CN112039848A - Web authentication method, system and device based on block chain public key digital signature - Google Patents
Web authentication method, system and device based on block chain public key digital signature Download PDFInfo
- Publication number
- CN112039848A CN112039848A CN202010780033.8A CN202010780033A CN112039848A CN 112039848 A CN112039848 A CN 112039848A CN 202010780033 A CN202010780033 A CN 202010780033A CN 112039848 A CN112039848 A CN 112039848A
- Authority
- CN
- China
- Prior art keywords
- request
- registration
- public key
- client
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a Web authentication method, a system and a device based on a block chain public key digital signature.A client sends out a registration or a request, the system generates a public and private key pair according to a set asymmetric signature algorithm, generates corresponding payload data from registration or request information, carries out signature based on a private key, generates registration or request data from the public key, the payload data and a signature result, and a server analyzes the registration or request data to acquire the registration or request information and execute corresponding operation. According to the method and the system, the registration or request information is converted into the payload data, the registration or request data is generated based on the public key and the private key and is sent to the server, and the server associates the authentication information with the registration or request data, so that the server is prevented from processing a tampered request; after receiving the registration or request data, the server performs corresponding operations, thereby avoiding the formation of authentication information without the client. The server side does not manage sensitive information, and leakage risks are reduced.
Description
Technical Field
The invention relates to the technical field of block chains, in particular to a method, a system and a device for Web authentication based on block chain public key digital signature.
Background
Currently, in a Web system, there are 5 main ways to authenticate a user:
HttpBasicAuth: the client provides a user name and a password at a request head, and the server checks whether the password is correct. In this way, the cipher is transmitted in plaintext and is easily leaked.
OAuth 2: and the client finally acquires the Access token from the server according to the protocol, the subsequent request seeds are attached with the Access token, and the server realizes the authentication of the user identity according to the Access token.
CookieSessionaAuth: the client provides effective identification information (such as a username and a password), the server creates a Session object for the visitor, the client stores the Session through the Cookie, subsequent requests are accompanied by Cookie information, and the server matches the Session object to realize the authentication of the user identity.
TokenAuuth: the client provides effective identification information (such as a user name and a password), the server distributes a token for the client, the token is attached to subsequent requests of the client, and the token is verified by the server to realize the authentication of the user identity.
JWTauth: the client provides effective identification information (such as a user name and a password), the server constructs a header and a payload which accord with JWT specifications, signs are carried out on the header and the payload to obtain a token, the token is sent to the client, the token is attached to subsequent requests of the client, the token is verified by the server and is issued by the server and the identity information in the token is analyzed, and the authentication of the user identity is realized.
In the above methods 2 to 5, there are problems as follows: the tokens are all generated by the server side, and the server side can generate the tokens without permission of the client side; centralized management is carried out at a server side, and once leakage occurs, the requests of a large number of users can be forged; the token can not change in a period of time, and if the token is intercepted by a third party, the third party can easily forge the request of the client; the token has no relation with the request data, and the server cannot find the token even if the token is tampered in the process of data transmission.
Moreover, with the development of the block chain technology, in some decentralized systems, the identity information of the user is not managed by the central server, but is embodied by the user holding the asymmetric encrypted private key, and the Web authentication mode is not available in the Web system constructed based on the system.
Therefore, designing a secure and widely applicable Web authentication method is a problem to be solved urgently.
Disclosure of Invention
The invention aims to provide a Web authentication method, a system and a device based on a block chain public key digital signature.
In a first aspect, the above object of the present invention is achieved by the following technical solutions:
a Web authentication method based on block chain public key digital signature is characterized in that a client generates a public key and a private key pair in a registration process; or generating registration payload data according to the registration information, performing operation by combining the key to obtain a signature result, and combining the public key, the registration payload data and the signature result into registration request data; in the request response process, request data is generated and sent to the server based on the key.
The invention is further configured to: in the registration process without the registration information, the client generates a public key PK and a private key SK pair by self and stores the public key PK and the private key SK pair.
The invention is further configured to: in the registration process requiring registration information, the client work comprises the following steps:
s1, self-generating a public key PK and a private key SK pair, and storing;
s2, receiving user registration information and generating registration payload data;
s3, signing the registered payload data based on the private key SK to obtain a registered signature result;
s4, combining the public key PK, the registration payload data and the registration signature result to obtain registration request data, and sending the registration request data to the server;
and S5, receiving the registration result information returned by the server.
The invention is further configured to: the method for sending the read request to the server by the client comprises the following steps:
a1, receiving read service request information, and generating first request payload data;
a2, signing the first request payload data based on the private key SK to obtain a first request signature result;
a3, combining the public key PK, the first request payload data and the first request signature result to obtain first read request data, and sending the first read request data to a server;
a4, receiving a first reading request result returned by the server;
and A5, receiving the service execution result of the server.
The invention is further configured to: the method for sending the read or write request to the server by the client comprises the following steps:
b1, acquiring the one-time random number information and the second read or write service request information, and generating second request payload data;
b2, signing the second request payload data based on the private key SK to obtain a second request signature result;
b3, combining the public key PK, the second request payload data and the second request signature result to obtain second read or write request data, and sending the second read or write request data to the server;
b4, receiving a second read or write request result returned by the server;
and B5, receiving the service execution result of the server.
The invention is further configured to: the method for acquiring the disposable random number information comprises the following steps:
p1, generating a third request payload data requesting a nonce;
p2, signing the third request payload data based on the private key SK to obtain a third request signature result;
p3, combining the public key PK, the third request payload data and the third request signature result to obtain third random number request data, and sending the third random number request data to the server;
and P4, receiving the response random number signal sent by the server.
In a second aspect, the above object of the present invention is achieved by the following technical solutions: a Web authentication method based on a block chain public key digital signature is characterized in that a server receives registration request data sent by a client in a registration process, verifies a secret key or the registration request data and sends a verification result to the client; in the request response process, receiving a read service request, a read service request and a random number service request of the client, obtaining service request information and a user Identity (ID), executing service logic according to the service request information, and returning a service execution result to the client.
The invention is further configured to: the method for receiving the registration request data sent by the client in the registration process by the server comprises the following steps:
d1, receiving registration request data sent by the client;
d2, analyzing the registration request data to obtain a public key PK, registration payload data and a registration signature result;
d3, verifying whether the registration signature result is correct, if so, entering the next step, and if not, turning to D8;
d4, decrypting the registration payload data to obtain user registration information;
d5, calculating the user identity ID according to the public key PK;
d6, associating and storing the user registration information and the user identity ID;
d7, sending registration success information to the client, and turning to D9;
d8, sending verification error information to the client;
and D9, finishing the registration.
The invention is further configured to: the method comprises the following steps that the server receives first read request data sent by a client in a request response process, and comprises the following steps:
e1, receiving first read request data sent by the client;
e2, analyzing the first read request data to obtain a public key PK, first request payload data and a first request signature result;
e3, verifying whether the first request signature result is correct, if so, entering the next step, and if not, turning to E8;
e4, analyzing the first request payload data to obtain first service request information;
e5, calculating the user identity ID according to the public key PK;
e6, executing service logic according to the user ID and the first service request information;
e7, sending service execution result information to the client, turning to E9;
e8, sending verification error information to the client;
e9, end of request.
The invention is further configured to: the server receives second read or write request data sent by the client in the request response process, and the method comprises the following steps:
w1, receiving second read or write request data sent by the client;
w2, analyzing the second read or write request data to obtain a public key PK, second request payload data and a second request signature result;
w3, verifying whether the second request signature result is correct, if so, entering the next step, and if not, turning to W10;
w4, analyzing the second request payload data to obtain disposable random number information and second read or write service request information;
w5, calculating the user identity ID according to the public key PK;
w6, comparing the disposable random number information corresponding to the user body ID stored by the server with the disposable random number information obtained by analysis, if the disposable random number information is the same, entering the next step, and if the disposable random number information is different, turning to W11;
w7, setting the one-time random number information corresponding to the user body ID stored in the server as invalid;
w8, executing service logic according to the user ID and the second read or write service request information;
w9, sending service execution result information to the client, and turning to W12;
w10, sending verification error information to the client, turning to W12;
w11, sending a one-time random number verification error message to the client;
w12, the request is finished.
The invention is further configured to: the server receives third random number request data sent by the client in the request response process, and the method comprises the following steps:
q1, receiving third random number request data sent by the client;
q2, analyzing the third random number request data to obtain a public key PK, third request payload data and a third request signature result;
q3, verifying whether the third request signature result is correct, if so, entering the next step, and if not, turning to Q8;
q4, analyzing the third request payload data to obtain the request information of the disposable random number service;
q5, calculating the user ID according to the public key PK;
q6, generating a disposable random number, associating with the user ID and storing;
q7, sending the disposable random number to the client, and turning to Q9;
q8, sending verification error information to the client;
q9, end of request.
In a third aspect, the above object of the present invention is achieved by the following technical solutions:
a Web authentication system based on block chain public key digital signature comprises an algorithm module, a registration module and a request module, wherein the algorithm module is respectively connected with the registration module and the request module, and is used for serializing user registration information in the registration module and performing registration signature on registration payload data by adopting an asymmetric signature algorithm and a digest algorithm in the registration and request processes; serializing, deserializing a service request in a request module, signing a request payload data, a registration module for performing a method as claimed in any of claims 1-6, a request module for performing a method as claimed in any of claims 7-11.
In a fourth aspect, the above object of the present invention is achieved by the following technical solutions: a Web authentication apparatus based on blockchain public key digital signature, comprising a memory and a processor, the memory storing a computer program capable of being loaded and executed by the processor for performing the method according to any one of claims 1 to 11.
Compared with the prior art, the invention has the beneficial technical effects that:
1. according to the method and the system, the registration or request information is converted into the payload data, the registration or request data is generated based on the public key and the private key and is sent to the server, and the server associates the authentication information with the registration or request data, so that the server is prevented from processing a tampered request;
2. furthermore, after the registration or request data is received by the server, corresponding operation is performed, so that the possibility that authentication information is formed without a client is avoided;
3. furthermore, the server side does not need to manage sensitive information, so that leakage risk is reduced;
4. further, the registration or request data generated by the method cannot be reused, and the possibility that the client request is forged after being intercepted is avoided.
Drawings
FIG. 1 is a flowchart illustrating a registration process according to an embodiment of the present invention;
fig. 2 is a flow chart illustrating a request response process according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings.
Detailed description of the preferred embodiment
The Web authentication system based on the block chain public key digital signature comprises an algorithm module, a registration module and a request module, wherein the algorithm module is respectively connected with the registration module and the request module, and an asymmetric signature algorithm and a digest algorithm are set in the algorithm module and are used for performing corresponding calculation by adopting a set algorithm in the registration or request process; generating a public and private key pair, serializing user registration information in a registration module, and generating effective load data; signing the user registration information or the request information based on the private key to obtain a signature result; serializing and deserializing the service request in the request module, and performing request signature on request payload data; the registration module is used for generating registration data according to the user registration information and finishing registration; the request module is used for generating request data according to the user request and executing corresponding request operation.
Detailed description of the invention
According to the Web authentication method based on the block chain public key digital signature, in a decentralized system, a user does not need to additionally provide information for registration, a client side automatically generates a Public Key (PK) pair and a private key (SK) pair according to an asymmetric signature algorithm set by the system and stores the Public Key (PK) pair and the private key (SK) pair, and the registration process is completed.
Detailed description of the preferred embodiment
According to the Web authentication method based on the block chain public key digital signature, a system needs a user to additionally provide information for registration, a client generates registration payload data according to registration information, performs operation by combining a secret key to obtain a signature result, combines the public key, the registration payload data and the signature result into registration request data, sends the registration request data to a server, and receives information returned by the server.
Specifically, the method comprises the following steps:
s1, self-generating a Public Key (PK) and a private key (SK) pair based on an asymmetric signature algorithm, and storing;
s2, receiving user registration information, serializing the user registration information to generate registration payload data (RegisterPayload), wherein the data adopts any data serialization format agreed with a service end, including JSON, url, XML format;
s3, signing the registered effective load data based on the private key (SK), and signing the registered effective load data by adopting a set asymmetric signature algorithm and a set abstract algorithm to obtain a registered signature result (register Sig);
s4, splicing and combining the Public Key (PK), the registered payload data and the registered signature result to obtain registration request data, and sending the registration request data to the server;
and S5, receiving the registration result information returned by the server.
And the server receives the registration request data sent by the client in the registration process, verifies the key or the registration request data and sends a verification result to the client.
Specifically, the method comprises the following steps:
d1, receiving registration request data sent by the client;
d2, analyzing the registration request data to obtain a public key PK, registration payload data and a registration signature result;
d3, adopting the asymmetric signature algorithm and the abstract algorithm set by the system to verify whether the registration signature result is correct, if so, entering the next step, and if not, turning to D8;
d4, deserializing the registered payload data according to the agreed data serialization format to obtain user registration information;
d5, calculating the user ID according to the public key PK, and the adopted method comprises the following steps: intercepting a substring after HASH is carried out on the public key;
d6, associating and storing the user registration information and the user identity ID;
d7, sending registration success information to the client, and turning to D9;
d8, sending verification error information to the client;
and D9, finishing the registration.
Detailed description of the invention
According to the Web authentication method based on the block chain public key digital signature, in the request response process, a client generates request data based on a secret key and sends the request data to a server; the server receives the read service request of the client, obtains service request information and user Identity (ID), executes service logic according to the service request information, and returns a service execution result to the client.
The method for sending the read request to the server by the client comprises the following steps:
a1, receiving and serializing the read service request information to generate first request payload data (FirstRequestPayload);
a2, based on a private key SK, adopting a system-set asymmetric signature algorithm and a digest algorithm to sign the first request payload data to obtain a first request signature result (FirstRequestSig);
a3, splicing and combining the public key PK, the first request payload data and the first request signature result to obtain first read request data, and sending the first read request data to a server;
a4, receiving a first reading request result returned by the server;
and A5, receiving the service execution result of the server.
The method comprises the following steps that in the process of responding to the read request, the server receives first read request data sent by the client and carries out corresponding operation, and the method comprises the following steps:
e1, receiving first read request data sent by the client;
e2, analyzing the first read request data to obtain a public key PK, first request payload data and a first request signature result;
e3, verifying whether the first request signature result is correct by using an asymmetric signature algorithm and a key extraction algorithm set by the system, if so, entering the next step, and if not, turning to E8;
e4, deserializing the first request payload data according to the agreed data serialization format to obtain first service request information;
e5, calculating the user identity ID according to the public key PK;
e6, executing service logic according to the user ID and the first service request information;
e7, sending service execution result information to the client, turning to E9;
e8, sending verification error information to the client;
e9, end of request.
Detailed description of the preferred embodiment
According to the Web authentication method based on the block chain public key digital signature, in the request response process, a client sends a request one-time random number for a write request or a read request.
The method for acquiring the disposable random number information comprises the following steps:
p1, generating a Third Request Payload data (Third Request Payload) requesting a nonce;
p2, based on the private key SK, signing the Third Request payload data by using the asymmetric signature algorithm and the digest algorithm set by the system to obtain a Third Request signature result (Third Request Sig);
p3, combining the public key PK, the third request payload data and the third request signature result to obtain third random number request data, and sending the third random number request data to the server;
and P4, receiving the response random number signal sent by the server.
The server receives the random number service request of the client, obtains service request information and user Identity (ID), executes service logic according to the service request information, and returns a service execution result to the client.
Specifically, the method comprises the following steps:
q1, receiving third random number request data sent by the client;
q2, analyzing the third random number request data to obtain a public key PK, third request payload data and a third request signature result;
q3, verifying whether the third request signature result is correct by using an asymmetric signature algorithm and a digest algorithm set by the system, if so, entering the next step, and if not, turning to Q8;
q4, deserializing the third request payload data according to the agreed data serialization format to obtain the service request information of the acquired disposable random number;
q5, calculating the user ID according to the public key PK;
q6, generating a one-time random number (nonce), and storing the nonce after being associated with the user identity ID;
q7, sending the disposable random number to the client, and turning to Q9;
q8, sending verification error information to the client;
q9, end of request.
Detailed description of the preferred embodiment
According to the Web authentication method based on the block chain public key digital signature, in the request response process, based on the random number, a client sends a read or write service request, a server receives the read or write service request of the client, obtains service request information and a user Identity (ID), executes service logic according to the service request information, and returns a service execution result to the client.
The client sends a read or write service request to the server, and the method comprises the following steps:
b1, acquiring the disposable random number information and the second read or write service Request information, combining, and then serializing to generate second Request Payload data (second Request Payload);
b2, based on the private key SK, signing the second Request payload data by using the asymmetric signature algorithm and the digest algorithm set by the system to obtain a second Request signature result (second Request Sig);
b3, splicing and combining the public key PK, the second request payload data and the second request signature result to obtain second read or write request data, and sending the second read or write request data to the server;
b4, receiving a second read or write request result returned by the server;
and B5, receiving the service execution result of the server.
The server receives a read or write service request of the client, acquires service request information and a user Identity (ID), executes service logic according to the service request information, and returns a service execution result to the client.
Specifically, the method comprises the following steps:
the server receives second read or write request data sent by the client in the request response process, and the method comprises the following steps:
w1, receiving second read or write request data sent by the client;
w2, analyzing the second read or write request data to obtain a public key PK, second request payload data and a second request signature result;
w3, verifying whether the second request signature result is correct by using an asymmetric signature algorithm and a key extraction algorithm set by a system, if so, entering the next step, and if not, turning to W10;
w4, deserializing the second request payload data according to the agreed data serialization format to obtain disposable random number information and second read or write service request information;
w5, calculating the user identity ID according to the public key PK;
w6, comparing the disposable random number information corresponding to the user body ID stored by the server with the disposable random number information obtained by analysis, if the disposable random number information is the same, entering the next step, and if the disposable random number information is different, turning to W11;
w7, setting the one-time random number information corresponding to the user body ID stored in the server as invalid;
w8, executing service logic according to the user ID and the second read or write service request information;
w9, sending service execution result information to the client, and turning to W12;
w10, sending verification error information to the client, turning to W12;
w11, sending a one-time random number verification error message to the client;
w12, the request is finished.
Detailed description of the preferred embodiment
The Web authentication device based on the blockchain public key digital signature comprises a memory and a processor, wherein the memory stores a computer program of a Web authentication method based on the blockchain public key digital signature, and the computer program can be loaded and executed by the processor.
The embodiments of the present invention are preferred embodiments of the present invention, and the scope of the present invention is not limited by these embodiments, so: all equivalent changes made according to the structure, shape and principle of the invention are covered by the protection scope of the invention.
Claims (13)
1. A Web authentication method based on a block chain public key digital signature is characterized in that: the client generates a public key and a private key pair in the registration process; or generating registration payload data according to the registration information, performing operation by combining the key to obtain a signature result, and combining the public key, the registration payload data and the signature result into registration request data; in the request response process, request data is generated and sent to the server based on the key.
2. The Web authentication method based on the blockchain public key digital signature as claimed in claim 1, wherein: in the registration process without the registration information, the client generates a public key PK and a private key SK pair by self and stores the public key PK and the private key SK pair.
3. The Web authentication method based on the blockchain public key digital signature as claimed in claim 1, wherein: in the registration process requiring registration information, the client work comprises the following steps:
s1, self-generating a public key PK and a private key SK pair, and storing;
s2, receiving user registration information and generating registration payload data;
s3, signing the registered payload data based on the private key SK to obtain a registered signature result;
s4, combining the public key PK, the registration payload data and the registration signature result to obtain registration request data, and sending the registration request data to the server;
and S5, receiving the registration result information returned by the server.
4. The Web authentication method based on the blockchain public key digital signature as claimed in claim 1, wherein: the method for sending the read request to the server by the client comprises the following steps:
a1, receiving read service request information, and generating first request payload data;
a2, signing the first request payload data based on the private key SK to obtain a first request signature result;
a3, combining the public key PK, the first request payload data and the first request signature result to obtain first read request data, and sending the first read request data to a server;
a4, receiving a first reading request result returned by the server;
and A5, receiving the service execution result of the server.
5. The Web authentication method based on the blockchain public key digital signature as claimed in claim 1, wherein: the method for sending the read or write request to the server by the client comprises the following steps:
b1, acquiring the one-time random number information and the second read or write service request information, and generating second request payload data;
b2, signing the second request payload data based on the private key SK to obtain a second request signature result;
b3, combining the public key PK, the second request payload data and the second request signature result to obtain second read or write request data, and sending the second read or write request data to the server;
b4, receiving a second read or write request result returned by the server;
and B5, receiving the service execution result of the server.
6. The Web authentication method based on the blockchain public key digital signature as claimed in claim 5, wherein: the method for acquiring the disposable random number information comprises the following steps:
p1, generating a third request payload data requesting a nonce;
p2, signing the third request payload data based on the private key SK to obtain a third request signature result;
p3, combining the public key PK, the third request payload data and the third request signature result to obtain third random number request data, and sending the third random number request data to the server;
and P4, receiving the response random number signal sent by the server.
7. A Web authentication method based on a block chain public key digital signature is characterized in that: the server receives the registration request data sent by the client in the registration process, verifies the key or the registration request data and sends a verification result to the client; in the request response process, receiving a read service request, a read service request and a random number service request of the client, obtaining service request information and a user Identity (ID), executing service logic according to the service request information, and returning a service execution result to the client.
8. The Web authentication method based on the blockchain public key digital signature as recited in claim 7, wherein: the method for receiving the registration request data sent by the client in the registration process by the server comprises the following steps:
d1, receiving registration request data sent by the client;
d2, analyzing the registration request data to obtain a public key PK, registration payload data and a registration signature result;
d3, verifying whether the registration signature result is correct, if so, entering the next step, and if not, turning to D8;
d4, decrypting the registration payload data to obtain user registration information;
d5, calculating the user identity ID according to the public key PK;
d6, associating and storing the user registration information and the user identity ID;
d7, sending registration success information to the client, and turning to D9;
d8, sending verification error information to the client;
and D9, finishing the registration.
9. The Web authentication method based on the blockchain public key digital signature as recited in claim 7, wherein: the method comprises the following steps that the server receives first read request data sent by a client in a request response process, and comprises the following steps:
e1, receiving first read request data sent by the client;
e2, analyzing the first read request data to obtain a public key PK, first request payload data and a first request signature result;
e3, verifying whether the first request signature result is correct, if so, entering the next step, and if not, turning to E8;
e4, analyzing the first request payload data to obtain first service request information;
e5, calculating the user identity ID according to the public key PK;
e6, executing service logic according to the user ID and the first service request information;
e7, sending service execution result information to the client, turning to E9;
e8, sending verification error information to the client;
e9, end of request.
10. The Web authentication method based on the blockchain public key digital signature as recited in claim 7, wherein: the server receives second read or write request data sent by the client in the request response process, and the method comprises the following steps:
w1, receiving second read or write request data sent by the client;
w2, analyzing the second read or write request data to obtain a public key PK, second request payload data and a second request signature result;
w3, verifying whether the second request signature result is correct, if so, entering the next step, and if not, turning to W10;
w4, analyzing the second request payload data to obtain disposable random number information and second read or write service request information;
w5, calculating the user identity ID according to the public key PK;
w6, comparing the disposable random number information corresponding to the user body ID stored by the server with the disposable random number information obtained by analysis, if the disposable random number information is the same, entering the next step, and if the disposable random number information is different, turning to W11;
w7, setting the one-time random number information corresponding to the user body ID stored in the server as invalid;
w8, executing service logic according to the user ID and the second read or write service request information;
w9, sending service execution result information to the client, and turning to W12;
w10, sending verification error information to the client, turning to W12;
w11, sending a one-time random number verification error message to the client;
w12, the request is finished.
11. The Web authentication method based on the blockchain public key digital signature as recited in claim 7, wherein: the server receives third random number request data sent by the client in the request response process, and the method comprises the following steps:
q1, receiving third random number request data sent by the client;
q2, analyzing the third random number request data to obtain a public key PK, third request payload data and a third request signature result;
q3, verifying whether the third request signature result is correct, if so, entering the next step, and if not, turning to Q8;
q4, analyzing the third request payload data to obtain the request information of the disposable random number service;
q5, calculating the user ID according to the public key PK;
q6, generating a disposable random number, associating with the user ID and storing;
q7, sending the disposable random number to the client, and turning to Q9;
q8, sending verification error information to the client;
q9, end of request.
12. A Web authentication system based on block chain public key digital signature is characterized in that: the system comprises an algorithm module, a registration module and a request module, wherein the algorithm module is respectively connected with the registration module and the request module, and is used for serializing user registration information in the registration module and performing registration signature on registration payload data by adopting an asymmetric signature algorithm and a digest algorithm in the registration and request processes; serializing, deserializing a service request in a request module, signing a request payload data, a registration module for performing a method as claimed in any of claims 1-6, a request module for performing a method as claimed in any of claims 7-11.
13. A Web authentication device based on block chain public key digital signature is characterized in that: comprising a memory and a processor, the memory storing a computer program capable of being loaded and executed by the processor of a method according to any one of claims 1 to 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010780033.8A CN112039848B (en) | 2020-08-05 | 2020-08-05 | Web authentication method, system and device based on block chain public key digital signature |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010780033.8A CN112039848B (en) | 2020-08-05 | 2020-08-05 | Web authentication method, system and device based on block chain public key digital signature |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112039848A true CN112039848A (en) | 2020-12-04 |
| CN112039848B CN112039848B (en) | 2022-11-04 |
Family
ID=73582405
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010780033.8A Active CN112039848B (en) | 2020-08-05 | 2020-08-05 | Web authentication method, system and device based on block chain public key digital signature |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112039848B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112242905A (en) * | 2020-12-10 | 2021-01-19 | 飞天诚信科技股份有限公司 | Method and system for realizing data communication based on registration interface of browser |
| CN112968971A (en) * | 2021-03-15 | 2021-06-15 | 北京数字认证股份有限公司 | Method and device for establishing session connection, electronic equipment and readable storage medium |
| CN113268722A (en) * | 2021-05-17 | 2021-08-17 | 时昕昱 | Personal digital identity management system and method |
| CN113556321A (en) * | 2021-06-22 | 2021-10-26 | 杭州安恒信息技术股份有限公司 | Password authentication method, system, electronic device and storage medium |
| CN114257419A (en) * | 2021-11-29 | 2022-03-29 | 广东电网有限责任公司 | Equipment authentication method and device, computer equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108768608A (en) * | 2018-05-25 | 2018-11-06 | 电子科技大学 | The secret protection identity identifying method of thin-client is supported at block chain PKI |
| US20180343123A1 (en) * | 2016-04-27 | 2018-11-29 | Tencent Technology (Shenzhen) Company Limited | Authentication method, system and equipment |
| CN109309565A (en) * | 2017-07-28 | 2019-02-05 | 中国移动通信有限公司研究院 | A kind of method and device of safety certification |
| CN110233850A (en) * | 2019-06-20 | 2019-09-13 | 浪潮卓数大数据产业发展有限公司 | Register method, application server, user terminal and system based on alliance's chain |
| CN110401663A (en) * | 2019-07-30 | 2019-11-01 | 飞天诚信科技股份有限公司 | A kind of method and system of fast registration authenticator |
| CN110771089A (en) * | 2017-06-21 | 2020-02-07 | 维萨国际服务协会 | Secure communications providing forward privacy |
-
2020
- 2020-08-05 CN CN202010780033.8A patent/CN112039848B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180343123A1 (en) * | 2016-04-27 | 2018-11-29 | Tencent Technology (Shenzhen) Company Limited | Authentication method, system and equipment |
| CN110771089A (en) * | 2017-06-21 | 2020-02-07 | 维萨国际服务协会 | Secure communications providing forward privacy |
| CN109309565A (en) * | 2017-07-28 | 2019-02-05 | 中国移动通信有限公司研究院 | A kind of method and device of safety certification |
| CN108768608A (en) * | 2018-05-25 | 2018-11-06 | 电子科技大学 | The secret protection identity identifying method of thin-client is supported at block chain PKI |
| CN110233850A (en) * | 2019-06-20 | 2019-09-13 | 浪潮卓数大数据产业发展有限公司 | Register method, application server, user terminal and system based on alliance's chain |
| CN110401663A (en) * | 2019-07-30 | 2019-11-01 | 飞天诚信科技股份有限公司 | A kind of method and system of fast registration authenticator |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112242905A (en) * | 2020-12-10 | 2021-01-19 | 飞天诚信科技股份有限公司 | Method and system for realizing data communication based on registration interface of browser |
| CN112242905B (en) * | 2020-12-10 | 2021-03-16 | 飞天诚信科技股份有限公司 | Method and system for realizing data communication based on registration interface of browser |
| CN112968971A (en) * | 2021-03-15 | 2021-06-15 | 北京数字认证股份有限公司 | Method and device for establishing session connection, electronic equipment and readable storage medium |
| CN112968971B (en) * | 2021-03-15 | 2023-08-15 | 北京数字认证股份有限公司 | Method, device, electronic equipment and readable storage medium for establishing session connection |
| CN113268722A (en) * | 2021-05-17 | 2021-08-17 | 时昕昱 | Personal digital identity management system and method |
| CN113556321A (en) * | 2021-06-22 | 2021-10-26 | 杭州安恒信息技术股份有限公司 | Password authentication method, system, electronic device and storage medium |
| CN114257419A (en) * | 2021-11-29 | 2022-03-29 | 广东电网有限责任公司 | Equipment authentication method and device, computer equipment and storage medium |
| CN114257419B (en) * | 2021-11-29 | 2023-06-30 | 广东电网有限责任公司 | Device authentication method, device, computer device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112039848B (en) | 2022-11-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112039848B (en) | Web authentication method, system and device based on block chain public key digital signature | |
| CN112218294B (en) | 5G-based access method and system for Internet of things equipment and storage medium | |
| US10516538B2 (en) | System and method for digitally signing documents using biometric data in a blockchain or PKI | |
| CN108092776B (en) | System based on identity authentication server and identity authentication token | |
| WO2021017128A1 (en) | Login token generation method and apparatus, login token verification method and apparatus, and server | |
| US8555069B2 (en) | Fast-reconnection of negotiable authentication network clients | |
| US8112787B2 (en) | System and method for securing a credential via user and server verification | |
| CN112487778A (en) | Multi-user online signing system and method | |
| KR101686167B1 (en) | Apparatus and Method for Certificate Distribution of the Internet of Things Equipment | |
| US11777743B2 (en) | Method for securely providing a personalized electronic identity on a terminal | |
| US20200374138A1 (en) | Authentication system and computer readable medium | |
| WO2017050147A1 (en) | Information registration and authentication method and device | |
| US11522849B2 (en) | Authentication system and computer readable medium | |
| TW202137199A (en) | Method of authenticating biological payment device, apparatus, electronic device, and computer-readable medium | |
| JP2003044436A (en) | Authentication processing method, information processor, and computer program | |
| CN111444551A (en) | Account registration and login method and device, electronic equipment and readable storage medium | |
| CN117561508A (en) | Cross-session issuance of verifiable credentials | |
| CN108292997B (en) | Authentication control system and method, server device, client device, authentication method, and recording medium | |
| CN112039857A (en) | Calling method and device of public basic module | |
| CN116975810A (en) | Identity verification method, device, electronic equipment and computer readable storage medium | |
| CN114257419B (en) | Device authentication method, device, computer device and storage medium | |
| CN113438650B (en) | Network equipment authentication method and system based on block chain | |
| JP2002330125A (en) | Method to establish an encripted communication channel, program and program medium, and encrypted communication system | |
| CN115333736A (en) | Data transmission method, equipment and system | |
| CN108512832A (en) | A kind of safe Enhancement Method for OpenStack authentications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |