CN108833114A - A kind of decentralization identity authorization system and method based on block chain - Google Patents

A kind of decentralization identity authorization system and method based on block chain Download PDF

Info

Publication number
CN108833114A
CN108833114A CN201810609810.5A CN201810609810A CN108833114A CN 108833114 A CN108833114 A CN 108833114A CN 201810609810 A CN201810609810 A CN 201810609810A CN 108833114 A CN108833114 A CN 108833114A
Authority
CN
China
Prior art keywords
user
information
identity
block chain
hash
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810609810.5A
Other languages
Chinese (zh)
Inventor
阮娜
贾维嘉
杜容天
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Jiaotong University
Original Assignee
Shanghai Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Jiaotong University filed Critical Shanghai Jiaotong University
Priority to CN201810609810.5A priority Critical patent/CN108833114A/en
Publication of CN108833114A publication Critical patent/CN108833114A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0853Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0861Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Abstract

The present invention provides a kind of decentralization identity authorization systems and method based on block chain, by the way that fingerprint recognition and block chain combination are realized authentication, first, authentication is carried out based on fingerprint recognition, the accuracy of certification is improved, largely reduces it and is cracked or the risk of user's Lost Security Key;Secondly, authentication is carried out based on block chain, due to the decentralization characteristic of block chain, without creating centralization database, the risk for effectively avoiding centralization database from being even lost by data caused by force majeure factor by hacker attacks;Again, the common recognition mechanism based on block chain itself, ensure that information can not tamper, so that the correctness and consistency of information be effectively ensured;Again, block chain is the database store structure of distributed storage, i.e., each user is locally stored with block chain, it is therefore not necessary to by network transmission key, user identity and/or other confidential information, thus a possibility that effectively avoiding confidential information from being intercepted.

Description

A kind of decentralization identity authorization system and method based on block chain
Technical field
The present invention relates to field of communication technology, in particular to a kind of decentralization identity authorization system based on block chain and Method.
Background technique
Authentication is the important livelihood issues of today's society.Banking institution or government bodies either under line, also It is the on-line payment on line or social network sites, further service could be provided by requiring personal offer authentication mostly. Due to the particularity of authentication use-case itself, for confidentiality, the requirement of Accuracy and high efficiency is very high for it.Guaranteeing to use While family self information is not leaked, need to provide the user with fast and accurately authentication to complete other further clothes Business.
With the fast development of computer technology, so that replacing cumbersome testimonial material to become by technological means can Energy.More the identification authentication mode of mainstream mainly includes following three classes now:
1. the authentication based on information privacy, such authentication is current most commonly seen using static password as representative Identity Authentication Mode.Used static password when logging in is arranged in user oneself, and then the password will be stored in server On, it will be required to input password again when user logs in later, and be compared with the password on server, such as phase Together, then the identity of user is demonstrated.
2. such Identity Authentication Mode mainly includes smart card, short message password, dynamic based on the authentication for trusting object Password etc..Due to smart card, mobile phone and USB KEY etc. are often only possessed by one people of user, therefore are gathered around by verifying user The object for having these specified is able to demonstrate that the identity of user.
3. the authentication based on biological characteristic, mainly with fingerprint recognition, recognition of face is as representative.Due to fingerprint and people The uniqueness of face feature, therefore very high confidence level is brought to this kind of authentication.Its certification mode and first kind base It is identical in the authentication of information privacy, first by the biological information storage of oneself on server, need later using when The comparison of information is carried out by inputting the biological characteristic of oneself completes authentication.
Although above-mentioned three classes identity identifying method has had more mature development, above identity identifying method is still Right defective place.
For the authentication based on information privacy, which has very big in the accuracy and confidentiality of authentication Shortcoming.Although user is only it is to be understood that static password set before oneself just can be carried out login, in fact, much use Family oneself forgets Password in order to prevent, through the character string frequently with the easy conjecture such as birthday, phone number, ID card No. As password, password can notably be write on to the memory on paper slip so as to oneself, thus be very easy to generate the leakage of static password. In addition, the verifying of static password needs to be transmitted in a network, and then completes authentication, therefore in transmission process, have The leakage for leading to password may be trapped.So the authentication based on information privacy is simultaneously for from the angle of safety It is not very reliable.
For based on the Model of Identity Authentication System for trusting object, accuracy and safety are remained to a certain degree The problem of.As the object that mobile phone and this kind of only user of smart card hold, once it is only picked up there is a situation where losing People to these objects can arbitrarily log in or other operations.And it is this kind of for picture USB KEY primary by generating For the one close Identity Authentication Mode to guarantee safety, the problem of equally existing mobile phone and smart card, simultaneously as USB KEY generates random key often using clock as random number seed, once therefore the USB KEY that holds in server and user hand It cannot synchronize, then will lead to the case where user can not log in appearance.
For the authentication based on biological characteristic, accuracy first two mode compared with safety will be higher by perhaps More, biological characteristic is since the particularity of its own causes it that can not be cracked, while biological characteristic will not go out active, loses The case where losing, or being usurped by other people, therefore security level is very high, and the direction studied always now.However work as The authentication of modern biological characteristic, storage and verification mode, it is for majority of case or identical with traditional secrete key, also It is that biological information is first stored in server, the biological characteristic for then inputting user and being compared on server, To complete to log in.In this case, in transmission process data it is possible to intercepted, while server remain by Hacker attacks leads to the risk of data leak, therefore still there is certain risks for its safety.
In order to overcome the shortcomings of identity identifying method, those skilled in the art always search for the method solved.
Summary of the invention
The purpose of the present invention is to provide a kind of decentralization identity authorization systems and method based on block chain, to overcome Use the deficiency of identity identifying method in the prior art.
In order to solve the above technical problems, the present invention provides a kind of decentralization identity authorization system based on block chain, institute Stating the decentralization identity authorization system based on block chain includes:
Information acquisition unit, for obtaining the information of login user, the information of the user is effective identity certificate information And/or finger print information;
Identity creating unit for distributing a pair of public and private key for login user, and is based on the public and private key, block chain and use The effective identity certificate information and finger print information of information acquisition unit described in the typing of family carry out identity creation;Wherein, private key represents The personal identification of user, public key are used to store the block address of user information, the storage in the block address of the user information Content is user's signature (sign);
Authentication two dimensional code generation unit, for based on the user for currently logging in the information acquisition unit private key and Finger print information generates an authentication two dimensional code;
Identification authenticating unit, the authentication two dimensional code of currently logged on user for identification, to authenticate described in current log in Whether the user of information acquisition unit is user that the identity creating unit carries out identity creation.
Optionally, in the decentralization identity authorization system based on block chain, the storage user information Block address is calculated based on the public key of user and is obtained, and calculating process is as follows:
Public key progress SHA256 Hash is obtained into the first cryptographic Hash (Hash of 32 bytes1);
To the first cryptographic Hash (Hash1) the second cryptographic Hash (Hash of 20 bytes is obtained by RIPEMD-160 algorithm2);
Version number will be added the second cryptographic Hash (Hash2) 21 byte arrays of composition carry out double SHA256 Hash, it obtains Cryptographic Hash 4 bytes of head as verification and, be placed in the end of 21 byte arrays;
Base58 coding is carried out to 25 bit arrays of composition, to obtain the block address (Add of storage user information1)。
Optionally, in the decentralization identity authorization system based on block chain, the identity creating unit base It is that user distributes a pair of public and private key in elliptic curve secp256k1.
Optionally, in the decentralization identity authorization system based on block chain, the effective identity certificate letter Breath includes personal information and effective identity certificate photo on effective identity certificate, and effective identity certificate is identity card and/or passport.
Optionally, in the decentralization identity authorization system based on block chain, the effective identity certificate letter When the effective identity certificate that breath is related to is identity card, personal information includes on effective identity certificate in effective identity certificate information: Name, ID card No. and identity card validity period;Effective identity certificate photo is the scanned copy of identity card front and back sides.
Optionally, in the decentralization identity authorization system based on block chain, the identity creating unit base The effective identity certificate information and finger print information of the information acquisition unit described in the public and private key, block chain and user's typing carry out The process of identity creation is as follows:
The effective identity certificate information of information acquisition unit described in user's typing is converted into a character string (Inf), And AES encryption is carried out to the character string using the private key and obtains encrypted characters string (Inf0), the encrypted characters string storage The local of terminal where the decentralization identity authorization system based on block chain;
The effective identity certificate information of information acquisition unit described in user's typing and the finger print information merge laggard Row SHA256 Hash obtains third cryptographic Hash (Hash3), private key progress RSA signature is obtained user and signed by third cryptographic Hash Name, the user's signature are stored in the block address for storing user information in block chain.
Optionally, in the decentralization identity authorization system based on block chain, the authentication two dimensional code Private key and finger print information of the generation unit based on the user for currently logging in the information acquisition unit generate the authentication two Dimension code generating process be:
It obtains the public key for currently logging in the user of the information acquisition unit, finger print information and is stored in described based on block The local encrypted characters string of terminal where the decentralization identity authorization system of chain;
Based on the private key of currently logged on user to being stored in the decentralization identity authorization system institute based on block chain AES decryption is carried out in the local encrypted characters string of terminal, to obtain the effective identity certificate information of currently logged on user;
The effective identity certificate information and finger print information that the user of the information acquisition unit will currently be logged in merge laggard Row SHA256 Hash obtains initial Hash value (hash0);
The initial Hash value and the public key of the user currently logged in are subjected to coding generation.
Optionally, in the decentralization identity authorization system based on block chain, the identification authenticating unit is known The process of the authentication two dimensional code of other currently logged on user is as follows:
The identification authenticating unit is scanned decoding to the authentication two dimensional code of currently logged on user, to be included The effective identity certificate information of currently logged on user and the initial Hash value (hash of finger print information0) and currently logged on user public affairs Key;
Public key based on currently logged on user obtains the block address of storage user information, and obtains the storage user letter The user's signature stored in the block address of breath;
RES decryption is carried out to the information being stored on block chain based on the private key of currently logged on user, to obtain block chain On information reference cryptographic Hash (hash);
Confirm initial Hash value whether with reference cryptographic Hash (hash) unanimously, such as consistent, the then individual of currently logged on user Identity is authenticated;Conversely, then the personal identification of currently logged on user is not authenticated.
Correspondingly, the present invention also provides a kind of decentralization identity identifying method based on block chain, based on as described above The decentralization identity authorization system based on block chain, the decentralization identity identifying method based on block chain include such as Lower step:
The finger print information of information acquisition unit acquisition currently logged on user;
Authentication two dimensional code generation unit is that currently logged on user generates an authentication two dimensional code;
Identification authenticating unit identifies the authentication two dimensional code of currently logged on user, currently logs in the information with certification and obtains Take whether the user of unit is user that the identity creating unit carries out identity creation.
Optionally, in the decentralization identity identifying method based on block chain, the identification authenticating unit is known The process of the authentication two dimensional code of other currently logged on user is as follows:
The identification authenticating unit is scanned decoding to the authentication two dimensional code of currently logged on user, to be included The effective identity certificate information of currently logged on user and the initial Hash value (hash of finger print information0) and currently logged on user public affairs Key;
Public key based on currently logged on user obtains the block address of storage user information, and obtains the storage user letter The user's signature stored in the block address of breath;
RES decryption is carried out to the information being stored on block chain based on the private key of currently logged on user, to obtain block chain On information reference cryptographic Hash (hash);
Confirm initial Hash value whether with reference cryptographic Hash (hash) unanimously, such as consistent, the then individual of currently logged on user Identity is authenticated;Conversely, then the personal identification of currently logged on user is not authenticated.
It is described to be based in a kind of decentralization identity authorization system and method based on block chain provided by the present invention Fingerprint recognition and block chain combination are realized authentication by the decentralization identity identifying method of block chain, firstly, being based on fingerprint Identification carries out authentication, improves the accuracy of certification, largely reduces it and is cracked or user Lost Security Key Risk;Secondly, authentication is carried out based on block chain, due to the decentralization characteristic of block chain, without creating centralization data Library, the risk for effectively avoiding centralization database from being even lost by data caused by force majeure factor by hacker attacks;Again It is secondary, based on the common recognition mechanism of block chain itself, ensure that information can not tamper, thus be effectively ensured information correctness and Consistency;Again, block chain is the database store structure of distributed storage, i.e., each user is locally stored with block chain, It is therefore not necessary to by network transmission key, user identity and/or other confidential information, so that confidential information effectively be avoided to be blocked A possibility that cutting.
Detailed description of the invention
Fig. 1 is the schematic diagram of the decentralization identity authorization system in one embodiment of the invention based on block chain;
It is calculated based on the decentralization identity authorization system of block chain based on the public key of user in Fig. 2 one embodiment of the invention Store the process schematic of the block address of user information;
Fig. 3 is the flow chart of the decentralization identity identifying method in one embodiment of the invention based on block chain.
Specific embodiment
A kind of decentralization identity based on block chain proposed by the present invention is recognized below in conjunction with the drawings and specific embodiments Card system and method is described in further detail.According to following explanation and claims, advantages and features of the invention will more It is clear.It should be noted that attached drawing is all made of very simplified form and using non-accurate ratio, only to convenient, apparent The purpose of the ground aid illustration embodiment of the present invention.
The process of authentication mainly includes creation identity and completes two stages of authentication, and the present invention passes through multiple lists The cooperation of member is completed the two stages, specific as follows.
Referring to FIG. 1, it is a kind of schematic diagram of decentralization identity authorization system based on block chain of the invention.Such as Shown in Fig. 1, the decentralization identity authorization system based on block chain includes:Information acquisition unit, identity creating unit, body Part certification two dimensional code generation unit and identification authenticating unit, the information acquisition unit are used to obtain the information of login user, institute The information for stating user is effective identity certificate information and/or finger print information;The identity creating unit is used for as login user point With a pair of public and private key, and the effective identity certificate based on information acquisition unit described in the public and private key, block chain and user's typing Information and finger print information carry out identity creation;Wherein, private key represents the personal identification of user, and public key is for storing user information Block address, the storage content in the block address of the user information are user's signature sign;The authentication two dimensional code Generation unit is used for private key and finger print information one authentication of generation based on the user for currently logging in the information acquisition unit Two dimensional code;The authentication two dimensional code of identification authenticating unit currently logged on user for identification current logs in institute to authenticate Whether the user for stating information acquisition unit is user that the identity creating unit carries out identity creation.
In the present embodiment, it is that user distributes a pair of of public affairs that the identity creating unit, which is based on elliptic curve secp256k1, Private key (i.e. public key and private key), specific calculating process is to be based on finite field FpElliptic curve secp256k1 parameter can be with It is described in detail for being defined by hexa-atomic group of T=(p, a, b, G, n, h).
Wherein,
P=FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFC2F
=2256-232–29–28–27–26-24–1
Based on FpCurve E:y2=x3+ ax+b is defined as:
A=00000000 00,000,000 00,000,000 00,000,000 00,000,000 00,000,000 00000000 00000000
B=00000000 00,000,000 00,000,000 00,000,000 00,000,000 00,000,000 00000000 00000007
The compressed format of basic point G is,
G=02 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798
Its uncompressed form is:
G=04 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798 483ADA77 26A3C465 5DA4FBFC 0E1108A8 FD17B448
A6855419 9C47D08F FB10D4B8
The order and confactor of G be respectively:
N=FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C
D0364141
H=01
The public key and private key K of user are calculated by elliptic curve secp256k1pub,KpriLater, it needs to pass through The public key K of userpubIt goes to calculate the block address for storing user information, as shown in Fig. 2, its key step is as follows:
Public key progress SHA256 Hash is obtained into the first cryptographic Hash Hash of 32 bytes1
To the first cryptographic Hash Hash1The second cryptographic Hash Hash of 20 bytes is obtained by RIPEMD-160 algorithm2
Version number will be added the second cryptographic Hash Hash221 byte arrays of composition carry out double SHA256 Hash, obtain 4 bytes of head of cryptographic Hash are used as verification and are placed in the end of 21 byte arrays;
Base58 coding is carried out to 25 bit arrays of composition, to obtain the block address Add of storage user information1
Specifically, the identity creating unit is based on acquisition of information list described in the public and private key, block chain and user's typing The process that the effective identity certificate information and finger print information of member carry out identity creation is as follows:
The effective identity certificate information of information acquisition unit described in user's typing is converted into a character string Inf, and AES encryption is carried out to the character string using the private key and obtains encrypted characters string Inf0, the encrypted characters string is stored in institute The local of terminal where stating the decentralization identity authorization system based on block chain;
The effective identity certificate information of information acquisition unit described in user's typing and the finger print information merge laggard Row SHA256 Hash obtains third cryptographic Hash Hash3, third cryptographic Hash by the private key progress RSA signature obtain user's signature, The user's signature is stored in the block address for storing user information in block chain.
Further, the effective identity certificate information includes personal information and effective identity certificate on effective identity certificate Photo, effective identity certificate are identity card and/or passport;It is with the effective identity certificate that the effective identity certificate information is related to For identity card, at this point, personal information includes on effective identity certificate in effective identity certificate information:Name, ID card No. And identity card validity period;Effective identity certificate photo is the scanned copy of identity card front and back sides.
In the present embodiment, the authentication two dimensional code generation unit is based on the use for currently logging in the information acquisition unit The generating process that the private key and finger print information at family generate the authentication two dimensional code is:
It obtains the public key for currently logging in the user of the information acquisition unit, finger print information and is stored in described based on block The local encrypted characters string of terminal where the decentralization identity authorization system of chain;
Based on the private key of currently logged on user to being stored in the decentralization identity authorization system institute based on block chain AES decryption is carried out in the local encrypted characters string of terminal, to obtain the effective identity certificate information of currently logged on user;
The effective identity certificate information and finger print information that the user of the information acquisition unit will currently be logged in merge laggard Row SHA256 Hash obtains initial Hash value hash0
The initial Hash value and the public key of the user currently logged in are subjected to coding generation.
Corresponding, the process of the authentication two dimensional code of the identification authenticating unit identification currently logged on user is as follows:
The identification authenticating unit is scanned decoding to the authentication two dimensional code of currently logged on user, to be included The effective identity certificate information of currently logged on user and the initial Hash value (hash of finger print information0) and currently logged on user public affairs Key;
Public key based on currently logged on user obtains the block address of storage user information, and obtains the storage user letter The user's signature stored in the block address of breath;Wherein, the public key based on currently logged on user obtains the area of storage user information The method when calculation method of block address is initialized with creation identity is identical, with specific reference to Fig. 2.
RES decryption is carried out to the information being stored on block chain based on the private key of currently logged on user, to obtain block chain On information reference cryptographic Hash hash;
Confirm whether initial Hash value is consistent with reference cryptographic Hash hash, such as consistent, then currently logged on user's is a personal Part is authenticated;Conversely, then the personal identification of currently logged on user is not authenticated.
The principle of authentication:The public key for being able to use user is decrypted to obtain hash, illustrates a kind of based on block chain Decentralization identity authorization system where terminal device exactly carry out at that time registration creation identity terminal device, and due to Initial Hash value is identical as with reference to cryptographic Hash hash, illustrates that finger print information is consistent, also turns out currently logged on user and exactly holds The certificate and the user for possessing the fingerprint, the personal identification of user also result in certification.
In another embodiment, the present invention also additionally provides a kind of decentralization identity identifying method based on block chain, It is described based on the decentralization identity identifying method of block chain based on a kind of above-mentioned decentralization authentication based on block chain System.The decentralization authentication side described in the present embodiment based on block chain is described in detail below with reference to Fig. 1, Fig. 2 and Fig. 3 Method.
Firstly, executing step S1, information acquisition unit obtains the finger print information of currently logged on user;
Then, step S2 is executed, authentication two dimensional code generation unit is that currently logged on user generates an authentication two Tie up code;
Then, step S3 is executed, identification authenticating unit identifies the authentication two dimensional code of currently logged on user, works as with certification Whether the preceding user for logging in the information acquisition unit is user that the identity creating unit carries out identity creation.
In S3, the process of the authentication two dimensional code of the identification authenticating unit identification currently logged on user is as follows:
The identification authenticating unit is scanned decoding to the authentication two dimensional code of currently logged on user, to be included The effective identity certificate information of currently logged on user and the initial Hash value (hash of finger print information0) and currently logged on user public affairs Key;
Public key based on currently logged on user obtains the block address of storage user information, and obtains the storage user letter The user's signature stored in the block address of breath;
RES decryption is carried out to the information being stored on block chain based on the private key of currently logged on user, to obtain block chain On information reference cryptographic Hash (hash);
Confirm initial Hash value whether with reference cryptographic Hash (hash) unanimously, such as consistent, the then individual of currently logged on user Identity is authenticated;Conversely, then the personal identification of currently logged on user is not authenticated.
For the method disclosed in the embodiment, as corresponding with structure disclosed in embodiment, so the comparison of description Simply, related place illustrates referring to structure division.
To sum up, the decentralization identity authorization system and method provided by the present invention based on block chain the advantages of such as Under:
1) accuracy.The Model of Identity Authentication System use of decentralization identity identifying method based on block chain of the invention refers to Line identification is used as unique identity identifier, greatly improves the accuracy of authentication.Fingerprint is held as user itself Some biological informations, have high certification accuracy and safety, biologically for, fingerprint is by h and E Collective effect and generate, identical probability is 1/15000000000th, therefore the confidentiality of fingerprint is high.Simultaneously because The instant Portability of fingerprint, so that it needs user's memory that can use unlike many traditional static keys, this level For upper, the convenience that user carries out authentication is considerably increased.
2) reliability.The presence of block chain storage organization, eliminates the needs of centralization storage system, largely protects The reliability of user data is hindered.Traditional centralization storage, it is easy to caused data to be lost by the invasion from hacker, and Since the personal information of many users is often stored in data center with plaintext version, what userspersonal information was lost Risk can be described as huge.By the distributed storage of block chain itself, block chain can not merely carry out directive property Attack, simultaneously because what is stored on block chain is the ciphertext of user information and fingerprint after Hash and signature, so even The ciphertext is obtained, hacker is also unable to get any content being of practical significance, thus protects the safety of userspersonal information.
It 3) can not tamper.Block chain itself has common recognition mechanism (PoW), and to the effect that, information needs are known together, That is correct information will be that identical information is locally stored in each user, be stored in certainly so even having modified Also there is no any use for block information in own equipment, approved because the information in other equipment is not modified Information is still the information that do not modified originally.For from this degree, the presence of block chain common recognition mechanism, almost Avoid a possibility that hackers intrusion system makes entire Verification System paralyse.Unique loophole may is that, once hacker The equipment more than 51% can be invaded and modified to its content, a possibility that whole system will appear paralysis, however it is true On, it is such a possibility that there's almost no it is black because the equipment of user itself is not the equipment with pointing clearly to property There is no methods to know which needs to invade by visitor, which does not need to invade, and invades so more equipment itself and unrealistic 's.
4) safety.The safety of this Model of Identity Authentication System is mainly reflected in, without any confidential information network transmission It needs, therefore completely avoids a possibility that information is by network interceptor.If above-mentioned model describes, in all steps, do not appoint The transmission of what userspersonal information or finger print information, unique content for carrying out network transmission, is exactly the block address of user, Namely user prepares to start to carry out to be transmitted to identification authenticating unit when authentication.And the block address, only The ciphertext of userspersonal information and finger print information after Hash and signature can be obtained, Hash itself is irreversible, therefore should Information does not have any practical significance for interceptor.For traditional fingerprint recognition model, the advantage of this respect is It is huge, due to the fact that, finger print information is completed to refer to owner's mobile phone using with money once being intercepted with imitated prosthese fingerprint Line equipment cracks, and whole need to be less than 20 minutes.
Foregoing description is only the description to present pre-ferred embodiments, not to any restriction of the scope of the invention, this hair Any change, the modification that the those of ordinary skill in bright field does according to the disclosure above content, belong to the protection of claims Range.

Claims (10)

1. a kind of decentralization identity authorization system based on block chain, which is characterized in that including:
Information acquisition unit, for obtaining the information of login user, the information of the user be effective identity certificate information and/or Finger print information;
Identity creating unit, for distributing a pair of public and private key for login user, and based on the public and private key, block chain and user's record The effective identity certificate information and finger print information for entering the information acquisition unit carry out identity creation;Wherein, private key represents user Personal identification, public key is used to store the block address of user information, the storage content in the block address of the user information For user's signature (sign);
Authentication two dimensional code generation unit, for private key and fingerprint based on the user for currently logging in the information acquisition unit Information generates an authentication two dimensional code;
Identification authenticating unit, the authentication two dimensional code of currently logged on user, currently logs in the information with certification for identification Whether the user of acquiring unit is user that the identity creating unit carries out identity creation.
2. as described in claim 1 based on the decentralization identity authorization system of block chain, which is characterized in that the storage is used The block address of family information is calculated based on the public key of user and is obtained, and calculating process is as follows:
Public key progress SHA256 Hash is obtained into the first cryptographic Hash (Hash of 32 bytes1);
To the first cryptographic Hash (Hash1) the second cryptographic Hash (Hash of 20 bytes is obtained by RIPEMD-160 algorithm2);
Version number will be added the second cryptographic Hash (Hash2) 21 byte arrays of composition carry out double SHA256 Hash, obtained Hash 4 bytes of head of value are used as verification and are placed in the end of 21 byte arrays;
Base58 coding is carried out to 25 bit arrays of composition, to obtain the block address (Add of storage user information1)。
3. as described in claim 1 based on the decentralization identity authorization system of block chain, which is characterized in that the identity wound Building unit and being based on elliptic curve secp256k1 is that user distributes a pair of public and private key.
4. as described in claim 1 based on the decentralization identity authorization system of block chain, which is characterized in that effective body Part certificate information include on effective identity certificate personal information and effective identity certificate photo, effective identity certificate be identity card And/or passport.
5. as claimed in claim 4 based on the decentralization identity authorization system of block chain, which is characterized in that effective body When the effective identity certificate that part certificate information is related to is identity card, personal letter on effective identity certificate in effective identity certificate information Breath includes:Name, ID card No. and identity card validity period;Effective identity certificate photo is the scanned copy of identity card front and back sides.
6. as described in claim 1 based on the decentralization identity authorization system of block chain, which is characterized in that the identity wound Build effective identity certificate information and fingerprint of the unit based on information acquisition unit described in the public and private key, block chain and user's typing The process that information carries out identity creation is as follows:
The effective identity certificate information of information acquisition unit described in user's typing is converted into a character string (Inf), and makes AES encryption is carried out to the character string with the private key and obtains encrypted characters string (Inf0), the encrypted characters string is stored in institute The local of terminal where stating the decentralization identity authorization system based on block chain;
The effective identity certificate information of information acquisition unit described in user's typing and the finger print information carry out after merging SHA256 Hash obtains third cryptographic Hash (Hash3), private key progress RSA signature is obtained user's signature by third cryptographic Hash, The user's signature is stored in the block address for storing user information in block chain.
7. as described in claim 1 based on the decentralization identity authorization system of block chain, which is characterized in that the identity is recognized It demonstrate,proves private key and finger print information of the two dimensional code generation unit based on the user for currently logging in the information acquisition unit and generates the body Part certification two dimensional code generating process be:
It obtains the public key for currently logging in the user of the information acquisition unit, finger print information and is stored in described based on block chain The local encrypted characters string of terminal where decentralization identity authorization system;
It is whole to the decentralization identity authorization system place based on block chain is stored in based on the private key of currently logged on user The local encrypted characters string at end carries out AES decryption, to obtain the effective identity certificate information of currently logged on user;
The effective identity certificate information and finger print information that the user of the information acquisition unit will currently be logged in carry out after merging SHA256 Hash obtains initial Hash value (hash0);
The initial Hash value and the public key of the user currently logged in are subjected to coding generation.
8. as described in claim 1 based on the decentralization identity authorization system of block chain, which is characterized in that the identity is recognized The process for demonstrate,proving the authentication two dimensional code of unit identification currently logged on user is as follows:
The identification authenticating unit is scanned decoding to the authentication two dimensional code of currently logged on user, to obtain comprising current The public key of initial Hash value (hash0) and currently logged on user of the effective identity certificate information and finger print information of login user;
Public key based on currently logged on user obtains the block address of storage user information, and obtains the storage user information The user's signature stored in block address;
RES decryption is carried out to the information being stored on block chain based on the private key of currently logged on user, to obtain on block chain The reference cryptographic Hash (hash) of information;
Confirm initial Hash value whether with reference cryptographic Hash (hash) unanimously, such as consistent, the then personal identification of currently logged on user It is authenticated;Conversely, then the personal identification of currently logged on user is not authenticated.
9. a kind of decentralization identity identifying method based on block chain, which is characterized in that be based on base as described in claim 1 In the decentralization identity authorization system of block chain, the decentralization identity identifying method based on block chain includes following step Suddenly:
The finger print information of information acquisition unit acquisition currently logged on user;
Authentication two dimensional code generation unit is that currently logged on user generates an authentication two dimensional code;
Identification authenticating unit identifies the authentication two dimensional code of currently logged on user, currently logs in the acquisition of information list with certification Whether the user of member is user that the identity creating unit carries out identity creation.
10. as claimed in claim 9 based on the decentralization identity identifying method of block chain, which is characterized in that the identity Authentication unit identifies that the process of the authentication two dimensional code of currently logged on user is as follows:
The identification authenticating unit is scanned decoding to the authentication two dimensional code of currently logged on user, to obtain comprising current The effective identity certificate information of login user and the initial Hash value (hash of finger print information0) and currently logged on user public key;
Public key based on currently logged on user obtains the block address of storage user information, and obtains the storage user information The user's signature stored in block address;
RES decryption is carried out to the information being stored on block chain based on the private key of currently logged on user, to obtain on block chain The reference cryptographic Hash (hash) of information;
Confirm initial Hash value whether with reference cryptographic Hash (hash) unanimously, such as consistent, the then personal identification of currently logged on user It is authenticated;Conversely, then the personal identification of currently logged on user is not authenticated.
CN201810609810.5A 2018-06-13 2018-06-13 A kind of decentralization identity authorization system and method based on block chain Pending CN108833114A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810609810.5A CN108833114A (en) 2018-06-13 2018-06-13 A kind of decentralization identity authorization system and method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810609810.5A CN108833114A (en) 2018-06-13 2018-06-13 A kind of decentralization identity authorization system and method based on block chain

Publications (1)

Publication Number Publication Date
CN108833114A true CN108833114A (en) 2018-11-16

Family

ID=64141506

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810609810.5A Pending CN108833114A (en) 2018-06-13 2018-06-13 A kind of decentralization identity authorization system and method based on block chain

Country Status (1)

Country Link
CN (1) CN108833114A (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109743167A (en) * 2019-01-07 2019-05-10 殷鹏 The safe identification authentication method of big data based on block chain
CN109783447A (en) * 2019-01-23 2019-05-21 北京邮电大学 Electronics license deposits card method, acquisition methods, device, system and electronic equipment
CN109889479A (en) * 2018-12-21 2019-06-14 中链科技有限公司 User identity based on block chain deposits card, verification method and device and verification system
CN109981297A (en) * 2019-04-11 2019-07-05 百度在线网络技术(北京)有限公司 Block chain processing method, device, equipment and storage medium
CN110046482A (en) * 2018-12-25 2019-07-23 阿里巴巴集团控股有限公司 Identity verification method and its system
CN110517045A (en) * 2019-10-22 2019-11-29 百度在线网络技术(北京)有限公司 Block chain data processing method, device, equipment and storage medium
WO2019228555A3 (en) * 2019-07-02 2020-04-30 Alibaba Group Holding Limited System and method for blockchain-based notification
US10700851B2 (en) 2019-07-02 2020-06-30 Alibaba Group Holding Limited System and method for implementing a resolver service for decentralized identifiers
CN111371808A (en) * 2020-03-26 2020-07-03 国金公用通链(海南)信息科技有限公司 Universal block chain identity recognition technology
US10728042B2 (en) 2019-07-02 2020-07-28 Alibaba Group Holding Limited System and method for blockchain-based cross-entity authentication
CN111541713A (en) * 2020-05-08 2020-08-14 国网电子商务有限公司 Identity authentication method and device based on block chain and user signature
US10756885B2 (en) 2019-07-02 2020-08-25 Alibaba Group Holding Limited System and method for blockchain-based cross entity authentication
CN111724163A (en) * 2020-06-17 2020-09-29 北京好扑信息科技有限公司 Simple account system based on block chain and establishing method thereof
US10938569B2 (en) 2019-07-02 2021-03-02 Advanced New Technologies Co., Ltd. System and method for verifying verifiable claims
US10938562B2 (en) 2019-07-02 2021-03-02 Advanced New Technologies Co., Ltd. System and method for creating decentralized identifiers
CN112491914A (en) * 2020-12-04 2021-03-12 山西特信环宇信息技术有限公司 Block chain bidirectional authentication method, communication method and system
WO2021139605A1 (en) * 2020-01-09 2021-07-15 Alipay Labs (singapore) Pte. Ltd. Methods and devices for providing decentralized identity verification
CN113221159A (en) * 2021-04-19 2021-08-06 湖北邮电规划设计有限公司 Epidemic situation reporting system based on block chain
CN109889479B (en) * 2018-12-21 2022-07-26 中积教育科技有限公司 Block chain-based user identity verification method and device and checking system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106779736A (en) * 2016-11-30 2017-05-31 电子科技大学 Block chain technical certification method based on biological characteristic
CN107257336A (en) * 2017-06-15 2017-10-17 北京汇通金财信息科技有限公司 A kind of user authen method and system
KR101812969B1 (en) * 2017-11-06 2018-01-31 주식회사 올아이티탑 System for dealing a digital currency with block chain with preventing security and hacking
CN107786547A (en) * 2017-09-30 2018-03-09 厦门快商通信息技术有限公司 A kind of auth method based on block chain, device and computer-readable recording medium
CN108055253A (en) * 2017-12-06 2018-05-18 珠海格力电器股份有限公司 A kind of software login validation method, apparatus and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106779736A (en) * 2016-11-30 2017-05-31 电子科技大学 Block chain technical certification method based on biological characteristic
CN107257336A (en) * 2017-06-15 2017-10-17 北京汇通金财信息科技有限公司 A kind of user authen method and system
CN107786547A (en) * 2017-09-30 2018-03-09 厦门快商通信息技术有限公司 A kind of auth method based on block chain, device and computer-readable recording medium
KR101812969B1 (en) * 2017-11-06 2018-01-31 주식회사 올아이티탑 System for dealing a digital currency with block chain with preventing security and hacking
CN108055253A (en) * 2017-12-06 2018-05-18 珠海格力电器股份有限公司 A kind of software login validation method, apparatus and system

Cited By (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109889479A (en) * 2018-12-21 2019-06-14 中链科技有限公司 User identity based on block chain deposits card, verification method and device and verification system
CN109889479B (en) * 2018-12-21 2022-07-26 中积教育科技有限公司 Block chain-based user identity verification method and device and checking system
CN110046482A (en) * 2018-12-25 2019-07-23 阿里巴巴集团控股有限公司 Identity verification method and its system
CN109743167A (en) * 2019-01-07 2019-05-10 殷鹏 The safe identification authentication method of big data based on block chain
CN109783447A (en) * 2019-01-23 2019-05-21 北京邮电大学 Electronics license deposits card method, acquisition methods, device, system and electronic equipment
CN109981297A (en) * 2019-04-11 2019-07-05 百度在线网络技术(北京)有限公司 Block chain processing method, device, equipment and storage medium
CN109981297B (en) * 2019-04-11 2022-06-28 百度在线网络技术(北京)有限公司 Block chain processing method, device, equipment and storage medium
US10924284B2 (en) 2019-07-02 2021-02-16 Advanced New Technologies Co., Ltd. System and method for decentralized-identifier authentication
US10938569B2 (en) 2019-07-02 2021-03-02 Advanced New Technologies Co., Ltd. System and method for verifying verifiable claims
US11277268B2 (en) 2019-07-02 2022-03-15 Advanced New Technologies Co., Ltd. System and method for verifying verifiable claims
US10708060B2 (en) 2019-07-02 2020-07-07 Alibaba Group Holding Limited System and method for blockchain-based notification
US10728042B2 (en) 2019-07-02 2020-07-28 Alibaba Group Holding Limited System and method for blockchain-based cross-entity authentication
US11171789B2 (en) 2019-07-02 2021-11-09 Advanced New Technologies Co., Ltd. System and method for implementing a resolver service for decentralized identifiers
US10756885B2 (en) 2019-07-02 2020-08-25 Alibaba Group Holding Limited System and method for blockchain-based cross entity authentication
US10700851B2 (en) 2019-07-02 2020-06-30 Alibaba Group Holding Limited System and method for implementing a resolver service for decentralized identifiers
US10917246B2 (en) 2019-07-02 2021-02-09 Advanced New Technologies Co., Ltd. System and method for blockchain-based cross-entity authentication
US10685099B2 (en) 2019-07-02 2020-06-16 Alibaba Group Holding Limited System and method for mapping decentralized identifiers to real-world entities
US10938551B2 (en) 2019-07-02 2021-03-02 Advanced New Technologies Co., Ltd. System and method for implementing a resolver service for decentralized identifiers
US11316697B2 (en) 2019-07-02 2022-04-26 Advanced New Technologies Co., Ltd. System and method for issuing verifiable claims
US10938562B2 (en) 2019-07-02 2021-03-02 Advanced New Technologies Co., Ltd. System and method for creating decentralized identifiers
US11165576B2 (en) 2019-07-02 2021-11-02 Advanced New Technologies Co., Ltd. System and method for creating decentralized identifiers
US11025435B2 (en) 2019-07-02 2021-06-01 Advanced New Technologies Co., Ltd. System and method for blockchain-based cross-entity authentication
US11038883B2 (en) 2019-07-02 2021-06-15 Advanced New Technologies Co., Ltd. System and method for decentralized-identifier creation
US11159526B2 (en) 2019-07-02 2021-10-26 Advanced New Technologies Co., Ltd. System and method for decentralized-identifier authentication
US11082233B2 (en) 2019-07-02 2021-08-03 Advanced New Technologies Co., Ltd. System and method for issuing verifiable claims
WO2019228555A3 (en) * 2019-07-02 2020-04-30 Alibaba Group Holding Limited System and method for blockchain-based notification
CN110517045A (en) * 2019-10-22 2019-11-29 百度在线网络技术(北京)有限公司 Block chain data processing method, device, equipment and storage medium
WO2021139605A1 (en) * 2020-01-09 2021-07-15 Alipay Labs (singapore) Pte. Ltd. Methods and devices for providing decentralized identity verification
CN111371808A (en) * 2020-03-26 2020-07-03 国金公用通链(海南)信息科技有限公司 Universal block chain identity recognition technology
CN111541713A (en) * 2020-05-08 2020-08-14 国网电子商务有限公司 Identity authentication method and device based on block chain and user signature
CN111724163A (en) * 2020-06-17 2020-09-29 北京好扑信息科技有限公司 Simple account system based on block chain and establishing method thereof
CN112491914A (en) * 2020-12-04 2021-03-12 山西特信环宇信息技术有限公司 Block chain bidirectional authentication method, communication method and system
CN113221159A (en) * 2021-04-19 2021-08-06 湖北邮电规划设计有限公司 Epidemic situation reporting system based on block chain

Similar Documents

Publication Publication Date Title
CN108833114A (en) A kind of decentralization identity authorization system and method based on block chain
US10681025B2 (en) Systems and methods for securely managing biometric data
US10728027B2 (en) One-time passcodes with asymmetric keys
US6732278B2 (en) Apparatus and method for authenticating access to a network resource
KR101658501B1 (en) Digital signature service system based on hash function and method thereof
CN106060078B (en) User information encryption method, register method and verification method applied to cloud platform
US20200358614A1 (en) Securing Transactions with a Blockchain Network
Gasti et al. Secure, fast, and energy-efficient outsourced authentication for smartphones
CN109067766A (en) A kind of identity identifying method, server end and client
CN105656862A (en) Authentication method and device
CN109981287B (en) Code signing method and storage medium thereof
CN108989346A (en) The effective identity trustship agility of third party based on account concealment authenticates access module
TWI476629B (en) Data security and security systems and methods
CN111954211A (en) Novel authentication key negotiation system of mobile terminal
CN110225014B (en) Internet of things equipment identity authentication method based on fingerprint centralized issuing mode
CN110290134B (en) Identity authentication method, identity authentication device, storage medium and processor
CN107241184A (en) Personal identification number generation and management method based on improvement AES
KR101680536B1 (en) Method for Service Security of Mobile Business Data for Enterprise and System thereof
US20200234285A1 (en) Offline Interception-Free Interaction with a Cryptocurrency Network Using a Network-Disabled Device
CN111541713A (en) Identity authentication method and device based on block chain and user signature
KR20170092992A (en) User authentication apparatus and method thereof
CN109412812A (en) Data safe processing system, method, apparatus and storage medium
KR100986980B1 (en) Biometric authentication method, client and server
CN109644137A (en) The certification based on token with signature information
KR101210411B1 (en) Transaction Protection System and Method using Connection of Certificate and OTP Generated by Keystream

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20181116

WD01 Invention patent application deemed withdrawn after publication