CN109327312A

CN109327312A - Authentication method and device, electronic equipment

Info

Publication number: CN109327312A
Application number: CN201811258195.4A
Authority: CN
Inventors: 林立; 闫莺; 宋旭阳
Original assignee: Alibaba Group Holding Ltd
Current assignee: Advanced New Technologies Co Ltd; Advantageous New Technologies Co Ltd
Priority date: 2018-10-26
Filing date: 2018-10-26
Publication date: 2019-02-12
Anticipated expiration: 2038-10-26
Also published as: WO2020082886A1; CN111600716A; CN111600716B; CN109327312B; TW202016833A

Abstract

This specification one or more embodiment provides a kind of authentication method and device, electronic equipment, this method may include: that server-side receives certification request, the certification request is initiated by client for event to be certified, and the event to be certified is declared as related to specified object；The server-side obtains transaction event relevant to the event to be certified from block chain, and the transaction event is signed by transaction association object by pre-registered digital identity；The server-side is according to the mapping relations between the signature of the transaction event, the entity identities and digital identity of pre-recorded each object, the entity identities of the transaction association object are determined, for authenticating whether the specified object is the transaction association object.

Description

Authentication method and device, electronic equipment

Technical field

This specification one or more embodiment is related to identity identifying technology field more particularly to a kind of authentication method and dress It sets, electronic equipment.

Background technique

In the related art, when a certain event is declared as associated with a certain individual or entity, it tends to be difficult to judge Its authenticity, in some instances it may even be possible to therefore sustain a loss.Meanwhile for being declared as individual or entity associated with the event, i.e., Just in fact and onrelevant, it is also possible to by as subsequent right-safeguarding object, cause unnecessary trouble and dispute.

Summary of the invention

In view of this, this specification one or more embodiment provides a kind of authentication method and device, electronic equipment.

To achieve the above object, it is as follows to provide technical solution for this specification one or more embodiment:

According to this specification one or more embodiment in a first aspect, proposing a kind of authentication method, comprising:

Server-side receives certification request, and the certification request is initiated by client for event to be certified, described to be certified Event is declared as related to specified object；

The server-side obtains transaction event relevant to the event to be certified from block chain, the transaction event by Transaction association object is signed by pre-registered digital identity；

The server-side is according to the signature of the transaction event, the entity identities of pre-recorded each object and digital body Part between mapping relations, determine the entity identities of the transaction association object, with for authenticate the specified object whether be The transaction association object.

According to the second aspect of this specification one or more embodiment, a kind of authentication method is proposed, comprising:

Client initiates certification request to server-side for event to be certified, to indicate that the server-side is obtained from block chain Transaction event relevant to the event to be certified is taken, the transaction event passes through pre-registered number by transaction association object Identity is signed；

The client receives the entity identities of the transaction association object, for authenticating whether specified object is described Transaction association object, wherein the specified object is declared as, and the transaction association object related to the event to be certified Entity identities by the server-side according to the signature of the transaction event, the entity identities and number of pre-recorded each object Mapping relations between body part and determine；Alternatively, the client receives the identity authentication result that the server-side returns, institute Identity authentication result is stated for showing whether the specified object is the transaction association object.

According to the third aspect of this specification one or more embodiment, a kind of authentication device is proposed, comprising:

Request reception unit, makes server-side receive certification request, and the certification request is directed to event to be certified by client It initiates, the event to be certified is declared as related to specified object；

Event acquiring unit makes the server-side obtain transaction thing relevant to the event to be certified from block chain Part, the transaction event are signed by transaction association object by pre-registered digital identity；

Identity determination unit makes the server-side according to the signature of the transaction event, pre-recorded each object Mapping relations between entity identities and digital identity determine the entity identities of the transaction association object, for authenticating institute State whether specified object is the transaction association object.

According to the fourth aspect of this specification one or more embodiment, a kind of authentication device is proposed, comprising:

Request unit makes client initiate certification request to server-side for event to be certified, to indicate the server-side Transaction event relevant with the event to be certified is obtained from block chain, the transaction event is passed through in advance by transaction association object The digital identity first registered is signed；

Identity reception unit makes the client receive the entity identities of the transaction association object, to refer to for authenticating Determine whether object is the transaction association object, wherein the specified object be declared as it is related to the event to be certified, and The entity identities of the transaction association object are by the server-side according to the signature of the transaction event, pre-recorded each right Mapping relations between the entity identities and digital identity of elephant and determine；It is returned alternatively, the client receives the server-side Identity authentication result, the identity authentication result is for showing whether the specified object is the transaction association object.

According to the 5th of this specification one or more embodiment the aspect, a kind of electronic equipment is proposed, comprising:

Processor；

Memory for storage processor executable instruction；

Wherein, the processor is by running the executable instruction to realize method as described in relation to the first aspect.

According to the 6th of this specification one or more embodiment the aspect, a kind of electronic equipment is proposed, comprising:

Processor；

Memory for storage processor executable instruction；

Wherein, the processor is by running the executable instruction to realize the method as described in second aspect.

Detailed description of the invention

Fig. 1 is a kind of flow chart for authentication method that an exemplary embodiment provides.

Fig. 2 is the flow chart for another authentication method that an exemplary embodiment provides.

Fig. 3 is a kind of schematic diagram for registration digital identity that an exemplary embodiment provides.

Fig. 4 is the schematic diagram that a kind of information that an exemplary embodiment provides deposits card.

Fig. 5 is a kind of schematic diagram for Certificate Authority situation that an exemplary embodiment provides.

Fig. 6 is a kind of structural schematic diagram for equipment that an exemplary embodiment provides.

Fig. 7 is a kind of block diagram for authentication device that an exemplary embodiment provides.

Fig. 8 is the structural schematic diagram for another equipment that an exemplary embodiment provides.

Fig. 9 is the block diagram for another authentication device that an exemplary embodiment provides.

Specific embodiment

Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with this specification one or more embodiment.Phase Instead, they are only some aspects phases with the one or more embodiments of as detailed in the attached claim, this specification The example of consistent device and method.

It should be understood that the sequence that might not show and describe according to this specification in other embodiments executes The step of correlation method.In some other embodiments, step included by method can than described in this specification more It is more or less.In addition, single step described in this specification, may be broken down into other embodiments multiple steps into Row description；And multiple steps described in this specification, it may also be merged into single step progress in other embodiments Description.

Fig. 1 is a kind of flow chart for authentication method that an exemplary embodiment provides.As shown in Figure 1, this method is applied to Server-side may comprise steps of:

Step 102, server-side receives certification request, and the certification request is initiated by client for event to be certified, institute State event to be certified be declared as it is related to specified object.

In one embodiment, specifying object is the object determined specified by " statement ".Specified object can be personal, mechanism (such as enterprise) or both includes.The quantity of specified object can be limited for one or more, this specification not to this System.

It in one embodiment, can be by arbitrary form to the incidence relation between " event to be certified " and " specified object " It is stated, this specification is limited not to this.For example, can be by the content of " event to be certified " and " specified object " Information is presented in same image, for example the image can be propagating poster, and the content of " event to be certified " is a surname in poster Content, the information of " specified object " are passed as famous person's photo in poster, is equivalent to the promotional content stated in the artificial poster of this Endorsement；For another example the information of the content of " event to be certified " and " specified object " can be printed upon on same paper, such as should Paper can be business card, the content of " event to be certified " be job information in business card, " specified object " information be in business card Name, be equivalent to state the business card issuer (i.e. the corresponding user of the name) be in corresponding position.

Step 104, the server-side obtains transaction event relevant to the event to be certified, the friendship from block chain Easy event is signed by transaction association object by pre-registered digital identity.

In one embodiment, transaction association object can be registered to obtain corresponding digital body in advance at above-mentioned server-side Part；Alternatively, the transaction association object can register to obtain at other service providers corresponding digital identity, and other clothes Business provider can provide identity authentication service to above-mentioned server-side, or open to above-mentioned server-side to acquired reality The access authority of mapping relations between body part and digital identity allows the server-side voluntarily to implement authentication.

In one embodiment, transaction association object can be mechanism, which can be used the entity identities of itself upper The server-side stated is registered at other service providers, obtains corresponding digital identity.Transaction association object can be a People, the entity identities which can be used itself are registered at above-mentioned server-side or other service providers, are obtained Corresponding digital identity；Alternatively, the individual can obtain first as the employee of the artificial a certain structure of this or there are when certain association The certification for obtaining a certain mechanism, obtains the signature that the registered digital identity of the mechanism is implemented, and being equivalent to the mechanism is the individual Identity endorse, then the individual can be registered at above-mentioned server-side or other service providers by the signature To corresponding digital identity.Certainly, transaction association object can also obtain digital identity by other means, and this specification is not This is limited.

In one embodiment, when there are single transaction association object, the signature to transaction event is single signature；When depositing In multiple transaction association objects, the signature to transaction event is multi-signature.

In one embodiment, transaction association object can be the publisher of transaction event, i.e., the transaction association object is to friendship After easy event is signed, (by itself corresponding block chain node, block chain is directly distributed to the publication of block chain；Alternatively, It is committed to server-side, block chain is distributed to by itself corresponding block chain node by server-side) transaction event.

In one embodiment, transaction association object is not the publisher of transaction event, which can be to this After transaction event is signed, publisher is transferred to be distributed in block chain；Wherein, transaction association object can be to the publication Side and transaction event are authenticated respectively, for example confirm that the identity of the publisher is true, reliable, confirm that the content of transaction event is true It is real, reliable, and sign after being identified through certification for transaction event, otherwise do not implement to sign.For publisher's When identity is authenticated, can limiting the publisher, there are preset association relationships, such as transaction association pair with transaction association object Interior employee as enterprise, publisher being the enterprise, transaction association object is individual for another example, publisher is the transaction association Address list good friend of object etc., and when the preset association relationship is not present, then it is assumed that the identity of publisher is unauthenticated.

In one embodiment, publisher can be by itself corresponding block chain node, the publication transaction thing into block chain Part.

In one embodiment, transaction event can be committed to server-side by publisher, and be corresponded to by server-side by itself Block chain node issue transaction event into block chain.Server-side can identity to publisher, the content of transaction event into Row verifying: if the signature that transaction event includes is the signature of the publisher, and the identity of the publisher is registered to server-side Or other service providers, then server-side can consider that the identity of publisher, the content of transaction event are true and reliable, Ke Yifa Cloth is to block chain；If the signature that transaction event includes is the signature of the transaction association object except the publisher, service End can be verified between the publisher and the transaction association object with the presence or absence of above-mentioned preset association relationship, such as transaction association The interior employee that object is enterprise, publisher is the enterprise, transaction association object is individual for another example, publisher is that the transaction is closed The address list good friend etc. for joining object can consider the identity of publisher, in transaction event when there are the preset association relationship Rong Jun is true and reliable, can be distributed to block chain, otherwise it is assumed that the identity of publisher is unauthenticated, refusal is distributed to block Chain.

Wherein, the server-side can inquire the pre-registered digital identity of the publisher；When the number of the publisher Body part is based on the transaction association object to the signature that the publisher provides and when registering, and the server-side determines exist The preset association relationship.For example, publisher can authenticate its entity identities by requests transaction affiliated partner in advance, and transaction association Object can provide digital signature (by the private key of transaction association object after the entity identities for approving publisher to the publisher Signed to obtain), and publisher can register the digital identity of itself based on the digital signature, so that the number of the publisher Digital identity of the identity in registration just with transaction association object establishes incidence relation.So, server-side is receiving hair After the above-mentioned transaction event that cloth side is submitted, can based on the incidence relation to the identity of the publisher, the content of transaction event into Row verifying.

In one embodiment, transaction described in this specification (transfer) refers to that user passes through the visitor of block chain The creation of family end, and a data for needing finally to be distributed in the distributed data base of block chain.Wherein, the friendship in block chain Easily, there are points of the transaction of narrow sense and the transaction of broad sense.The transaction of narrow sense refers to the value that user issues to block chain Transfer；For example, transaction can be one that user initiates in block chain and transfer accounts in traditional bit coin block chain network. And the transaction of broad sense refers to the business datum being intended to business that user issues to block chain；For example, operator can be with Alliance's chain is built based on actual business demand, alliance's chain is relied on and disposes some other types unrelated with value Transfer In line service (for example, authentication business, business of renting a house, vehicle scheduling business, settlement of insurance claim business, credit services, medical services Deng), and in this kind of alliance's chain, transaction can be the service message being intended to business that user issues in alliance's chain Or service request.

In one embodiment, by the way that transaction event is deposited card in block chain, it can be ensured that the content of the transaction event is pacified It is complete reliable, will not be tampered, and can be investigated from block chain account book at any time, there is high reliability and trusted Degree.

In one embodiment, the available transaction anchoring information of server-side, the transaction anchoring information is declared as and institute It is related to state event to be certified；Then, the server-side obtains the corresponding transaction event of the transaction anchoring information from block chain, Using as transaction event relevant to the event to be certified.For example, when transaction event is released to based on a certain transaction When block chain, which can be the information such as transaction journal number；For another example, when the transaction event is generated as block When a certain intelligent contract in chain, which can title for the intelligence contract, the corresponding friendship of intelligence contract The information such as easy serial number.

In one embodiment, the event content of the available transaction event of server-side, with for authenticate the transaction event with Consistency between above-mentioned event to be certified, it is ensured that the transaction event can be used to implement body relevant to the event to be certified Part certification.It especially, can be to avoid criminal couple when server-side obtains transaction event by above-mentioned transaction anchoring information After transaction anchoring information is modified, misguidance is made to server-side.For example, for the propagating poster comprising famous person's photo, Transaction anchoring information can be presented in the propagating poster in the form of two dimensional code etc., and if criminal is by the two dimension Code anchoring is the transaction event that the famous person is directed to that other events are signed, then by the event to the transaction event Appearance is checked, and the malfeasance of criminal can be recognized accurately, avoid judging by accident.

In one embodiment, server-side can call intelligent contract, and the intelligence contract is for authenticating the transaction event With the consistency between the event to be certified；Similar with above-described embodiment, the present embodiment can likewise ensure that the transaction thing Part can be used to implement authentication relevant to the event to be certified, and the judgement operation only for consistency can be by intelligence Contract is automatically performed, is not completed by server-side, can also be based on the automatic of intelligent contract to mitigate the processing pressure of server-side It executes characteristic and ensures the objectivity and fairness of authentication result.

In one embodiment, server-side can to client return transaction event event content, for client (or its User) understand details, or the consistency between transaction event and event to be certified is verified for it.

Step 106, the server-side is according to the signature of the transaction event, the entity identities of pre-recorded each object Mapping relations between digital identity determine the entity identities of the transaction association object, for authenticating described specified pair As if no is the transaction association object.

In one embodiment, by obtaining transaction event relevant to event to be certified, and verifying for the transaction thing Whether the signature of part, it is genuine and believable to be accurately judged to declared relationship between event to be certified and specified object, such as When on propagating poster including famous person's photo, can determine whether the famous person is really the promotional content endorsement on poster, then compare Whether the position for such as determining that name on piece includes is true.

In one embodiment, the entity identities for the transaction association object determined can be sent to client by server-side, So that the entity identities of the transaction association object are compared by client or its user with the entity identities of specified object, with Determine whether the two is consistent.

In one embodiment, server-side can be actively by the entity of the entity identities of the transaction association object and specified object Identity is compared, to authenticate whether the specified object is the transaction association object, and further to the client Return authentication result.Wherein, it in authentication result can only include the judging result of " whether consistent ", or can also further wrap The entity identities of the object containing transaction association so that client (or its user) understands details, or verify above-mentioned judgement for it As a result.

Fig. 2 is the flow chart for another authentication method that an exemplary embodiment provides.As shown in Fig. 2, this method application In client, may comprise steps of:

Step 202, client initiates certification request to server-side for event to be certified, to indicate the server-side from area Transaction event relevant with the event to be certified is obtained in block chain, the transaction event is passed through by transaction association object to be infused in advance The digital identity of volume is signed.

In one embodiment, the client can identify bar pattern (such as item associated with the event to be certified Shape code, two dimensional code etc.), obtain transaction anchoring information；Then, the transaction anchoring information can be uploaded to institute by the client Server-side is stated, to obtain the transaction event from block chain by the server-side.For example, when transaction event is based on a certain friendship When being easily released to block chain, which can be the information such as transaction journal number；For another example, when the transaction event When a certain intelligent contract being generated as in block chain, which can be title, intelligence of the intelligence contract The information such as the corresponding transaction journal number of contract.

Step 204, the client receives the entity identities of the transaction association object, to be for authenticating specified object No is the transaction association object, wherein the specified object is declared as, and the transaction related to the event to be certified The entity identities of affiliated partner are by the server-side according to the signature of the transaction event, the entity of pre-recorded each object Mapping relations between identity and digital identity and determine；Recognize alternatively, the client receives the identity that the server-side returns Card is as a result, the identity authentication result is used to show whether the specified object is the transaction association object.

In one embodiment, the client can receive in the event for the transaction event that the server-side returns Hold, for authenticating the consistency between the transaction event and the event to be certified, it is ensured that the transaction event can be used for Realize authentication relevant to the event to be certified.Especially, it is handed over when server-side is obtained by above-mentioned transaction anchoring information When easy event, after being modified to avoid criminal to transaction anchoring information, misguidance is made to server-side.For example, For the propagating poster comprising famous person's photo, transaction anchoring information can be presented in publicity sea in the form of two dimensional code etc. In report, and if the two dimensional code is anchored and is directed to the transaction event that other events are signed for the famous person by criminal, It is so checked by the event content to the transaction event, the malfeasance of criminal can be recognized accurately, avoid It judges by accident.For example, showing that the transaction event is not and event phase to be certified when transaction event and event to be certified are inconsistent The transaction event of pass, therefore client can be determined that specified object is not that the transaction of transaction event relevant to event to be certified is closed Join object.

In one embodiment, the client can receive the content authentication of the server-side return as a result, the content Authentication result is used to show the consistency between the transaction event and the event to be certified.It in other words, can be by server-side Consistency between transaction event and above-mentioned event to be certified is authenticated, and obtain above-mentioned content authentication as a result, with Inform client.Further, client can also receive the event content of the transaction event of server-side return, so that client (or its user) will be seen that the consistency between details, or verifying transaction event and event to be certified.

Fig. 3 is a kind of schematic diagram for registration digital identity that an exemplary embodiment provides.As shown in figure 3, certification authority (being specifically as follows the service end side application program run on the corresponding electronic equipment of certification authority) can be by entity authentication, number According to analysis, the indirectly means such as certification, the registering functional of digital identity is provided.

By taking enterprise AA as an example, material and information needed for registration being provided to certification authority, and certification authority is verifying After corresponding digital identity, such as mathematic for business identity 1 can be distributed to enterprise AA；Meanwhile certification authority can recorde Mapping relations between business entity's identity 1 of enterprise AA and the mathematic for business identity 1, in order to subsequent implementation authentication. Certification authority also issues public private key pair to enterprise AA, so that enterprise AA generates the number label for characterizing its mathematic for business identity 1 Name (or electronic signature).

Similarly, enterprise B B can be registered to certification authority and be obtained corresponding digital identity, such as mathematic for business Identity 2.Meanwhile certification authority can recorde the pass of the mapping between business entity's identity 2 of enterprise B B and the mathematic for business identity 2 System, and the public private key pair for generating digital signature is issued to enterprise B B.

Analogously with the process of enterprise AA, enterprise B B registration digital identity, it is personal can also by similar mode to Certification authority registers to obtain corresponding digital identity.For example, user A can provide registration required material and letter to certification authority Breath, and certification authority can distribute corresponding digital identity, such as number identity 1 after being verified to user A.Together When, certification authority can recorde the mapping relations between the user subject identity 1 of user A and the number identity 1, in order to Subsequent implementation authentication.Certification authority also issues public private key pair to user A, so that user A is generated for characterizing its number of users The digital signature of body part 1.

And for user B, in addition to registering to obtain digital identity to certification authority by the way of similar with user A Except, if there are certain to be associated between the user B and enterprise B B, for example the user B is the employee of enterprise B B, then the user B can also complete to register by enterprise B B.For example, user B can propose to authenticate to enterprise B B, which ties compared to certification For structure is directly registered, after the material of required offer and information etc. frequently more simplify, and enterprise B B confirmation user B is by certification Digital signature, such as the mathematic for business signature 2 generated by private key can be provided to the user B；And user B can be based on the enterprise Industry digital signature 2 is registered to certification authority, to obtain the digital identity of certification authority's distribution, such as number identity 2.Meanwhile certification authority can recorde the mapping relations between the user subject identity 2 of user B and the number identity 2, and The public private key pair for generating digital signature is issued to user B.

Based on foregoing description, any enterprise, individual etc. can register to certification authority, so that certification authority can be with The mapping relations between the entity identities of each enterprise or individual and the digital identity of distribution are recorded respectively, and are issued for generating The public private key pair of digital signature.

Below with reference to Fig. 4-5, by taking the famous person on propagating poster endorses information as an example, the certificate scheme of this specification is carried out Detailed description.

Fig. 4 is the schematic diagram that a kind of information that an exemplary embodiment provides deposits card.As shown in Figure 4, it is assumed that user A is certain One famous person, when the user A is authorized production propagating poster with intention xxx, i.e. when the user A is with xxx endorsement is meant, user A can deposit card relevant information to block chain.

In one embodiment, the user equipment 1 that user A is used can be any types such as mobile phone, plate, PC, This specification is limited not to this.By the client side application program run on the user equipment 1, enable user A Enough complete the operation that card relevant information is deposited to block chain.For example, user A can be generated such as on the user equipment 1, " I is authorized The proof information of xxx ", and the private key by calling certification authority to issue signs to the proof information, for example obtains corresponding Digital signature be SIG_U1.Before calling private key to generate signature, authentication can be carried out to user A, for example password is tested Card, input habit verifying or physiological characteristic verifying based on forms such as fingerprint, vocal print, face, irises etc., and after being verified Allow to generate and sign, does not otherwise allow to generate and sign.

It certainly, actually can also be by for proving the generating process of information " I authorizes xxx " and digital signature SIG_U1 Certification authority completes, and user equipment 1 can be only used for providing interactive interface to user A, carry out authentication to user A (especially It is the verifying based on physiological characteristic；It certainly, can also be complete by certification authority for password authentification, input habit verifying etc. At) and certification authority between realize data transmission so that user A can indicate certification authority generate prove information sum number word Signature.

In one embodiment, user equipment 1 can be configured as the block chain node in block chain, then the user sets Standby 1 can submit a block chain transaction to block chain, and [I authorizes xxx；SIG_U1] so that [I authorizes for block chain transaction xxx；SIG_U1] it is recorded into the block chain account book of the unified maintenance of each block chain node.

In one embodiment, user equipment 1 itself and it is not configured as block chain node, then the user equipment 1 can lead to It crosses and will demonstrate that information " I authorizes xxx " and digital signature SIG_U1 are sent to block chain node, from block chain node to block Chain submits above-mentioned block chain to trade, and [I authorizes xxx；SIG_U1], can equally making block chain transaction, [I authorizes xxx； SIG_U1] it is recorded into the block chain account book of the unified maintenance of each block chain node.For example, certification authority can be configured as One block chain node, and the service end side of the client side application program by running on user equipment 1, certification authority's place's operation Application program, user equipment 1 can will demonstrate that information " I authorizes xxx " and digital signature SIG_U1 are sent to certification authority, and Submitting above-mentioned block chain to trade from certification authority to block chain, [I authorizes xxx；SIG_U1].

In one embodiment, for the block chain transaction being published, [I authorizes xxx；SIG_U1], it can be formed corresponding Access interface, in order to access during subsequent authentication.For example, the access interface can using quick response code form into Row is presented, and the two dimensional code can be sent to the manufacturing mechanism (such as enterprise AA) of propagating poster by block chain node, so that The two dimensional code can be added in propagating poster by enterprise AA.

After user B views propagating poster as shown in Figure 4, the xxx product that is publicized according to the propagating poster and The photo of user A, can associate user A naturally may endorse for the xxx product, it is also possible to be criminal with Meaning has used the photo of user A, then user B can be authenticated by the two dimensional code on the propagating poster, to determine that user A is No authorize really endorses to the xxx product.

Fig. 5 is a kind of schematic diagram for Certificate Authority situation that an exemplary embodiment provides.As shown in Figure 5, it is assumed that user B Operation has the application program of client-side on the electronic equipment 2 used, can call the camera module on the electronic equipment 2, The two-dimensional code scanning content uploading that is scanned, and will identify that the two dimensional code on propagating poster as shown in Figure 4 extremely authenticates Mechanism, to give authentication processing by certification authority.

In one embodiment, two-dimensional code scanning content includes the access interface information generated in embodiment illustrated in fig. 4, certification Mechanism can inquire block chain account book based on the two-dimensional code scanning content:

In the first scenario, certification authority possibly can not inquire any block chain transaction, show on propagating poster Two dimensional code is the garbage that criminal is arbitrarily arranged, and user A is issued not into block chain and authorized with to xxx product Proof information, then certification authority can be determined that as authentification failure, i.e. user A and unauthorized.

In the latter case, certification authority is accessible trades to corresponding block chain, but in block chain transaction simultaneously Comprising digital signature or comprising digital signature and non-user A corresponding to SIG_U1, show the two dimension on propagating poster Code is the personation information that criminal is arbitrarily arranged, the card that user A is issued not into block chain and authorized to xxx product Bright information, then certification authority can be determined that as authentification failure, i.e. user A and unauthorized.

In a third case, certification authority is accessible trades to corresponding block chain, includes in block chain transaction Digital signature be SIG_U1, certification authority can issue record based on the mapping relations and public private key pair recorded in Fig. 3, really Fixed digital signature SIG_U1 corresponds to user A.So, it includes user A to xxx product that block chain transaction, which has certain probability, The proof information authorized；But under certain probability, block chain transaction may be carried out comprising user A to other products The proof information of authorization, and not directed to the authorization message of xxx product, thus certification authority can further hand over the block chain The content for easily being included is authenticated, with ensure it includes proof information be " I authorizes xxx " or similar description, and be not Irrelevant contents such as " I authorize yyy ".

In one embodiment, authentication information can be back to user equipment 2 by certification authority, so that user equipment 2 can Related content to be shown to user B.For example, when the block chain transaction that authentication structures are accessed includes to prove information really When " I authorizes xxx " and digital signature SIG_U1, authentication information can with as shown in figure 5, include prove information " I authorizes xxx " with And (digital signature can reflect out digital identity to the corresponding entity identities of digital signature SIG_U1 " user A ", further combined with number The mapping relations of body part and entity identities can determine entity identities).

In one embodiment, in authentication information can also comprising certification conclusion, such as " passing through certification " or " authorization ", " unauthenticated " or " unauthorized " etc..Certainly, conclusion is authenticated not necessarily；Even if only trading comprising block chain in authentication information The content for being included, the corresponding entity information of digital signature for being included etc., user B equally can be by checking the authentication information And the content in combination propagating poster, determine whether user A authorizes.For example, when authentication information includes " not inquire authorization letter When the contents such as breath ", " I authorizes yyy ", " signature: user C ", " unsigning ", user B can determine user A not to xxx product It is authorized.

Similar to the embodiment of above-mentioned " propagating poster ", the technical solution of this specification obviously can also be applied to it is many its Under his scene, it may be incorporated for realizing fast and accurately authentication operation.

For example, user B wishes to carry out depositing card to the position of oneself name on piece, to show the authenticity of the position.It is assumed that with Family B belongs to the CEO of the director of enterprise AA, the chairman of enterprise B B and enterprise CC simultaneously, then name on piece can be needed to remember by user B The job information " user B: enterprise AA- director, enterprise B chairman B-, enterprise CC-CEO " of load transfers to each enterprise to recognize respectively Card, and each enterprise can be signed by the private key that itself holds respectively after certification passes through, and user B is obtained To the Multi Digital Signature SIG_M of above-mentioned job information.Then, user B can be mentioned by user equipment 2 into block chain account book The transaction of block chain is handed over, includes above-mentioned job information and Multi Digital Signature SIG_M in block chain transaction, and user B can be obtained The access interface for block chain transaction is obtained, and the two dimensional code for corresponding to the access interface is printed on to the name on piece of user B.

So, when business card is distributed to user X by user B, the user X can by scanning the two dimensional code of this on piece, Request certification authority is authenticated.And certification authority can inquire phase from block chain by embodiment such as shown in fig. 5 The block chain transaction answered, block chain transaction include job information " user B: enterprise AA- director, enterprise B chairman B-, enterprise CC- CEO ", and corresponding to the Multi Digital Signature SIG_M of enterprise AA, enterprise B B and enterprise CC, certification authority can be by the position Information " user B: enterprise AA- director, enterprise B chairman B-, enterprise CC-CEO " enterprise corresponding with Multi Digital Signature SIG_M The information of AA, enterprise B B and enterprise CC are back to user X, so that user X determines the true of the practical job information marked of name on piece Reality.

For example, when being labelled with the CEO that user B is the director of enterprise AA, the chairman of enterprise B B and enterprise CC on business card, i.e., Contents of visiting cards is declared as related to enterprise AA, enterprise B B, enterprise CC and enterprise DD；So, if including in the transaction of block chain The signature of enterprise AA, enterprise B B and enterprise CC, and the position marked on business card and the job information for including in the transaction of block chain Unanimously, then it is considered that the job information marked on business card is true.But if signing messages is inconsistent or position Information is inconsistent, then showing that the job information marked on business card may be false.

Fig. 6 is a kind of schematic configuration diagram for equipment that an exemplary embodiment provides.Referring to FIG. 6, in hardware view, it should Equipment includes processor 602, internal bus 604, network interface 606, memory 608 and nonvolatile memory 610, is gone back certainly It may include hardware required for other business.Processor 602 reads corresponding computer journey from nonvolatile memory 610 Then sequence is run into memory 608, authentication device is formed on logic level.Certainly, other than software realization mode, this theory Other implementations, such as logical device or the mode of software and hardware combining etc. is not precluded in bright book one or more embodiment Deng, that is to say, that the executing subject of following process flow is not limited to each logic unit, is also possible to hardware or logic device Part.

Referring to FIG. 7, in Software Implementation, which may include:

Request reception unit 701, makes server-side receive certification request, and the certification request is directed to thing to be certified by client Part is initiated, and the event to be certified is declared as related to specified object；

Event acquiring unit 702 makes the server-side obtain transaction relevant to the event to be certified from block chain Event, the transaction event are signed by transaction association object by pre-registered digital identity；

Identity determination unit 703 makes signature of the server-side according to the transaction event, pre-recorded each object Entity identities and digital identity between mapping relations, the entity identities of the transaction association object are determined, with for authenticating Whether the specified object is the transaction association object.

Optionally, the event acquiring unit 702 is specifically used for:

The server-side is set to obtain transaction anchoring information, the transaction anchoring information is declared as and the event to be certified It is related；

So that the server-side is obtained the corresponding transaction event of the transaction anchoring information from block chain, using as with it is described The relevant transaction event of event to be certified.

It optionally, further include contents acquiring unit 704 or contract call unit 705；Wherein:

The event content that the contents acquiring unit 704 is used to that the server-side to be made to obtain the transaction event, to be used for Authenticate the consistency between the transaction event and the event to be certified；

The contract call unit 705 is for making the server-side call intelligent contract, and the intelligence contract is for authenticating Consistency between the transaction event and the event to be certified.

Optionally, further includes:

Authentication unit 706 makes to specify whether object is the transaction association object described in the server side authentication, to institute State client return authentication result.

Optionally, further includes:

Return unit 707, make the server-side to the client return the transaction association object entity identities and/ Or the event content of the transaction event.

Optionally,

The transaction event is by the transaction association object publishing to block chain；

Alternatively, the transaction event is different from described after the transaction association object is to transaction event signature The publisher of transaction association object is distributed to block chain.

Optionally,

The transaction event is distributed to block chain by itself corresponding block chain node by the publisher；

Alternatively, described device further include: release unit 708 makes the server-side receive the described of publisher's submission Transaction event, and the transaction event is distributed to by block chain by itself corresponding block chain node.

Optionally, further includes:

Authentication unit 709, it is corresponding with the signature that the transaction event is included to make that the server-side verifies the publisher Transaction association object between whether there is preset association relationship；

When there are the preset association relationship, the release unit 708 sends out the server-side by the transaction event Cloth is to block chain.

Optionally, the authentication unit 709 is specifically used for:

The server-side is set to inquire the pre-registered digital identity of publisher；

When the digital identity of the publisher be based on the transaction association object to the signature that the publisher provides and When registration, the server-side is made to determine that there are the preset association relationships.

Fig. 8 is a kind of schematic configuration diagram for equipment that an exemplary embodiment provides.Referring to FIG. 8, in hardware view, it should Equipment includes processor 802, internal bus 804, network interface 806, memory 808 and nonvolatile memory 810, is gone back certainly It may include hardware required for other business.Processor 802 reads corresponding computer journey from nonvolatile memory 810 Then sequence is run into memory 808, authentication device is formed on logic level.Certainly, other than software realization mode, this theory Other implementations, such as logical device or the mode of software and hardware combining etc. is not precluded in bright book one or more embodiment Deng, that is to say, that the executing subject of following process flow is not limited to each logic unit, is also possible to hardware or logic device Part.

Referring to FIG. 9, in Software Implementation, which may include:

Request unit 901 makes client initiate certification request to server-side for event to be certified, to indicate the service End obtains transaction event relevant to the event to be certified from block chain, and the transaction event is passed through by transaction association object Pre-registered digital identity is signed；

Identity reception unit 902 makes the client receive the entity identities of the transaction association object, for authenticating Whether specified object is the transaction association object, wherein the specified object be declared as it is related to the event to be certified, And the entity identities of the transaction association object by the server-side according to the signature of the transaction event, pre-recorded each Mapping relations between the entity identities and digital identity of object and determine；It is returned alternatively, the client receives the server-side The identity authentication result returned, the identity authentication result is for showing whether the specified object is the transaction association object.

Optionally, further includes:

Recognition unit 903 makes client identification bar pattern associated with the event to be certified, is traded Anchoring information；

Uploading unit 904 makes the client that the transaction anchoring information is uploaded to the server-side, by the clothes Business end obtains the transaction event from block chain.

It optionally, further include content receipt unit 905 or result receiving unit 906；Wherein:

The transaction event that the content receipt unit 905 is used to that the client to be made to receive the server-side return Event content, for authenticating the consistency between the transaction event and the event to be certified；

The result receiving unit 906 be used to making the client to receive content authentication that the server-side returns as a result, The content authentication result is used to show the consistency between the transaction event and the event to be certified.

System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity, Or it is realized by the product with certain function.A kind of typically to realize that equipment is computer, the concrete form of computer can To be personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play In device, navigation equipment, E-mail receiver/send equipment, game console, tablet computer, wearable device or these equipment The combination of any several equipment.

In a typical configuration, computer includes one or more processors (CPU), input/output interface, network Interface and memory.

Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium Example.

Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM), Digital versatile disc (DVD) or other optical storage, magnetic cassettes, disk storage, quantum memory, based on graphene Storage medium or other magnetic storage devices or any other non-transmission medium, can be used for storing can be accessed by a computing device Information.As defined in this article, computer-readable medium does not include temporary computer readable media (transitory media), Such as the data-signal and carrier wave of modulation.

It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described want There is also other identical elements in the process, method of element, commodity or equipment.

It is above-mentioned that this specification specific embodiment is described.Other embodiments are in the scope of the appended claims It is interior.In some cases, the movement recorded in detail in the claims or step can be come according to the sequence being different from embodiment It executes and desired result still may be implemented.In addition, process depicted in the drawing not necessarily require show it is specific suitable Sequence or consecutive order are just able to achieve desired result.In some embodiments, multitasking and parallel processing be also can With or may be advantageous.

The term that this specification one or more embodiment uses be only merely for for the purpose of describing particular embodiments, and It is not intended to be limiting this specification one or more embodiment.In this specification one or more embodiment and the appended claims Used in the "an" of singular, " described " and "the" be also intended to including most forms, unless context understands earth's surface Show other meanings.It is also understood that term "and/or" used herein refers to and includes one or more associated list Any or all of project may combine.

It will be appreciated that though this specification one or more embodiment may using term first, second, third, etc. come Various information are described, but these information should not necessarily be limited by these terms.These terms are only used to same type of information area each other It separates.For example, the first information can also be referred to as in the case where not departing from this specification one or more scope of embodiments Two information, similarly, the second information can also be referred to as the first information.Depending on context, word as used in this is " such as Fruit " can be construed to " ... when " or " when ... " or " in response to determination ".

The foregoing is merely the preferred embodiments of this specification one or more embodiment, not to limit this theory Bright book one or more embodiment, all within the spirit and principle of this specification one or more embodiment, that is done is any Modification, equivalent replacement, improvement etc. should be included within the scope of the protection of this specification one or more embodiment.

Claims

1. a kind of authentication method, comprising:

Server-side receives certification request, and the certification request is initiated by client for event to be certified, the event to be certified It is declared as related to specified object；

The server-side obtains transaction event relevant to the event to be certified from block chain, and the transaction event is by trading Affiliated partner is signed by pre-registered digital identity；

The server-side according to the signature of the transaction event, the entity identities of pre-recorded each object and digital identity it Between mapping relations, the entity identities of the transaction association object are determined, for authenticating whether the specified object is described Transaction association object.

2. according to the method described in claim 1, the server-side obtained from block chain it is relevant to the event to be certified Transaction event, comprising:

The server-side obtains transaction anchoring information, and the transaction anchoring information is declared as related to the event to be certified；

The server-side obtains the corresponding transaction event of the transaction anchoring information from block chain, using as with it is described to be certified The relevant transaction event of event.

3. method according to claim 1 or 2, further includes:

The server-side obtains the event content of the transaction event, for authenticating the transaction event and the thing to be certified Consistency between part；

Alternatively, the server-side calls intelligent contract, the intelligence contract for authenticate the transaction event with it is described to be certified Consistency between event.

4. according to the method described in claim 1, further include:

Specify whether object is the transaction association object described in the server side authentication, to the client return authentication knot Fruit.

5. according to the method described in claim 1, further include:

The server-side returns to the entity identities of the transaction association object and/or the thing of the transaction event to the client Part content.

6. according to the method described in claim 1,

Alternatively, the transaction event is different from the transaction after the transaction association object is to transaction event signature The publisher of affiliated partner is distributed to block chain.

7. according to the method described in claim 6,

Alternatively, the method also includes: the server-side receives the transaction event that the publisher submits, and passes through itself The transaction event is distributed to block chain by corresponding block chain node.

8. according to the method described in claim 7, further include:

Between the server-side verifies publisher transaction association object corresponding with the signature that the transaction event is included With the presence or absence of preset association relationship；

When there are the preset association relationship, the transaction event is distributed to block chain by the server-side.

9. according to the method described in claim 8, the server-side verifies the publisher and the transaction event is included It signs between corresponding transaction association object with the presence or absence of preset association relationship, comprising:

The server-side inquires the pre-registered digital identity of publisher；

When the digital identity of the publisher is to be registered based on the transaction association object to the signature that the publisher provides When, the server-side determines that there are the preset association relationships.

10. a kind of authentication method, comprising:

Client initiates certification request to server-side for event to be certified, is obtained with to indicate the server-side from block chain and The relevant transaction event of the event to be certified, the transaction event pass through pre-registered digital identity by transaction association object It signs；

The client receives the entity identities of the transaction association object, for authenticating whether specified object is the transaction Affiliated partner, wherein the specified object is declared as, and the reality of the transaction association object related to the event to be certified Body part is by the server-side according to the signature of the transaction event, the entity identities of pre-recorded each object and digital body Part between mapping relations and determine；Alternatively, the client receives the identity authentication result that the server-side returns, the body Part authentication result is for showing whether the specified object is the transaction association object.

11. according to the method described in claim 10, further include:

Client identification bar pattern associated with the event to be certified, obtains anchoring information of trading；

The transaction anchoring information is uploaded to the server-side by the client, to be obtained from block chain by the server-side The transaction event.

12. according to the method described in claim 10, further include:

The client receives the event content for the transaction event that the server-side returns, for authenticating the transaction thing Consistency between part and the event to be certified；

Alternatively, the client receives the content authentication that the server-side returns as a result, the content authentication result is for showing Consistency between the transaction event and the event to be certified.

13. a kind of authentication device, comprising:

Request reception unit makes server-side receive certification request, and the certification request is initiated by client for event to be certified, The event to be certified is declared as related to specified object；

Event acquiring unit makes the server-side obtain transaction event relevant to the event to be certified, institute from block chain It states transaction event and is signed by transaction association object by pre-registered digital identity；

Identity determination unit makes the server-side according to the signature of the transaction event, the entity of pre-recorded each object Mapping relations between identity and digital identity determine the entity identities of the transaction association object, for authenticating the finger Determine whether object is the transaction association object.

14. device according to claim 13, the event acquiring unit is specifically used for:

The server-side is set to obtain transaction anchoring information, the transaction anchoring information is declared as and the event phase to be certified It closes；

So that the server-side is obtained the corresponding transaction event of the transaction anchoring information from block chain, using as with described wait recognize The relevant transaction event of card event.

15. device described in 3 or 14 according to claim 1 further includes contents acquiring unit or contract call unit；Wherein:

The event content that the contents acquiring unit is used to that the server-side to be made to obtain the transaction event, with described for authenticating Consistency between transaction event and the event to be certified；

The contract call unit is for making the server-side call intelligent contract, and the intelligence contract is for authenticating the transaction Consistency between event and the event to be certified.

16. device according to claim 13, further includes:

Authentication unit makes to specify whether object is the transaction association object described in the server side authentication, to the client Hold return authentication result.

17. device according to claim 13, further includes:

Return unit makes the server-side return to the entity identities of the transaction association object and/or described to the client The event content of transaction event.

18. device according to claim 13,

19. device according to claim 18,

Alternatively, described device further include: release unit makes the server-side receive the transaction thing that the publisher submits Part, and the transaction event is distributed to by block chain by itself corresponding block chain node.

20. device according to claim 19, further includes:

Authentication unit, making that the server-side verifies the publisher, transaction corresponding with the signature that the transaction event is included is closed Join and whether there is preset association relationship between object；

When there are the preset association relationship, the release unit makes the server-side that the transaction event is distributed to block Chain.

21. device according to claim 20, the authentication unit is specifically used for:

When the digital identity of the publisher is to be registered based on the transaction association object to the signature that the publisher provides When, so that the server-side is determined that there are the preset association relationships.

22. a kind of authentication device, comprising:

Request unit makes client initiate certification request to server-side for event to be certified, to indicate the server-side from area Transaction event relevant with the event to be certified is obtained in block chain, the transaction event is passed through by transaction association object to be infused in advance The digital identity of volume is signed；

Identity reception unit makes the client receive the entity identities of the transaction association object, for authenticating specified pair As if it is no be the transaction association object, wherein the specified object be declared as it is related and described to the event to be certified The entity identities of transaction association object are by the server-side according to the signature of the transaction event, pre-recorded each object Mapping relations between entity identities and digital identity and determine；Alternatively, the client receives the body that the server-side returns Part authentication result, the identity authentication result is for showing whether the specified object is the transaction association object.

23. device according to claim 22, further includes:

Recognition unit makes client identification bar pattern associated with the event to be certified, obtains transaction anchoring and believe Breath；

Uploading unit makes the client that the transaction anchoring information is uploaded to the server-side, with by the server-side from The transaction event is obtained in block chain.

24. device according to claim 22 further includes content receipt unit or result receiving unit；Wherein:

In the event that the content receipt unit is used to that the client to be made to receive the transaction event that the server-side returns Hold, for authenticating the consistency between the transaction event and the event to be certified；

The content authentication that the result receiving unit is used to that the client to be made to receive the server-side return is as a result, the content Authentication result is used to show the consistency between the transaction event and the event to be certified.

25. a kind of electronic equipment, comprising:

Processor；

Memory for storage processor executable instruction；

Wherein, the processor is by running the executable instruction to realize side as claimed in any one of claims 1-9 wherein Method.

26. a kind of electronic equipment, comprising:

Processor；

Memory for storage processor executable instruction；

Wherein, the processor is by running the executable instruction to realize as described in any one of claim 10-12 Method.