Intelligent terminal identity authentication method and device based on block chain
Technical Field
The invention relates to the field of intelligent terminal identity authentication, in particular to an intelligent terminal identity authentication method and device based on a block chain.
Background
Based on a traditional centralized application construction mode, the identity authentication mode needs to remember a large number of passwords, and meanwhile, the passwords have a large leakage risk. In the existing mechanism, authentication measures such as otp (one Time password), dynamic password authentication, short message service or telephone authentication and the like are adopted. Generally, a single independent system of each organization cannot provide the required complete service, and a user needs to perform authentication to access resources of other systems. The traditional authentication between systems is mainly based on a symmetric cryptosystem and a public key cryptosystem. While the current phase of authentication based on the symmetric cryptosystem mainly refers to the authentication service provided by Kerberos (many companies adopt Kerberos authentication at present), keys of all users of Kerberos are uniformly stored in a central server of the company. Because the unified storage is in one place, there is a great danger. The authentication method based on the Public Key system is mainly based on the common Public Key Infrastructure (PKI).
According to statistics, a large number of security incidents of enterprises occur every year and are related to information leakage, so that the traditional single authentication mode cannot meet the high security authentication requirements of enterprises and other organizations. The current technical trend is to employ block chaining to solve the problems in the conventional authentication techniques. The blockchain is the underlying technology of bitcoin, and is essentially a decentralized database. The account book is a distributed account book technology based on the Internet, the account book is shared by multiple parties, the non-tampering property of the account book is guaranteed, the bit currency is a successful application of a block chain technology, and based on a block chain, a user can maintain the data security of the user while having a digital identity, and only a specific organization or an individual is allowed to access, store, analyze or share personal data.
The prior art is based on the FIDO standard, namely: two technologies of biological identification and asymmetric encryption are integrated, and an identity authentication system based on a block chain is provided. The technology provides that the conventional C/S architecture is adopted in the conventional FIDO structure, a centralized architecture is adopted at a server side, and privacy information related to identity authentication, such as a public key and registration information of a user, is stored in a database of the FIDO server, so that potential safety hazards exist. The technique therefore solves this problem using blockchain decentralization. But simply using blockchains only solves the de-centralization problem, such as: the problems of block link point authentication efficiency and biological feature extraction and identification efficiency are not effectively solved, and the combination of biological features and asymmetric encryption is realized only on the basis of decentralization. Therefore, a complete and feasible technical scheme is needed, the operation times can be reduced, the expenditure is reduced, and the efficiency is improved.
Disclosure of Invention
The embodiment of the invention aims to provide an intelligent terminal identity authentication method and device based on a block chain, which can effectively solve the problems that the existing unified authentication center for intelligent terminal identity authentication is too centralized and the block chain identity authentication technology center exists.
In order to achieve the above object, an embodiment of the present invention provides an intelligent terminal identity authentication method based on a block chain, including:
obtaining login information of a user to be logged in, and sending the login information to a plurality of verification centers for verification; the verification centers are formed by classifying a plurality of nodes of the block chain network; each verification center comprises nodes in the same category; each node in the block chain network records the authentication data of all different users; the authentication data for each user includes: ciphertext data, a random character string and public information; each random character string is generated according to the biological characteristic information in each user registration information; each ciphertext data is formed by encrypting each user registration information;
and when the login information is successfully verified with the user registration information in the block chain network, determining the legal identity of the user to be logged in.
Further, each random character string is generated according to the biological characteristic information in each user registration information; the method specifically comprises the following steps:
acquiring first user registration information of a first user; the first user registration information comprises first biological characteristic information and first public information;
and extracting the first biological characteristic information, and converting the first biological characteristic information and the first public information into a first random character string through a random generation algorithm of a fuzzy extraction technology.
Further, each ciphertext data is encrypted by each user registration information, and specifically, the ciphertext data is encrypted by each user registration information:
the first user registration information further includes: a first user ID and first signature information;
and encrypting the first user ID, the first signature information and the first public information into first ciphertext data by using an asymmetric encryption technology.
Further, the obtaining of the login information of the user to be logged in and the sending of the login information to the plurality of verification centers for verification specifically include:
when the user to be logged in logs in, acquiring a second user ID in the login information, and acquiring a second biological characteristic and second signature information of the user to be logged in; wherein the login information comprises: a second user ID, second signature information, second biometric information;
inquiring whether public information corresponding to the second user ID exists in the plurality of verification centers;
if not, determining that the identity of the user to be logged in is illegal;
if yes, second identity authentication data of the user to be logged in are found in the plurality of authentication centers according to the inquired public information, second biological characteristic information is collected by using a recovery algorithm of a fuzzy extraction technology, and a second random character string is generated according to the second biological characteristic information and the inquired public information;
obtaining a biometric verification result by comparing the second random string with the random string in the second authentication data;
decrypting ciphertext data in the second identity authentication data through a private key held by the user to be logged in to obtain signature information to be authenticated, and comparing the second signature information with the signature information to be authenticated to obtain a signature authentication result;
and determining whether the identity of the user to be logged in is legal or not according to the biological characteristic verification result and the signature verification result.
Further, the querying whether the public information corresponding to the second user ID exists in the multiple verification centers specifically includes:
and determining a second verification center corresponding to the second user ID according to the second user ID and the types of the plurality of verification centers, and inquiring whether public information corresponding to the second user ID exists in the second verification.
As an improvement of the above scheme, the present invention provides an intelligent terminal identity authentication device based on a block chain, including: the system comprises a first acquisition module and a first verification module;
the first acquisition module is used for acquiring login information of a user to be logged in and sending the login information to the plurality of verification centers for verification; the verification centers are formed by classifying a plurality of nodes of the block chain network; each verification center comprises nodes in the same category; each node in the block chain network records the authentication data of all users; the authentication data for each user includes: ciphertext data, a random character string and public information; each random character string is generated according to the biological characteristic information in each user registration information; each ciphertext data is formed by encrypting each user registration information;
the first verification module is used for determining the legal identity of the user to be logged in when the login information is successfully verified with the user registration information in the block chain network.
Further, the intelligent terminal identity authentication device based on the block chain further includes: the second acquisition module and the character string generation module;
the second acquisition module is used for acquiring first user registration information of a first user; the first user registration information comprises first biological characteristic information and first public information;
the character string generation module is used for extracting the first biological characteristic information and converting the first biological characteristic information and the first public information into a first random character string through a random generation algorithm of a fuzzy extraction technology.
Further, the intelligent terminal identity authentication device based on the block chain further includes: an encryption module;
the encryption module is used for encrypting the first user ID, the first signature information and the first public information into first ciphertext data through an asymmetric encryption technology.
Further, the intelligent terminal identity authentication device based on the block chain further includes: the device comprises a third acquisition module, a first query module, a decryption module, a second verification module and a comparison module;
the third acquisition module is used for acquiring a second user ID in the login information when the user to be logged in logs in, and acquiring a second biological characteristic and second signature information of the user to be logged in; wherein the login information comprises: a second user ID, second signature information, second biometric information;
the first query module is used for querying whether public information corresponding to the second user ID exists in the verification centers;
if not, the first query module determines that the identity of the user to be logged in is illegal;
if yes, the first query module finds second identity verification data of the user to be logged in the verification centers according to the queried public information, acquires second biological characteristic information by using a recovery algorithm of a fuzzy extraction technology, and generates a second random character string according to the second biological characteristic information and the queried public information;
the comparison module is used for comparing the second random character string with the random character string in the second identity authentication data to obtain a biological characteristic authentication result;
the decryption module is used for decrypting ciphertext data in the second identity authentication data through a private key held by the user to be logged in to obtain signature information to be authenticated, and comparing the second signature information with the signature information to be authenticated through the comparison module to obtain a signature authentication result;
the second verification module is used for determining whether the identity of the user to be logged in is legal or not according to the biological characteristic verification result and the signature verification result.
Further, the intelligent terminal identity authentication device based on the block chain further includes: a second query module;
the second query module is used for determining a second verification center corresponding to the second user ID according to the second user ID and the types of the verification centers, and then querying whether public information corresponding to the second user ID exists in the second verification.
The embodiment of the invention has the following beneficial effects:
compared with the prior art, the invention classifies a plurality of nodes of a block chain network into a plurality of centers, and each center comprises a plurality of block chain nodes. And each center performs cooperative authentication, so that the working efficiency of the block chain network is improved. The security of the node for storing and transmitting information is improved by storing the encrypted text data obtained by encrypting the user biological characteristic information, the ID of the user and the signature information by the asymmetric encryption technology on the node.
Drawings
Fig. 1 is a schematic flowchart of an embodiment of an intelligent terminal identity authentication method based on a blockchain according to the present invention;
FIG. 2 is a schematic flow chart of step 101 in an embodiment of the present invention;
FIG. 3 is a flow chart illustrating step 102 in an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an embodiment of an intelligent terminal identity authentication device based on a block chain according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a schematic flowchart of an embodiment of an intelligent terminal identity authentication method based on a block chain according to the present invention. As shown in fig. 1, the authentication method includes steps 101 to 102, and the steps are as follows:
fig. 1 is a schematic flow chart according to an embodiment of the present invention.
In this embodiment, the user registration information includes: biometric information, public information, user ID, and signature information; the login information includes: user ID, biometric information, signature information; the authentication data includes: ciphertext data, a random string, and public information.
Wherein the biometric information includes: fingerprint, face, iris; the public information includes: user name, registration time, contact information; the signature information is constituted by an identification code.
Step 101: and obtaining login information of a user to be logged in, and sending the login information to a plurality of verification centers for verification.
Step 102: and when the login information is successfully verified with the user registration information in the block chain network, determining the legal identity of the user to be logged in.
Fig. 2 is a schematic flow chart of step 101 in this embodiment.
In this embodiment, step 101 specifically includes:
when a user to be logged in logs in, acquiring a second user ID in login information of the user to be logged in, and acquiring a second biological characteristic and second signature information of the user to be logged in; the user to be logged in is a second user, and the login information of the user to be logged in is second login information.
In this embodiment, the plurality of verification centers are classified by a plurality of nodes of the blockchain network, each verification center includes a node of the same category, and each node in the blockchain network records the authentication data of all different users.
Further, each random character string is generated according to the biometric information in each user registration information, specifically:
acquiring first user registration information of a first user; extracting first biological characteristic information in first user registration information, and converting the first biological characteristic information and first public information into a first random character string through a random generation algorithm of a fuzzy extraction technology; the first user registration information is first registration information.
In this embodiment, each ciphertext data is encrypted by each user registration information, which specifically includes:
and encrypting the first user ID, the first signature information and the first public information into first ciphertext data through an asymmetric encryption technology.
Further, whether public information corresponding to the second user ID exists in the plurality of verification centers is inquired.
If not, determining that the identity of the user to be logged in is illegal or unregistered.
If yes, go to step 102.
Fig. 3 is a schematic flow chart of step 102 in this embodiment.
In this embodiment, step 102 specifically includes:
according to the inquired public information, second identity authentication data of the user to be logged in are found in the plurality of authentication centers, second biological characteristic information is collected by utilizing a recovery algorithm of a fuzzy extraction technology, and a second random character string is generated according to the second biological characteristic information and the inquired public information; obtaining a biometric verification result by comparing the second random string with the random string in the second authentication data; the user to be logged in decrypts the ciphertext data in the second identity authentication data by using the held private key to obtain signature information to be authenticated, and obtains a signature authentication result by comparing the second signature information with the signature information to be authenticated; and determining whether the identity of the user to be logged in is legal or not according to the biological characteristic verification result and the signature verification result.
Referring to fig. 4, fig. 4 is a schematic structural diagram of an intelligent terminal identity authentication device based on a block chain according to the present invention.
In this embodiment, the intelligent terminal identity authentication device based on the block chain includes:
the system comprises a first obtaining module 204, a second obtaining module 201, a third obtaining module 205, a first verifying module 206, a second verifying module 211, a first inquiring module 207, a second inquiring module 208, a character string generating module 202, an encrypting module 203, a decrypting module 209 and a comparing module 210.
The second obtaining module 201 is configured to obtain first user registration information of a first user.
The character string generating module 202 is configured to extract biometric information, and convert the biometric information Fu and the public information P into a random character string S through a random generating algorithm of a fuzzy extraction technology.
The encryption module 203 is configured to encrypt the first user ID, the first signature information Sig, and the first public information P into ciphertext data C by using an asymmetric encryption technique, and store the ciphertext data C in a corresponding node.
The first obtaining module 204 is configured to obtain login information of a user to be logged in.
The third obtaining module 205 is configured to obtain an ID of the user to be logged in the login information, and collect a second biometric characteristic Fu 'and second signature information Sig' of the user to be logged in.
The first authentication module 206 is configured to determine a legal identity of the user to be logged in when the login information is successfully verified with the user registration information in the blockchain network.
The first query module 207 is configured to query whether public information P corresponding to the second user ID exists in a plurality of verification centers.
The second query module 208 is configured to determine a second verification center corresponding to the second user ID according to the second user ID and the category of the multiple verification centers, and query whether public information P corresponding to the second user ID exists in the second verification.
The decryption module 209 is configured to decrypt the ciphertext data C in the second authentication data through a private key held by the user to be logged in, so as to obtain the first biological characteristic Fu and the first signature information Sig.
The comparison module 210 is configured to compare the second random character string S 'with the random character string S in the second identity verification data to obtain a biometric verification result, and compare the second signature information Sig' with the signature information Sig to be verified to obtain a signature verification result.
The second verification module 211 is configured to determine whether the identity of the user to be logged in is legal according to the biometric verification result and the signature verification result.
In order to better explain the working principle of the present invention, the following is the flow steps of the identity authentication method of the present invention. Firstly, when a user registers for the first time, a second acquisition module in the intelligent terminal identity authentication device extracts the biological characteristics Fu of the user, generates public information P and a random character string S through a random generation algorithm in a fuzzy extraction technology, then encrypts corresponding user ID, user signature information Sig and the public information P into ciphertext data C through an asymmetric encryption technology, sends the ciphertext data C to a new node, the user holds a corresponding private key to complete the registration operation of the user, and the new node is assembled into a transaction and is matched with a transaction number to broadcast to a block chain network. The accounting node of the corresponding center puts the new transaction received within the specified time into a new block through a consensus mechanism, and then packs the corresponding timestamp into an up-to-date block chain. After the information of the user is recorded in the block chain node, when the user inputs the corresponding ID information in the intelligent terminal identity authentication device, the intelligent terminal identity authentication device extracts the biological feature Fu 'and the signature information Sig' of the user again, and then finds the corresponding user public information P by using the ID. If the node information corresponding to the ID cannot be found, the user is not registered or the identity information is illegal; and if the corresponding user node information is found through the ID, continuing the next step. And acquiring Fu ' and P by using a recovery algorithm in the fuzzy extraction technology to generate a corresponding random character string S ', then decrypting by using a private key of a user to obtain verification information stored in the node, and comparing the random character string S ' with the random character string S to verify the identity information of the user. And when the similarity between S 'and S is infinitely close and Sig is the same as Sig', the user identity is legal. Otherwise the user identity is not legitimate.
In summary, the method and apparatus for authenticating an identity of an intelligent terminal based on a block chain according to the embodiments of the present invention include classifying a plurality of verification centers by a plurality of nodes of a block chain network, where each verification center includes nodes of the same class. And extracting biological characteristic information, and converting the biological characteristic information and the public information into random character strings through a random generation algorithm of a fuzzy extraction technology. And encrypting the user ID, the signature information and the public information into ciphertext data by using an asymmetric encryption technology. And determining the verification center corresponding to the user ID according to the user ID and the types of the plurality of verification centers, and inquiring and verifying whether public information corresponding to the user ID exists. Compared with the prior art that the authentication method only utilizes the authentication public key to authenticate the challenge value signature in the authentication response, the technical scheme of the invention combines the fuzzy extraction technology and the asymmetric encryption technology, classifies the nodes in the block chain network into a plurality of centers working in coordination, and improves the efficiency and the safety of the verification.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), an electrical carrier signal, a telecommunication signal, a software distribution medium, and the like.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention.