point admission verification system based on SM9, comprising:
an SM9 key generation module, the SM9 key generation module to generate SM9 cryptographic material information;
a key distribution module to receive the SM9 cryptographic material information and distribute the SM9 cryptographic material information to blockchain nodes;
the information storage module is used for generating an identity access certificate according to the block chain node;
a processing module to collect the blockchain nodes to construct an identity set;
an initialization validation module for parsing the identity set to generate parsed information;
the password service module is used for verifying the identity set to generate verification information;
the block chain identity verification module is used for verifying the identity access certificate; and
and the service module is used for sending the identity set to a block chain according to the verification information and the analysis information.
2. A SM 9-based block link point admission verification system according to claim 1, wherein the information storage module comprises an organizational structure identity unit and a node identity unit, the organizational structure identity unit being connected to the processing module and the organizational structure identity unit being connected to the node identity unit.
3. A SM 9-based block link point admission verification system according to claim 1, further comprising a write module connected to the service module, the write module for writing block node information into a created block.
4. A SM 9-based block-link point admission verification system according to claim 1, further comprising a block-chain network connected to the SM9 key generation module and the initialization verification module, respectively.
5. A SM 9-based block chain node admission verification system according to claim 4, further comprising a query module connected to the block chain network.
6. The SM 9-based block link point admission verification method of the SM 9-based block link point admission verification system according to any one of claims 1-5, comprising the following steps:
the SM9 key generation module generates cipher material information and sends the cipher material information to the key distribution module;
the secret key distribution module respectively sends the cipher material information to a plurality of first nodes to be added, and meanwhile, the information storage module generates a plurality of identity admission certificates according to the plurality of first nodes to be added;
the processing module collects each first node to be added to construct an identity set and sends the identity set to the initialization verification module and the service module;
the initialization verification module analyzes the identity set to obtain a public key identifier, calls a password service module to verify according to the public key identifier to generate feedback information, and sends the feedback information to the initialization verification module and the processing module;
the initialization verification module and the processing module generate verification information after processing, and the verification information is sent to the service module;
and the service module writes the identity set into a created block according to the verification information.
7. The SM 9-based block link point admission verification method according to claim 6, wherein the cipher material information includes SM9 private key information and user public key identification information.
8. The SM 9-based block link point admission verification method of claim 7, wherein the service module writes the identity set into a created block according to the verification information, further comprising the steps of:
the second node to be added sends a key application request to the key distribution module;
the key distribution module responds to the key application request and carries out verification operation on the second node to be added so as to verify the validity of the second node to be added;
after the verification is passed, the key distribution module generates a calling instruction and sends the calling instruction to the SM9 key generation module;
the SM9 secret key generating module executes the calling instruction according to the user identification of the second node to be added and the preset parameters, generates a user signature private key and a public key identification, and simultaneously sends the user signature private key and the public key identification to the secret key distribution module for storage;
the key distribution module receives the user signature private key sent by the SM9 key generation module, and sends the user signature private key to the second node to be added;
and the second node to be added carries out signature operation on the user identification according to the user signature private key to generate an identity certificate, and sends the identity certificate to the block chain network.
9. The SM 9-based block link point admission verification method according to claim 8, wherein in the step, the second node to be joined performs a signature operation on the user identifier according to the user signature private key, generates an identity credential, and sends the identity credential to a block chain network, further comprising the steps of:
the block chain network receives the identity certificate, analyzes the identity certificate, calls a query module to query a configuration block in a block chain and verify whether the identity of the second node to be added is stored in the configuration block, and if not, sends a query request to the key distribution module;
the key distribution module responds to the query request, generates query result information and sends the query result information to the block chain network;
and the block chain network judges the query result information.
10. The SM 9-based block link point admission verification method according to claim 9, wherein the block chain network performs a judgment operation on the query result information in the step, specifically including the steps of:
the block chain network judges whether the public key identification is stored in the secret key distribution module, if not, the unauthorized joining information is generated; if so, calling the block chain identity verification module to perform verification operation;
and the block chain identity verification module analyzes the identity certificate, generates processed information, sends the processed information to the block chain network, and meanwhile, the block chain network updates the configuration block so that the second node to be added is added into the block chain network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010426343.XA CN111654377B (en) | 2020-05-19 | 2020-05-19 | SM 9-based block chain link point admission verification method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010426343.XA CN111654377B (en) | 2020-05-19 | 2020-05-19 | SM 9-based block chain link point admission verification method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111654377A true CN111654377A (en) | 2020-09-11 |
| CN111654377B CN111654377B (en) | 2022-09-30 |
Family
ID=72346828
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010426343.XA Active CN111654377B (en) | 2020-05-19 | 2020-05-19 | SM 9-based block chain link point admission verification method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111654377B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112765684A (en) * | 2021-04-12 | 2021-05-07 | 腾讯科技(深圳)有限公司 | Block chain node terminal management method, device, equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190036681A1 (en) * | 2016-07-29 | 2019-01-31 | Trusted Key Solutions Inc. | System and method for blockchain-based device authentication based on a cryptographic challenge |
| CN109727032A (en) * | 2018-12-29 | 2019-05-07 | 杭州趣链科技有限公司 | A kind of alliance's block chain access control method of identity-based id password |
| CN109962890A (en) * | 2017-12-25 | 2019-07-02 | 中国科学院信息工程研究所 | A kind of the authentication service device and node access, user authen method of block chain |
| CN110717760A (en) * | 2019-10-24 | 2020-01-21 | 兰州理工大学 | One-stop efficient PKI authentication service method based on block chain |
-
2020
- 2020-05-19 CN CN202010426343.XA patent/CN111654377B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190036681A1 (en) * | 2016-07-29 | 2019-01-31 | Trusted Key Solutions Inc. | System and method for blockchain-based device authentication based on a cryptographic challenge |
| CN109962890A (en) * | 2017-12-25 | 2019-07-02 | 中国科学院信息工程研究所 | A kind of the authentication service device and node access, user authen method of block chain |
| CN109727032A (en) * | 2018-12-29 | 2019-05-07 | 杭州趣链科技有限公司 | A kind of alliance's block chain access control method of identity-based id password |
| CN110717760A (en) * | 2019-10-24 | 2020-01-21 | 兰州理工大学 | One-stop efficient PKI authentication service method based on block chain |
Non-Patent Citations (1)
| Title |
|---|
| 姚英英等: "基于区块链的去中心化身份认证及密钥管理方案", 《网络空间安全》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112765684A (en) * | 2021-04-12 | 2021-05-07 | 腾讯科技(深圳)有限公司 | Block chain node terminal management method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111654377B (en) | 2022-09-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106936566B (en) | Outsourcing document signing method based on block chain technology | |
| CN110581854B (en) | Intelligent terminal safety communication method based on block chain | |
| CN101527633B (en) | Method for intelligent key devices to obtain digital certificates | |
| CN101969377B (en) | Zero-knowledge identity authentication method and system | |
| CN110597911A (en) | Certificate processing method and device for block chain network, electronic equipment and storage medium | |
| JPH113033A (en) | Method for identifying client for client-server electronic transaction, smart card and server relating to the same, and method and system for deciding approval for co-operation by user and verifier | |
| CN109272316B (en) | Block implementing method and system based on block chain network | |
| CN113743939A (en) | Identity authentication method, device and system based on block chain | |
| CN110177124A (en) | Identity identifying method and relevant device based on block chain | |
| CN108900309B (en) | Authentication method and authentication system | |
| CN112235260B (en) | Anonymous data storage method, device, equipment and storage medium | |
| CN111815321A (en) | Transaction proposal processing method, device, system, storage medium and electronic device | |
| JP2007506365A (en) | Method and apparatus for efficiently revoking certificates | |
| CN113726522A (en) | Internet of things equipment processing method and device based on block chain | |
| JP2022549070A (en) | Computer-implemented methods and systems for storing authenticated data on a blockchain | |
| CN111131318B (en) | Decentralized key management and distribution method, system and storage medium | |
| Kim et al. | Practical dynamic group signature with efficient concurrent joins and batch verifications | |
| CN111654377B (en) | SM 9-based block chain link point admission verification method and system | |
| CN110910110A (en) | Data processing method and device and computer storage medium | |
| CN112615838B (en) | Extensible block chain cross-chain communication method | |
| Feng et al. | One-stop efficient PKI authentication service model based on blockchain | |
| CN111353780A (en) | Authorization verification method, device and storage medium | |
| CN109005029B (en) | Trusted application mark generation method and system, application method and apply end equipment | |
| Salami et al. | SMAK-IOV: secure mutual authentication scheme and key exchange protocol in fog based IoV | |
| CN115150101A (en) | Elliptic curve bilinear pairing algorithm-based public and private key management method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: SM9 based blockchain node access verification method and system Effective date of registration: 20221102 Granted publication date: 20220930 Pledgee: Shenzhen hi tech investment small loan Co.,Ltd. Pledgor: Dingchain digital technology (Shenzhen) Co.,Ltd. Registration number: Y2022980020589 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |