CN106878318B - Block chain real-time polling cloud system - Google Patents

Block chain real-time polling cloud system Download PDF

Info

Publication number
CN106878318B
CN106878318B CN201710121982.3A CN201710121982A CN106878318B CN 106878318 B CN106878318 B CN 106878318B CN 201710121982 A CN201710121982 A CN 201710121982A CN 106878318 B CN106878318 B CN 106878318B
Authority
CN
China
Prior art keywords
authentication
identity
cloud
block chain
authentication module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710121982.3A
Other languages
Chinese (zh)
Other versions
CN106878318A (en
Inventor
陆扬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai chain Mdt InfoTech Ltd
Original Assignee
Shanghai Weichain Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Weichain Information Technology Co Ltd filed Critical Shanghai Weichain Information Technology Co Ltd
Priority to CN201710121982.3A priority Critical patent/CN106878318B/en
Publication of CN106878318A publication Critical patent/CN106878318A/en
Application granted granted Critical
Publication of CN106878318B publication Critical patent/CN106878318B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/52Network services specially adapted for the location of the user terminal

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a block chain real-time polling cloud system, which comprises: the system comprises a client database, an identity authentication module, a request authentication module, a transmission module, a cloud authentication module, a base station storage system, a cloud authentication module and a base station polling exchange system; the working process is as follows: the NFC is a unique electronic tag all over the world which is guaranteed by an asymmetric encryption algorithm, and the specially designed block chain embedded NFC can carry out authentication verification on a block chain user through a common mobile phone; in addition, after the VeChain block chain network information is stored and the authenticity is verified, the mobile terminal application reads the product information which is distributed and stored in the special block chain, wherein the information can comprise all information of commodity design, production, logistics, sales and the like, so that the supply chain of a production enterprise, a distribution channel, a supervision department and a final block chain user is completely transparent.

Description

Block chain real-time polling cloud system
Technical Field
The invention relates to the technical field of anti-counterfeiting, in particular to a computing device for realizing network load and nodes by polling a cloud end in real time in a real-time adjustment mode.
Background
Currently, the commonly used anti-counterfeiting technologies comprise product unique packages, two-dimensional codes, RFID (radio frequency identification) tags and NFC (near field communication) tags, but the technologies achieve certain anti-counterfeiting in a mode of increasing counterfeiting cost, and for digital identifications such as the two-dimensional codes and the RFID/NFC tags, the digital identifications can be copied theoretically due to isolated information, and the copying cost is very low, so that the complete anti-counterfeiting cannot be achieved. In comparison, Vechain can achieve data falsification prevention and safety based on a block chain technology, so that anti-counterfeiting in a real sense is achieved. The anti-counterfeiting method based on the block chain technology comprises the following three parts: the first part is specially designed block chain embedded NFC, in the design, the NFC is not only an electronic plaintext display label but also a worldwide unique electronic label guaranteed by an asymmetric encryption algorithm, and meanwhile, for a block chain user, authentication verification can be carried out through a common mobile phone; the second part is block chain network information storage, after the authenticity is verified, the mobile terminal application reads product information which is distributively stored in a special block chain, wherein the information can comprise all information of commodity design, production, logistics, sales and the like, so that the supply chain of a production enterprise, a distribution channel, a supervision department and a final block chain user is completely transparent; the third part is a commodity management and release platform for production enterprises, and the platform can enable the production enterprises to release new products very conveniently and effectively and increase social public credibility of the production enterprises.
However, in the block chain identity authentication, as the block chain node needs to decrypt the encrypted private key before identity authentication is performed, the current identity authentication information summary needs to be added into the block chain before the identity authentication is completed, the whole network needs to be undesirably involved, and only the relevant node needs to be added into the identity authentication; and before the identity authentication is finished, the current identity authentication information abstract is added into the block and broadcasted to the whole network, all active nodes are required to be added into the process, and the identity block is added into the local cloud, so that the load of the network and the calculation amount of the nodes are reduced in the process.
The invention mainly aims to reduce the load of a network and the calculation amount of nodes in the process by adopting an intelligent method for a block chain real-time polling cloud system, and increase the off-line authentication trust degree in a superposition mode. Therefore, it can be said that this implementation is necessary.
Disclosure of Invention
In view of the above, the technical problem to be solved by the present invention is to provide a block chain real-time polling cloud system, which is used to solve the problem that the cloud cannot be polled in real time in a real-time adjustment manner to realize the load of the network and the computation of the nodes. In order to achieve the effect of the technical scheme, the technical scheme of the invention is as follows: a blockchain real-time polling cloud system, comprising: the system comprises a client database, an identity authentication module, a request authentication module, a transmission module, a cloud authentication module, a base station storage system, a cloud authentication module and a base station polling exchange system;
in a P2P network, a base station polls a switching system to receive location area and identity information of a blockchain user; according to the block chain user identification carried in the position area and the identity information, inquiring cloud authentication information corresponding to the block chain user identification of the block chain user from the block chain user cloud authentication information stored in the base station storage system;
the cloud authentication module refers to a functional component for managing authentication information; the identity authentication module refers to a functional component for verifying authentication information; the authentication request module is a functional component which sends authentication information to the cloud authentication module from the identity authentication module;
the cloud authentication module collects all block chain user cloud authentication information under each area; generating block chain user cloud authentication information according to all block chain user cloud authentication information in each area so as to reduce the calculation amount during concurrent authentication and storing the block chain user cloud authentication information to a cloud authentication module; sending the inquired cloud authentication information of the location area block chain user to the block chain user;
the specific steps of collecting the location areas and the identity information of all the blockchain users in each area are as follows: the base station polling exchange system sends authority requirements for the position areas and the identity information of all block chain users to the request authentication module at regular time;
the identity authentication module sends an identity authentication acquisition request to a block chain user in the jurisdiction of the identity authentication module; a block chain user under the identity authentication module directly returns own position area and cloud authentication information to the cloud authentication module through the transmission module; when information is returned, a mark is added according to the cloud authentication module, the two parties are prevented from being repudiated, the returned blockchain user is added to a node in the network, and meanwhile, the blockchain user needs to download a copy from the base station storage system to the client database and then starts identity authentication;
the base station storage system storage location area and the cloud authentication information include: storing the position area and the cloud authentication information in a multi-spiral structure; wherein, many helicla constructions includes: forming a single linked list by taking the identifiers of the position areas as columns, and associating each area identifier with a circular linked list, wherein the circular linked list comprises cloud authentication information belonging to block chain users, so that a complete block chain is formed;
the authentication process is divided into two parts, namely a request authentication module and a cloud authentication module, wherein the request authentication module firstly initiates a connection request to the cloud authentication module; the cloud authentication module requests the authentication module to send the identity information of the cloud authentication module;
the identity authentication starts to generate a key pair by an elliptic curve digital signature algorithm to obtain a private key, namely, a public key is calculated by the private key, and a personal identification code is calculated by the public key; carrying out elliptic curve digital signature algorithm random hashing on the private key to obtain a public key, meanwhile, the public key cannot be used for calculating the private key, calculating a personal identification code by the public key and setting the personal identification code as a bit currency address, then carrying out SHA256 hash calculation on the public key, signing and encrypting identity request information by the private key and putting the identity request information into identity chains of all block chain user cloud authentication information, wherein the identity chains are block chains formed by different block chain user identity authentication information generated by a cloud authentication module; then, the public key is subjected to Hash calculation to obtain a personal identification code added into the cloud authentication module, and the personal identification code is encoded by bases 64;
finally, the request authentication module submits an application request which comprises an identity authentication certificate and a digital signature, the request is signed by using a private key and the cloud authentication module, and the signature is used as an identification head; encrypting a certificate of the block chain user identity authentication by using a public key, and transmitting request information through a private network in a form of an identification head;
after receiving an identity authentication request of a request authentication module, a cloud authentication module firstly separates a public key from an identity chain and verifies the validity of a signature; if the authentication fails, returning a verification failure message, and ending the identity authentication; then, verifying the validity of the personal identification code, wherein the personal identification code comprises a timestamp and a checksum, and if a verification failure message is returned, the identity authentication is finished; if the verification is passed, the request authentication module returns a message reply passing the verification, meanwhile, the request authentication module sends the digital signature information of the request authentication module to the cloud authentication module by the identity of the request terminal, and broadcasts the sent abstract, including the abstract, the random number and the random number of the last authentication of the block chain user identity authentication certificate, and the node in the P2P network adds the identity authentication to the cloud authentication module through the transmission module and further adds the identity authentication to the client database in the P2P network;
the cloud authentication module verifies the identity of the request authentication module after receiving the identity verification information sent by the request authentication module, if the identity verification passes, a message reply passing the verification is returned, the verification is broadcast, and the node in the P2P network adds the block chain user name of the request authentication module into the cloud block; if the authentication node is added to the network for the first time, the authentication node needs to request other nodes of the network to download the identity authentication cloud maintained in the P2P network to the local node, even if one of the two parties of the block chain user identity authentication is not online, the above process can be carried out, and only the cloud authentication module needs to authenticate the identity authentication module when the cloud authentication module is online;
the cloud terminal authentication module intercepts data of both authentication parties in the block chain user identity authentication process, and is transparent to both authentication parties; if the illegal node wants to impersonate as an authenticated party to complete identity authentication, the content in the cloud block needs to be modified, and all the workload of all the blocks behind the block needs to be completed again;
the base station polling exchange system comprises an access entity, an authentication certificate, an authentication mechanism, an identity relying party and an identity authentication domain component;
the access entity refers to an object of the authentication request, and only the authentication is passed to allow communication with the accessed object; authentication credentials refer to digital evidence used to prove identity of the accessing entity before communicating with the accessed object; the authentication mechanism refers to a method of generating and verifying authentication credentials; identity relying party refers to the functional component whose behavior operation depends on the result of the identity authentication module, possibly an authorized component; the identity authentication domain refers to an identity authentication component in the same management authority boundary;
the base station polling exchange system is used for determining various uncertain factors in the identity authentication process of a blockchain user, and classifying trust elements of identity authentication into 3 types, namely ensuring that an authentication certificate is not leaked and recording the authentication certificate as type 1; ensuring that the authentication certificate is not forged and recording as class 2; ensuring that the authentication certificate is not hijacked, and recording the authentication certificate as type 3; the influence degree of the authentication certificate leaked, forged or hijacked by certain uncertain factors in the identity authentication process of the blockchain user in the identity authentication based process is called NOCONFIDENCE, the influence degree of the authentication certificate leaked, forged or hijacked by certain uncertain factors in the identity authentication based process of the blockchain user can be represented by NOCONFIDENCE () (x, y, z), wherein x represents 1 type trust element of the object, y represents 2 types trust element of the object, and z represents 3 types trust element, the uncertainty of the block chain user in the identity authentication based process is analyzed and assumed through several significant uncertain factors of the influence degree NOCONDENCE () of the block chain user in the identity authentication based process of the certain uncertain factors in the identity authentication based process, and then the trust value of the identity authentication is calculated, judging the credibility of the cloud identity authentication by using the safety degree and the credibility; the safety degree refers to the possibility that a key object ensures that an authentication credential is not leaked, forged or hijacked, and is represented by probability; confidence is a method used to quantitatively express trust; in the authentication mode, the security of the authentication mode can be represented by the trust between the computing system entities in a fixed identity authentication domain, and is also represented by probability; the credibility is divided into authentication certificate credibility, authentication secret credibility, digital entity credibility and physical entity credibility.
Drawings
Fig. 1 is a schematic structural diagram of a block chain real-time polling cloud system according to the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantageous effects to be solved by the present invention more clearly apparent, the present invention is described in detail below with reference to the accompanying drawings and embodiments. It should be noted that the specific embodiments described herein are only for illustrating the present invention and are not to be construed as limiting the present invention, and products that can achieve the same functions are included in the scope of the present invention. The specific method comprises the following steps:
the first embodiment is as follows: as shown in fig. 1: in practice, the base station polling switching system receives the location area and identity information of the users of the block chain; according to the block chain user identification carried in the position area and the identity information, inquiring cloud authentication information corresponding to the block chain user identification of the block chain user from the block chain user cloud authentication information stored in the base station storage system;
the cloud authentication module collects all block chain user cloud authentication information under each area; generating block chain user cloud authentication information according to all block chain user cloud authentication information in each area so as to reduce the calculation amount during concurrent authentication and storing the block chain user cloud authentication information to a cloud authentication module; sending the inquired cloud authentication information of the location area block chain user to the block chain user;
the specific steps of collecting the location areas and the identity information of all the blockchain users in each area are as follows: the base station polling exchange system sends authority requirements for the position areas and the identity information of all block chain users to the request authentication module at regular time;
the identity authentication module sends an identity authentication acquisition request to a block chain user in the jurisdiction of the identity authentication module; a block chain user under the identity authentication module directly returns own position area and cloud authentication information to the cloud authentication module through the transmission module; and when information is returned, a mark is added according to the cloud authentication module, so that the two parties are prevented from being repudiated, the returned blockchain user is added to a node in the network, and meanwhile, the blockchain user needs to download a copy from the base station storage system to the client database and then starts identity authentication.
The base station storage system storage location area and the cloud authentication information include: storing the position area and the cloud authentication information in a multi-spiral structure; wherein, many helicla constructions includes: and forming a single linked list by taking the identifiers of the position areas as columns, wherein each area identifier is also associated with a circular linked list, and the circular linked list contains cloud authentication information belonging to block chain users, so that a complete block chain is formed.
The identity authentication starts to generate a key pair by an elliptic curve digital signature algorithm to obtain a private key, namely, a public key is calculated by the private key, and a personal identification code is calculated by the public key; and (3) carrying out elliptic curve digital signature algorithm random hashing on the private key to obtain a public key, meanwhile, the public key cannot be used for calculating the private key, and the public key is used for calculating the personal identification code and is set as a bit currency address. Performing SHA256 Hash calculation on the public key; the identity request information is signed with a private key.
The authentication process is divided into two parts, namely a request authentication module and a cloud authentication module, and firstly, the request authentication module initiates a connection request to the cloud authentication module. The cloud authentication module requests the authentication module to send its identity information. In practice as shown in figure 1. Generating a key pair by using an ECDSA algorithm; generating a private key from the key pair; the private key is calculated through the ECDSA to generate a public key K2, and the public key K2 is encrypted and put into an identity chain, wherein the identity chain is a block formed by different block chain user identity authentication information generated by a cloud authentication module and is called an identity chain for short; carrying out Hash calculation on K2 to obtain a personal identification code added with a time stamp, and then coding the personal identification code with bases 64; and submitting an application request, which comprises an identity authentication certificate and a digital signature. The request is signed with the private key, which is the identification header. The public key is used to encrypt the authentication certificate, and the request information is transmitted through the private network in the form of an identification header, wherein the identification header is generated as follows. Generating a unique random number; adding a random number to the request; after receiving the identity authentication request of the request authentication module, the cloud authentication module firstly separates the public key from the identity chain and verifies the validity of the signature. If the authentication fails, returning a verification failure message, and ending the identity authentication; the validity of the personal identification code is then verified. The personal identification code includes a time stamp and a checksum. Returning a verification failure message, and finishing the identity authentication; if the verification is passed, the request authentication module will return a message reply that the verification is passed, and at the same time, the request authentication module will send its digital signature information to a with the identity of the request end, and the flow is the same as that shown in fig. 1; and according to the same principle that the bitcoin block is added into the transaction chain, broadcasting the authentication abstract, including the abstract of the user identity authentication certificate of the block chain, the random number and the random number of the last identity authentication, and adding the identity authentication into the cloud block by the node in the network so as to be added into the cloud in the network. In practice, after receiving the authentication information sent by the B, the A authenticates the identity of the B according to the sequence of the first step of the authenticator, if the authentication passes, a message reply passing the authentication is also returned, then the authentication is broadcasted, and the node in the network adds the block chain user name of the B into the cloud block. If the authentication node is added to the network for the first time, the authentication node needs to request other nodes of the network to download the authentication cloud maintained in the P2P network to the local node. The above process can be performed even if one of the two communication parties is not online, and only the other communication party needs to authenticate the requesting authenticator when the other communication party is online, and the method meets the requirement of a P2P network environment. The prevention of the network attack means that an attacker can intercept data of both authentication parties in the identity authentication process, and the data are transparent to both authentication parties so as to achieve the purpose of deceiving the system. The bit identity authentication utilizes the cloud authentication module mechanism to prevent replay attack, namely, the authentication messages sent by the two authentication parties both include the cloud authentication module close to the current moment, and the cloud authentication module of an attacker is far away from the current moment. The man-in-the-middle attack in the identity authentication means that an authenticator and an authenticatee in the middle and at both ends of two sides of an attacker authentication are respectively authenticated, so that the authenticator and the authenticatee cannot perceive the attacker in the middle. In the invention, the password is not transmitted in any form in the network, so that the password cannot be intercepted by a third person. If a lawless node wants to impersonate an authenticated party to complete identity authentication, the content in the cloud block needs to be modified, and all the workload of all the blocks behind the block needs to be completed again, which is a huge test for the computing capability of a computer and is almost impossible to realize in reality. Due to the introduction of a cloud mechanism, all nodes in the network can participate in the identity authentication process of each authentication, and the longest cloud is maintained in the network by utilizing a workload certification mechanism for preventing transaction records from being tampered with in a transaction chain so as to prevent behaviors such as authentication denial, tampering, counterfeiting and the like. The transaction of bitcoin is reliable, but there are some problems that need to be overcome and solved in theory when it is applied to identity authentication. Firstly, before one-time identity authentication is finished, both authentication parties broadcast authentication summaries to the whole network, and therefore the problem of broadcast storm can occur when a plurality of nodes perform identity authentication concurrently. In this regard, a solution proposed by bitcoin designers for denial of service attacks caused by large transaction amounts is to reduce the size of a block to change the block size from the original size without an upper limit to the size with an upper limit, which means that the transaction processing capacity of the bitcoin is only about 7 transactions per second, but the frequency of authentication in the network should be higher than the transaction frequency of the bitcoin, so that in authentication, the threshold of authentication per second should be increased while the concurrency amount of authentication is controlled, thereby controlling the broadcast amount in the network, reducing the excessive influence of the broadcast on the network, and ensuring that the concurrency amount of authentication can meet the requirements of users of the network block chain. The bit identity authentication scheme is a scheme directly compatible with a blockchain username or email and password. In the present invention, we use a password for encryption when storing the private key to prevent accidental attacks or threats. The most particular place for the bit authentication method is that the password is not passed in any way in the network under any circumstances. With this mechanism, the blockchain user can still use the blockchain username and password for authentication, but locally use the password to decrypt the private key and then sign the authentication request with the private key. The method comprises the steps that a key pair is generated based on an ECDSA algorithm and used for identity authentication digital signature, before identity authentication starts, a cloud copy needs to be downloaded to a local database by a node added into a network, and then identity authentication starts. The basic flow of bit identity authentication is described, and then the characteristics of the system of the invention are analyzed. In addition, the trust in the invention means that a certain technical means is adopted to protect the network platform from malicious operation by malicious molecules through a direct physical access means. The most straightforward way to ensure that a network platform is trustworthy is to authenticate the identity of a blockchain user logging into the system, requiring two-way authentication between the two communicating parties in the P2P network before they can communicate. The invention describes identity authentication in a formalized manner, further performs logic analysis on the security of the identity authentication, and finally calculates the reliability of the identity authentication, and an algorithm and steps in the reliability calculation system are given below. An accessing entity refers to the object of an authentication request, which allows communication with the accessed object only if the authentication is passed. Authentication credentials refer to digital evidence used by the accessing entity to prove its identity prior to communicating with the accessed object. The authentication mechanism refers to a mode method for generating and verifying the authentication certificate, and the cloud authentication module refers to a functional component for managing the authentication certificate. The identity authentication module refers to a functional component for verifying authentication credentials. Identity relying party refers to the functional component, possibly an authorized component, whose behavioral operation depends on the results of the identity authentication module. An authentication domain refers to an authentication component that is within the same administrative authority boundary. The authentication mechanism, the cloud authentication module, the identity authentication module and the access entity may affect the credibility of the identity authentication result due to the existence uncertainty of the identity authentication mechanism, the cloud authentication module, the identity authentication module and the access entity. The uncertainty of the authentication mechanism is expressed in that the authentication credential may be cracked, such as cracking of some encryption algorithms, which may cause the authentication credential to be revealed; the uncertainty of the cloud authentication module represents the management tightness, and the management uncertainty may cause the problems of the authentication certificate being leaked, forged and the like; the uncertainty of the identity authentication module is mainly reflected in whether an information system and an authentication protocol are safe and reliable, which can cause the authentication certificate to be stolen and revealed or forged; the uncertainty of the access entity refers to that the visitor is not necessarily reliable, whether the authentication credential storage is secure, etc., which would result in the authentication credential being stolen, revealed, attacked, or hijacked, etc. Based on various uncertain factors in the identity authentication process, the trust elements of the identity authentication are divided into the following 3 types, namely ensuring that the authentication voucher is not leaked and recording the authentication voucher as type 1. Ensure that the authentication voucher is not forged, and record as class 2. And ensuring that the authentication certificate is not hijacked, and recording the authentication certificate as type 3. The untrusted factor, that is, the degree of influence of what kind of uncertain factors in the key object in the identity authentication process cause the authentication credential to be revealed, forged, or hijacked, is denoted as NOCONFIDENCE, and the untrusted factor of the key object can be represented by NOCONFIDENCE () (x, Y, z), where x represents a class 1 untrusted factor of the object, Y represents a class 2 untrusted factor of the object, and z represents a class 3 untrusted factor. But a plurality of significant uncertain factors are synthesized, uncertainty of the factors is analyzed and assumed, then the trust value of the identity authentication is calculated, and the credibility of the cloud identity authentication can be basically judged by using the safety degree and the credibility. The security degree refers to the possibility that a key object guarantees that an authentication credential is not leaked, forged or hijacked, and is represented by probability. Confidence is a method used to quantitatively express trust. In the authentication mode, the security of the authentication mode can be represented by the trust degree between the computing system entities in the fixed identity authentication domain, and is also represented by probability. The credibility is divided into authentication certificate credibility, authentication secret credibility, digital entity credibility and physical entity credibility. However, the communication between the cloud and the client is affected by many uncertain factors, so that the result of the authentication service is not absolutely credible.
Example two, as shown in fig. 1: in practice, the calculation results of the identity authentication credibility analysis and calculation based on the dynamic password and the public key cryptosystem and the cloud-based identity authentication credibility analysis and calculation of the invention are compared, and the advantages of the invention in the credibility aspect are analyzed. The method comprises the following steps: setting an authentication mechanism, wherein an authentication certificate consists of a public key, an encrypted identity and a block chain user password; randomly generating a dynamic password; comparing the stored block chain user passwords; the cloud authentication module is used for allocating a block chain user identifier to the access entity; the identity authentication module is used for carrying out key verification by using a public key and a private key distributed by the elliptic curve system so as to verify the validity of the access entity; and the request authentication module encrypts the identity by using the public key. The authentication mechanism is that the authentication certificate consists of a public key, an encrypted identity and a block chain user password; the digital signature key is generated by an ECC algorithm; by verifying the validity of the digital signature and participating in certification by the nodes of the whole network; the cloud authentication module is used for storing the abstract of the identity authentication certificate and not revealing useful identity information, wherein the identity information does not exist in a certain verification server database singly but exists in all node local databases in a network in a cloud form; each node can be used as an identity authentication module and authenticated by using a digital signature authentication method; and the request authentication module is used for generating a secret key by an ECDSA algorithm, encrypting and storing the private key by a request verifier by using a password, and decrypting the private key by using the password when signing. The credibility result obtained by the method for calculating the credibility of the uncertain factor system shows that the uncertain factors comprise certain uncertain factors in key objects in the identity authentication process to cause the authentication voucher to be leaked, forged or hijacked and the like.
The present invention can be embodied in many different forms, and the technical solution of the present invention is exemplified by the accompanying drawings in which fig. 1 is taken as an example, and the present invention is explained in detail. It should be noted that the specific embodiments described herein are only for illustrating the present invention and are not to be construed as limiting the present invention, and products that can achieve the same functions are included in the scope of the present invention.
The invention has the beneficial effects that: the first part is specially designed block chain embedded NFC, in the design, the NFC is not only an electronic plaintext display label but also a worldwide unique electronic label guaranteed by an asymmetric encryption algorithm, and meanwhile, for a block chain user, authentication verification can be carried out through a common mobile phone; the second part is VeChain block chain network information storage, after the authenticity is verified, the mobile terminal application reads product information which is stored in a distributed mode in a special block chain, and the information can comprise all information of commodity design, production, logistics, sales and the like, so that the supply chain of a production enterprise, a distribution channel, a supervision department and a final block chain user is completely transparent; the third part is a commodity management and release platform for production enterprises, and the platform can enable the production enterprises to release new products very conveniently and effectively and increase social public credibility of the production enterprises. Therefore, it can be said that this implementation is necessary.

Claims (1)

1. A block chain real-time polling cloud system is characterized in that: the method comprises the following steps: the system comprises a client database, an identity authentication module, a request authentication module, a transmission module, a timestamp module, a base station storage system, a cloud authentication module and a base station polling exchange system;
in a P2P network, the bs polling the switching system receives location area and identity information of a blockchain user; inquiring cloud authentication information corresponding to the blockchain user identification of the blockchain user from information of the blockchain users stored in the base station storage system according to the identification of the blockchain user carried in the position area and the identity information, returning an inquired result to the blockchain user to obtain the cloud authentication information of the blockchain user, and simultaneously storing a copy into the client database by the base station storage system, wherein the copy comprises an inquiry process, an inquiry mode, an inquiry address and inquiry time information;
the cloud authentication module refers to a functional component for managing authentication information; the identity authentication module refers to a functional component for verifying authentication information; the request authentication module refers to a functional component which sends authentication information from the identity authentication module to the cloud authentication module;
the cloud authentication module collects cloud authentication information of all block chain users in each area managed by the base station polling switching system; generating a block chain user cloud authentication information array according to all block chain user cloud authentication information under each area managed by the base station polling switching system, so as to reduce the calculation amount during concurrent authentication, and storing the block chain user cloud authentication information array to the cloud authentication module; sending the location area inquired of the cloud authentication information of the blockchain user to the blockchain user, and informing the blockchain user that the blockchain user enters the administration range of the corresponding base station polling switching system;
the step of the cloud authentication module collecting all the cloud authentication information of the blockchain users in each area managed by the base station polling switching system specifically includes:
the base station polling switching system sends authority requirements for the position areas and the identity information of all the block chain users to a request authentication module at regular time;
the identity authentication module sends an identity authentication acquisition request to the block chain users in the jurisdiction of the identity authentication module;
the block chain user under the identity authentication module directly returns own position area and cloud authentication information to the cloud authentication module through the transmission module; when information is returned, a mark is added according to the cloud authentication module, the two parties are prevented from being repudiated, the returned block chain user is added to a node in a network, and meanwhile, the block chain user needs to download a copy from the base station storage system to the client database and then starts identity authentication;
the base station storage system storing the location area and the cloud authentication information includes: storing the location area and identity information in a multi-spiral structure; wherein the multi-helix structure comprises: forming a single linked list by taking the identifier of the position area as a column, and associating each area identifier with a circular linked list, wherein the circular linked list comprises the cloud authentication information belonging to the block chain user, so that a complete block chain is formed;
the authentication process is divided into the request authentication module and the cloud authentication module, and firstly, the request authentication module initiates a connection request to the cloud authentication module; the cloud authentication module requests the request authentication module to send the identity information of the cloud authentication module;
the identity authentication starts to generate a key pair by an elliptic curve digital signature algorithm to obtain a private key; calculating a public key by using the private key, and calculating a personal identification code by using the public key; carrying out elliptic curve digital signature algorithm random hashing on a private key to obtain a public key, meanwhile, the public key cannot be used for calculating the private key, calculating a personal identification code by the public key and setting the personal identification code as a bit currency address, then carrying out SHA256 hash calculation on the public key, signing and encrypting identity request information by the private key and putting the identity request information into an identity chain of all block chain user cloud authentication information, wherein the identity chain is a block chain formed by different block chain user identity authentication information generated by a cloud authentication module; then, a public key is subjected to Hash calculation to obtain a personal identification code added into the cloud authentication module, and the personal identification code is encoded by bases 64;
finally, the request authentication module submits an application request which comprises an identity authentication certificate and a digital signature, the cloud authentication module signs the request, and the signature is used as an identification head; encrypting the user identity authentication certificate of the block chain by using a public key, and transmitting request information in the form of the identification head through a private network;
after receiving the identity authentication request of the request authentication module, the cloud authentication module firstly separates a public key from an identity chain and verifies the validity of a signature; if the authentication fails, returning a verification failure message, and ending the identity authentication; then verifying the validity of the personal identification code, wherein the personal identification code comprises a timestamp and a checksum, and if the verification fails, the identity authentication is finished; if the verification is passed, the request authentication module returns a message reply passing the verification, meanwhile, the request authentication module sends the digital signature information of the request authentication module to the cloud authentication module by the identity of the request terminal and broadcasts the sent abstract, the sent abstract comprises the abstract of the block chain user identity authentication certificate, the random number and the random number of the last identity authentication, and the node in the P2P network adds the identity authentication to the cloud authentication module through the transmission module and further adds the identity authentication to the client database in the P2P network;
the cloud authentication module verifies the identity of the request authentication module after receiving the identity verification information sent by the request authentication module, if the identity verification passes, a message reply passing the verification is also returned, the verification is broadcast, and the node in the P2P network adds the block chain user name of the request authentication module into the cloud block; if the authentication node is added to the network for the first time, the authentication node needs to request other nodes of the network to download the identity authentication cloud maintained in the P2P network to the local node, even if one party of the two parties of the block chain user identity authentication is not online, the above process can be carried out, and only the cloud authentication module needs to authenticate the identity authentication module when the cloud authentication module is online;
the cloud terminal authentication module intercepts data of both authentication parties in the process of the identity authentication of the block chain user, and is transparent to both authentication parties; if the illegal node wants to impersonate as an authenticated party to complete identity authentication, the content in the block corresponding to the cloud end needs to be modified, and all calculation processes of all blocks behind the block are completed again;
the base station polling exchange system comprises an access entity, an authentication certificate, an authentication mechanism, an identity relying party and an identity authentication domain component;
the access entity refers to an object of the authentication request, and communication with an accessed object is allowed only if authentication is passed;
the authentication credential refers to digital evidence used for proving the identity of the accessing entity before the accessing entity communicates with the accessed object;
the authentication mechanism refers to a mode method for generating and verifying authentication certificates;
the identity relying party refers to the functional component of which the behavior operation depends on the result of the identity authentication module;
the identity authentication domain refers to an identity authentication component in the same management authority boundary;
the base station polling exchange system is used for determining various uncertain factors in the identity authentication process of the block chain user, and classifying trust elements of identity authentication into 3 types, namely ensuring that the authentication voucher is not leaked and recording the authentication voucher as 1 type; ensuring that the authentication certificate is not forged and recording the authentication certificate as class 2; ensuring that the authentication voucher is not hijacked, and recording the authentication voucher as 3 types; the influence degree of the block chain user on the leakage, forgery or hijack of the authentication certificate caused by certain uncertain factors in the identity authentication process based on the identity authentication is called NOCONFIDENCE, the influence degree of the block chain user on the leakage, forgery or hijack of the authentication certificate caused by certain uncertain factors in the identity authentication process based on the identity authentication can be represented by NOCONDENCE () (x, y, z), wherein x represents 1 class trust element of the object, y represents 2 class trust element of the object, z represents 3 class trust element, several significant uncertain factors of the influence degree NOCONDENCE of the block chain user on the leakage, forgery or hijack caused by certain uncertain factors in the identity authentication process based on the block chain user are analyzed and assumed to be uncertain of the block chain user in the identity authentication process based on the identity, then, calculating a trust value of the identity authentication, and judging the credibility of the cloud identity authentication by using the safety degree and the credibility;
the safety degree refers to the possibility that a key object guarantees that an authentication credential is not leaked, forged or hijacked, and is represented by probability; the confidence level is a method used to quantitatively represent trust; in the authentication mode, the security of the authentication mode can be represented by the trust between the computing system entities in a fixed identity authentication domain, and is also represented by probability; the credibility is divided into authentication certificate credibility, authentication secret credibility, digital entity credibility and physical entity credibility.
CN201710121982.3A 2017-03-03 2017-03-03 Block chain real-time polling cloud system Active CN106878318B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710121982.3A CN106878318B (en) 2017-03-03 2017-03-03 Block chain real-time polling cloud system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710121982.3A CN106878318B (en) 2017-03-03 2017-03-03 Block chain real-time polling cloud system

Publications (2)

Publication Number Publication Date
CN106878318A CN106878318A (en) 2017-06-20
CN106878318B true CN106878318B (en) 2020-01-07

Family

ID=59169605

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710121982.3A Active CN106878318B (en) 2017-03-03 2017-03-03 Block chain real-time polling cloud system

Country Status (1)

Country Link
CN (1) CN106878318B (en)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109218268A (en) * 2017-07-05 2019-01-15 中国银联股份有限公司 Safety data interactive system and method based on block chain structure
CN107295002B (en) * 2017-07-12 2020-06-19 联动优势科技有限公司 Cloud data storage method and server
CN107734502B (en) * 2017-09-07 2020-02-21 京信通信系统(中国)有限公司 Micro base station communication management method, system and equipment based on block chain
CN107786553B (en) * 2017-10-23 2020-09-29 江苏通付盾科技有限公司 Identity authentication method, server and system based on workload certification
CN108376336B (en) * 2018-02-11 2021-02-05 莫冰 RFID tag chip suitable for block chain application and control method thereof
CN110348847A (en) * 2018-04-04 2019-10-18 触信(厦门)智能科技有限公司 A kind of information transmitting methods based on panorama VR block chain
CN110610418B (en) * 2018-06-15 2022-05-31 中数智创科技有限公司 Transaction state query method, system, device and storage medium based on block chain
CN109087063A (en) * 2018-07-23 2018-12-25 浪潮软件股份有限公司 A kind of whole process electronization supervision and check method based on block chain
CN108900531A (en) * 2018-07-31 2018-11-27 温州市图盛科技有限公司 A kind of data confidentiality tool suitable for electric power enterprise internal network
CN109033859A (en) * 2018-08-03 2018-12-18 苏州市千尺浪信息科技服务有限公司 A kind of information security storage system based on block chain technology
KR102178583B1 (en) * 2018-11-13 2020-11-13 주식회사 싸이투코드 Contract apparatus and method of blockchain using digital contents orginal key
CN109360008B (en) * 2018-11-20 2021-08-10 吴祥富 Product anti-counterfeiting authentication updating method and system
CN109544182B (en) * 2018-11-20 2021-05-14 孟凡富 Product anti-counterfeiting verification method and system
CN109327482A (en) * 2018-12-18 2019-02-12 陕西医链区块链集团有限公司 P2P communication introduces the data transfer mode of the anti-fake and asymmetrical encryption of authentication
CN109639714B (en) * 2019-01-02 2021-06-15 浙江师范大学 Internet of things identity registration and verification method based on block chain
CN110290108B (en) * 2019-05-17 2020-10-13 深圳市网心科技有限公司 Data processing method, system and related equipment in block chain network
CN110517045B (en) * 2019-10-22 2020-02-04 百度在线网络技术(北京)有限公司 Block chain data processing method, device, equipment and storage medium
CN111553710B (en) * 2020-04-08 2022-09-02 深圳壹账通智能科技有限公司 Enterprise data processing method, device, equipment and storage medium based on block chain
CN112311779B (en) * 2020-10-22 2023-06-30 腾讯科技(深圳)有限公司 Data access control method and device applied to block chain system
CN115118465B (en) * 2022-06-13 2023-11-28 北京寰宇天穹信息技术有限公司 Cloud edge end cooperative zero trust access control method and system based on trusted label

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101411134A (en) * 2006-03-31 2009-04-15 高通股份有限公司 Memory management for high speed media access control
CN105323064A (en) * 2014-07-01 2016-02-10 柯呈翰 System and method for on-line adding of instant file dynamic label and on-line encryption
CN106372940A (en) * 2016-08-31 2017-02-01 江苏通付盾科技有限公司 Identity authentication method based on block chain network, server and terminal device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11394773B2 (en) * 2014-06-19 2022-07-19 Jim Austin Joseph Cryptographic currency block chain based voting system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101411134A (en) * 2006-03-31 2009-04-15 高通股份有限公司 Memory management for high speed media access control
CN105323064A (en) * 2014-07-01 2016-02-10 柯呈翰 System and method for on-line adding of instant file dynamic label and on-line encryption
CN106372940A (en) * 2016-08-31 2017-02-01 江苏通付盾科技有限公司 Identity authentication method based on block chain network, server and terminal device

Also Published As

Publication number Publication date
CN106878318A (en) 2017-06-20

Similar Documents

Publication Publication Date Title
CN106878318B (en) Block chain real-time polling cloud system
Lu et al. A blockchain-based privacy-preserving authentication scheme for VANETs
Abdullah et al. Blockchain based approach to enhance big data authentication in distributed environment
CN112953727B (en) Internet of things-oriented equipment anonymous identity authentication method and system
US20180270065A1 (en) Methods and systems for universal storage and access to user-owned credentials for trans-institutional digital authentication
Chuang et al. TEAM: Trust-extended authentication mechanism for vehicular ad hoc networks
CN110832519A (en) Improving integrity of communications between blockchain networks and external data sources
Zhong et al. Distributed blockchain‐based authentication and authorization protocol for smart grid
CN105553666B (en) Intelligent power terminal safety authentication system and method
JPH10336169A (en) Authenticating method, authenticating device, storage medium, authenticating server and authenticating terminal
CN104767731A (en) Identity authentication protection method of Restful mobile transaction system
Babu et al. Robust authentication protocol for dynamic charging system of electric vehicles
CN101241528A (en) Terminal access trusted PDA method and access system
CN113055363A (en) Identification analysis system implementation method based on block chain trust mechanism
Kravitz Transaction immutability and reputation traceability: Blockchain as a platform for access controlled iot and human interactivity
JP2023544529A (en) Authentication methods and systems
He et al. An accountable, privacy-preserving, and efficient authentication framework for wireless access networks
WO2008020991A2 (en) Notarized federated identity management
Xu et al. Authentication‐Based Vehicle‐to‐Vehicle Secure Communication for VANETs
Zhang et al. A Novel Privacy‐Preserving Authentication Protocol Using Bilinear Pairings for the VANET Environment
Wang et al. An Efficient Data Sharing Scheme for Privacy Protection Based on Blockchain and Edge Intelligence in 6G‐VANET
CN114091009B (en) Method for establishing safety link by using distributed identity mark
Kara et al. VoIPChain: A decentralized identity authentication in Voice over IP using Blockchain
Hussain et al. An improved authentication scheme for digital rights management system
CN107104804A (en) A kind of platform integrity verification method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information

Inventor after: Lu Yang

Inventor before: Qian Dejun

CB03 Change of inventor or designer information
TA01 Transfer of patent application right

Effective date of registration: 20170920

Address after: 200040, 4 floor, building 546, 4 Yuyuan Road, Jingan District, Shanghai

Applicant after: Shanghai chain Mdt InfoTech Ltd

Address before: 200131 Shanghai Fengxian District Shanghai free trade experimentation area, plus Road 39, 1, four, 39 parts

Applicant before: Qian Dejun

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant