CN108777675A - Electronic device, auth method and computer storage media based on block chain - Google Patents
Electronic device, auth method and computer storage media based on block chain Download PDFInfo
- Publication number
- CN108777675A CN108777675A CN201810386011.6A CN201810386011A CN108777675A CN 108777675 A CN108777675 A CN 108777675A CN 201810386011 A CN201810386011 A CN 201810386011A CN 108777675 A CN108777675 A CN 108777675A
- Authority
- CN
- China
- Prior art keywords
- information
- user identity
- authentication
- identity information
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
Abstract
The present invention discloses a kind of electronic device, auth method and computer storage media based on block chain.The present invention according to predetermined the first subscriber identity information of authentication rule pair after veritifying, determined whether to execute multifactor authentication according to predetermined judgment rule, after determining execution multifactor authentication, second user identity information is distributed to block chain network to veritify, to obtain the verification result of multifactor authentication.Compared to the prior art, the present invention can meet the diversified demand of plurality of application scenes, improve the accuracy of subscriber authentication, while preventing subscriber identity information from revealing.
Description
Technical field
The present invention relates to block chain technical field, more particularly to a kind of electronic device, the authentication side based on block chain
Method and computer storage media.
Background technology
Block chain is substantially a distributed database based on intelligent contract, and the information above block chain will be by
It is gone on P2P (Peer-to-peer, equity) network sharing to all nodes.Since block chain has anti-tamper, high transparency and goes
The advantages such as centralization, are widely used in every field in recent years.
Authentication also becomes " authentication " or " identity discriminating ", refers to true in computer and computer network system
Recognize the process of operator's identity, so that it is determined that whether the user has access and the access right to certain resource, and then makes meter
Calculation machine and the access strategy of network system can be executed reliably and efficiently, prevented attacker from palming off validated user and obtained resource
Access rights ensure the safety of system and data, and authorize the legitimate interests of visitor.
In general, the auth method of block chain is:When user is logged in by the application end of a block chain, the application end
User identity is verified by way of the user name and user password of veritifying the user.The problem of verification method, exists
In for different users, taking same verification method, the verification method is excessively single, cannot be satisfied plurality of application scenes
Diversified demand.
Invention content
The main object of the present invention is to provide a kind of electronic device, the auth method based on block chain and computer and deposits
Storage media, it is intended to solve that existing auth method is excessively single, cannot be satisfied asking for the diversified demand of plurality of application scenes
Topic.
To achieve the above object, the present invention provides a kind of electronic device, and the electronic device includes memory and processor,
The first authentication program based on block chain, the first authentication journey based on block chain are stored on the memory
Sequence realizes following steps when being executed by the processor:
Verification step:When receiving the first authentication request for carrying the first subscriber identity information, according to true in advance
Fixed authentication rule veritifies first subscriber identity information, to obtain the first verification result;
Judgment step:According to first verification result, the first subscriber identity information and the predetermined judgement of acquisition
Rule determines whether to execute multifactor authentication;
First output step:When determination does not execute multifactor authentication, first verification result is exported as user
Authentication result;Or, when determining execution multifactor authentication, second user identity information is obtained;
Finding step:According in first subscriber identity information user identity information and predetermined user identifier
Mapping relations between information and verification node identification information search the corresponding at least one verification section of the user identity information
Point;
Issuing steps:Publication carries the second authentication request of the second user identity information to block chain network,
The carrying node identification for the second user identity information veritify generation and broadcast for receiving the block chain network is believed
The feedback information of breath;
Analytical procedure:Based on predetermined first interpretation of result rule, to the veritification result in the feedback information into
Row analyzing processing, and the first analysis result is exported as the second verification result;
Second output step:According to predetermined second interpretation of result rule, second verification result is divided
Analysis is handled, and exports authentication result of second analysis result as the user.
Preferably, the predetermined judgment rule includes:
When first verification result is to be proved to be successful, believed according to the user identifier in first subscriber identity information
Breath and predetermined judgement sub-rule determine whether to execute multifactor authentication;
When determining execution multifactor authentication based on the predetermined judgement sub-rule, output judging result is to hold
Row multifactor authentication;
When not executing multifactor authentication based on the predetermined judgement sub-rule determination, output judging result is
Do not execute multifactor authentication;
When first verification result is authentication failed, output judging result is not execute multifactor authentication.
In addition, to achieve the above object, the present invention also provides a kind of electronic device, the electronic device include memory and
Processor is stored with the second authentication program based on block chain, second body based on block chain on the memory
Part proving program realizes following steps when being executed by the processor:
Receiving step:Receive the authentication request for carrying subscriber identity information;
Veritify step:The subscriber identity information is veritified to be veritified as a result, and according to it is described veritify as a result,
The feedback information for carrying node identification information is generated, and the feedback information is broadcasted to the block chain network.
Preferably, the subscriber identity information is to be carried out to user ID data using predetermined first encryption rule
The encryption subscriber identity information obtained after encryption;
The veritification step includes:
The encryption user information is decrypted according to predetermined first decryption rule, to obtain the use
Family identity information is used as subscriber identity information to be verified in plain text, the subscriber identity information to be verified include user identity information and
User identity characteristic information to be verified;
According in the subscriber identity information to be verified user identity information and predetermined user identity information with
Mapping relations between Standard User identity characteristic information search the corresponding encryption standard user identity of the user identity information
Characteristic information;
The encryption standard user identity characteristic information is decrypted according to predetermined second decryption rule,
To obtain Standard User identity characteristic information;
According to the Standard User identity characteristic information, the user identity characteristic information to be verified is veritified;
When determining that the user identity characteristic information to be verified is identical as the Standard User identity characteristic information, output
It is to veritify successfully to veritify result;
When determining the user identity characteristic information to be verified with the Standard User identity characteristic information difference, output
It is to veritify to fail to veritify result.
In addition, to achieve the above object, the present invention also provides a kind of auth method based on block chain, this method packets
Include step:
First verification step:When receiving the first authentication request for carrying the first subscriber identity information, according to pre-
First determining authentication rule veritifies first subscriber identity information, to obtain the first verification result;
Judgment step:According to first verification result, the first subscriber identity information and the predetermined judgement of acquisition
Rule determines whether to execute multifactor authentication;
First output step:When determination does not execute multifactor authentication, first verification result is exported as user
Authentication result;Or, when determining execution multifactor authentication, second user identity information is obtained;
Finding step:According in first subscriber identity information user identity information and predetermined user identifier
Mapping relations between information and verification node identification information search the corresponding at least one verification section of the user identity information
Point;
Issuing steps:Publication carries the second authentication request of the second user identity information to block chain network,
The carrying node identification for the second user identity information veritify generation and broadcast for receiving the block chain network is believed
The feedback information of breath;
Analytical procedure:Based on predetermined first interpretation of result rule, to the veritification result in the feedback information into
Row analyzing processing, and the first analysis result is exported as the second verification result;
Second output step:According to predetermined second interpretation of result rule, second verification result is divided
Analysis is handled, and exports authentication result of second analysis result as the user.
Preferably, the predetermined judgment rule includes:When first verification result is to be proved to be successful, according to
User identity information and predetermined judgement sub-rule in first subscriber identity information determine whether to execute multiple body
Part verification;
When determining execution multifactor authentication based on the predetermined judgement sub-rule, output judging result is to hold
Row multifactor authentication;
When not executing multifactor authentication based on the predetermined judgement sub-rule determination, output judging result is
Do not execute multifactor authentication;
When first verification result is authentication failed, output judging result is not execute multifactor authentication.
In addition, to achieve the above object, it is described computer-readable the present invention also provides a kind of computer readable storage medium
Storage medium is stored with the first authentication system based on block chain, and first authentication system based on block chain can
It is executed by least one processor, so that the identity based on block chain that at least one processor executes any of the above-described is tested
Card method.
In addition, to achieve the above object, it is described to be based on the present invention also provides a kind of auth method based on block chain
The auth method of block chain includes:
Receiving step:Receive the authentication request for carrying subscriber identity information;
Veritify step:The subscriber identity information is veritified to be veritified as a result, and according to it is described veritify as a result,
The feedback information for carrying node identification information is generated, and the feedback information is broadcasted to the block chain network.
Preferably, the subscriber identity information is to be carried out to user ID data using predetermined first encryption rule
The encryption subscriber identity information obtained after encryption;
The veritification step includes:
The encryption user information is decrypted according to predetermined first decryption rule, to obtain the use
Family identity information is used as subscriber identity information to be verified in plain text, the subscriber identity information to be verified include user identity information and
User identity characteristic information to be verified;
According in the subscriber identity information to be verified user identity information and predetermined user identity information with
Mapping relations between Standard User identity characteristic information search the corresponding encryption standard user identity of the user identity information
Characteristic information;
The encryption standard user identity characteristic information is decrypted according to predetermined second decryption rule,
To obtain Standard User identity characteristic information;
According to the Standard User identity characteristic information, the user identity characteristic information to be verified is veritified;
When determining that the user identity characteristic information to be verified is identical as the Standard User identity characteristic information, output
It is to veritify successfully to veritify result;
When determining the user identity characteristic information to be verified with the Standard User identity characteristic information difference, output
It is to veritify to fail to veritify result.
In addition, to achieve the above object, it is described computer-readable the present invention also provides a kind of computer readable storage medium
Storage medium is stored with the second authentication system based on block chain, and second authentication system based on block chain can
Executed by least one processor so that at least one processor execute it is as described in any one of the above embodiments based on block chain
Auth method.
The present invention according to predetermined the first subscriber identity information of authentication rule pair after veritifying, according to pre-
First determining judgment rule determines whether to execute multifactor authentication, after determining execution multifactor authentication, by second user
Identity information is distributed to block chain network and is veritified, to obtain the verification result of multifactor authentication.Compared to the prior art,
The present invention can meet the diversified demand of plurality of application scenes, improve the accuracy of subscriber authentication, while prevent user's body
Part information leakage.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
The structure shown according to these attached drawings obtains other attached drawings.
Fig. 1 is the running environment schematic diagram of the first electronic device and second electronic device of the invention;
Fig. 2 is that the present invention is based on the running environment schematic diagrames of the first authentication program first embodiment of block chain;
Fig. 3 is that the present invention is based on the Program modual graphs of the first authentication program first embodiment of block chain;
Fig. 4 is that the present invention is based on the flow diagrams of the auth method first embodiment of block chain;
Fig. 5 is that the present invention is based on the running environment schematic diagrames of the second authentication program first embodiment of block chain;
Fig. 6 is that the present invention is based on the Program modual graphs of the second authentication program first embodiment of block chain;
Fig. 7 is that the present invention is based on the flow diagrams of the auth method second embodiment of block chain.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific implementation mode
The principle and features of the present invention will be described below with reference to the accompanying drawings, and the given examples are served only to explain the present invention, and
It is non-to be used to limit the scope of the present invention.
Electronic device, the auth method based on block chain and computer storage media of the present invention are suitable for being based on block
The public good system of chain, the system include several application ends and the corresponding node device of each application end, the application end packet
Public good platform, public good subject table are included, the node device includes the corresponding public good platform nodes equipment of public good platform, public good pair
As the corresponding public good subject table node device of platform, several public good platform staff's benefits subsystems and each public good platform employee
Manage the corresponding public good platform staff's benefits node device of subsystem;It in some embodiments, should the public good system based on block chain
System further includes:Several just mechanism platforms and the corresponding just agency node equipment of each just mechanism platform.
The present invention also proposes a kind of the first authentication program based on block chain.
Fig. 1 is please referred to, Fig. 1 is the running environment schematic diagram of the first electronic device 1 and second electronic device 2 of the invention.
Referring to Fig. 2, being the running environment of 10 first embodiment of the first authentication program the present invention is based on block chain
Schematic diagram.
In the present embodiment, the first authentication program 10 based on block chain is installed and runs on the first electronic device 1
In.First electronic device 1 can be publisher node equipment, can also be the corresponding application end service of the publisher node equipment
Device can also be other electronic devices in addition to publisher node equipment, application end server, and this is not limited by the present invention.
First electronic device 1 can be the computing devices such as desktop PC, notebook, palm PC and server.It should
First electronic device 1 may include, but be not limited only to, memory 11, processor 12 and display 13.Fig. 2 is illustrated only with group
The first electronic device 1 of part 11-13, it should be understood that being not required for implementing all components shown, the reality that can be substituted
Apply more or less component.
Memory 11 can be the internal storage unit of the first electronic device 1 in some embodiments, such as first electricity
The hard disk or memory of sub-device 1.Memory 11 can also be that the external storage of the first electronic device 1 is set in further embodiments
Plug-in type hard disk that is standby, such as being equipped on the first electronic device 1, intelligent memory card (Smart Media Card, SMC), safety
Digital (Secure Digital, SD) card, flash card (Flash Card) etc..Further, memory 11 can also both include
The internal storage unit of first electronic device 1 also includes External memory equipment.Memory 11 is installed on the first electronics for storing
The application software and Various types of data of device 1, for example, the first authentication program 10 based on block chain program code etc..Storage
Device 11 can be also used for temporarily storing the data that has exported or will export.
Processor 12 can be in some embodiments a central processing unit (Central Processing Unit,
CPU), microprocessor or other data processing chips, the program code for being stored in run memory 11 or processing data, example
Such as execute the first authentication program 10.In the present embodiment, if the first electronic device 1 is publisher node, the processor
12 can be intelligent contract.
Display 13 can be in some embodiments light-emitting diode display, liquid crystal display, touch-control liquid crystal display and
OLED (Organic Light-Emitting Diode, Organic Light Emitting Diode) touches device etc..Display 13 is for being shown in
The information that is handled in first electronic device 1 and for showing visual user interface.The component 11- of first electronic device 1
13 are in communication with each other by system bus.
Referring to Fig. 3, being the program module of 10 first embodiment of the first authentication program the present invention is based on block chain
Figure.In the present embodiment, the first authentication program 10 based on block chain can be divided into one or more modules, one
Or multiple modules are stored in memory 11, and held by one or more processors (the present embodiment is by processor 12)
Row, to complete the present invention.For example, in figure 3, the first authentication program 10 based on block chain can be divided into verification mould
Block 101, judgment module 102, the first output module 103, searching module 104, release module 105, analysis module 106 and second are defeated
Go out module 107.The so-called module of the present invention is the series of computation machine program instruction section for referring to complete specific function, compares program
More suitable for describing implementation procedure of first authentication program 10 in the first electronic device 1 based on block chain, wherein:
Authentication module 101, for when receive carry the first subscriber identity information the first authentication request when, according to
Predetermined authentication rule veritifies first subscriber identity information, to obtain the first verification result.
Judgment module 102 is used for according to first verification result of acquisition, the first subscriber identity information and predefines
Judgment rule determine whether execute multifactor authentication.
First output module 103, for when determination does not execute multifactor authentication, exporting first verification result and making
For subscriber authentication result;Or, when determining execution multifactor authentication, second user identity information is obtained.
Searching module 104, for according to user identity information in first subscriber identity information and predetermined
Mapping relations between user identity information and verification node identification information, search the user identity information corresponding at least one
A verification node.
Release module 105 is used to issue the second authentication request for carrying the second user identity information to block
Chain network receives the carrying node for the second user identity information veritify generation and broadcast of the block chain network
The feedback information of identification information.
Analysis module 106, for regular based on predetermined first interpretation of result, to the veritification in the feedback information
As a result analyzing processing is carried out, and exports the first analysis result as the second verification result.
Second output module 107, for regular according to predetermined second interpretation of result, to second verification result
Analyzing processing is carried out, and exports authentication result of second analysis result as the user.
Above-mentioned first subscriber identity information is the identity information for not being related to privacy of user, even if first subscriber identity information
It is obtained by other people, the winner of this first subscriber identity information also can not know that user's is true by first subscriber identity information
Real identity.For example, the first subscriber identity information includes user identity information and the first user identity characteristic information, wherein described
User identification relevancy information includes username information, (user password information can be with U-shield, digital certificates etc. for user password information
As storage medium), dynamic code etc..
Above-mentioned predetermined authentication rule includes:
According to the user identity information in first identity information, and based on predetermined user identity information and the
Mapping relations between one Standard User identity characteristic information search the corresponding first Standard User body of the user identity information
Part characteristic information.
According to the first Standard User identity characteristic information that lookup obtains, to be tested in first identity information
The first user identity characteristic information is demonstrate,proved to be veritified;If it is identical to veritify result, it is to be proved to be successful to export the first verification result;
If it is difference to veritify result, it is authentication failed to export the first verification result.
Predetermined judgment rule is illustrated below by following two schemes:
Scheme one:
Above-mentioned predetermined judgment rule is:
When first verification result is authentication failed, determines and execute multifactor authentication;Alternatively, testing when described first
Card result is authentication failed and confirmations when continuing to execute the request of authentication for receiving user's transmission, determines the multiple body of execution
Part verification.
When first verification result is to be proved to be successful, determination does not execute multifactor authentication;Alternatively, working as described first
Verification result is when being proved to be successful, or when first verification result is authentication failed and receives the termination of user's transmission and execute
When the request of multifactor authentication, determination does not execute multifactor authentication.
The application scenarios of said program one are:When user is logged in by public good platform, public good platform is carried by user first
The user name and user password of confession are verified, if verification result is authentication failed, which may be illegal login user
Or the user forgets its user name and/or user password, misjudges in order to prevent, public good platform executes multifactor authentication to protect
Demonstrate,prove the accuracy of authentication.
Scheme two:
Above-mentioned predetermined judgment rule is:
When first verification result is to be proved to be successful, believed according to the user identifier in first subscriber identity information
Breath, and execution multifactor authentication is determined whether based on predetermined judgement sub-rule.Predetermined sentence when based on described
Disconnected sub-rule, which determines, executes multifactor authentication, then it is to execute multifactor authentication to export judging result.When based on described advance
Determining judgement sub-rule determination does not execute multifactor authentication, then it is not execute multifactor authentication to export judging result.
When first verification result is authentication failed, then it is not execute multifactor authentication to export judging result.
Wherein, above-mentioned predetermined judgement sub-rule is:
The user identity grade in the user identity information is extracted as user identity grade to be confirmed, and based on pre-
The first mapping relations between determining user identity grade and multifactor authentication, judge the user identity grade to be confirmed
Whether there are mapping relations with multifactor authentication.
If so, output judging result is to execute multifactor authentication.
If it is not, it is not execute multifactor authentication then to export judging result.
In some embodiments, multifactor authentication identifier can be also set in user identity information in advance, if one uses
There are the multifactor authentication identifiers in the user identity information at family, it is determined that multifactor authentication is executed, if the user
User identity information in be not present the multifactor authentication identifier, it is determined that do not execute multifactor authentication.
The application scenarios of said program two are:When user is logged in by public good platform, public good platform is carried by user first
The first subscriber identity information supplied is verified.If being verified, further determine that whether the user is system operatio grade
The user of high (for example, public good platform employee), due to these users often can in system private data or be non-public affairs
Opening data has processing authority, to ensure the safety of system data, needs to verify to confirm the true identity of the user
This is logged in is operated by the user really.If it is determined that the user is the high user of system operatio grade, then needs pair are judged
The user executes multifactor authentication;If it is determined that the user is not the high user of system operatio grade, then judgement need not be to this
User only needs multifactor authentication, and only needs to verify the first subscriber identity information.Due to the first user identity
Information is not to be related to the identity information of privacy of user, therefore, can be stored first subscriber identity information to each on block chain
In node, even if first subscriber identity information is stolen, the leakage of privacy of user will not be caused.
Above-mentioned second user identity information includes user identity information and second user identity characteristic information.
The second user identity characteristic information includes at least one of user biological information, identity document information.
Above-mentioned user biological information includes that finger print information, face information, iris information, voiceprint etc. are used for unique identification
The biological information of user identity.
Above-mentioned identity document information includes identification card number, passport No., employee number etc..
Mapping relations between above-mentioned user identity information and verification node identification information are storable in mapping table,
In, the authentication of a user can be completed by one or more verification node, and complete what a subscriber authentication enabled
The quantity of verification node can determine as needed, not limit herein.
Release module 105 is specifically used for:
The second user identity information is encrypted according to predetermined first encryption rule, and publication is taken
The second authentication request with encrypted second user identity information is to block chain network.Block chain network is (for example, block
Verification node in chain network) receive second authentication request after, according to predetermined first decryption rule pair plus
Second user identity information after close is decrypted to obtain the second user identity information, and to the second user identity
Information veritified to be veritified as a result, and according to it is described veritify as a result, generate carry node identification information feedback information,
And broadcast the feedback information to the block chain network.
It is above-mentioned that the second user identity information is encrypted according to predetermined first encryption rule, and send out
Cloth carries the step of the second authentication request to block chain network of encrypted second user identity information, specially:
First, the corresponding public key of the verification node is obtained.
If the verification node is one, using the corresponding public key of the verification node obtained to the second user
Identity information is encrypted, to obtain the encrypted second user identity information.
If the verification node is multiple, using the corresponding public key of each verification node obtained respectively to described the
Two subscriber identity informations are encrypted, to obtain multiple encrypted second user identity informations.
Then, the second authentication request is issued into block chain network by publisher node.
Said one verifies usually corresponding one of node (for example, public good platform staff's benefits node device) and is based on block chain
The first authentication program, should based on block chain first authentication program storage in memory, and should be based on block
First authentication program of chain can be executed by one or more processor, execute first authentication based on block chain
The processor of program may be disposed in verification node, may also set up in application end (for example, public good platform staff's benefits subsystem)
In, it can also also be independently disposed in an electronic device, if for example, the processor is set in verification node, which can
To be the corresponding intelligent contract of the verification node.
How the authentication program based on block chain is received so that the processor is set in verification node as an example below
It is illustrated with second authentication request is handled:
If the verification node is one, after which receives second authentication request, this is utilized
The encrypted second user identity information is decrypted in the corresponding private key of verification node, is used with obtaining described second
Family identity information.According to the user identity information in the second user identity information, and it is based on predetermined user identifier
Mapping relations between information and the second Standard User identity characteristic information, search the user identity information it is corresponding in advance plus
Second Standard User identity characteristic information of close storage is used in combination encrypted described in the corresponding symmetric cryptography secret key pair of the verification node
Second Standard User identity characteristic information is decrypted, to obtain the second Standard User identity characteristic information, according to lookup
The second Standard User identity characteristic information, in second identity information second user identity characteristic to be verified believe
Breath is veritified.If second user identity characteristic information to be verified is identical as the second Standard User identity characteristic information,
It is to veritify successfully that result is veritified in output.If second user identity characteristic information to be verified and the second Standard User identity characteristic
Information is different, then it is to veritify to fail to export and veritify result.It is veritified according to described as a result, generating the feedback for carrying node identification information
The feedback information of generation is distributed in block chain network by information, the verification node.
If the verification node is multiple, each node of verifying can receive multiple encrypted second user identity
Information, no matter a verification node receives how many encrypted second user identity informations, which can only decrypt to use and be somebody's turn to do
Verify the second user identity information of the corresponding public key encryption of node.Each verification node is utilizing the corresponding private key of each verification node
After the encrypted second user identity information of reception is decrypted, core is carried out to the second user identity information
It tests and the method for generating and issuing feedback information is same as mentioned above, this will not be repeated here.
Above-mentioned predetermined first interpretation of result rule is:
If it is one to verify node, when it is to veritify successfully to veritify result, determine that the first analysis result is to be proved to be successful;
When the veritification result is to veritify failure, determine that first analysis result is authentication failed;
If verification node be it is multiple, when all veritifications results are successfully, determine the first analysis result be verify at
Work(;Otherwise, it determines first analysis result is authentication failed.
Above-mentioned predetermined second interpretation of result rule is:
If the second verification result is to be proved to be successful, the second analysis result is to be proved to be successful;
If the second verification result is authentication failed or second verification result is null value, the second analysis result is to test
Card failure.
The case where causing above-mentioned second verification result to be null value is that multifactor authentication is stopped by user.
The present embodiment after being veritified according to predetermined the first subscriber identity information of authentication rule pair, according to
Predetermined judgment rule determines whether to execute multifactor authentication, after determining execution multifactor authentication, second is used
Family identity information is distributed to block chain network and is veritified, to obtain the verification result of multifactor authentication.Compared to existing skill
Art, the present embodiment can meet the diversified demand of plurality of application scenes, improve the accuracy of subscriber authentication, while prevent from using
Family identity information leakage.
The present invention also provides a kind of auth method based on block chain, this method identity suitable for block chain network
The publishing side of checking request, for example, publisher node.
In the present embodiment, the first authentication program storage based on block chain in memory, and should be based on block chain
The first authentication program can by one or more processor execute to realize the identity based on block chain in the present embodiment
Verification method, the processor for executing first authentication program based on block chain may be disposed in verification node, can also set
It is placed in application end (for example, public good platform), can also also be independently disposed in an electronic device, if for example, the processor is arranged
In publisher node, then the processor can be the corresponding intelligent contract of the publisher node.
As shown in figure 4, Fig. 4 is that the present invention is based on the flow diagrams of the auth method first embodiment of block chain.
In the present embodiment, this method includes:
Step S110, when receiving the first authentication request for carrying the first subscriber identity information, according to true in advance
Fixed authentication rule veritifies first subscriber identity information, to obtain the first verification result.
Above-mentioned first subscriber identity information is the identity information for not being related to privacy of user, even if first subscriber identity information
It is obtained by other people, the winner of this first subscriber identity information also can not know that user's is true by first subscriber identity information
Real identity.For example, the first subscriber identity information includes user identity information and the first user identity characteristic information, wherein described
User identification relevancy information includes username information, (user password information can be with U-shield, digital certificates etc. for user password information
As storage medium), dynamic code etc..
Above-mentioned predetermined authentication rule includes:
According to the user identity information in first identity information, and based on predetermined user identity information and the
Mapping relations between one Standard User identity characteristic information search the corresponding first Standard User body of the user identity information
Part characteristic information.
According to the first Standard User identity characteristic information that lookup obtains, to be tested in first identity information
The first user identity characteristic information is demonstrate,proved to be veritified;If it is identical to veritify result, it is to be proved to be successful to export the first verification result;
If it is difference to veritify result, it is authentication failed to export the first verification result.
Step S120, according to first verification result, the first subscriber identity information and the predetermined judgement of acquisition
Rule determines whether to execute multifactor authentication.
Predetermined judgment rule is illustrated by the following two kinds of programs:
Scheme one:
Above-mentioned predetermined judgment rule is:
When first verification result is authentication failed, determines and execute multifactor authentication;Alternatively, testing when described first
Card result is authentication failed and confirmations when continuing to execute the request of authentication for receiving user's transmission, determines the multiple body of execution
Part verification.
When first verification result is to be proved to be successful, determination does not execute multifactor authentication;Alternatively, working as described first
Verification result is when being proved to be successful, or when first verification result is authentication failed and receives the termination of user's transmission and execute
When the request of multifactor authentication, determination does not execute multifactor authentication.
The application scenarios of said program one are:When user is logged in by public good platform, public good platform is carried by user first
The user name and user password of confession are verified, if verification result is authentication failed, which may be illegal login user
Or the user forgets its user name and/or user password, misjudges in order to prevent, public good platform executes multifactor authentication to protect
Demonstrate,prove the accuracy of authentication.
Scheme two:
Above-mentioned predetermined judgment rule is:
When first verification result is to be proved to be successful, believed according to the user identifier in first subscriber identity information
Breath, and execution multifactor authentication is determined whether based on predetermined judgement sub-rule.Predetermined sentence when based on described
Disconnected sub-rule, which determines, executes multifactor authentication, then it is to execute multifactor authentication to export judging result.When based on described advance
Determining judgement sub-rule determination does not execute multifactor authentication, then it is not execute multifactor authentication to export judging result.
When first verification result is authentication failed, then it is not execute multifactor authentication to export judging result.
Wherein, above-mentioned predetermined judgement sub-rule is:
The user identity grade in the user identity information is extracted as user identity grade to be confirmed, and based on pre-
The first mapping relations between determining user identity grade and multifactor authentication, judge the user identity grade to be confirmed
Whether there are mapping relations with multifactor authentication.
If so, output judging result is to execute multifactor authentication.
If it is not, it is not execute multifactor authentication then to export judging result.
In some embodiments, multifactor authentication identifier can be also set in user identity information in advance, if one uses
There are the multifactor authentication identifiers in the user identity information at family, it is determined that multifactor authentication is executed, if the user
User identity information in be not present the multifactor authentication identifier, it is determined that do not execute multifactor authentication.
The application scenarios of said program two are:When user is logged in by public good platform, public good platform is carried by user first
The first subscriber identity information supplied is verified.If being verified, further determine that whether the user is system operatio grade
The user of high (for example, public good platform employee), due to these users often can in system private data or be non-public affairs
Opening data has processing authority, to ensure the safety of system data, needs to verify to confirm the true identity of the user
This is logged in is operated by the user really.If it is determined that the user is the high user of system operatio grade, then needs pair are judged
The user executes multifactor authentication;If it is determined that the user is not the high user of system operatio grade, then judgement need not be to this
User only needs multifactor authentication, and only needs to verify the first subscriber identity information.Due to the first user identity
Information is not to be related to the identity information of privacy of user, therefore, can be stored first subscriber identity information to each on block chain
In node, even if first subscriber identity information is stolen, the leakage of privacy of user will not be caused.
Step S130 exports first verification result as user identity when determination does not execute multifactor authentication
Verification result.
Step S140 obtains second user identity information when determining execution multifactor authentication.
Above-mentioned second user identity information includes user identity information and second user identity characteristic information.
The second user identity characteristic information includes at least one of user biological information, identity document information.
Above-mentioned user biological information includes that finger print information, face information, iris information, voiceprint etc. are used for unique identification
The biological information of user identity.
Above-mentioned identity document information includes identification card number, passport No., employee number etc..
Step S150, according in first subscriber identity information user identity information and predetermined user identifier
Mapping relations between information and verification node identification information search the corresponding at least one verification section of the user identity information
Point.
Mapping relations between above-mentioned user identity information and verification node identification information are storable in mapping table,
In, the authentication of a user can be completed by one or more verification node, and complete what a subscriber authentication enabled
The quantity of verification node can determine as needed, not limit herein.
Step S160, publication carry the second authentication request of the second user identity information to block chain network,
The carrying node identification for the second user identity information veritify generation and broadcast for receiving the block chain network is believed
The feedback information of breath.
Step S160 is specifically included:
The second user identity information is encrypted according to predetermined first encryption rule, and publication is taken
The second authentication request with encrypted second user identity information is to block chain network.Block chain network is (for example, block
Verification node in chain network) receive second authentication request after, according to predetermined first decryption rule pair plus
Second user identity information after close is decrypted to obtain the second user identity information, and to the second user identity
Information veritified to be veritified as a result, and according to it is described veritify as a result, generate carry node identification information feedback information,
And broadcast the feedback information to the block chain network.
It is above-mentioned that the second user identity information is encrypted according to predetermined first encryption rule, and send out
Cloth carries the step of the second authentication request to block chain network of encrypted second user identity information, specially:
First, the corresponding public key of the verification node is obtained.
If the verification node is one, using the corresponding public key of the verification node obtained to the second user
Identity information is encrypted, to obtain the encrypted second user identity information.
If the verification node is multiple, using the corresponding public key of each verification node obtained respectively to described the
Two subscriber identity informations are encrypted, to obtain multiple encrypted second user identity informations.
Then, the second authentication request is issued into block chain network by publisher node.
Said one verifies usually corresponding one of node (for example, public good platform staff's benefits node device) and is based on block chain
The first authentication program, should based on block chain first authentication program storage in memory, and should be based on block
First authentication program of chain can be executed by one or more processor, execute first authentication based on block chain
The processor of program may be disposed in verification node, may also set up in application end (for example, public good platform staff's benefits subsystem)
In, it can also also be independently disposed in an electronic device, if for example, the processor is set in verification node, which can
To be the corresponding intelligent contract of the verification node.
How the authentication program based on block chain is received so that the processor is set in verification node as an example below
It is illustrated with second authentication request is handled:
If the verification node is one, after which receives second authentication request, this is utilized
The encrypted second user identity information is decrypted in the corresponding private key of verification node, is used with obtaining described second
Family identity information;According to the user identity information in the second user identity information, and it is based on predetermined user identifier
Mapping relations between information and the second Standard User identity characteristic information, search the user identity information it is corresponding in advance plus
Second Standard User identity characteristic information of close storage is used in combination encrypted described in the corresponding symmetric cryptography secret key pair of the verification node
Second Standard User identity characteristic information is decrypted, to obtain the second Standard User identity characteristic information, according to lookup
The second Standard User identity characteristic information, in second identity information second user identity characteristic to be verified believe
Breath is veritified;If second user identity characteristic information to be verified is identical as the second Standard User identity characteristic information,
It is to veritify successfully that result is veritified in output;If second user identity characteristic information to be verified and the second Standard User identity characteristic
Information is different, then it is to veritify to fail to export and veritify result;It is veritified according to described as a result, generating the feedback for carrying node identification information
The feedback information of generation is distributed in block chain network by information, the verification node.
If the verification node is multiple, each node of verifying can receive multiple encrypted second user identity
Information, no matter a verification node receives how many encrypted second user identity informations, which can only decrypt to use and be somebody's turn to do
Verify the second user identity information of the corresponding public key encryption of node;Each verification node is utilizing the corresponding private key of each verification node
After the encrypted second user identity information of reception is decrypted, core is carried out to the second user identity information
It tests and the method for generating and issuing feedback information is same as mentioned above, this will not be repeated here.
Step S170, based on predetermined first interpretation of result rule, to the veritification result in the feedback information into
Row analyzing processing, and the first analysis result is exported as the second verification result.
Above-mentioned predetermined first interpretation of result rule is:
If it is one to verify node, when it is to veritify successfully to veritify result, determine that the first analysis result is to be proved to be successful;
When the veritification result is to veritify failure, determine that first analysis result is authentication failed;
If verification node be it is multiple, when all veritifications results are successfully, determine the first analysis result be verify at
Work(;Otherwise, it determines first analysis result is authentication failed.
Step S180 carries out at analysis second verification result according to predetermined second interpretation of result rule
Reason, and export authentication result of second analysis result as the user.
Above-mentioned predetermined second interpretation of result rule is:
If the second verification result is to be proved to be successful, the second analysis result is to be proved to be successful;
If the second verification result is authentication failed or second verification result is null value, the second analysis result is to test
Card failure.
The case where causing above-mentioned second verification result to be null value is that multifactor authentication is stopped by user.
The present embodiment after being veritified according to predetermined the first subscriber identity information of authentication rule pair, according to
Predetermined judgment rule determines whether to execute multifactor authentication, after determining execution multifactor authentication, second is used
Family identity information is distributed to block chain network and is veritified, to obtain the verification result of multifactor authentication.Compared to existing skill
Art, auth method provided in this embodiment can meet the diversified demand of plurality of application scenes, improve subscriber authentication
Accuracy, while preventing subscriber identity information from revealing.
Further, the present invention also proposes that a kind of computer readable storage medium, the computer readable storage medium are deposited
The first authentication program based on block chain is contained, first authentication program based on block chain can be at least one
Processor executes, so that at least one processor executes the authentication side based on block chain in any of the above-described embodiment
Method.
The present invention also proposes a kind of the second authentication program based on block chain.
Referring to Fig. 5, being the running environment of 20 first embodiment of the second authentication program the present invention is based on block chain
Schematic diagram.
In the present embodiment, the second authentication program 20 based on block chain is installed and runs on second electronic device 2
In.The second electronic device 2 can be verification node device, can also be the corresponding application end service of the verification node device
Device can also be other electronic devices in addition to verification node device, application end server, and this is not limited by the present invention.
Second electronic device 2 can be the computing devices such as desktop PC, notebook, palm PC and server.It should
Second electronic device 2 may include, but be not limited only to, memory 21, processor 22 and display 23.Fig. 5 is illustrated only with group
The second electronic device 2 of part 21-23, it should be understood that being not required for implementing all components shown, the reality that can be substituted
Apply more or less component.
Memory 21 can be the internal storage unit of second electronic device 2 in some embodiments, such as second electricity
The hard disk or memory of sub-device 2.Memory 21 can also be that the external storage of second electronic device 2 is set in further embodiments
Plug-in type hard disk that is standby, such as being equipped on second electronic device 2, intelligent memory card (Smart Media Card, SMC), safety
Digital (Secure Digital, SD) card, flash card (Flash Card) etc..Further, memory 21 can also both include
The internal storage unit of second electronic device 2 also includes External memory equipment.Memory 21 is installed on the second electronics for storing
The application software and Various types of data of device 2, for example, the second authentication program 20 based on block chain program code etc..Storage
Device 21 can be also used for temporarily storing the data that has exported or will export.
Processor 22 can be in some embodiments a central processing unit (Central Processing Unit,
CPU), microprocessor or other data processing chips, the program code for being stored in run memory 21 or processing data, example
Such as execute the second authentication program 20.In the present embodiment, if second electronic device 2 is verification node, the processor
22 can be intelligent contract.
Display 23 can be in some embodiments light-emitting diode display, liquid crystal display, touch-control liquid crystal display and
OLED (Organic Light-Emitting Diode, Organic Light Emitting Diode) touches device etc..Display 23 is for being shown in
The information that is handled in second electronic device 2 and for showing visual user interface.The component 21- of second electronic device 2
23 are in communication with each other by system bus.
Referring to Fig. 6, being the program module of 20 first embodiment of the second authentication program the present invention is based on block chain
Figure.In the present embodiment, the second authentication program 20 based on block chain can be divided into one or more modules, one
Or multiple modules are stored in memory 21, and held by one or more processors (the present embodiment is by processor 22)
Row, to complete the present invention.For example, in figure 6, the second authentication program 20 based on block chain can be divided into reception mould
Block 201 and veritification module 202.The so-called module of the present invention is the series of computation machine program instruction for referring to complete specific function
Section, than program more suitable for describing execution of second authentication program 20 in second electronic device 2 based on block chain
Journey, wherein:
Receiving module 201, for receiving the authentication request for carrying subscriber identity information.
Module 202 is veritified, for being veritified to the subscriber identity information to be veritified as a result, and according to the core
It tests as a result, generating the feedback information for carrying node identification information, and the feedback information is broadcasted to the block chain network.
Above-mentioned subscriber identity information includes user identity information and user identity characteristic information.
The user identity characteristic information includes at least one of user biological information, identity document information.
Above-mentioned user biological information includes that finger print information, face information, iris information, voiceprint etc. are used for unique identification
The biological information of user identity.
Above-mentioned identity document information includes identification card number, passport No., employee number etc..
Preferably, above-mentioned subscriber identity information is to be carried out to subscriber identity information using predetermined first encryption rule
The encryption subscriber identity information obtained after encryption.
Wherein, the first encryption rule includes:Subscriber identity information is encrypted using the public key of verification node.
The veritification module 202 is specifically used for:
According to predetermined first decryption rule (for example, with asymmetric encryption private key of verification node) to the encryption
User information is decrypted, described to wait for obtain the subscriber identity information in plain text as subscriber identity information to be verified
It includes user identity information and user identity characteristic information to be verified to verify subscriber identity information;
According in the subscriber identity information to be verified user identity information and predetermined user identity information with
Mapping relations between Standard User identity characteristic information search the corresponding encryption standard user identity of the user identity information
Characteristic information;
According to predetermined second decryption rule (for example, utilizing the symmetric cryptographic key of verification node) to the encryption
Standard User identity characteristic information is decrypted, to obtain Standard User identity characteristic information;
According to the Standard User identity characteristic information, the user identity characteristic information to be verified is veritified;
When determining that the user identity characteristic information to be verified is identical as the Standard User identity characteristic information, output
It is to veritify successfully to veritify result;
When determining the user identity characteristic information to be verified with the Standard User identity characteristic information difference, output
It is to veritify to fail to veritify result.
Compared to the prior art, the present embodiment meets the diversified demand of plurality of application scenes, improves subscriber authentication
Accuracy, while preventing subscriber identity information from revealing.
The present invention also provides a kind of auth method based on block chain, this method identity suitable for block chain network
The receiving terminal of checking request, for example, verification node.
In the present embodiment, the second authentication program storage based on block chain in memory, and should be based on block chain
The second authentication program can by one or more processor execute to realize the identity based on block chain in the present embodiment
Verification method, the processor for executing second authentication program based on block chain may be disposed in verification node, can also set
It is placed in application end (for example, public good platform staff's benefits subsystem), can also also be independently disposed in an electronic device, for example,
If the processor is set in verification node, which can be the corresponding intelligent contract of the verification node.
As shown in fig. 7, Fig. 7 is that the present invention is based on the flow diagrams of the auth method second embodiment of block chain.
In the present embodiment, this method includes:
Step S210 receives the authentication request for carrying subscriber identity information.
Above-mentioned subscriber identity information includes user identity information and user identity characteristic information.
The user identity characteristic information includes at least one of user biological information, identity document information.
Above-mentioned user biological information includes that finger print information, face information, iris information, voiceprint etc. are used for unique identification
The biological information of user identity.
Above-mentioned identity document information includes identification card number, passport No., employee number etc..
Preferably, above-mentioned subscriber identity information is to be carried out to subscriber identity information using predetermined first encryption rule
The encryption subscriber identity information obtained after encryption.
Wherein, the first encryption rule includes:Subscriber identity information is encrypted using the public key of verification node.
Step S220, the subscriber identity information is veritified to be veritified as a result, and according to it is described veritify as a result,
The feedback information for carrying node identification information is generated, and the feedback information is broadcasted to the block chain network.
Preferably, the step S220 includes:
According to predetermined first decryption rule (for example, with asymmetric encryption private key of verification node) to the encryption
User information is decrypted, described to wait for obtain the subscriber identity information in plain text as subscriber identity information to be verified
It includes user identity information and user identity characteristic information to be verified to verify subscriber identity information;
According in the subscriber identity information to be verified user identity information and predetermined user identity information with
Mapping relations between Standard User identity characteristic information search the corresponding encryption standard user identity of the user identity information
Characteristic information;
According to predetermined second decryption rule (for example, utilizing the symmetric cryptographic key of verification node) to the encryption
Standard User identity characteristic information is decrypted, to obtain Standard User identity characteristic information;
According to the Standard User identity characteristic information, the user identity characteristic information to be verified is veritified;
When determining that the user identity characteristic information to be verified is identical as the Standard User identity characteristic information, output
It is to veritify successfully to veritify result;
When determining the user identity characteristic information to be verified with the Standard User identity characteristic information difference, output
It is to veritify to fail to veritify result.
Compared to the prior art, the present embodiment meets the diversified demand of plurality of application scenes, improves subscriber authentication
Accuracy, while preventing subscriber identity information from revealing.
Further, the present invention also proposes that a kind of computer readable storage medium, the computer readable storage medium are deposited
The second authentication program based on block chain is contained, second authentication program based on block chain can be at least one
Processor executes, so that at least one processor executes the authentication side based on block chain in any of the above-described embodiment
Method.
The foregoing is merely the preferred embodiment of the present invention, are not intended to limit the scope of the invention, every at this
Under the inventive concept of invention, using equivalent structure transformation made by description of the invention and accompanying drawing content, or directly/use indirectly
In the scope of patent protection that other related technical areas are included in the present invention.
Claims (10)
1. a kind of electronic device, which is characterized in that the electronic device includes memory and processor, is stored on the memory
There are the first authentication program based on block chain, first authentication program based on block chain to be held by the processor
Following steps are realized when row:
Verification step:When receiving the first authentication request for carrying the first subscriber identity information, according to predetermined
Authentication rule veritifies first subscriber identity information, to obtain the first verification result;
Judgment step:According to first verification result, the first subscriber identity information and the predetermined judgment rule of acquisition
Determine whether to execute multifactor authentication;
First output step:When determination does not execute multifactor authentication, first verification result is exported as user identity
Verification result;Or, when determining execution multifactor authentication, second user identity information is obtained;
Finding step:According in first subscriber identity information user identity information and predetermined user identity information
With the mapping relations between verification node identification information, the corresponding at least one verification node of the user identity information is searched;
Issuing steps:Publication carries the second authentication request of the second user identity information to block chain network, receives
The carrying node identification information that veritification generation is carried out to the second user identity information and is broadcasted of the block chain network
Feedback information;
Analytical procedure:Based on predetermined first interpretation of result rule, the veritification result in the feedback information is divided
Analysis is handled, and exports the first analysis result as the second verification result;
Second output step:According to predetermined second interpretation of result rule, second verification result is carried out at analysis
Reason, and export authentication result of second analysis result as the user.
2. electronic device as described in claim 1, which is characterized in that the predetermined judgment rule includes:
When first verification result be proved to be successful when, according in first subscriber identity information user identity information and
Predetermined judgement sub-rule determines whether to execute multifactor authentication;
When determining execution multifactor authentication based on the predetermined judgement sub-rule, output judging result is that execution is more
Authentication again;
When not executing multifactor authentication based on the predetermined judgement sub-rule determination, output judging result is not hold
Row multifactor authentication;
When first verification result is authentication failed, output judging result is not execute multifactor authentication.
3. a kind of electronic device, which is characterized in that the electronic device includes memory and processor, is stored on the memory
There are the second authentication program based on block chain, second authentication program based on block chain to be held by the processor
Following steps are realized when row:
Receiving step:Receive the authentication request for carrying subscriber identity information;
Veritify step:The subscriber identity information is veritified to be veritified as a result, and being veritified according to described as a result, generating
The feedback information of node identification information is carried, and the feedback information is broadcasted to the block chain network.
4. electronic device as claimed in claim 3, which is characterized in that the subscriber identity information is to utilize predetermined the
The encryption subscriber identity information that one encryption rule obtains after user ID data is encrypted;
The veritification step includes:
The encryption user information is decrypted according to predetermined first decryption rule, to obtain user's body
Part information is used as subscriber identity information to be verified in plain text, and the subscriber identity information to be verified includes user identity information and to be tested
Demonstrate,prove user identity characteristic information;
According to the user identity information and predetermined user identity information and standard in the subscriber identity information to be verified
Mapping relations between user identity characteristic information search the corresponding encryption standard user identity feature of the user identity information
Information;
The encryption standard user identity characteristic information is decrypted according to predetermined second decryption rule, to obtain
Obtain Standard User identity characteristic information;
According to the Standard User identity characteristic information, the user identity characteristic information to be verified is veritified;
When determining that the user identity characteristic information to be verified is identical as the Standard User identity characteristic information, output is veritified
As a result it is to veritify successfully;
When determining the user identity characteristic information to be verified with the Standard User identity characteristic information difference, output is veritified
As a result it is to veritify failure.
5. a kind of auth method based on block chain, which is characterized in that this method includes:
First verification step:When receiving the first authentication request for carrying the first subscriber identity information, according to true in advance
Fixed authentication rule veritifies first subscriber identity information, to obtain the first verification result;
Judgment step:According to first verification result, the first subscriber identity information and the predetermined judgment rule of acquisition
Determine whether to execute multifactor authentication;
First output step:When determination does not execute multifactor authentication, first verification result is exported as user identity
Verification result;Or, when determining execution multifactor authentication, second user identity information is obtained;
Finding step:According in first subscriber identity information user identity information and predetermined user identity information
With the mapping relations between verification node identification information, the corresponding at least one verification node of the user identity information is searched;
Issuing steps:Publication carries the second authentication request of the second user identity information to block chain network, receives
The carrying node identification information that veritification generation is carried out to the second user identity information and is broadcasted of the block chain network
Feedback information;
Analytical procedure:Based on predetermined first interpretation of result rule, the veritification result in the feedback information is divided
Analysis is handled, and exports the first analysis result as the second verification result;
Second output step:According to predetermined second interpretation of result rule, second verification result is carried out at analysis
Reason, and export authentication result of second analysis result as the user.
6. the auth method as claimed in claim 5 based on block chain, which is characterized in that the predetermined judgement
Rule includes:
When first verification result be proved to be successful when, according in first subscriber identity information user identity information and
Predetermined judgement sub-rule determines whether to execute multifactor authentication;
When determining execution multifactor authentication based on the predetermined judgement sub-rule, output judging result is that execution is more
Authentication again;
When not executing multifactor authentication based on the predetermined judgement sub-rule determination, output judging result is not hold
Row multifactor authentication;
When first verification result is authentication failed, output judging result is not execute multifactor authentication.
7. a kind of auth method based on block chain, which is characterized in that the auth method packet based on block chain
It includes:
Receiving step:Receive the authentication request for carrying subscriber identity information;
Veritify step:The subscriber identity information is veritified to be veritified as a result, and being veritified according to described as a result, generating
The feedback information of node identification information is carried, and the feedback information is broadcasted to the block chain network.
8. the auth method as claimed in claim 7 based on block chain, which is characterized in that the subscriber identity information is
The encryption subscriber identity information obtained after user ID data is encrypted using predetermined first encryption rule;
The veritification step includes:
The encryption user information is decrypted according to predetermined first decryption rule, to obtain user's body
Part information is used as subscriber identity information to be verified in plain text, and the subscriber identity information to be verified includes user identity information and to be tested
Demonstrate,prove user identity characteristic information;
According to the user identity information and predetermined user identity information and standard in the subscriber identity information to be verified
Mapping relations between user identity characteristic information search the corresponding encryption standard user identity feature of the user identity information
Information;
The encryption standard user identity characteristic information is decrypted according to predetermined second decryption rule, to obtain
Obtain Standard User identity characteristic information;
According to the Standard User identity characteristic information, the user identity characteristic information to be verified is veritified;
When determining that the user identity characteristic information to be verified is identical as the Standard User identity characteristic information, output is veritified
As a result it is to veritify successfully;
When determining the user identity characteristic information to be verified with the Standard User identity characteristic information difference, output is veritified
As a result it is to veritify failure.
9. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has based on block
First authentication system of chain, first authentication system based on block chain can be executed by least one processor,
So that at least one processor executes the auth method based on block chain as described in claim 5 or 6.
10. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has based on block
Second authentication system of chain, second authentication system based on block chain can be executed by least one processor,
So that at least one processor executes the auth method based on block chain as described in claim 7 or 8.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810386011.6A CN108777675B (en) | 2018-04-26 | 2018-04-26 | Electronic device, block chain-based identity authentication method, and computer storage medium |
| PCT/CN2018/102407 WO2019205389A1 (en) | 2018-04-26 | 2018-08-27 | Electronic device, authentication method based on block chain, and program and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810386011.6A CN108777675B (en) | 2018-04-26 | 2018-04-26 | Electronic device, block chain-based identity authentication method, and computer storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108777675A true CN108777675A (en) | 2018-11-09 |
| CN108777675B CN108777675B (en) | 2020-04-14 |
Family
ID=64026779
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810386011.6A Active CN108777675B (en) | 2018-04-26 | 2018-04-26 | Electronic device, block chain-based identity authentication method, and computer storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN108777675B (en) |
| WO (1) | WO2019205389A1 (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110602114A (en) * | 2019-09-19 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Block chain-based identity authentication method and device, storage medium and electronic equipment |
| CN110727933A (en) * | 2019-09-10 | 2020-01-24 | 阿里巴巴集团控股有限公司 | Identity authentication method and device, electronic equipment and storage medium |
| CN111010367A (en) * | 2019-11-07 | 2020-04-14 | 深圳市电子商务安全证书管理有限公司 | Data storage method and device, computer equipment and storage medium |
| WO2020147292A1 (en) * | 2019-01-17 | 2020-07-23 | 平安科技(深圳)有限公司 | Blockchain-based access control method and system, management terminal and access control terminal |
| CN111859347A (en) * | 2019-08-01 | 2020-10-30 | 创新先进技术有限公司 | Identity verification method, device and equipment based on block chain |
| CN114880645A (en) * | 2022-06-07 | 2022-08-09 | 中关村科学城城市大脑股份有限公司 | Identity verification method and device based on block chain |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP6925439B2 (en) * | 2019-03-14 | 2021-08-25 | アドバンスド ニュー テクノロジーズ カンパニー リミテッド | Methods and devices for acquiring and recording tracking information on the blockchain |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050212658A1 (en) * | 2001-04-17 | 2005-09-29 | Kinsella David J | Fingerprint sensor with feature authentication |
| CN101557406A (en) * | 2009-06-01 | 2009-10-14 | 杭州华三通信技术有限公司 | User terminal authentication method, device and system thereof |
| CN102202040A (en) * | 2010-03-26 | 2011-09-28 | 联想(北京)有限公司 | Client authentication method and device |
| CN102236766A (en) * | 2011-05-10 | 2011-11-09 | 桂林电子科技大学 | Security data item level database encryption system |
| US8949951B2 (en) * | 2011-03-04 | 2015-02-03 | Red Hat, Inc. | Generating modular security delegates for applications |
| CN105005720A (en) * | 2015-06-24 | 2015-10-28 | 青岛大学 | Computer security control system |
| CN106453407A (en) * | 2016-11-23 | 2017-02-22 | 江苏通付盾科技有限公司 | Identity authentication method based on block chain, authentication server and user terminal |
| CN107079037A (en) * | 2016-09-18 | 2017-08-18 | 深圳前海达闼云端智能科技有限公司 | Identity identifying method, device, node and system based on block chain |
| CN107241329A (en) * | 2017-06-07 | 2017-10-10 | 北京奇艺世纪科技有限公司 | Account login process method and device |
| US20180060496A1 (en) * | 2016-08-23 | 2018-03-01 | BBM Health LLC | Blockchain-based mechanisms for secure health information resource exchange |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106533696B (en) * | 2016-11-18 | 2019-10-01 | 江苏通付盾科技有限公司 | Identity identifying method, certificate server and user terminal based on block chain |
| CN107276973A (en) * | 2016-12-10 | 2017-10-20 | 江苏恒为信息科技有限公司 | A kind of internet article identity mark is built and verification method |
| CN107257340B (en) * | 2017-06-19 | 2019-10-01 | 阿里巴巴集团控股有限公司 | A kind of authentication method, authentication data processing method and equipment based on block chain |
| CN107480555B (en) * | 2017-08-01 | 2020-03-13 | 中国联合网络通信集团有限公司 | Database access authority control method and device based on block chain |
-
2018
- 2018-04-26 CN CN201810386011.6A patent/CN108777675B/en active Active
- 2018-08-27 WO PCT/CN2018/102407 patent/WO2019205389A1/en active Application Filing
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050212658A1 (en) * | 2001-04-17 | 2005-09-29 | Kinsella David J | Fingerprint sensor with feature authentication |
| CN101557406A (en) * | 2009-06-01 | 2009-10-14 | 杭州华三通信技术有限公司 | User terminal authentication method, device and system thereof |
| CN102202040A (en) * | 2010-03-26 | 2011-09-28 | 联想(北京)有限公司 | Client authentication method and device |
| US8949951B2 (en) * | 2011-03-04 | 2015-02-03 | Red Hat, Inc. | Generating modular security delegates for applications |
| CN102236766A (en) * | 2011-05-10 | 2011-11-09 | 桂林电子科技大学 | Security data item level database encryption system |
| CN105005720A (en) * | 2015-06-24 | 2015-10-28 | 青岛大学 | Computer security control system |
| US20180060496A1 (en) * | 2016-08-23 | 2018-03-01 | BBM Health LLC | Blockchain-based mechanisms for secure health information resource exchange |
| CN107079037A (en) * | 2016-09-18 | 2017-08-18 | 深圳前海达闼云端智能科技有限公司 | Identity identifying method, device, node and system based on block chain |
| CN106453407A (en) * | 2016-11-23 | 2017-02-22 | 江苏通付盾科技有限公司 | Identity authentication method based on block chain, authentication server and user terminal |
| CN107241329A (en) * | 2017-06-07 | 2017-10-10 | 北京奇艺世纪科技有限公司 | Account login process method and device |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020147292A1 (en) * | 2019-01-17 | 2020-07-23 | 平安科技(深圳)有限公司 | Blockchain-based access control method and system, management terminal and access control terminal |
| CN111859347A (en) * | 2019-08-01 | 2020-10-30 | 创新先进技术有限公司 | Identity verification method, device and equipment based on block chain |
| CN110727933A (en) * | 2019-09-10 | 2020-01-24 | 阿里巴巴集团控股有限公司 | Identity authentication method and device, electronic equipment and storage medium |
| CN110602114A (en) * | 2019-09-19 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Block chain-based identity authentication method and device, storage medium and electronic equipment |
| CN111010367A (en) * | 2019-11-07 | 2020-04-14 | 深圳市电子商务安全证书管理有限公司 | Data storage method and device, computer equipment and storage medium |
| CN114880645A (en) * | 2022-06-07 | 2022-08-09 | 中关村科学城城市大脑股份有限公司 | Identity verification method and device based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2019205389A1 (en) | 2019-10-31 |
| CN108777675B (en) | 2020-04-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108777675A (en) | Electronic device, auth method and computer storage media based on block chain | |
| CN111541656B (en) | Identity authentication method and system based on converged media cloud platform | |
| US7509497B2 (en) | System and method for providing security to an application | |
| CN107948203B (en) | A kind of container login method, application server, system and storage medium | |
| CN108259438B (en) | Authentication method and device based on block chain technology | |
| US20180234464A1 (en) | Brokered authentication with risk sharing | |
| CN108900464A (en) | Electronic device, data processing method and computer storage medium based on block chain | |
| CN103259663A (en) | User unified authentication method in cloud computing environment | |
| CN105933245B (en) | Safe and trusted access method in software defined network | |
| US10270757B2 (en) | Managing exchanges of sensitive data | |
| US20230370265A1 (en) | Method, Apparatus and Device for Constructing Token for Cloud Platform Resource Access Control | |
| CN102457377A (en) | Role-based web remote authentication and authorization method and system thereof | |
| CN105430014B (en) | A kind of single-point logging method and its system | |
| JPWO2011089788A1 (en) | Confidential information leakage prevention system, confidential information leakage prevention method, and confidential information leakage prevention program | |
| CN101729541B (en) | Method and system for accessing resources of multi-service platform | |
| US10404689B2 (en) | Password security | |
| CN116980230B (en) | Information security protection method and device | |
| JP2007280393A (en) | Device and method for controlling computer login | |
| US8176533B1 (en) | Complementary client and user authentication scheme | |
| CN102571874A (en) | On-line audit method and device in distributed system | |
| CN113326535B (en) | Information verification method and device | |
| Kim et al. | Puf-based iot device authentication scheme on iot open platform | |
| CN114697132B (en) | Method, device, equipment and storage medium for intercepting repeated access request attack | |
| CN111934882B (en) | Identity authentication method and device based on block chain, electronic equipment and storage medium | |
| CN106533685B (en) | Identity authentication method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |