CN114006708A - Key center authentication method and device based on block chain - Google Patents

Key center authentication method and device based on block chain Download PDF

Info

Publication number
CN114006708A
CN114006708A CN202010670140.5A CN202010670140A CN114006708A CN 114006708 A CN114006708 A CN 114006708A CN 202010670140 A CN202010670140 A CN 202010670140A CN 114006708 A CN114006708 A CN 114006708A
Authority
CN
China
Prior art keywords
key
key center
equipment
center
block chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202010670140.5A
Other languages
Chinese (zh)
Inventor
王伟兵
张帆
罗森
李照川
孙永超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong ICity Information Technology Co., Ltd.
Original Assignee
Shandong ICity Information Technology Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong ICity Information Technology Co., Ltd. filed Critical Shandong ICity Information Technology Co., Ltd.
Priority to CN202010670140.5A priority Critical patent/CN114006708A/en
Publication of CN114006708A publication Critical patent/CN114006708A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application discloses a key center authentication method and device based on a block chain, wherein the method comprises the following steps: receiving registration requests of key centers, wherein each key center corresponds to one or more enterprises; verifying the key center, and performing chain registration and main public key publicity on the key center which passes the verification; receiving a query request sent by first equipment and used for verifying a key center corresponding to second equipment, wherein the first equipment and the second equipment are identified through a private key generated by the corresponding key center; and if the key center corresponding to the second center is registered in the block chain, sending the master public key of the key center corresponding to the second center to the first equipment, so that the first equipment and the second equipment perform identity authentication in the communication process. The embodiment of the invention forms a global credible key center list by using the block chain network and the intelligent contract technology, and allows the digital signature cross-verification of the equipment across the key centers.

Description

Key center authentication method and device based on block chain
Technical Field
The present application relates to the field of blockchain technologies, and in particular, to a method and an apparatus for authenticating a key center based on a blockchain.
Background
The blockchain is an unchangeable distributed shared ledger. In the block chain, data is stored in multiple parts, and the consistency of the data of multiple nodes is realized by utilizing a consensus algorithm. In the blockchain, data can be only appended and cannot be deleted or modified. The data written to the block chain must be digitally signed, meaning that ownership, control, and responsibility bodies of the data on the chain are clear. The novel block chain is programmable, the business rules can be coded into the block chain by using an intelligent contract, the rules (codes) can not be deleted or modified like data, the codes are automatically executed during calling and can not be skipped, and the executed result is often written into the block chain.
Since the data is stored in multiple parties and the data cannot be tampered on the chain, trusted data sharing among the multiple parties can be achieved by using the block chain. Accurate data authority control can be achieved by means of the intelligent contract.
The design idea of the identification cipher algorithm is that effective identifications (such as mail addresses, mobile phone numbers, identity card codes, vehicle frame numbers, equipment numbers and the like) of entities are used as public keys, and users do not need to apply for and exchange certificates, so that the complexity of the security system is greatly reduced. The cryptosystem based on the identification assumes that there is a trusted Key Generation Center (KGC) as the Center of the system, and the user can apply for the private Key from the Key Center by using the identification of the user.
Disclosure of Invention
The embodiment of the present specification provides a key center authentication method and device based on a block chain, which are used for solving the following technical problems in the prior art:
and the Internet of things equipment performs cross-enterprise identity authentication when performing point-to-point communication interconnection.
The embodiment of the specification adopts the following technical scheme:
a first aspect of an embodiment of the present invention provides a key center authentication method based on a block chain, including:
receiving a request for inquiring a key center corresponding to second equipment, which is sent by first equipment, and inquiring in a block chain through related information of the key center in the request;
and if the key center corresponding to the second device is registered in the block chain, sending the master public key of the key center corresponding to the second device to the first device, so that the first device verifies the digital signature of the second device through the master public key to authenticate the key center corresponding to the second device, wherein the private key for generating the digital signature is generated through the key center corresponding to the second device.
The SM9 mark cipher national standard only defines the standard of a single key center, the invention builds a credible data sharing bridge among a plurality of key centers by combining with the block chain technology, and actually, the SM9 supports a layered governance framework similar to PKI (public key infrastructure), thereby greatly expanding the application range of the SM9 mark cipher and enabling the SM9 to become a distributed system.
A globally credible SM9 key center list is formed by using a blockchain network and an intelligent contract technology, cross-key-center digital signature cross verification is allowed, so that when equipment of the Internet of things is interconnected point-to-point, cross-enterprise and cross-key-center equipment identity mutual authentication is supported, light-weight key distribution of an SM9 identification cryptosystem and a data sharing and non-tampering mechanism of a blockchain are fully utilized, and the safety and convenience of cross-enterprise interconnection of the Internet of things are improved
In one example, further comprising: receiving a request for registering key centers, wherein each key center corresponds to one or more enterprises;
and verifying the key center, and performing chain registration and master public key publicity on the key center which passes the verification.
In one example, the verifying the key center and performing chain registration and public key disclosure of the key center which passes the verification includes:
authenticating the key center through a key center authentication mechanism, wherein the authentication index at least comprises one of the following indexes: legitimacy, integrity and service capabilities.
And registering the key center after passing the authentication in an authenticated key center list of the blockchain.
In one example, the trust of the data on the chain is improved by setting a key center certification authority to certify the key center and setting corresponding standards.
In one example, the verifying the key center and performing chain registration and public key disclosure of the key center which passes the verification includes:
verifying a key center trusted by an enterprise through a self-defined key center intelligent contract;
and registering the verified enterprise trusted key center in a self-defined key center list of the blockchain.
The embodiment of the invention can reduce the operation cost of enterprises through the enterprise-defined key center, and has wider applicability.
In one example, the querying in the blockchain through the related information of the key center in the request includes:
and inquiring in an authenticated key center list and/or a user-defined key center list in the block chain according to the related information.
The example of the invention encodes data authority control in the intelligent contract code of the 'user-defined key center', enterprises can only maintain own KGC trust lists, and the search pressure of the block chain is reduced by setting the lists.
In one example, further comprising:
receiving a validity request for revoking a device identifier of an enterprise, which is sent by the enterprise, and storing the device identifiers in a block chain, wherein each device identifier corresponds to one device;
and detecting the device identification of the second device through the revocation identification intelligent contract to determine the validity of the second device.
The SM9 algorithm does not support the revocation of identification and private keys, and the embodiment of the invention makes up some vulnerabilities of the SM9 algorithm through the intelligent contract of 'revocation identification'.
A second aspect of the embodiments of the present invention provides a key center authentication method based on a block chain, including:
the method comprises the steps that first equipment receives communication data sent by second equipment, and an equipment identifier of the second equipment is obtained, wherein the equipment identifier contains information of an enterprise to which the second equipment belongs;
the first device sends a request for inquiring a key center corresponding to the second device to a block chain, so that the block chain is inquired through the related information of the key center in the request, and after the block chain inquires the key center corresponding to the second device, a main public key of the key center is fed back to the first device;
the first device receives the master public key fed back by the block chain;
and the first equipment verifies the digital signature carried by the communication data through the master public key so as to authenticate the identity of the key center corresponding to the second equipment, wherein the private key for generating the digital signature is generated through the key center corresponding to the second equipment.
The embodiment of the invention realizes the identity authentication of the equipment of different enterprises in the communication process by setting the automatic instruction.
In one example, further comprising:
and applying a private key to a corresponding key center through the equipment identification of the first equipment, and automatically configuring the private key in an encryption algorithm client of the first equipment.
The embodiment of the invention realizes the application of the private key of the equipment by presetting the automation instruction on the equipment.
In one example, the applying for the private key from the corresponding key center through the identification of the first device includes:
and sending the identifier of the first equipment and the enterprise information corresponding to the first equipment to a key center corresponding to the enterprise, enabling the key center to generate the private key after checking the enterprise information, and feeding the private key back to the first equipment.
The embodiment of the invention prevents the private key from being leaked and improves the safety by verifying the information of the enterprise.
In one example, the private key is generated by a key center through a specified encryption algorithm that is employed by an encryption algorithm client of the first device.
In the embodiment of the invention, the private key and the encryption algorithm client in the equipment are unified, so that the equipment can be better managed.
A third aspect of an embodiment of the present invention provides a key center authentication device based on a block chain, including:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
receiving a request for inquiring a key center corresponding to second equipment, which is sent by first equipment, and inquiring in a block chain through related information of the key center in the request;
and if the key center corresponding to the second device is registered in the block chain, sending the master public key of the key center corresponding to the second device to the first device, so that the first device verifies the digital signature of the second device through the master public key to authenticate the key center corresponding to the second device, wherein the private key for generating the digital signature is generated through the key center corresponding to the second device.
A fourth aspect of the present invention provides a key center authentication device based on a block chain, including:
a processor; and the number of the first and second groups,
a memory communicatively coupled to the processor; wherein the content of the first and second substances,
the memory stores instructions executable by the processor to enable the processor to:
the method comprises the steps that first equipment receives communication data sent by second equipment, and an equipment identifier of the second equipment is obtained, wherein the equipment identifier contains information of an enterprise to which the second equipment belongs;
the first device sends a request for inquiring a key center corresponding to the second device to a block chain, so that the block chain is inquired through the related information of the key center in the request, and after the block chain inquires the key center corresponding to the second device, a main public key of the key center is fed back to the first device;
the first device receives the master public key fed back by the block chain;
and the first equipment verifies the digital signature carried by the communication data through the master public key so as to authenticate the identity of the key center corresponding to the second equipment, wherein the private key for generating the digital signature is generated through the key center corresponding to the second equipment.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic diagram of a key center authentication process provided in an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating a key center authentication process after device deployment according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart of a first method according to an embodiment of the present invention;
FIG. 4 is a schematic flow chart of a second method according to an embodiment of the present invention;
fig. 5 is a schematic frame diagram of an apparatus corresponding to the first method according to an embodiment of the present invention;
fig. 6 is a schematic frame diagram of an apparatus corresponding to the second method according to the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present disclosure more apparent, the technical solutions of the present disclosure will be clearly and completely described below with reference to the specific embodiments of the present disclosure and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person skilled in the art without making any inventive step based on the embodiments in the description belong to the protection scope of the present application.
The identification cryptosystem is very suitable for equipment identity authentication. SM9 does not form a Key Generation Center (KGC) system that covers the whole country, and for convenience of description, the Key Generation Center is hereinafter referred to as a Key Center. Different enterprises or institutions may self-establish or use different key centers. This results in the inability to verify the digital signature of the other party using the device identification plus the SM9 private key when devices of different enterprises are communicating peer-to-peer, resulting in the inability to mutually authenticate device identities.
The SM9 identifies the cryptographic criteria as "GM/T0044-2016 SM9 identifies the cryptographic algorithm". The SM9 algorithm mainly includes four parts: digital signature algorithm, key exchange protocol, key encapsulation mechanism and public key encryption algorithm, wherein the SM9 signature algorithm is included in ISO/IEC 14888-3:2018 digital signature part 3 of information security technology with appendix: discrete logarithm based mechanism, becomes an international standard.
The SM9 cryptographic algorithm is an identity-based cryptography (IBC) based on bilinear pairings, and the theoretical basis and mathematical tools of the algorithm are the properties of point group operations of elliptic curves on finite field groups and bilinear pairings operation characteristics.
The key center in the embodiment of the present application is implemented based on the SM9 cryptographic algorithm, which should not be construed as a limitation to the present application, and the embodiment of the present application may also implement the key center based on other types of encryption algorithms.
When an internet of things device accesses a network, there are three networking incentives that often occur: the first is data uploading, which uploads data (such as sensor data) generated by the server; secondly, data downlink, the server issues configuration, instruction, parameter, management and other data to the equipment; and thirdly point-to-point interconnection between devices. With the continuous development of the internet of things, the third situation is more and more. The computing power and the storage capacity of the internet of things equipment are limited, and a strong database for managing user lists and rights cannot be provided like a server. A lightweight interconnection authentication scheme between devices is needed to solve the problem of cross-enterprise device identity authentication during point-to-point interconnection.
The embodiment of the invention realizes the registration, sharing and publicity of each enterprise/organization to the main public key of the SM9 key center (KGC) used by the enterprise/organization through the block chain, forms a uniform global credible key center list, allows the enterprise to add the individual credible key centers so as to support the mutual authentication of SM9 digital signatures across KGC and further supports the mutual authentication of equipment identities across the country and the enterprise.
The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic diagram of a key center authentication process provided in an embodiment of the present invention; as shown, the method generally comprises:
and the key center authority certification authority carries out integrity and capability evaluation on the SM9 key center, and registers the certified key center and the main public key thereof to the blockchain to be used as a global credible key center.
Specifically, a key center certification authority is established to evaluate the validity, integrity and service capability of the key center, register the trusted key center to the blockchain, and disclose the master public key of the trusted key center on the chain, so that the user can verify the validity of the related SM9 digital signature. And deploying an intelligent contract of the authenticated key center on the blockchain, wherein the intelligent contract is used for the key center authentication mechanism to perform chain registration and main public key publicity on the authenticated key center.
The embodiment of the invention is similar to the existing PKI/CA system, and a block chain network of an intelligent contract of an authenticated key center is deployed, thereby playing a role similar to a root CA and being used for declaring which key centers are credible.
Enterprises register key centers trusted by the enterprises and master public keys thereof to the blockchain to supplement the global trusted key center list.
Specifically, the enterprise may build the SM9 key center itself, or choose to select a third party key center that it trusts. When an enterprise finds that a self-built key center or a selected key center is not in a list of 'authenticated key centers' on a chain, firstly, the key center can be thought of to pass the authentication of an authentication mechanism so as to be added into the list; and secondly, registering the key center of the user into a self-defined key center list on the chain, wherein the self-defined key center list is also realized in an intelligent contract mode.
The "custom key center" smart contract allows each enterprise to register its own trusted key center list, including the name of the key center, the master public key of the key center, etc., as a supplement to the global trusted key center list maintained by the key center certificate authority. The data authority control is coded in the intelligent contract code of the user-defined key center, and enterprises can only maintain the trust lists of the key centers of the enterprises.
Since the system parameters of all SMs 9 are the same, already defined in the national standard documents, it may not be registered to the blockchain. The verification of the digital signature is performed directly using the system parameters of the SM9 standard.
Fig. 2 is a schematic diagram of a key center authentication flow after device deployment according to an embodiment of the present invention, and as shown in the drawing, the embodiment of the present invention implements trusted manifest management of an SM9 key center and sharing and publicity of a master public key of the key center by means of a block chain, and can implement identity authentication of a device in the following manner.
And applying for an SM9 private key from the key center by using the equipment identifier, and generating the private key after verifying the identity of the enterprise by the key center to send the private key to the enterprise. The enterprise receives the SM9 private key and loads it into the device, deploys it with the SM9 client for later SM9 digital signing, encrypted communication, key exchange, etc. Of course, some automation instructions can be set to automatically make the equipment perform the above setting.
The device identifier does not need to be registered with the blockchain, and the digital signature verification can be successful as long as the device identifier is a private key generated by a trusted key center. For the identification revocation after the equipment is scrapped and lost, an intelligent contract of 'revocation identification' can be added for the enterprise to register the invalid equipment identification. When the equipment identity is authenticated, the intelligent contract of the 'revocation identifier' of the block chain can be accessed, and whether the equipment identity participating in authentication is valid or not can be checked.
When the devices of different enterprises are in point-to-point networking, the device identity identifiers are exchanged to obtain the related information of the key center of the other party, wherein the related information can be the enterprise information of the other party (the enterprise corresponds to the key center during registration), or the name of the key center of the other party or other related information.
In some preferred embodiments of the present invention, it is also possible to check whether the device identifier participating in the authentication is valid by accessing the "revocation identifier" smart contract of the blockchain.
And verifying the validity of the digital signature of the other party by using the acquired KGC master public key of the other party and the equipment identifier of the other party. And if the digital signature is valid, finishing the equipment identity authentication.
The key center of SM9 does not support hierarchical governance structures by itself, and there is no concept of a "root key center". Under the maintenance of a key center certification authority, the registration of a global trusted key center is realized through an intelligent contract of a block chain network, and an enterprise is allowed to define a trusted key center, so that the cross-key center digital signature cross-verification is realized, and the cross-enterprise and cross-key center mutual certification of the equipment identity is supported. The SM9 algorithm does not support the revocation of identification and private keys, and some vulnerabilities of SM9 are remedied through the intelligent contract of 'revocation identification'.
Corresponding to the above overall real-time scheme, a first aspect of the embodiments of the present invention provides a key center authentication method based on a block chain, which is applied to the block chain, and includes:
s301, receiving a request for inquiring a key center corresponding to second equipment, which is sent by first equipment, and inquiring in a block chain according to related information of the key center in the request;
s302, if the key center corresponding to the second device is registered in the blockchain, sending the master public key of the key center corresponding to the second device to the first device, so that the first device verifies the digital signature of the second device through the master public key to authenticate the key center corresponding to the second device, where the private key for generating the digital signature is generated through the key center corresponding to the second device.
The specific implementation of the first aspect of the embodiments of the present invention refers to the above overall description, and is not described herein again. In a second aspect, a block chain-based key center authentication method is provided in a real-time solution for the above, and is applied to an internet of things device, where the internet of things device includes a first device and a second device, and the method includes:
s401, a first device receives communication data sent by a second device, and obtains a device identifier of the second device, wherein the device identifier contains information of an enterprise to which the second device belongs;
s402, the first device sends a request for inquiring a key center corresponding to the second device to a block chain, so that the block chain is inquired through the related information of the key center in the request, and after the block chain is inquired about the key center corresponding to the second device, a main public key of the key center is fed back to the first device;
s403, the first device receives the master public key fed back by the block chain;
s404, the first device verifies, through the master public key, the digital signature carried by the communication data to authenticate the identity of the key center corresponding to the second device, where the private key for generating the digital signature is generated through the key center corresponding to the second device.
The second aspect of the embodiments of the present invention is implemented by referring to the above-mentioned overall description, and is not described in detail herein.
Based on the same idea, some embodiments of the present application further provide a device and a non-volatile computer storage medium corresponding to the above method.
Fig. 5 is a schematic diagram of a framework of a device corresponding to a first method provided in an embodiment of the present invention, where a key center authentication device based on a block chain is applied to the block chain, and includes:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
receiving a request for inquiring a key center corresponding to second equipment, which is sent by first equipment, and inquiring in a block chain through related information of the key center in the request;
and if the key center corresponding to the second device is registered in the block chain, sending the master public key of the key center corresponding to the second device to the first device, so that the first device verifies the digital signature of the second device through the master public key to authenticate the key center corresponding to the second device, wherein the private key for generating the digital signature is generated through the key center corresponding to the second device.
Fig. 6 is a schematic diagram of a framework of a device corresponding to a second method provided in an embodiment of the present invention, and as shown in fig. 6, a key center authentication device based on a block chain is applied to a device, and includes:
the method comprises the steps that first equipment receives communication data sent by second equipment, and an equipment identifier of the second equipment is obtained, wherein the equipment identifier contains information of an enterprise to which the second equipment belongs;
the first device sends a request for inquiring a key center corresponding to the second device to a block chain, so that the block chain is inquired through the related information of the key center in the request, and after the block chain inquires the key center corresponding to the second device, a main public key of the key center is fed back to the first device;
the first device receives the master public key fed back by the block chain;
and the first equipment verifies the digital signature carried by the communication data through the master public key so as to authenticate the identity of the key center corresponding to the second equipment, wherein the private key for generating the digital signature is generated through the key center corresponding to the second equipment.
The embodiments in the present application are described in a progressive manner, and the same and similar parts among the embodiments can be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the device and media embodiments, the description is relatively simple as it is substantially similar to the method embodiments, and reference may be made to some descriptions of the method embodiments for relevant points.
The device and the medium provided by the embodiment of the application correspond to the method one to one, so the device and the medium also have the similar beneficial technical effects as the corresponding method, and the beneficial technical effects of the method are explained in detail above, so the beneficial technical effects of the device and the medium are not repeated herein.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (10)

1. A key center authentication method based on a block chain is characterized by comprising the following steps:
receiving a request for inquiring a key center corresponding to second equipment, which is sent by first equipment, and inquiring in a block chain through related information of the key center in the request;
and if the key center corresponding to the second device is registered in the block chain, sending the master public key of the key center corresponding to the second device to the first device, so that the first device verifies the digital signature of the second device through the master public key to authenticate the key center corresponding to the second device, wherein the private key for generating the digital signature is generated through the key center corresponding to the second device.
2. The method of claim 1, further comprising: receiving a request for registering key centers, wherein each key center corresponds to one or more enterprises;
and verifying the key center, and performing chain registration and master public key publicity on the key center which passes the verification.
3. The method of claim 2, wherein the verifying the key center and performing chain registration and public key publication of the verified key center comprises:
authenticating the key center through a key center authentication mechanism, wherein the authentication index at least comprises one of the following indexes: legitimacy, integrity and service capabilities.
And registering the key center after passing the authentication in an authenticated key center list of the blockchain.
4. The method of claim 3, wherein the verifying the key center and performing chain registration and public key publication of the verified key center comprises:
verifying a key center trusted by an enterprise through a self-defined key center intelligent contract;
and registering the verified enterprise trusted key center in a self-defined key center list of the blockchain.
5. The method of claim 4, wherein querying in the blockchain through the key center related information in the request comprises:
and inquiring in an authenticated key center list and/or a user-defined key center list in the block chain according to the related information.
6. The method of claim 6, further comprising:
receiving a validity request for revoking a device identifier of an enterprise, which is sent by the enterprise, and storing the device identifiers in a block chain, wherein each device identifier corresponds to one device;
and detecting the device identification of the second device through the revocation identification intelligent contract to determine the validity of the second device.
7. A key center authentication method based on a block chain is characterized by comprising the following steps:
the method comprises the steps that first equipment receives communication data sent by second equipment, and an equipment identifier of the second equipment is obtained, wherein the equipment identifier contains information of an enterprise to which the second equipment belongs;
the first device sends a request for inquiring a key center corresponding to the second device to a block chain, so that the block chain is inquired through the related information of the key center in the request, and after the block chain inquires the key center corresponding to the second device, a main public key of the key center is fed back to the first device;
the first device receives the master public key fed back by the block chain;
and the first equipment verifies the digital signature carried by the communication data through the master public key so as to authenticate the identity of the key center corresponding to the second equipment, wherein the private key for generating the digital signature is generated through the key center corresponding to the second equipment.
8. The method of claim 7, further comprising:
and applying for a private key from a corresponding key center through the equipment identifier of the first equipment, and automatically configuring the private key in an encryption algorithm client of the first equipment.
9. A blockchain-based key center authentication device, comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
receiving a request for inquiring a key center corresponding to second equipment, which is sent by first equipment, and inquiring in a block chain through related information of the key center in the request;
and if the key center corresponding to the second device is registered in the block chain, sending the master public key of the key center corresponding to the second device to the first device, so that the first device verifies the digital signature of the second device through the master public key to authenticate the key center corresponding to the second device, wherein the private key for generating the digital signature is generated through the key center corresponding to the second device.
10. A blockchain-based key center authentication device, comprising:
a processor; and the number of the first and second groups,
a memory communicatively coupled to the processor; wherein the content of the first and second substances,
the memory stores instructions executable by the processor to enable the processor to:
the method comprises the steps that first equipment receives communication data sent by second equipment, and an equipment identifier of the second equipment is obtained, wherein the equipment identifier contains information of an enterprise to which the second equipment belongs;
the first device sends a request for inquiring a key center corresponding to the second device to a block chain, so that the block chain is inquired through the related information of the key center in the request, and after the block chain inquires the key center corresponding to the second device, a main public key of the key center is fed back to the first device;
the first device receives the master public key fed back by the block chain;
and the first equipment verifies the digital signature carried by the communication data through the master public key so as to authenticate the identity of the key center corresponding to the second equipment, wherein the private key for generating the digital signature is generated through the key center corresponding to the second equipment.
CN202010670140.5A 2020-07-13 2020-07-13 Key center authentication method and device based on block chain Withdrawn CN114006708A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010670140.5A CN114006708A (en) 2020-07-13 2020-07-13 Key center authentication method and device based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010670140.5A CN114006708A (en) 2020-07-13 2020-07-13 Key center authentication method and device based on block chain

Publications (1)

Publication Number Publication Date
CN114006708A true CN114006708A (en) 2022-02-01

Family

ID=79920099

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010670140.5A Withdrawn CN114006708A (en) 2020-07-13 2020-07-13 Key center authentication method and device based on block chain

Country Status (1)

Country Link
CN (1) CN114006708A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114499883A (en) * 2022-02-09 2022-05-13 浪潮云信息技术股份公司 Cross-organization identity authentication method and system based on block chain and SM9 algorithm

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114499883A (en) * 2022-02-09 2022-05-13 浪潮云信息技术股份公司 Cross-organization identity authentication method and system based on block chain and SM9 algorithm

Similar Documents

Publication Publication Date Title
Guo et al. Blockchain meets edge computing: A distributed and trusted authentication system
US10547643B2 (en) Systems and methods for distributed data sharing with asynchronous third-party attestation
Li et al. FADB: A fine-grained access control scheme for VANET data based on blockchain
CN112311735B (en) Credible authentication method, network equipment, system and storage medium
CN110544095A (en) Transaction processing method of block chain network and block chain network
CN111935075A (en) Block chain-based digital identity signing and issuing method, equipment and medium
CN111884805A (en) Data hosting method and system based on block chain and distributed identity
CN108696360A (en) A kind of CA certificate distribution method and system based on CPK keys
CN105516110A (en) Mobile equipment secure data transmission method
CN110177109B (en) Double-proxy cross-domain authentication system based on identification password and alliance chain
Oktian et al. BorderChain: Blockchain-based access control framework for the Internet of Things endpoint
CN112152778B (en) Node management method and device and electronic equipment
CN111880919A (en) Data scheduling method, system and computer equipment
EP3817320B1 (en) Blockchain-based system for issuing and validating certificates
Chae et al. A study on secure user authentication and authorization in OAuth protocol
CN114006708A (en) Key center authentication method and device based on block chain
CN112950209A (en) Nuclear power experience feedback information management method and system based on block chain
CN115150109A (en) Authentication method, device and related equipment
Kim et al. Can we create a cross-domain federated identity for the industrial Internet of Things without Google?
Durán et al. An architecture for easy onboarding and key life-cycle management in blockchain applications
KR102118556B1 (en) Method for providing private blockchain based privacy information management service
CN115086337B (en) File processing method and device, storage medium and electronic equipment
Yan et al. Storage optimization for certificates in blockchain based PKI system
CN117118640A (en) Data processing method, device, computer equipment and readable storage medium
CN114491455A (en) Method and device for directory authorization, processor and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20220201