CN113194082A - Block chain-based identity verification method, block chain platform and operator platform - Google Patents

Block chain-based identity verification method, block chain platform and operator platform Download PDF

Info

Publication number
CN113194082A
CN113194082A CN202110455089.0A CN202110455089A CN113194082A CN 113194082 A CN113194082 A CN 113194082A CN 202110455089 A CN202110455089 A CN 202110455089A CN 113194082 A CN113194082 A CN 113194082A
Authority
CN
China
Prior art keywords
user
private key
block chain
information
application program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110455089.0A
Other languages
Chinese (zh)
Other versions
CN113194082B (en
Inventor
田新雪
蒙睿
肖征荣
马书惠
杨子文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202110455089.0A priority Critical patent/CN113194082B/en
Publication of CN113194082A publication Critical patent/CN113194082A/en
Application granted granted Critical
Publication of CN113194082B publication Critical patent/CN113194082B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption

Abstract

The present disclosure provides an identity verification method, a block chain platform and an operator platform based on a block chain, wherein the method comprises: receiving an identity authentication request sent by a server of a first application program, and acquiring a private key in the identity authentication request; responding to a public key and a private key signature corresponding to the private key which are inquired in the block chain account book, and sending a verification request carrying the private key to an operator platform; and responding to the received verification passing message carrying the user digital identity information returned by the operator platform, and sending the verification passing message carrying the user digital identity information to the server of the first application program. Anonymous login is realized, and the digital identity information of the user is ensured not to be tampered. The method has the advantages that the safety and controllability in the authorized login scene are greatly improved, the privacy and safety of the personal information of the user are protected, meanwhile, a convenient and efficient mode is provided for the user to register and login a new application program, the user experience is improved, and the application of the block chain technology is promoted.

Description

Block chain-based identity verification method, block chain platform and operator platform
Technical Field
The disclosure belongs to the technical field of communication, and particularly relates to an identity authentication method based on a block chain, a block chain platform and an operator platform.
Background
Surveys have shown that 80% of people dislike the cumbersome process of web page registration and 35% of online shoppers abandon their shopping carts because there is no account. One survey showed that by 2020, we will have over 200 digital accounts. At the present stage, everyone has a plurality of accounts, logs in various websites and registers various application programs. With the unlimited diffusion of user privacy, various harassing calls are received every day, and even property loss is caused by the leakage of user privacy.
In this situation, the existing technology is mainly completed by logging in through social media, utilizing a third-party authorization mechanism and adopting an OAuth2.0 protocol. The OAuth2.0 Protocol focuses on the ease of client developers, either on behalf of users through approved interactions organized between resource owners and HTTP (HyperText Transfer Protocol) facilitators, or allows third-party applications to gain access rights on behalf of users. The protocol provides a special authentication flow for Web application, desktop application, mobile phone, and living room equipment. The OAuth2.0 protocol was promulgated as RFC 6749 in month 10 2012. Like the WeChat commonly used by us, Payment is logged in using the OAuth2.0 protocol. Taking the wechat as an example, before the wechat oauth2.0 authorized login access is performed, a developer account is registered on the wechat open platform, a mobile application which is approved is owned, a corresponding application account and a corresponding password are obtained, and after the wechat login is applied and the approval is passed, the access process can be started. When the user logs in other application programs, a WeChat login button is displayed, and if the user mobile phone does not install WeChat, the user mobile phone prompts the user to install a WeChat client. The method comprises the following specific steps:
1. the server of the third party initiates a WeChat authorization login request, and after the WeChat user allows the authorization of the third party application, the WeChat server pulls the application or redirects the application to the third party website and takes the authorization temporary bill code parameter;
2. the server of the third party exchanges access _ token through API by adding account number, password and the like to code parameters;
3. and the server of the third party performs interface calling through the access _ token to obtain the basic data resources of the user or help the user to realize basic operation.
For the user, the steps can be completed by only pressing a button in a simple place, a series of processes for registering the user are omitted, and the method is widely applied at the present stage. Social media account login has become a mainstream alternative to online registration. This process allows internet users to use existing information in the platform, such as WeChat, Paibao, etc., using single sign-on. The oauth2.0 protocol is used primarily therein. This solution, though, has many advantages, such as simplicity, openness and security. However, this solution also has many disadvantages, such as certain vulnerabilities in terms of security. Three researchers at the hong Kong university of Chinese, 2016 published a paper that "billions of mobile application accounts can be logged in without difficulty using the OAuth2.0 protocol". Researchers have found that by third party applications, mistakenly using the OAuth2.0 protocol, can be exploited remotely by hackers without the knowledge of the user.
In addition, how personal information of the user is protected is also important. Enterprises have been trying to protect users' personal information at all but at a high cost. The uk identity verification cost is more than 33 billion pounds per year, equivalent to $ 220 billion per year, as expressed by the user attention marketing solution provider Ctrl-Shift. This also does not include costs resulting from storage, protection, defaulting, management, etc.
Disclosure of Invention
In order to overcome the above disadvantages in the prior art, the present disclosure provides an identity authentication method based on a block chain, a block chain platform, and an operator platform.
As a first aspect of the present disclosure, there is provided an identity authentication method based on a blockchain, including:
receiving an authentication request sent by a server of a first application program, and acquiring a private key therein, wherein the authentication request is sent after the server of the first application program sends an authorized login request to a server of a second application program, and a user authorized login message returned by the server of the second application program is received by the server of the first application program, and the private key is acquired from a terminal device of the user;
responding to a public key and a private key signature corresponding to the private key which are inquired in a block chain account book, and sending a verification request carrying the private key to an operator platform;
and responding to the received verification passing message carrying the user digital identity information returned by the operator platform, and sending the verification passing message carrying the user digital identity information to the server of the first application program.
Preferably, the method further comprises:
and responding to the received public key and private key signature broadcasted by the operator platform in the block chain, and storing the public key and the private key signature in a block chain account book.
As a second aspect of the present disclosure, there is provided an identity authentication method based on a block chain, including:
receiving a verification request sent by a block chain platform, and acquiring a private key in the verification request;
and responding to the user digital identity information corresponding to the private key which is inquired locally, and sending a verification passing message carrying the user digital identity information to the block chain platform.
Preferably, the method further comprises:
in response to monitoring that a user logs in an application program belonging to the operator platform, locally acquiring user information of the user, and generating the user digital identity information according to the user information;
generating a private key and a public key corresponding to the user digital identity information;
generating the private key signature according to the private key and the user information;
and sending the private key to the terminal equipment of the user, and broadcasting the public key and the private key signature in a block chain.
Preferably, the generating the user digital identity information according to the user information includes:
calculating a hash value of the user information, and using the hash value as leaf node information of the Mercker tree;
and calculating root node information of the Mercker tree according to the leaf node information, and determining the root node information as the user digital identity information.
As a third aspect of the present disclosure, there is provided a blockchain platform, comprising:
the system comprises a receiving module, a first application program and a second application program, wherein the receiving module is used for receiving an identity authentication request sent by a server of the first application program, the identity authentication request is sent after the server of the first application program sends an authorized login request to a server of the second application program, a user authorized login message returned by the server of the second application program is received by the server of the first application program, and the user authorized login message is sent after the private key is obtained from terminal equipment of a user;
the obtaining module is used for obtaining a private key in the identity authentication request;
the sending module is used for responding to a public key and a private key signature corresponding to the private key which are inquired in a block chain account book and sending a verification request carrying the private key to an operator platform; and responding to the received verification passing message carrying the user digital identity information returned by the operator platform, and sending the verification passing message carrying the user digital identity information to the server of the first application program.
Preferably, the method further comprises the following steps:
and the storage module is used for responding to the public key and the private key signature which are received from the operator platform broadcast in the block chain, and storing the public key and the private key signature in the block chain account book.
As a fourth aspect of the present disclosure, there is provided an operator platform comprising:
the receiving module is used for receiving a verification request sent by the block chain platform;
the first acquisition module is used for acquiring a private key in the verification request;
and the sending module is used for responding to the user digital identity information corresponding to the private key inquired locally and sending a verification passing message carrying the user digital identity information to the block chain platform.
Preferably, the method further comprises the following steps:
the second acquisition module is used for responding to the monitored application program of the user login belonging to the operator platform and locally acquiring the user information of the user;
the first generation module is used for generating the user digital identity information according to the user information;
the second generation module is used for generating a private key and a public key corresponding to the user digital identity information;
the third generation module is used for generating the private key signature according to the private key and the user information;
the sending module is used for sending the private key to the terminal equipment of the user;
a broadcast module to broadcast the public key and the private key signature in a blockchain.
Preferably, the first generating module is specifically configured to:
calculating a hash value of the user information, and using the hash value as leaf node information of the Mercker tree;
and calculating root node information of the Mercker tree according to the leaf node information, and determining the root node information as the user digital identity information.
In the identity verification method based on the blockchain provided by the embodiment of the present disclosure, when the blockchain platform receives an identity verification request sent by the server of the first application, if a public key and a private key signature corresponding to a private key are queried in the blockchain account book, and the operator platform queries the user digital identity information of the user, it indicates that the user registers the user digital identity information in the operator platform in advance, and sends an identity verification passing message carrying the user digital identity information to the server of the first application after the user passes the identity verification, thereby implementing anonymous login. And the identity of the user is verified by combining the block chain, so that the digital identity information of the user is not tampered. The method has the advantages that the safety and controllability in the authorized login scene are greatly improved, the privacy and safety of the personal information of the user are protected, meanwhile, a convenient and efficient mode is provided for the user to register and login a new application program, the user experience is improved, and the application of the block chain technology is promoted.
Drawings
Fig. 1 is a flowchart of a block chain-based identity authentication method on a block chain platform side according to an embodiment of the present disclosure;
fig. 2 is a flowchart of an identity authentication method based on a block chain at an operator platform side according to an embodiment of the present disclosure;
fig. 3 is another flowchart of an identity authentication method based on a block chain at an operator platform side according to an embodiment of the present disclosure;
FIG. 4 is an alternative implementation of step S302 in FIG. 3 provided by an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of a block chain platform according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of an operator platform according to an embodiment of the present disclosure.
Detailed Description
In order to make the technical solutions of the present invention better understood, the present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
The method aims to solve the problems that the OAuth2.0 scheme is lack of security in the authorized login scene and how to reduce the cost of personal information protection of a user. The disclosure provides an identity verification method based on a block chain, a block chain platform and an operator platform. The following detailed description is made with reference to the accompanying drawings which respectively illustrate embodiments provided by the present disclosure.
Fig. 1 shows a flowchart of a block chain based identity verification method on a block chain platform side according to an embodiment of the present disclosure. As shown in fig. 1, the identity authentication method based on a blockchain provided in this embodiment includes the following steps.
Step S101, receiving an authentication request sent by a server of a first application program.
Step S102, a private key in the identity authentication request is obtained.
Step S103, in response to the public key and the private key signature corresponding to the private key being queried in the blockchain ledger, sending a verification request carrying the private key to the operator platform.
Step S104, responding to the received authentication passing message carrying the user digital identity information returned by the operator platform, and sending the authentication passing message carrying the user digital identity information to the server of the first application program.
The authentication request is sent after the server of the first application program sends an authorized login request to the server of the second application program, and the server of the first application program receives a user authorized login message returned by the server of the second application program and acquires a private key from the terminal equipment of the user. The first application is an application that the user needs to log in, the first application is registered in the operator platform in advance, and the second application is an authorized login platform that the user jumps when logging in the first application (for example, WeChat can authorize to log in other applications). Specifically, the server of the first application sends an authorized login request to the server of the second application, the server of the second application is redirected to the address of the second application, after the user clicks a control for authorized login (whether login of the first application is allowed, whether the first application is allowed to use personal information of the user, etc.) or inputs an account number and a password of the second application, the server of the second application is redirected to the address of the first application, and the server of the first application acquires a private key prestored by the terminal device from the terminal device of the user.
In the identity verification method based on the blockchain provided by the embodiment of the disclosure, an operator platform creates user digital identity information for a user in advance to replace real account information of the user, and a private key corresponding to the user digital identity information, and a public key and a private key signature corresponding to the private key are stored in a blockchain account book of the blockchain platform in advance. When the blockchain platform receives an identity verification request sent by a server of a first application program, if a public key and a private key signature corresponding to a private key are inquired in a blockchain account book and user digital identity information of the user is inquired through an operator platform, the user registers the user digital identity information in the operator platform in advance, the identity verification of the user is passed, and an identity verification passing message carrying the user digital identity information is sent to the server of the first application program.
In the prior art, after the server of the first application receives the user authorized login message returned by the server of the second application, the server of the first application may obtain the real personal information of the user (for example, the information of the user filled when the user registers the second application), and in the present disclosure, after the user identity verification is passed, the block chain platform sends the digital identity information of the user to the server of the first application, so as to implement anonymous login, where the user is an authenticated user. If the blockchain platform does not send the authentication passing message carrying the user digital identity information to the server of the first application program, the user cannot log in the first application program.
In the embodiment of the disclosure, the digital identity information of the user can replace the real account information of the user, so as to realize anonymous login, and the identity of the user is verified by combining the blockchain, so that the digital identity information of the user is not tampered. The method has the advantages that the safety and controllability in the authorized login scene are greatly improved, the privacy and safety of the personal information of the user are protected, meanwhile, a convenient and efficient mode is provided for the user to register and login a new application program, the user experience is improved, and the application of the block chain technology is promoted.
In addition, the user digital identity information can be used for verification of third-party partners, can also be used in places needing real-name registration, stations, access controls, banks and the like, greatly facilitates users while protecting privacy of the users, and meanwhile, a supervision layer can also be used for positioning specific users.
In some embodiments, the method further comprises: and responding to the received public key and private key signature broadcasted by the operator platform in the block chain, and storing the public key and private key signature in the block chain account book.
In this step, public key and private key signatures broadcast by the operator platform are pre-stored in the blockchain ledger for verifying the users on the blockchain platform when the users log in the first application program, protecting the privacy of the users and avoiding information leakage of the users.
It should be noted that, as long as the servers of the first application program that joins the blockchain can share the authenticated user. Assuming that the first application program also has its own authenticated user database, the authenticated user corresponding to the first application program may directly log in to other first application programs in the blockchain, and the user also needs to execute steps 101 to S104 of this embodiment when logging in to other first application programs.
Fig. 2 shows a flowchart of an identity authentication method based on a block chain at an operator platform side according to an embodiment of the present disclosure. As shown in fig. 2, the identity authentication method based on a blockchain provided in this embodiment includes the following steps.
Step S201, receiving a verification request sent by the blockchain platform.
Step S202, a private key in the verification request is obtained.
Step S203, in response to the user digital identity information corresponding to the private key being queried locally, sending a verification passing message carrying the user digital identity information to the blockchain platform.
In the identity verification method based on the block chain provided by the embodiment of the disclosure, the operator platform creates the user digital identity information for the user in advance to replace the real account information of the user. And the operator platform prestores a private key corresponding to the user digital identity information. And the operator platform receives the verification request sent by the blockchain platform, acquires the private key in the verification request, and sends a verification passing message carrying the user digital identity information to the blockchain platform if the user digital identity information corresponding to the private key is inquired locally. When the user successfully verifies both the blockchain platform and the operator platform, the blockchain platform sends an identity verification passing message carrying the digital identity information of the user to a server of the first application program, so that anonymous login is realized, and the user is an authenticated user. If the blockchain platform does not send the authentication passing message carrying the user digital identity information to the server of the first application program, the user cannot log in the first application program.
In the embodiment of the disclosure, the digital identity information of the user can replace the real account information of the user, so as to realize anonymous login, and the identity of the user is verified by combining the blockchain, so that the digital identity information of the user is not tampered. The method has the advantages that the safety and controllability in the authorized login scene are greatly improved, the privacy and safety of the personal information of the user are protected, meanwhile, a convenient and efficient mode is provided for the user to register and login a new application program, the user experience is improved, and the application of the block chain technology is promoted.
In addition, the user digital identity information can be used for verification of third-party partners, can also be used in places needing real-name registration, stations, access controls, banks and the like, greatly facilitates users while protecting privacy of the users, and meanwhile, a supervision layer can also be used for positioning specific users.
Fig. 3 shows another flowchart of an identity verification method based on a block chain at an operator platform side according to an embodiment of the present disclosure. As shown in fig. 3, in some embodiments, the method further comprises:
step S301, responding to the monitored application program belonging to the operator platform, the user information of the user is locally acquired.
Step S302, generating user digital identity information according to the user information.
In steps S301 to S302, if it is detected that the user logs in to the application program belonging to the operator platform, user information (including user name, identification number, gender, mobile phone number, operator vip rating information, user attribution information, major-minor card identifier, user network access duration, and the like) of the user is locally obtained. And generating unique user digital identity information for the user according to the user information of the user.
Step S303, a private key and a public key corresponding to the user digital identity information are generated.
And step S304, generating a private key signature according to the private key and the user information.
Step S305, sending the private key to the terminal device of the user, and broadcasting the public key and the private key signature in the blockchain.
In step S303 to step S305, a private key and a public key corresponding to the user digital identity information are generated through algorithmic encryption, and a private key signature is generated using the private key and the user information. The private key is sent to the terminal equipment of the user for storage, and the public key and the private key signature are broadcasted in the block chain.
Fig. 4 illustrates an alternative implementation manner of step S302 in fig. 3 provided by an embodiment of the present disclosure.
In some embodiments, as shown in fig. 4, the generating the user digital identity information according to the user information (i.e., step S302) includes:
step S401, calculating a hash value of the user information, and using the hash value as leaf node information of the Mercker tree.
Step S402, calculating the root node information of the Mercker tree according to the leaf node information, and determining the root node information as the user digital identity information.
In step S401-step S402, the user digital identity information is created for the user by using the Mercker tree algorithm. And calculating a hash value aiming at each piece of user information according to a rule and a sequence agreed in advance by default to serve as leaf node information of the Mercker tree, and calculating sub-node information of the Mercker tree according to the leaf node information step by step according to an algorithm agreed in advance. For example, the leaf nodes or child nodes of the unified hierarchy circularly execute operations such as addition, subtraction, multiplication, division and the like or execute different types of operations according to the hierarchy number recurred to the leaf nodes, calculate the operation results of the corresponding positions of hash values of two different leaf nodes, and then generate child node information corresponding to the two leaf nodes. And calculating step by step according to the child node information, and finally calculating the root node information of the Mercker tree to form the Mercker tree. And determining the root node information as the user digital identity information.
It should be noted that, as long as the servers of the first application program that joins the blockchain can share the authenticated user. Assuming that the first application program also has its own authenticated user database, the authenticated user corresponding to the first application program may directly log in to other first application programs in the blockchain, and all steps in the embodiments corresponding to fig. 2 to 4 need to be executed when the user logs in to other first application programs.
Fig. 5 shows a schematic structural diagram of a blockchain platform provided in an embodiment of the present disclosure. Based on the same technical concept as the embodiment corresponding to fig. 1, as shown in fig. 5, the block chain platform provided by the embodiment of the present disclosure includes the following modules.
A receiving module 11, configured to receive an authentication request sent by a server of a first application, where the authentication request is sent by the server of the first application sending an authorized login request to a server of a second application, and the authentication request is sent after the server of the first application receives a user authorized login message returned by the server of the second application and acquires the private key from a terminal device of the user;
the obtaining module 12 obtains a private key in the authentication request;
the sending module 13 is configured to send a verification request carrying the private key to the operator platform in response to the public key and the private key signature corresponding to the private key being queried in the blockchain ledger; and responding to the received verification passing message carrying the user digital identity information returned by the operator platform, and sending the verification passing message carrying the user digital identity information to the server of the first application program.
Preferably, the method further comprises the following steps:
and the storage module is used for responding to the public key and the private key signature which are received from the operator platform broadcast in the block chain, and storing the public key and the private key signature in the block chain account book.
Fig. 6 shows a schematic structural diagram of a blockchain platform provided in an embodiment of the present disclosure. Based on the same technical concept as the embodiment corresponding to fig. 2, as shown in fig. 6, the operator platform provided by the embodiment of the present disclosure includes the following modules.
The receiving module 21 is configured to receive a verification request sent by the blockchain platform.
The first obtaining module 22 obtains the private key in the authentication request.
And the sending module 22 is configured to send, in response to the user digital identity information corresponding to the private key being locally queried, a verification passing message carrying the user digital identity information to the blockchain platform.
Preferably, the method further comprises the following steps:
the second acquisition module is used for responding to the monitored application program of the user login belonging to the operator platform and locally acquiring the user information of the user;
the first generation module is used for generating the user digital identity information according to the user information;
the second generation module is used for generating a private key and a public key corresponding to the user digital identity information;
the third generation module is used for generating the private key signature according to the private key and the user information;
the sending module is used for sending the private key to the terminal equipment of the user;
a broadcast module to broadcast the public key and the private key signature in a blockchain.
Preferably, the first generating module is specifically configured to:
calculating a hash value of the user information, and using the hash value as leaf node information of the Mercker tree;
and calculating root node information of the Mercker tree according to the leaf node information, and determining the root node information as the user digital identity information.
It will be understood that the above embodiments are merely exemplary embodiments taken to illustrate the principles of the present invention, which is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and substance of the invention, and these modifications and improvements are also considered to be within the scope of the invention.

Claims (10)

1. An identity authentication method based on a block chain is characterized by comprising the following steps:
receiving an authentication request sent by a server of a first application program, and acquiring a private key therein, wherein the authentication request is sent after the server of the first application program sends an authorized login request to a server of a second application program, and a user authorized login message returned by the server of the second application program is received by the server of the first application program, and the private key is acquired from a terminal device of the user;
responding to a public key and a private key signature corresponding to the private key which are inquired in a block chain account book, and sending a verification request carrying the private key to an operator platform;
and responding to the received verification passing message carrying the user digital identity information returned by the operator platform, and sending the verification passing message carrying the user digital identity information to the server of the first application program.
2. The blockchain-based identity authentication method according to claim 1, further comprising:
and responding to the received public key and private key signature broadcasted by the operator platform in the block chain, and storing the public key and the private key signature in a block chain account book.
3. An identity authentication method based on a block chain is characterized by comprising the following steps:
receiving a verification request sent by a block chain platform, and acquiring a private key in the verification request;
and responding to the user digital identity information corresponding to the private key which is inquired locally, and sending a verification passing message carrying the user digital identity information to the block chain platform.
4. The blockchain-based identity authentication method according to claim 3, wherein the method further comprises:
in response to monitoring that a user logs in an application program belonging to the operator platform, locally acquiring user information of the user, and generating the user digital identity information according to the user information;
generating a private key and a public key corresponding to the user digital identity information;
generating the private key signature according to the private key and the user information;
and sending the private key to the terminal equipment of the user, and broadcasting the public key and the private key signature in a block chain.
5. The blockchain-based identity authentication method according to claim 4, wherein the generating the user digital identity information according to the user information includes:
calculating a hash value of the user information, and using the hash value as leaf node information of the Mercker tree;
and calculating root node information of the Mercker tree according to the leaf node information, and determining the root node information as the user digital identity information.
6. A blockchain platform, comprising:
the system comprises a receiving module, a first application program and a second application program, wherein the receiving module is used for receiving an identity authentication request sent by a server of the first application program, the identity authentication request is sent after the server of the first application program sends an authorized login request to a server of the second application program, a user authorized login message returned by the server of the second application program is received by the server of the first application program, and the user authorized login message is sent after the private key is obtained from terminal equipment of a user;
the obtaining module is used for obtaining a private key in the identity authentication request;
the sending module is used for responding to a public key and a private key signature corresponding to the private key which are inquired in a block chain account book and sending a verification request carrying the private key to an operator platform; and responding to the received verification passing message carrying the user digital identity information returned by the operator platform, and sending the verification passing message carrying the user digital identity information to the server of the first application program.
7. The blockchain platform of claim 6, further comprising:
and the storage module is used for responding to the public key and the private key signature which are received from the operator platform broadcast in the block chain, and storing the public key and the private key signature in the block chain account book.
8. An operator platform, comprising:
the receiving module is used for receiving a verification request sent by the block chain platform;
the first acquisition module is used for acquiring a private key in the verification request;
and the sending module is used for responding to the user digital identity information corresponding to the private key inquired locally and sending a verification passing message carrying the user digital identity information to the block chain platform.
9. The operator platform of claim 8, further comprising:
the second acquisition module is used for responding to the monitored application program of the user login belonging to the operator platform and locally acquiring the user information of the user;
the first generation module is used for generating the user digital identity information according to the user information;
the second generation module is used for generating a private key and a public key corresponding to the user digital identity information;
the third generation module is used for generating the private key signature according to the private key and the user information;
the sending module is used for sending the private key to the terminal equipment of the user;
a broadcast module to broadcast the public key and the private key signature in a blockchain.
10. The operator platform according to claim 9, wherein the first generating module is specifically configured to:
calculating a hash value of the user information, and using the hash value as leaf node information of the Mercker tree;
and calculating root node information of the Mercker tree according to the leaf node information, and determining the root node information as the user digital identity information.
CN202110455089.0A 2021-04-26 2021-04-26 Identity verification method based on block chain, block chain platform and operator platform Active CN113194082B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110455089.0A CN113194082B (en) 2021-04-26 2021-04-26 Identity verification method based on block chain, block chain platform and operator platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110455089.0A CN113194082B (en) 2021-04-26 2021-04-26 Identity verification method based on block chain, block chain platform and operator platform

Publications (2)

Publication Number Publication Date
CN113194082A true CN113194082A (en) 2021-07-30
CN113194082B CN113194082B (en) 2022-12-02

Family

ID=76979000

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110455089.0A Active CN113194082B (en) 2021-04-26 2021-04-26 Identity verification method based on block chain, block chain platform and operator platform

Country Status (1)

Country Link
CN (1) CN113194082B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115051848A (en) * 2022-06-08 2022-09-13 西安工业大学 Identity authentication method based on block chain

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107547514A (en) * 2017-07-17 2018-01-05 招商银行股份有限公司 Identity identifying method, system and computer-readable recording medium
CN109768865A (en) * 2019-01-18 2019-05-17 深圳市威赫科技有限公司 Block chain upper body part under credible performing environment digitizes realization method and system
CN110071808A (en) * 2019-04-09 2019-07-30 郭浩 A kind of the secure digital identity verification method and device of block chain user
US20190312877A1 (en) * 2016-12-23 2019-10-10 Cloudminds (Shenzhen) Robotics Systems Co., Ltd. Block chain mining method, device, and node apparatus
CN112235290A (en) * 2020-10-13 2021-01-15 中国联合网络通信集团有限公司 Block chain-based Internet of things equipment management method and first Internet of things equipment
WO2021063963A1 (en) * 2019-09-30 2021-04-08 Bpce Process for managing the rights and assets of a user in a block chain

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190312877A1 (en) * 2016-12-23 2019-10-10 Cloudminds (Shenzhen) Robotics Systems Co., Ltd. Block chain mining method, device, and node apparatus
CN107547514A (en) * 2017-07-17 2018-01-05 招商银行股份有限公司 Identity identifying method, system and computer-readable recording medium
CN109768865A (en) * 2019-01-18 2019-05-17 深圳市威赫科技有限公司 Block chain upper body part under credible performing environment digitizes realization method and system
CN110071808A (en) * 2019-04-09 2019-07-30 郭浩 A kind of the secure digital identity verification method and device of block chain user
WO2021063963A1 (en) * 2019-09-30 2021-04-08 Bpce Process for managing the rights and assets of a user in a block chain
CN112235290A (en) * 2020-10-13 2021-01-15 中国联合网络通信集团有限公司 Block chain-based Internet of things equipment management method and first Internet of things equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115051848A (en) * 2022-06-08 2022-09-13 西安工业大学 Identity authentication method based on block chain
CN115051848B (en) * 2022-06-08 2023-12-22 西安工业大学 Identity authentication method based on blockchain

Also Published As

Publication number Publication date
CN113194082B (en) 2022-12-02

Similar Documents

Publication Publication Date Title
US10594696B2 (en) Network-based authentication and security services
US9871791B2 (en) Multi factor user authentication on multiple devices
Fett et al. A comprehensive formal security analysis of OAuth 2.0
WO2022262078A1 (en) Access control method based on zero-trust security, and device and storage medium
CN101771532B (en) Method, device and system for realizing resource sharing
Fett et al. An extensive formal security analysis of the openid financial-grade api
US20140189808A1 (en) Multi-factor authentication and comprehensive login system for client-server networks
CN102457509B (en) Cloud computing resources safety access method, Apparatus and system
JP2004185623A (en) Method and system for authenticating user associated with sub-location in network location
Panda et al. A blockchain based decentralized authentication framework for resource constrained iot devices
CN110417790B (en) Block chain real-name system queuing system and method
Dehalwar et al. Blockchain-based trust management and authentication of devices in smart grid
US9338173B2 (en) Methods and apparatuses for avoiding damage in network attacks
JP7376727B2 (en) Verifying cryptographically secure requests
Huang et al. A token-based user authentication mechanism for data exchange in RESTful API
Putri et al. Two factor authentication framework based on ethereum blockchain with dApp as token generation system instead of third-party on web application
Chae et al. A study on secure user authentication and authorization in OAuth protocol
CN113194082B (en) Identity verification method based on block chain, block chain platform and operator platform
Monir A Lightweight Attribute-Based Access Control System for IoT.
KR101258972B1 (en) Method for user authentication
CN110278178B (en) Login method, equipment and readable storage medium
Javed et al. Browser-to-browser authentication and trust relationships for WebRTC
Kong et al. A trusted authentication scheme based on super SIM card for mobile office for industry 4.0
Zarin et al. A Sybil-Resistant and Decentralized Market Place
De API Security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant