CN111859348B - Identity authentication method and device based on user identification module and block chain technology - Google Patents
Identity authentication method and device based on user identification module and block chain technology Download PDFInfo
- Publication number
- CN111859348B CN111859348B CN202010759486.2A CN202010759486A CN111859348B CN 111859348 B CN111859348 B CN 111859348B CN 202010759486 A CN202010759486 A CN 202010759486A CN 111859348 B CN111859348 B CN 111859348B
- Authority
- CN
- China
- Prior art keywords
- block chain
- identity
- personal information
- digital certificate
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention discloses an identity authentication method and device based on a user identification module and a block chain technology, relates to the technical field of block chains, and aims to solve the problems of block chain key storage and use safety in the prior art. The method mainly comprises the following steps: generating a block chain private key and a block chain public key of a block chain seed according to a preset block chain key algorithm; calculating a block chain address of the block chain public key according to an address generation algorithm; calculating an identity information abstract of user identity information by adopting a preset HASH algorithm; sending the personal information to an identity registration authority so that the identity registration authority verifies whether the personal information can pass real-name authentication; if the verification is passed, the identity information abstract, the block chain public key and the block chain address are sent to a digital certificate service organization; and if the personal information digital certificate sent by the digital certificate service organization is received, sending a user registration request to the blockchain authentication platform. The method and the device are mainly applied to the process of identity authentication of the block chain user.
Description
Technical Field
The present invention relates to the field of block chain technologies, and in particular, to an identity authentication method and apparatus based on a subscriber identity module and a block chain technology.
Background
The blockchain technology is a decentralized distributed ledger technology, and information stored on the blockchain cannot be forged and tampered. If the single-point authentication method of the intelligent contract is adopted, the maintenance cost of the data center is high, single-point failure is easy to occur, data loss is difficult to recover, and the like.
In the prior art, an online block chain identity authentication method based on multiple private key storage modes comprises a registration stage and a login verification stage. In the registration stage, a user initiates a registration application through an identity authentication client, inputs identity information, generates a public key and a private key, and uploads the identity information and a verification result to a block chain network if the public key and the identity information pass the verification of an identity authentication center, so as to realize the registration of the block chain identity.
The identity authentication method is a single-point authentication mode, and once a single-point fault occurs, data loss of the identity authentication center is difficult to recover, so that the rate of failure in block chain identity registration caused by inaccurate data is high.
Disclosure of Invention
In view of the above, the present invention provides an identity authentication method and apparatus based on a subscriber identity module and a block chain technology, and mainly aims to solve the problem in the prior art that data loss is difficult to recover.
According to an aspect of the present invention, an identity authentication method based on a subscriber identity module and a block chain technology is provided, comprising:
generating a block chain private key and a block chain public key of a block chain seed according to a preset block chain key algorithm, wherein the block chain seed is generated by adopting a random number generator;
calculating the block chain address of the block chain public key according to a block chain address generation algorithm;
calculating an identity information abstract of user identity information by adopting a preset HASH algorithm, wherein the user identity information comprises a user identification module ID, biological characteristics of a user and personal information of the user;
sending the personal information to an identity registration authority so that the identity registration authority verifies whether the personal information can be authenticated by a real name;
if the verification passing message of the identity registration authority is received, the identity information abstract, the block chain public key and the block chain address are sent to a digital certificate service authority, so that the digital certificate service authority generates a personal information digital certificate, wherein the personal information digital certificate comprises the identity information abstract, the block chain public key and the block chain address;
And if the personal information digital certificate sent by the digital certificate service organization is received, sending a user registration request to a block chain authentication platform, wherein the user registration request carries the personal information digital certificate signed according to the block chain private key.
According to another aspect of the present invention, an identity authentication apparatus based on a subscriber identity module and a block chain technique is provided, comprising:
the generating module is used for generating a block chain private key and a block chain public key of a block chain seed according to a preset block chain key algorithm, wherein the block chain seed is generated by adopting a random number generator;
the first calculation module is used for calculating the block chain address of the block chain public key according to a block chain address generation algorithm;
the second calculation module is used for calculating the identity information abstract of the user identity information by adopting a preset HASH algorithm, wherein the user identity information comprises a user identification module ID, the biological characteristics of the user and the personal information of the user;
the first sending module is used for sending the personal information to an identity registration authority so that the identity registration authority can verify whether the personal information can pass real-name authentication;
the second sending module is further configured to send the identity information digest, the blockchain public key and the blockchain address to a digital certificate service authority if a verification passing message of the identity registration authority is received, so that the digital certificate service authority generates a personal information digital certificate, where the personal information digital certificate includes the identity information digest, the blockchain public key and the blockchain address;
And the registration module is used for sending a user registration request to a block chain authentication platform if the personal information digital certificate sent by the digital certificate service mechanism is received, wherein the user registration request carries the personal information digital certificate signed according to the block chain private key.
According to another aspect of the present invention, there is provided a storage medium having at least one executable instruction stored therein, the executable instruction causing a processor to perform operations corresponding to the identity authentication method based on the subscriber identity module and block chain technology as described above.
According to still another aspect of the present invention, there is provided an electronic apparatus including: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the identity authentication method based on the subscriber identity module and the block chain technology.
By the technical scheme, the technical scheme provided by the embodiment of the invention at least has the following advantages:
The invention provides an identity authentication method and device based on a user identification module and a block chain technology, which comprises the steps of firstly generating a block chain private key and a block chain public key of a block chain seed according to a preset block chain key algorithm, generating an algorithm according to the block chain address, calculating the block chain address of the block chain public key, calculating the identity information abstract of user identity information by adopting a preset HASH algorithm, sending the personal information of a user to an identity registration mechanism, sending the identity information abstract, the block chain public key and the block chain address to a digital certificate service mechanism if a verification passing message of the identity registration mechanism is received, so that the digital certificate service mechanism generates a personal information digital certificate, and sending a user registration request to a block chain authentication platform if the personal information digital certificate sent by the digital certificate service mechanism is received. Compared with the prior art, the embodiment of the invention records the user identification module ID into the identity information abstract, the user identification module ID corresponds to the personal information one by one, if the personal information data of the identity registration mechanism is lost, the personal information can be reversely inquired through the user identification module ID and the user identification module verification mechanism, so as to recover the data of the identity registration mechanism.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various additional advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a flowchart illustrating an identity authentication method based on a subscriber identity module and a block chain technique according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating another identity authentication method based on a subscriber identity module and a block chain technique according to an embodiment of the present invention;
fig. 3 is a block diagram illustrating an identity authentication apparatus based on a subscriber identity module and a block chain technique according to an embodiment of the present invention;
fig. 4 is a block diagram illustrating an identity authentication apparatus based on a subscriber identity module and a block chain technique according to another embodiment of the present invention;
Fig. 5 shows a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The invention can be realized by using the bearing equipment of the user identification module such as a mobile phone, a tablet personal computer and the like, and can also be realized by developing a registration hardware system bearing the user identification module, such as an operator SIM card, a UIM card, an eSIM card, a chip and the like. The registration hardware system takes a safety microcontroller as a center and takes a Bluetooth communication module and a chip interface as communication modes to realize the binding registration of the user identification module ID and the block chain user. The secure microcontroller may employ the ST31G480 chip of the embedded security system with ARM processor, designed specifically for secure ID and banking applications. The ST31G480 chip has a triple DES accelerator, AES accelerator, random number generator, NESCRYPT coprocessor, etc.
The embodiment of the invention provides an identity authentication method based on a user identification module and a block chain technology, and as shown in figure 1, the method comprises the following steps:
101. and generating a block chain private key and a block chain public key of the block chain seed according to a preset block chain key algorithm.
After the user activates the subscriber identity module, a random number generator is used to generate a blockchain seed, which may be a true random number or a cryptographically computed random number. The subscriber identity module refers to a chip capable of communication and having a specific ID, including but not limited to a SIM card, a USIM card, and an eSIM card. And generating a block chain private key and a block chain public key of the block chain seed by a preset block chain key algorithm, wherein the preset block chain key algorithm can be a symmetric encryption algorithm or an asymmetric encryption algorithm, and the type of the algorithm adopted by the preset block chain key is not limited in the embodiment of the invention. Exemplary symmetric encryption algorithms include DES algorithm, 3DES algorithm, TDEA algorithm, Blowfish algorithm, RC5 algorithm, IDEA algorithm, and the like, and asymmetric encryption algorithms include: RSA algorithm, SM2 algorithm, Elgamal algorithm, knapsack algorithm, Rabin algorithm, D-H algorithm, elliptic curve cryptography algorithm, and the like.
102. And calculating the block chain address of the block chain public key according to a block chain address generation algorithm.
The blockchain address is the destination address of the user to conduct digital currency transactions over the blockchain, similar to a debit or bank card number. The block chain address generation algorithm is an algorithm that the block chain public keys are arranged according to a specific sequence and are sequentially calculated to obtain a code with unicity. The algorithm for generating the blockchain address may include HMAC-SHA512 algorithm, SHA256 algorithm, Keccak256 hash algorithm or RIPEMD160 hash algorithm, etc. Illustratively, the process of calculating the blockchain address includes: calculating a first hash value of an SHA-256 algorithm of a block chain public key, calculating a second hash value of a RIPEMD-160 algorithm of the first hash value, adding a block chain authentication platform address version number before the second hash value to generate an indirect key, calculating a third hash value of the SHA-256 algorithm of the indirect key, calculating a fourth hash value of the SHA-256 algorithm of the third hash value, sequentially combining the indirect key and the first 4 bytes of the fourth hash value to generate a block chain address in a preset system counting system, and then converting the block chain address into a common address form according to a base58 representation method.
103. And calculating the identity information abstract of the user identity information by adopting a preset HASH algorithm.
The user identification information includes a user identification module ID, a biometric characteristic of the user, and personal information of the user. The user identification module ID is issued by the operator and has a unique identification code. The biometric features refer to a user's fingerprint, voice print, face, iris, etc. The personal information refers to various information which is recorded in an electronic or other mode and can identify the identity of a specific natural person alone or in combination with other information, and the information comprises names, identity card numbers, communication contact modes, addresses and the like. The biological characteristics and the personal information are acquired through the external equipment in a communication mode of the Bluetooth communication module and the chip interface. The HASH algorithm is used to transform an input of arbitrary length to an output of fixed length by a HASH algorithm, and is a compressed mapping, i.e., the space of the HASH value is usually much smaller than the space of the input. The preset HASH algorithm can adopt an HMAC-SHA512 algorithm, an SHA256 algorithm, a Keccak256 algorithm, a RIPEMD160 algorithm or an MD5 algorithm. And calculating the identity information abstract with a fixed length according to the preset HASH algorithm on the user identity information with any length, and unifying the data system so as to facilitate the storage, forwarding, verification and subsequent calculation of data.
104. And sending the personal information to an identity registration authority so that the identity registration authority verifies whether the personal information can be authenticated through real-name authentication.
The personal information is acquired through the external equipment in a communication mode of the Bluetooth communication module and the chip interface. The identity registration authority can be borne by an operator, a government agency or an authorized agency, and registration verification is carried out on the identity registration authority by utilizing operator real-name registration, government agency real-name information, credit investigation information and the like. After the identity registration mechanism receives the personal information, whether the name and the identity document number in the personal identity information are consistent with the registered information or not is judged, if so, the personal information can pass real-name authentication, and if not, the personal information cannot pass real-name authentication. The real-name authentication is to bind the generated user identity information with a user in reality. The personal information may also include communication contact information and addresses, which may be changed and therefore not used as a basis for real name authentication.
In the verification process, the user name and the user identity certificate number in the personal information can be extracted firstly, then whether a registration mechanism comprises the user name or not is searched, if not, the personal information cannot pass real-name authentication, if so, whether the identity certificate number corresponding to the user name is the same as the user identity number or not is compared one by one, if not, the personal information cannot pass real-name authentication, and if not, the personal information can pass real-name authentication.
Before sending the personal information, the blockchain public key may be first sent to the identity registration authority, then the personal information is encrypted by the blockchain private key, and finally the encrypted personal information is sent to the identity registration authority.
105. And if the verification passing message of the identity registration mechanism is received, sending the identity information abstract, the block chain public key and the block chain address to the digital certificate service mechanism so that the digital certificate service mechanism generates the personal information digital certificate.
The digital certificate service organization is used for issuing digital identity certificates for users, and can include but is not limited to a financial CFCA (China telecom computing architecture) security certification center, a China telecom certification center (CTCA), a customs certification center (SCCA) and a Guofian CA security certification center. The block chain address is used for recording digital assets of the user, the digital assets of the user can be authenticated by using an identity authentication function, the digital assets are bound with the real user individuals, the safety of the digital assets can be improved, and the data assets can be traded or transferred by means of the block chain address.
The personal information digital certificate includes an identity information digest, a blockchain public key and a blockchain address. The digital certificate service organization generates a personal information certificate according to the identity information abstract, the block chain public key and the block chain address, and increases the reliability of the personal information digital certificate and the certifiable range of the personal information digital certificate by adopting a multi-information cross mode.
Before sending the identity information digest, the blockchain public key and the blockchain address, the blockchain public key may be sent to the digital certificate service authority, then the identity information digest, the blockchain public key and the blockchain address are encrypted by the blockchain private key, and finally the encrypted data are sent to the digital certificate service authority.
106. And if the personal information digital certificate sent by the digital certificate service mechanism is received, sending a user registration request to the blockchain authentication platform.
The blockchain certification platform is a decentralized architecture and is commonly maintained by a plurality of enterprises, service providers, governments or authorized organizations. The data in the whole network is backed up in multiple copies, any participant has all shared data and stores the data in the server of the participant, the data content is completely unified, and the data in the data cannot be tampered privately. After receiving the personal information digital certificate, the user needs to register in the blockchain authentication platform, so that a user registration request carrying the personal information digital certificate is sent, and the blockchain authentication platform registers for the personal information digital certificate.
Before sending the personal information digital certificate, the blockchain public key may be sent to the blockchain authentication platform, then the user registration request is signed by the blockchain private key, and finally the signed registration request is sent to the blockchain authentication platform.
The invention provides an identity authentication method based on a user identification module and a block chain technology, which comprises the steps of firstly generating a block chain private key and a block chain public key of a block chain seed according to a preset block chain key algorithm, generating an algorithm according to the block chain address, calculating the block chain address of the block chain public key, calculating an identity information abstract of user identity information by adopting a preset HASH algorithm, sending the personal information of a user to an identity registration mechanism, sending the identity information abstract, the block chain public key and the block chain address to a digital certificate service mechanism if a verification passing message of the identity registration mechanism is received, so that the digital certificate service mechanism generates a personal information digital certificate, and sending a user registration request to a block chain authentication platform if the personal information digital certificate sent by the digital certificate service mechanism is received. Compared with the prior art, the embodiment of the invention records the ID of the user identification module into the abstract of the identity information, the ID of the user identification module corresponds to the personal information one by one, if the personal information data of the identity registration mechanism is lost, the personal information can be reversely inquired through the user identification module ID and the user identification module verification mechanism, so as to recover the data of the identity registration mechanism.
An embodiment of the present invention provides another identity authentication method based on a subscriber identity module and a block chain technology, and as shown in fig. 2, the method includes:
201. and generating a block chain private key and a block chain public key of the block chain seed according to a preset block chain key algorithm.
After the user activates the subscriber identity module, a random number generator is used to generate a blockchain seed, which may be a true random number or a cryptographically computed random number. The block chain private key and the block chain public key of the block chain seed are generated according to an elliptic curve encryption algorithm, or the block chain private key and the block chain public key of the block chain seed are generated according to a key derivation algorithm. Illustratively, the step is specifically: and randomly selecting a 64-byte block chain seed, wherein the size of the block chain seed is between 1 and 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF 48A 03B BFD 25E 8C D0364141, and directly using the block chain seed as a block chain private key or generating the block chain private key of the block chain seed through a preset conversion algorithm. And calculating the uncompressed public key corresponding to the block chain private key by using an elliptic curve encryption algorithm or a key derivation algorithm. Thereafter, the blockchain private key and the blockchain public key need to be saved.
In view of the real-name implementation of the subscriber identity module, the subscriber identity module with a particular private key may be used as a hard wallet for a blockchain platform. The calculation process of the user chain code of the hard wallet comprises the following steps: the method comprises the steps of obtaining an operator key of a user identification module and a payment key set by a user, using a block chain seed as a block chain key, carrying out double encryption through the user key and the operator key to generate a block chain public key, and determining that a user chain code comprises a block chain private key and a block chain public key. The hard wallet can be connected with a block chain carrying DE/CP or a bank or financial institution to complete block chain currency related operations such as collection, transfer and the like.
202. And calculating the block chain address of the block chain public key according to a block chain address generation algorithm.
The blockchain address is the destination address of the user for conducting digital currency transactions over the blockchain, similar to a debit or bank card number. The blockchain address is calculated based on a blockchain key generation protocol according to a blockchain address generation algorithm. The block chain address generation algorithm is an algorithm that the block chain public keys are arranged according to a specific sequence and are sequentially calculated to obtain a code with unicity. The blockchain address generation algorithm may include an HMAC-SHA512 algorithm, an SHA256 algorithm, a Keccak256 hash algorithm, or a ripemm 160 hash algorithm, among others. The blockchain key generation protocol may be a BIP 443239 protocol, and the BIP 443239 protocol enables the same blockchain public key to support multiple currencies, multiple accounts, and the like. The blockchain address of the blockchain public key is calculated according to the BIP 443239 protocol.
203. And calculating the identity information abstract of the user identity information by adopting a preset HASH algorithm.
The user identification information includes a user identification module ID, a biometric characteristic of the user, and personal information of the user. The biological characteristics and the personal information are obtained through the external equipment in a communication mode of the Bluetooth communication module and the chip interface. The HASH algorithm is used to transform an input of arbitrary length to an output of fixed length by a HASH algorithm, and is a compressed mapping, i.e., the space of the HASH value is usually much smaller than the space of the input. The preset HASH algorithm can adopt an HMAC-SHA512 algorithm, an SHA256 algorithm, a Keccak256 algorithm, a RIPEMD160 algorithm or an MD5 algorithm. And calculating the identity information abstract with a fixed length according to the preset HASH algorithm on the user identity information with any length, and unifying the data system so as to facilitate the storage, forwarding, verification and subsequent calculation of data.
204. And acquiring a registration public key of the identity registration authority.
And establishing communication connection with the identity registration mechanism to request to acquire the registration public key of the identity registration mechanism.
205. And carrying out double encryption on the personal information according to the block chain private key and the registration public key.
The personal information is acquired through the external equipment in a communication mode of the Bluetooth communication module and the chip interface. In the double encryption process, the personal information can be encrypted by adopting a block chain key, and then the encryption result is encrypted again by adopting a registration public key. An asymmetric encryption algorithm, such as an RSA algorithm, a DSA algorithm, an ECC algorithm, etc., may be used in the encryption process.
206. And sending the double-encrypted personal information to an identity registration authority.
And the identity registration structure decrypts the doubly encrypted personal information according to the block chain public key and the registration private key so as to acquire the personal information.
207. And if the verification passing message of the identity registration authority is received, the identity information abstract, the blockchain public key and the blockchain address are sent to the digital certificate service authority, so that the digital certificate service authority generates the personal information digital certificate.
The digital certificate service authority is used for issuing digital identity certificates for users. The block chain address is used for recording digital assets of the user, the digital assets of the user can be authenticated by using an identity authentication function, the digital assets are bound with the real user individuals, the safety of the digital assets can be improved, and the data assets can be traded or transferred by means of the block chain address. The personal information digital certificate comprises an identity information digest, a blockchain public key and a blockchain address. The digital certificate service organization generates a personal information certificate according to the identity information abstract, the block chain public key and the block chain address, and increases the reliability of the personal information digital certificate and the certifiable range of the personal information digital certificate by adopting a multi-information cross mode.
Before sending the identity information digest, the blockchain public key and the blockchain address, the blockchain public key may be sent to the digital certificate service authority, the identity information digest, the blockchain public key and the blockchain address may be encrypted by the blockchain private key, and finally, the encrypted data may be sent to the digital certificate service authority.
208. And if the personal information digital certificate sent by the digital certificate service organization is received, sending a user registration request to the blockchain authentication platform.
The blockchain certification platform is a decentralized architecture and is commonly maintained by a plurality of enterprises, service providers, governments or authorized organizations. The data of the whole network is backed up in multiple copies, any party has all shared data and stores the data in the server of the party, the data content is completely uniform, and the data in the data cannot be tampered privately. After receiving the personal information digital certificate, the user needs to register in the blockchain authentication platform, so that a user registration request carrying the personal information digital certificate is sent, and the blockchain authentication platform registers for the personal information digital certificate.
Before sending the personal information digital certificate, the blockchain public key may be first sent to the blockchain authentication platform, then the user registration request is signed by the blockchain private key, and finally the signed registration request is sent to the blockchain authentication platform.
209. And sending the personal information digital certificate to a service system platform so that the service system platform can send a query request to the blockchain authentication platform to verify whether the personal information digital certificate exists in a historical account book of the blockchain authentication platform.
The service system platform receives the personal information digital certificate, can also verify the authenticity of the personal information digital certificate firstly, and then sends an inquiry request to the blockchain platform so as to verify whether the personal information digital certificate exists in the historical account book of the blockchain authentication platform. After receiving the query request, the blockchain authentication platform queries a historical account book of the blockchain authentication platform, searches whether the personal information digital certificate exists in the historical account book, records the query operation on the blockchain, and returns a query result. And the service system platform receives the query result, and if the query result does not exist, the user identity authentication is not passed. And if so, the user identity authentication is successful.
If the service system needs user authorization (e.g. electronic certificate, transaction, DE/CP account operation, etc.), a request can be initiated to the user, the content to be authorized is signed by using the block chain private key, and is returned to the service system and is sent to the block chain authentication platform for storage. Before using the relevant service (using electronic certificate photo, transaction DECP), the service application system needs to package the service request message and the personal information digital certificate, then sign the service request message by using a private key, and send the service request message to the blockchain authentication platform so as to store the certificate of the service request message on the blockchain.
The invention is used for the use scene needing identity authentication, exemplarily, under the use scene of the 5G Internet of things, the invention can authenticate the identity of a terminal, equipment and a user and support different business systems to finish the identity authentication of people and objects; in a scenario that a Chinese people bank issues DE/CP, legal digital currency ownership and the personal identity of a citizen are bound and used as a hard wallet for currency operation; personal data/data assets are traded and transferred.
The invention provides an identity authentication method based on a user identification module and a block chain technology, which comprises the steps of firstly generating a block chain private key and a block chain public key of a block chain seed according to a preset block chain key algorithm, generating an algorithm according to the block chain address, calculating the block chain address of the block chain public key, calculating an identity information abstract of user identity information by adopting a preset HASH algorithm, sending the personal information of a user to an identity registration mechanism, sending the identity information abstract, the block chain public key and the block chain address to a digital certificate service mechanism if a verification passing message of the identity registration mechanism is received, so that the digital certificate service mechanism generates a personal information digital certificate, and sending a user registration request to a block chain authentication platform if the personal information digital certificate sent by the digital certificate service mechanism is received. Compared with the prior art, the embodiment of the invention records the ID of the user identification module into the abstract of the identity information, the ID of the user identification module corresponds to the personal information one by one, if the personal information data of the identity registration mechanism is lost, the personal information can be reversely inquired through the user identification module ID and the user identification module verification mechanism, so as to recover the data of the identity registration mechanism.
Further, as an implementation of the method shown in fig. 1, an embodiment of the present invention provides an identity authentication apparatus based on a subscriber identity module and a block chain technology, and as shown in fig. 3, the apparatus includes:
the generating module 31 is configured to generate a block chain private key and a block chain public key of a block chain seed according to a preset block chain key algorithm, where the block chain seed is generated by using a random number generator;
a first calculating module 32, configured to calculate a blockchain address of the blockchain public key according to a blockchain address generating algorithm;
the second calculation module 33 is configured to calculate an identity information digest of user identity information by using a preset HASH algorithm, where the user identity information includes a user identification module ID, a biological characteristic of a user, and personal information of the user;
a first sending module 34, configured to send the personal information to an identity registration authority, so that the identity registration authority verifies whether the personal information can be authenticated by a real name;
a second sending module 35, configured to send the identity information digest, the blockchain public key, and the blockchain address to a digital certificate service authority if a verification passing message of the identity registration authority is received, so that the digital certificate service authority generates a personal information digital certificate, where the personal information digital certificate includes the identity information digest, the blockchain public key, and the blockchain address;
A registration module 36, configured to send a user registration request to a blockchain authentication platform if the personal information digital certificate sent by the digital certificate service authority is received, where the user registration request carries the personal information digital certificate signed according to the blockchain private key.
The invention provides an identity authentication device based on a user identification module and a block chain technology, which comprises the steps of firstly generating a block chain private key and a block chain public key of a block chain seed according to a preset block chain key algorithm, generating an algorithm according to the block chain address, calculating the block chain address of the block chain public key, calculating an identity information abstract of user identity information by adopting a preset HASH algorithm, sending the personal information of a user to an identity registration mechanism, sending the identity information abstract, the block chain public key and the block chain address to a digital certificate service mechanism if a verification passing message of the identity registration mechanism is received, so that the digital certificate service mechanism generates a personal information digital certificate, and sending a user registration request to a block chain authentication platform if the personal information digital certificate sent by the digital certificate service mechanism is received. Compared with the prior art, the embodiment of the invention records the ID of the user identification module into the abstract of the identity information, the ID of the user identification module corresponds to the personal information one by one, if the personal information data of the identity registration mechanism is lost, the personal information can be reversely inquired through the user identification module ID and the user identification module verification mechanism, so as to recover the data of the identity registration mechanism.
Further, as an implementation of the method shown in fig. 2, an embodiment of the present invention provides another identity authentication apparatus based on a subscriber identity module and a block chain technology, as shown in fig. 4, where the apparatus includes:
the generating module 41 is configured to generate a block chain private key and a block chain public key of a block chain seed according to a preset block chain key algorithm, where the block chain seed is generated by using a random number generator;
a first calculating module 42, configured to calculate a blockchain address of the blockchain public key according to a blockchain address generating algorithm;
a second calculating module 43, configured to calculate an identity information summary of user identity information by using a preset HASH algorithm, where the user identity information includes a user identification module ID, a biological characteristic of a user, and personal information of the user;
a first sending module 44, configured to send the personal information to an identity registration authority, so that the identity registration authority verifies whether the personal information can be authenticated by a real name;
a second sending module 45, further configured to send the identity information digest, the blockchain public key, and the blockchain address to a digital certificate service authority if a verification passing message of the identity registration authority is received, so that the digital certificate service authority generates a personal information digital certificate, where the personal information digital certificate includes the identity information digest, the blockchain public key, and the blockchain address;
A registration module 46, configured to send a user registration request to a blockchain authentication platform if the personal information digital certificate sent by the digital certificate service authority is received, where the user registration request carries the personal information digital certificate signed according to the blockchain private key.
Further, the generating module 41 is configured to:
and generating a block chain private key and a block chain public key of the block chain seed according to an elliptic curve encryption algorithm.
Further, the generating module 41 is configured to:
and generating a block chain private key and a block chain public key of the block chain seed according to a key derivation algorithm.
Further, the apparatus further comprises:
an obtaining module 47, configured to obtain a registration public key of an identity registration authority before sending the personal information to the identity registration authority;
the first sending module 44 includes:
an encrypting unit 441, configured to perform double encryption on the personal information according to the blockchain private key and the registration public key;
a sending unit 442, configured to send the doubly encrypted personal information to the identity registration authority.
Further, the apparatus further comprises:
a third sending module 48, configured to send the personal information digital certificate to a service system platform after sending the user registration request to the blockchain authentication platform, so that the service system platform sends an inquiry request to the blockchain authentication platform to verify whether the personal information digital certificate exists in the historical account book of the blockchain authentication platform.
The invention provides an identity authentication device based on a user identification module and a block chain technology, which comprises the steps of firstly generating a block chain private key and a block chain public key of a block chain seed according to a preset block chain key algorithm, generating an algorithm according to the block chain address, calculating the block chain address of the block chain public key, calculating an identity information abstract of user identity information by adopting a preset HASH algorithm, sending the personal information of a user to an identity registration mechanism, sending the identity information abstract, the block chain public key and the block chain address to a digital certificate service mechanism if a verification passing message of the identity registration mechanism is received, so that the digital certificate service mechanism generates a personal information digital certificate, and sending a user registration request to a block chain authentication platform if the personal information digital certificate sent by the digital certificate service mechanism is received. Compared with the prior art, the embodiment of the invention records the user identification module ID into the identity information abstract, the user identification module ID corresponds to the personal information one by one, if the personal information data of the identity registration mechanism is lost, the personal information can be reversely inquired through the user identification module ID and the user identification module verification mechanism, so as to recover the data of the identity registration mechanism.
According to an embodiment of the present invention, a storage medium is provided, where the storage medium stores at least one executable instruction, and the executable instruction may execute the method for identity authentication based on the sim and blockchain technology in any of the method embodiments described above.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, and the specific embodiment of the present invention does not limit the specific implementation of the electronic device.
As shown in fig. 5, the electronic device may include: a processor (processor)502, a Communications Interface (Communications Interface)504, a memory 506, and a communication bus 508.
Wherein: the processor 502, communication interface 504, and memory 506 communicate with one another via a communication bus 508.
A communication interface 504 for communicating with network elements of other devices, such as clients or other servers.
The processor 502 is configured to execute the program 510, and may specifically execute the relevant steps in the above-described embodiments of the identity authentication method based on the sim and the blockchain technique.
In particular, program 510 may include program code that includes computer operating instructions.
The processor 502 may be a central processing unit CPU, or an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits configured to implement an embodiment of the present invention. The computer device includes one or more processors, which may be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
And a memory 506 for storing a program 510. The memory 506 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 510 may be specifically configured to cause the processor 502 to perform the following operations:
generating a block chain private key and a block chain public key of a block chain seed according to a preset block chain key algorithm, wherein the block chain seed is generated by adopting a random number generator;
calculating the block chain address of the block chain public key according to a block chain address generation algorithm;
calculating an identity information abstract of user identity information by adopting a preset HASH algorithm, wherein the user identity information comprises a user identification module ID, biological characteristics of a user and personal information of the user;
Sending the personal information to an identity registration authority so that the identity registration authority verifies whether the personal information can be authenticated by a real name;
if the verification passing message of the identity registration authority is received, the identity information abstract, the block chain public key and the block chain address are sent to a digital certificate service authority, so that the digital certificate service authority generates a personal information digital certificate, wherein the personal information digital certificate comprises the identity information abstract, the block chain public key and the block chain address;
and if the personal information digital certificate sent by the digital certificate service mechanism is received, sending a user registration request to a block chain authentication platform, wherein the user registration request carries the personal information digital certificate signed according to the block chain private key.
It will be apparent to those skilled in the art that the various blocks or steps of the invention described above may be implemented using a general purpose computing device, which may be centralized on a single computing device or distributed across microprocessors, or alternatively, they may be implemented using program code executable by a computing device, such that they may be stored in a memory device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into various integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made without departing from the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (6)
1. An identity authentication method based on a user identification module and a block chain technology is characterized by comprising the following steps:
generating a block chain private key and a block chain public key of a block chain seed according to a preset block chain key algorithm, wherein the block chain seed is generated by adopting a random number generator;
calculating a block chain address of the block chain public key according to a block chain address generation algorithm;
calculating an identity information abstract of user identity information by adopting a preset HASH algorithm, wherein the user identity information comprises a user identification module (ID), biological characteristics of a user and personal information of the user;
sending the personal information to an identity registration mechanism so that the identity registration mechanism verifies whether the personal information can pass real-name authentication;
if the verification passing message of the identity registration authority is received, the identity information abstract, the block chain public key and the block chain address are sent to a digital certificate service authority, so that the digital certificate service authority generates a personal information digital certificate, wherein the personal information digital certificate comprises the identity information abstract, the block chain public key and the block chain address;
If the personal information digital certificate sent by the digital certificate service mechanism is received, sending a user registration request to a block chain authentication platform, wherein the user registration request carries the personal information digital certificate signed according to the block chain private key;
before sending the personal information to the identity registration authority, the method further comprises:
acquiring a registration public key of the identity registration mechanism;
the sending the personal information to an identity registration authority includes:
carrying out double encryption on the personal information according to the block chain private key and the registration public key;
sending the double-encrypted personal information to the identity registration authority;
after sending the user registration request to the blockchain authentication platform, the method further includes:
and sending the personal information digital certificate to a service system platform so that the service system platform can send a query request to the block chain authentication platform to verify whether the personal information digital certificate exists in a historical account book of the block chain authentication platform.
2. The method of claim 1, wherein generating the blockchain private key and the blockchain public key of the blockchain seed according to a preset blockchain key algorithm comprises:
And generating a block chain private key and a block chain public key of the block chain seed according to an elliptic curve encryption algorithm.
3. The method of claim 1, wherein generating the blockchain private key and the blockchain public key of the blockchain seed according to a preset blockchain key algorithm comprises:
and generating a block chain private key and a block chain public key of the block chain seed according to a key derivation algorithm.
4. An identity authentication device based on a subscriber identity module and a block chain technology, comprising:
the generating module is used for generating a block chain private key and a block chain public key of a block chain seed according to a preset block chain key algorithm, wherein the block chain seed is generated by adopting a random number generator;
the first calculation module is used for calculating the block chain address of the block chain public key according to a block chain address generation algorithm;
the second calculation module is used for calculating the identity information abstract of the user identity information by adopting a preset HASH algorithm, wherein the user identity information comprises a user identification module ID, the biological characteristics of the user and the personal information of the user;
the first sending module is used for sending the personal information to an identity registration authority so that the identity registration authority can verify whether the personal information can pass real-name authentication;
The second sending module is further configured to send the identity information digest, the blockchain public key and the blockchain address to a digital certificate service authority if a verification passing message of the identity registration authority is received, so that the digital certificate service authority generates a personal information digital certificate, where the personal information digital certificate includes the identity information digest, the blockchain public key and the blockchain address;
the registration module is used for sending a user registration request to a block chain authentication platform if the personal information digital certificate sent by the digital certificate service mechanism is received, wherein the user registration request carries the personal information digital certificate signed according to the block chain private key;
the device further comprises:
the acquisition module is used for acquiring a registration public key of the identity registration mechanism before the personal information is sent to the identity registration mechanism;
the first sending module includes:
the encryption unit is used for carrying out double encryption on the personal information according to the block chain private key and the registration public key;
a sending unit, configured to send the doubly encrypted personal information to the identity registration authority;
The device further comprises:
and the third sending module is used for sending the personal information digital certificate to a service system platform after sending the user registration request to the blockchain authentication platform, so that the service system platform sends a query request to the blockchain authentication platform to verify whether the personal information digital certificate exists in the historical account book of the blockchain authentication platform.
5. The apparatus of claim 4, wherein the generation module is to:
and generating a block chain private key and a block chain public key of the block chain seed according to an elliptic curve encryption algorithm.
6. The apparatus of claim 4, wherein the generation module is to:
and generating a block chain private key and a block chain public key of the block chain seed according to a key derivation algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010759486.2A CN111859348B (en) | 2020-07-31 | 2020-07-31 | Identity authentication method and device based on user identification module and block chain technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010759486.2A CN111859348B (en) | 2020-07-31 | 2020-07-31 | Identity authentication method and device based on user identification module and block chain technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111859348A CN111859348A (en) | 2020-10-30 |
| CN111859348B true CN111859348B (en) | 2022-07-19 |
Family
ID=72953702
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010759486.2A Active CN111859348B (en) | 2020-07-31 | 2020-07-31 | Identity authentication method and device based on user identification module and block chain technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111859348B (en) |
Families Citing this family (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111787530B (en) * | 2020-08-06 | 2024-01-09 | 联通雄安产业互联网有限公司 | Block chain digital identity management method based on SIM card |
| CN112328686A (en) * | 2020-11-05 | 2021-02-05 | 深圳壹账通智能科技有限公司 | Block chain link point sharing method based on digital certificate and related products thereof |
| CN112364311B (en) * | 2020-11-10 | 2024-01-26 | 上海保险交易所股份有限公司 | Identity management method and device on blockchain |
| CN112258189A (en) * | 2020-12-03 | 2021-01-22 | 支付宝(杭州)信息技术有限公司 | Block chain-based subscription management method and device and electronic equipment |
| CN112565294B (en) * | 2020-12-23 | 2023-04-07 | 杭州天谷信息科技有限公司 | Identity authentication method based on block chain electronic signature |
| CN112801606A (en) * | 2020-12-31 | 2021-05-14 | 山西特信环宇信息技术有限公司 | Electronic contract system of cone block chain |
| CN112733127B (en) * | 2021-01-13 | 2024-02-20 | 杭州甘道智能科技有限公司 | Bidirectional authentication method and system based on blockchain |
| CN112818368A (en) * | 2021-02-09 | 2021-05-18 | 南京邮电大学 | Digital certificate authentication method based on block chain intelligent contract |
| CN113034139B (en) * | 2021-03-15 | 2023-12-26 | 中国人民大学 | Block chain multi-coin wallet based on living organism biological characteristic authentication and implementation method thereof |
| CN112688786B (en) * | 2021-03-19 | 2021-06-22 | 中企链信(北京)科技有限公司 | Evidence construction and real-name identity authentication method based on block chain |
| CN114900310A (en) * | 2021-03-29 | 2022-08-12 | 北京格瑞空间科技有限公司 | Method for corresponding ID of terminal equipment to block chain account |
| CN113067704B (en) * | 2021-03-29 | 2022-08-30 | 安徽慧可科技有限公司 | Data right determining method, system and equipment based on block chain |
| CN113221159A (en) * | 2021-04-19 | 2021-08-06 | 湖北邮电规划设计有限公司 | Epidemic situation reporting system based on block chain |
| CN113271294A (en) * | 2021-04-25 | 2021-08-17 | 深圳前海华兆新能源有限公司 | Edge computing gateway identity authentication method based on block chain technology |
| CN113129518B (en) * | 2021-04-28 | 2022-10-11 | 北方工业大学 | Electric vehicle charging system and resource management method thereof |
| CN115225428B (en) * | 2021-06-29 | 2023-10-13 | 达闼机器人股份有限公司 | Robot authentication system and method |
| CN113784344A (en) * | 2021-08-19 | 2021-12-10 | 杭州宇链科技有限公司 | Trusted address binding device |
| CN113904774A (en) * | 2021-08-27 | 2022-01-07 | 重庆小雨点小额贷款有限公司 | Block chain address authentication method and device and computer equipment |
| CN114095150B (en) * | 2021-11-12 | 2024-01-26 | 微位(深圳)网络科技有限公司 | Identity authentication method, device, equipment and readable storage medium |
| CN114679261A (en) * | 2021-12-22 | 2022-06-28 | 北京邮电大学 | Chain anonymous communication method and system based on key derivation algorithm |
| CN114826613B (en) * | 2022-04-21 | 2023-07-28 | 微位(深圳)网络科技有限公司 | Identity information query method, device, equipment and storage medium based on blockchain |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107070644A (en) * | 2016-12-26 | 2017-08-18 | 北京科技大学 | A kind of decentralization public key management method and management system based on trust network |
| CN107196966A (en) * | 2017-07-05 | 2017-09-22 | 北京信任度科技有限公司 | The identity identifying method and system of multi-party trust based on block chain |
| CN107493273A (en) * | 2017-08-02 | 2017-12-19 | 深圳市易成自动驾驶技术有限公司 | Identity identifying method, system and computer-readable recording medium |
| CN109522698A (en) * | 2018-10-11 | 2019-03-26 | 平安科技(深圳)有限公司 | User authen method and terminal device based on block chain |
| CN109544331A (en) * | 2018-10-12 | 2019-03-29 | 深圳壹账通智能科技有限公司 | Supply chain financial application method, apparatus and terminal device based on block chain |
| CN109598615A (en) * | 2018-11-30 | 2019-04-09 | 深圳市链联科技有限公司 | A method of the transaction of block chain is participated in entity identities |
| CN109670825A (en) * | 2018-12-20 | 2019-04-23 | 姚前 | One kind being based on the associated digital asset real name register system of certificate |
| CN109981675A (en) * | 2019-04-04 | 2019-07-05 | 西安电子科技大学 | A kind of identity information guard method of digital identification authentication and encryption attribute |
| CN111125778A (en) * | 2019-12-16 | 2020-05-08 | 腾讯科技(深圳)有限公司 | Copyright transaction information processing method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP6547079B1 (en) * | 2016-12-23 | 2019-07-17 | 深▲セン▼前▲海▼▲達▼▲闥▼▲雲▼端智能科技有限公司Cloudminds (Shenzhen) Robotics Systems Co., Ltd. | Registration / authorization method, device and system |
-
2020
- 2020-07-31 CN CN202010759486.2A patent/CN111859348B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107070644A (en) * | 2016-12-26 | 2017-08-18 | 北京科技大学 | A kind of decentralization public key management method and management system based on trust network |
| CN107196966A (en) * | 2017-07-05 | 2017-09-22 | 北京信任度科技有限公司 | The identity identifying method and system of multi-party trust based on block chain |
| CN107493273A (en) * | 2017-08-02 | 2017-12-19 | 深圳市易成自动驾驶技术有限公司 | Identity identifying method, system and computer-readable recording medium |
| CN109522698A (en) * | 2018-10-11 | 2019-03-26 | 平安科技(深圳)有限公司 | User authen method and terminal device based on block chain |
| CN109544331A (en) * | 2018-10-12 | 2019-03-29 | 深圳壹账通智能科技有限公司 | Supply chain financial application method, apparatus and terminal device based on block chain |
| CN109598615A (en) * | 2018-11-30 | 2019-04-09 | 深圳市链联科技有限公司 | A method of the transaction of block chain is participated in entity identities |
| CN109670825A (en) * | 2018-12-20 | 2019-04-23 | 姚前 | One kind being based on the associated digital asset real name register system of certificate |
| CN109981675A (en) * | 2019-04-04 | 2019-07-05 | 西安电子科技大学 | A kind of identity information guard method of digital identification authentication and encryption attribute |
| CN111125778A (en) * | 2019-12-16 | 2020-05-08 | 腾讯科技(深圳)有限公司 | Copyright transaction information processing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111859348A (en) | 2020-10-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111859348B (en) | Identity authentication method and device based on user identification module and block chain technology | |
| CN110692214B (en) | Method and system for ownership verification using blockchain | |
| RU2747947C2 (en) | Systems and methods of personal identification and verification | |
| US20210279736A1 (en) | Blockchain secure transaction method and device based on biomarker authentication | |
| KR20190075772A (en) | AuthenticationSystem Using Block Chain Through Combination of Data after Separating Personal Information | |
| JP2020517165A (en) | Anonymity and traceability of digital property transactions on distributed transaction agreement networks | |
| CN103679436A (en) | Electronic contract security system and method based on biological information identification | |
| JP2005522775A (en) | Information storage system | |
| US11558199B1 (en) | Systems and methods for privacy preserving distributed ledger consensus | |
| CN108833431B (en) | Password resetting method, device, equipment and storage medium | |
| CN114266069B (en) | House transaction electronic data sharing system and method based on blockchain technology | |
| US10158490B2 (en) | Double authentication system for electronically signed documents | |
| Gulati et al. | Self-sovereign dynamic digital identities based on blockchain technology | |
| US11070378B1 (en) | Signcrypted biometric electronic signature tokens | |
| US20190288833A1 (en) | System and Method for Securing Private Keys Behind a Biometric Authentication Gateway | |
| US20230232222A1 (en) | User terminal, authentication terminal, registration terminal, management system and program | |
| WO2021071421A1 (en) | Methods, systems, and devices for managing digital assets | |
| US11949689B2 (en) | Unified authentication system for decentralized identity platforms | |
| CN113722749A (en) | Data processing method and device for block chain BAAS service based on encryption algorithm | |
| CN114358932A (en) | Authentication processing method and device | |
| CN111539031B (en) | Data integrity detection method and system for privacy protection of cloud storage tag | |
| CN111641604B (en) | Signing method based on online banking certificate and signing system based on online banking certificate | |
| CN115967508A (en) | Data access control method and device, equipment, storage medium and program product | |
| KR20210017308A (en) | Method for providing secondary authentication service using device registration and distributed storage of data | |
| EP2842290B1 (en) | Method and computer communication system for the authentication of a client system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |