CN115102760A - System, method and medium for password-free secure login based on blockchain and DID - Google Patents
System, method and medium for password-free secure login based on blockchain and DID Download PDFInfo
- Publication number
- CN115102760A CN115102760A CN202210703744.4A CN202210703744A CN115102760A CN 115102760 A CN115102760 A CN 115102760A CN 202210703744 A CN202210703744 A CN 202210703744A CN 115102760 A CN115102760 A CN 115102760A
- Authority
- CN
- China
- Prior art keywords
- website
- login
- app user
- user
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 19
- YSCNMFDFYJUPEF-OWOJBTEDSA-N 4,4'-diisothiocyano-trans-stilbene-2,2'-disulfonic acid Chemical compound OS(=O)(=O)C1=CC(N=C=S)=CC=C1\C=C\C1=CC=C(N=C=S)C=C1S(O)(=O)=O YSCNMFDFYJUPEF-OWOJBTEDSA-N 0.000 claims description 25
- 238000012795 verification Methods 0.000 claims description 4
- 230000006378 damage Effects 0.000 claims description 3
- 238000004590 computer program Methods 0.000 claims description 2
- 230000008569 process Effects 0.000 description 3
- 230000007547 defect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a password-free safe login system, method and medium based on a block chain and DID, relating to the technical field of block chains and comprising the following steps: DID APP user U, intelligent contract SC, website S and block chain network; DIDAPP user U: opening a website to log in; and (3) intelligent contract SC: carrying out DID identity registration, DID document generation and management, DID document query and the like on a DID APP user U and a website S; and (3) website S: generating a login two-dimensional code, and performing identity authentication on a user who scans the code to login; block chain network: the intelligent contract SC is executed and the data is stored. The invention can reduce the risk that the user information is leaked or the password is knocked into the library by a hacker in the traditional password-free login scheme.
Description
Technical Field
The invention relates to the technical field of block chains, in particular to a password-free safe login system, method and medium based on a block chain and DID.
Background
Compared with the traditional identity system based on PKI, the DID digital identity system established based on the block chain has the characteristics of ensuring the truthfulness and credibility of data, protecting the privacy and safety of users, having strong portability and the like, and has the advantages that: decentralized, autonomous and controllable identity, trusted data exchange, etc.
According to the scheme, the technology that the block chain is combined with the DID is utilized, the website server generates a two-dimensional code containing information such as the DID of the website, the APP supporting the DID is used for scanning the code to log in, the server does not know the password of the user in the code scanning process, and any information except the DID of the user and the DID document cannot be obtained, so that the safety of the privacy data of the user is guaranteed.
The scheme adopts DID, the identity information of the user in the DID is mastered by the user, and the risk that the user information is leaked or the password is knocked into the library by a hacker is reduced.
The prior art has the following technical defects: the existing password-free login scheme is generally code scanning login, the information of a login user is mastered by a scanning APP, and certain privacy risks exist, such as the risk that user information is leaked or a password is knocked into a library by a hacker.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a password-free safe login system, method and medium based on a block chain and DID.
According to the password-free safe login system, method and medium based on the block chain and DID provided by the invention, the scheme is as follows:
in a first aspect, the present invention provides a block chain and DID-based password-free secure login system, including: DID APP user U, intelligent contract SC, website S and block chain network;
DID APP user U: opening a website to log in;
and (3) intelligent contract SC: carrying out DID identity registration, DID document generation and management, DID document query and the like on a DID APP user U and a website S;
and (3) website S: generating a login two-dimensional code, and performing identity authentication on a user who scans the code to login;
block chain network: executing the intelligent contract SC and storing data;
preferably, the DID APP user U includes:
A. setting the identity DIDu of a DID APP user U, setting the private key SKu of the DID APP user U and setting the public key PKu of the DIDAPP user U;
B. opening a website, scanning a login two-dimensional code of the website S, and acquiring an identity DIDs of the website S;
B. acquiring a public key PKs corresponding to the identity DIDs of the website S through an intelligent contract;
C. the login request is signed using the private key SKu of the user U and encrypted using the public key PKs of the website S, requesting to login to the website.
Preferably, the intelligent contract SC comprises:
A. the node P with the management authority controls deployment and destruction;
B. the system is responsible for registering and managing the identities of a DID APP user U and a website S;
C. generating corresponding DID documents for a DID APP user U and a website S;
D. and providing DID document query service for DID APP users U and websites S.
Preferably, the website S includes:
A. setting identity DIDs of a website S, setting private keys SKs of the website S and public keys PKs of the website S;
B. generating a two-dimensional code containing a random ID, website DIDs and a website server URL;
C. after receiving the encrypted login request, decrypting the login request by using a private key SKs to obtain a public key PKu of a DID APP user U, and verifying the correctness of the login request;
D. updating a login state for a DID APP user U;
preferably, the blockchain network comprises:
A. storing the DID document;
B. the intelligent contract SC is executed.
In a second aspect, the present invention provides a password-free secure login method based on a blockchain and DID, the method including:
step S1: a block chain node P with a contract management authority deploys an intelligent contract SC;
step S2: a website S and a DID APP user U register through an intelligent contract SC to obtain respective identity and DID document;
step S3: a DID APP user U opens a website of a website S to be logged in; the website S generates a two-dimensional code containing a random ID, website DIDs and a website server URL, and displays the two-dimensional code on a login page;
step S4: the DID APP user U uses the DID APP to scan the two-dimensional code to obtain website DIDs;
step S5: a DID APP user U acquires DID documents corresponding to DIDs and public keys PKs of a website S through an intelligent contract; the DID APP user U signs the login request by using a private key SKu of the user U, encrypts the login request by using a public key PKs of the website S and requests to login the website;
step S6: after receiving the encrypted login request, the website S decrypts the login request by using a private key SKs to obtain a public key PKu of the DID APP user U, and verifies the correctness of the login request;
step S7: and updating the login state for the DID APP user U after the verification is passed.
In a third aspect, the invention also provides a computer-readable storage medium storing a computer program which, when executed by a processor, performs the steps of the method.
Compared with the prior art, the invention has the following beneficial effects:
the invention adopts a block chain technology (intelligent contract) and a Decentralized Identity (DID) technology, and solves the problem of user identity information leakage in the traditional password-free login scheme in the field of identity authentication.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments with reference to the following drawings:
FIG. 1 is a full flow interaction diagram.
Detailed Description
The present invention will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the invention, but are not intended to limit the invention in any way. It should be noted that variations and modifications can be made by persons skilled in the art without departing from the concept of the invention. All falling within the scope of the present invention.
An embodiment of the present invention provides a password-free secure login system based on a block chain and a DID, and as shown in fig. 1, the system specifically includes: DID APP user U, intelligent contract SC, website S and block chain network;
DID APP user U: opening a website to log in;
and (3) intelligent contract SC: carrying out DID identity registration, DID document generation and management, DID document query and the like on a DID APP user U and a website S;
and (3) website S: generating a login two-dimensional code, and performing identity authentication on a user who scans the code to login;
block chain network: executing the intelligent contract SC and storing data;
specifically, the DID APP user U includes:
A. setting the identity DIDu of a DID APP user U, setting a private key SKu of the DID APP user U and setting a public key PKu of the DIDAPP user U;
B. opening a website, scanning a login two-dimensional code of the website S, and acquiring an identity DIDs of the website S;
B. acquiring a public key PKs corresponding to the identity DIDs of the website S through an intelligent contract;
C. the login request is signed using the private key SKu of the user U and encrypted using the public key PKs of the website S, requesting to login to the website.
The intelligent contract SC comprises:
A. the node P with the management authority controls deployment and destruction;
B. the system is responsible for registering and managing the identities of a DID APP user U and a website S;
C. generating corresponding DID documents for a DID APP user U and a website S;
D. and providing DID document query service for DID APP users U and websites S.
The website S comprises:
A. setting identity DIDs of a website S, setting private keys SKs of the website S and public keys PKs of the website S;
B. generating a two-dimensional code containing a random ID, website DIDs and a website server URL;
C. after receiving the encrypted login request, decrypting the login request by using a private key SKs, acquiring a public key PKu of a DID APP user U, and verifying the correctness of the login request;
D. updating a login state for a DID APP user U;
the blockchain network includes:
A. storing the DID document;
B. the intelligent contract SC is executed.
The embodiment of the invention also provides a password-free safe login method based on the block chain and the DID, and as shown in the figure 1, the method comprises the following steps:
step S1: a block chain node P with contract management authority deploys an intelligent contract SC;
step S2: a website S and a DID APP user U register through an intelligent contract SC to obtain respective identity and DID document;
step S3: a DID APP user U opens a website of a website S to be logged in; the website S generates a two-dimensional code containing a random ID, website DIDs and a website server URL, and displays the two-dimensional code on a login page;
step S4: the DID APP user U uses the DID APP to scan the two-dimensional code to obtain website DIDs;
step S5: a DID APP user U obtains a DID document corresponding to the DIDs and a public key PKs of a website S through an intelligent contract; the DID APP user U signs the login request by using a private key SKu of the user U, encrypts the login request by using a public key PKs of the website S and requests to login the website;
step S6: after receiving the encrypted login request, the website S decrypts the login request by using a private key SKs to obtain a public key PKu of the DID APP user U, and verifies the correctness of the login request;
step S7: and updating the login state for the DID APP user U after the verification is passed.
The working principle is as follows:
the block chain node P with the contract management authority is responsible for deploying the intelligent contract SC; and the website S and the DID APP user U register through the intelligent contract SC to obtain respective identity and DID document.
A DID APP user U opens a website of a website S to be logged in; the website S generates a two-dimensional code containing a random ID, website DIDs and a website server URL and displays the two-dimensional code on a login page; the DID APP user U uses the DID APP to scan the two-dimensional code and acquires website DIDs.
A DID APP user U acquires DID documents corresponding to DIDs and public keys PKs of a website S through an intelligent contract; the DID APP user U signs the login request by using a private key SKu of the user U, encrypts the login request by using a public key PKs of the website S and requests to login the website; after receiving the encrypted login request, the website S decrypts the login request by using a private key SKs to obtain a public key PKu of the DID APP user U, and verifies the correctness of the login request; and updating the login state for the DID APP user U after the verification is passed.
The embodiment of the invention provides a password-free safe login system, method and medium based on a block chain and a DID (do not differentiate), which fuses an intelligent contract technology of the block chain and a Decentralized Identity (DID) mechanism, realizes a safe password-free login scheme, and reduces the risk of user information leakage or password collision by hackers in the traditional password-free login scheme. The invention realizes user ID registration, management and the like through the intelligent contract of the block chain; the generation, management and use of the DID are realized through the intelligent contract of the block chain. The password-free login process is completed under the block chain network, and the whole process can be traced.
Those skilled in the art will appreciate that, in addition to implementing the system and its various devices, modules, units provided by the present invention as pure computer readable program code, the system and its various devices, modules, units provided by the present invention can be fully implemented by logically programming method steps in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Therefore, the system and various devices, modules and units thereof provided by the invention can be regarded as a hardware component, and the devices, modules and units included in the system for realizing various functions can also be regarded as structures in the hardware component; means, modules, units for performing the various functions may also be regarded as structures within both software modules and hardware components for performing the method.
The foregoing description has described specific embodiments of the present invention. It is to be understood that the present invention is not limited to the specific embodiments described above, and that various changes or modifications may be made by one skilled in the art within the scope of the appended claims without departing from the spirit of the invention. The embodiments and features of the embodiments of the present application may be combined with each other arbitrarily without conflict.
Claims (7)
1. A password-free secure login system based on blockchains and DIDs, comprising: the system comprises a DID APP user U, an intelligent contract SC, a website S and a block chain network;
DID APP user U: opening a website to log in;
and (3) intelligent contract SC: carrying out DID identity registration, DID document generation and management, DID document query and the like on a DID APP user U and a website S;
and (3) website S: generating a login two-dimensional code, and performing identity authentication on a user who scans the code to login;
block chain network: the smart contract SC is executed and the data is stored.
2. The block chain and DID-based password-less secure login system according to claim 1, wherein the DID APP user U comprises:
A. setting the identity DIDu of the DID APP user U, setting the private key SKu of the DID APP user U and setting the public key PKu of the DID APP user U;
B. opening a website, scanning a login two-dimensional code of the website S, and acquiring an identity DIDs of the website S;
C. acquiring a public key PKs corresponding to the identity DIDs of the website S through an intelligent contract;
D. the login request is signed using the private key SKu of the user U and encrypted using the public key PKs of the website S, requesting to login to the website.
3. The blockchain and DID based password-less secure login system according to claim 1, wherein the smart contract SC comprises:
A. the node P with the management authority controls deployment and destruction;
B. the system is responsible for registering and managing the identities of a DID APP user U and a website S;
C. generating corresponding DID documents for a DID APP user U and a website S;
D. and DID document query service is provided for the DID APP user U and the website S.
4. The blockchain and DID-based password-less secure login system according to claim 1, wherein the website S comprises:
A. setting identity DIDs of a website S, setting private keys SKs of the website S and public keys PKs of the website S;
B. generating a two-dimensional code containing a random ID, website DIDs and a website server URL;
C. after receiving the encrypted login request, decrypting the login request by using a private key SKs, acquiring a public key PKu of a DID APP user U, and verifying the correctness of the login request;
D. and updating the login state for the DID APP user U.
5. The blockchain and DID-based password-less secure login system according to claim 1, wherein the blockchain network comprises:
A. storing the DID document;
B. the intelligent contract SC is executed.
6. A password-free secure login method based on blockchain and DID, wherein the password-free secure login system based on blockchain and DID according to any one of claims 1 to 5 comprises:
step S1: a block chain node P with contract management authority deploys an intelligent contract SC;
step S2: a website S and a DID APP user U register through an intelligent contract SC to obtain respective identity and DID documents;
step S3: a DID APP user U opens a website of a website S to be logged in; the website S generates a two-dimensional code containing a random ID, website DIDs and a website server URL and displays the two-dimensional code on a login page;
step S4: the DID APP user U uses the DID APP to scan the two-dimensional code to obtain website DIDs;
step S5: a DID APP user U acquires DID documents corresponding to DIDs and public keys PKs of a website S through an intelligent contract; the DID APP user U signs the login request by using a private key SKu of the user U, encrypts the login request by using a public key PKs of the website S and requests to login the website;
step S6: after receiving the encrypted login request, the website S decrypts the login request by using a private key SKs to obtain a public key PKu of the DID APP user U, and verifies the correctness of the login request;
step S7: and updating the login state for the DID APP user U after the verification is passed.
7. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method as claimed in claim 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210703744.4A CN115102760A (en) | 2022-06-21 | 2022-06-21 | System, method and medium for password-free secure login based on blockchain and DID |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210703744.4A CN115102760A (en) | 2022-06-21 | 2022-06-21 | System, method and medium for password-free secure login based on blockchain and DID |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115102760A true CN115102760A (en) | 2022-09-23 |
Family
ID=83293403
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210703744.4A Pending CN115102760A (en) | 2022-06-21 | 2022-06-21 | System, method and medium for password-free secure login based on blockchain and DID |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115102760A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107302539A (en) * | 2014-09-01 | 2017-10-27 | 刘文印 | Method and its system that a kind of electronic identity registration and certification are logged in |
| CN109936569A (en) * | 2019-02-21 | 2019-06-25 | 领信智链(北京)科技有限公司 | A kind of decentralization digital identity login management system based on ether mill block chain |
| US20200026834A1 (en) * | 2018-07-23 | 2020-01-23 | One Kosmos Inc. | Blockchain identity safe and authentication system |
| CN112035813A (en) * | 2020-07-21 | 2020-12-04 | 杜晓楠 | Method and computer readable medium for hierarchical generation of distributed identities based on fingerprint identification in blockchains |
| CN113961893A (en) * | 2021-11-24 | 2022-01-21 | 网易(杭州)网络有限公司 | User login method and device based on block chain, electronic equipment and storage medium |
| CN114003940A (en) * | 2021-11-16 | 2022-02-01 | 上海万向区块链股份公司 | Data security sharing system based on block chain and IBE |
-
2022
- 2022-06-21 CN CN202210703744.4A patent/CN115102760A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107302539A (en) * | 2014-09-01 | 2017-10-27 | 刘文印 | Method and its system that a kind of electronic identity registration and certification are logged in |
| US20200026834A1 (en) * | 2018-07-23 | 2020-01-23 | One Kosmos Inc. | Blockchain identity safe and authentication system |
| CN109936569A (en) * | 2019-02-21 | 2019-06-25 | 领信智链(北京)科技有限公司 | A kind of decentralization digital identity login management system based on ether mill block chain |
| CN112035813A (en) * | 2020-07-21 | 2020-12-04 | 杜晓楠 | Method and computer readable medium for hierarchical generation of distributed identities based on fingerprint identification in blockchains |
| CN114003940A (en) * | 2021-11-16 | 2022-02-01 | 上海万向区块链股份公司 | Data security sharing system based on block chain and IBE |
| CN113961893A (en) * | 2021-11-24 | 2022-01-21 | 网易(杭州)网络有限公司 | User login method and device based on block chain, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6856626B2 (en) | Methods and equipment for multi-user cluster identity authentication | |
| ES2818199T3 (en) | Security verification method based on a biometric characteristic, a client terminal and a server | |
| US20190305955A1 (en) | Push notification authentication | |
| CN106888089B (en) | method and system for electronic signature and mobile communication terminal for electronic signature | |
| CN104065652B (en) | A kind of auth method, device, system and relevant device | |
| CN101507233B (en) | Method and apparatus for providing trusted single sign-on access to applications and internet-based services | |
| US20140270179A1 (en) | Method and system for key generation, backup, and migration based on trusted computing | |
| US10992481B2 (en) | Two-dimensional code generation method, apparatus, data processing method, apparatus, and server | |
| WO2021219086A1 (en) | Data transmission method and system based on blockchain | |
| US8977857B1 (en) | System and method for granting access to protected information on a remote server | |
| CN110611563A (en) | Equipment identification code distribution method and device and Internet of things equipment | |
| CN104735065A (en) | Data processing method, electronic device and server | |
| US20110213981A1 (en) | Revocation of a biometric reference template | |
| CN112653553B (en) | Internet of things equipment identity management system | |
| CN104486087A (en) | Digital signature method based on remote hardware security modules | |
| CN104994095A (en) | Equipment authentication method, clients, server and system | |
| CN111193755B (en) | Data access method, data encryption method and data encryption and access system | |
| KR102250430B1 (en) | Method for using service with one time id based on pki, and user terminal using the same | |
| CN104660417A (en) | Verification method, verification device and electronic device | |
| CN115664655A (en) | TEE credibility authentication method, device, equipment and medium | |
| CN110572392A (en) | Identity authentication method based on HyperLegger network | |
| CN114268447A (en) | File transmission method and device, electronic equipment and computer readable medium | |
| CN111914270A (en) | Programmable authentication service method and system based on block chain technology | |
| CN105391727A (en) | System login method based on mobile terminal | |
| Zhang et al. | RETRACTED ARTICLE: An identity authentication scheme based on cloud computing environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |