Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with this specification one or more embodiment.Phase
Instead, they are only some aspects phases with the one or more embodiments of as detailed in the attached claim, this specification
The example of consistent device and method.
It should be understood that the sequence that might not show and describe according to this specification in other embodiments executes
The step of correlation method.In some other embodiments, step included by method can than described in this specification more
It is more or less.In addition, single step described in this specification, may be broken down into other embodiments multiple steps into
Row description;And multiple steps described in this specification, it may also be merged into single step progress in other embodiments
Description.
Fig. 1 is a kind of flow chart for authentication method that an exemplary embodiment provides.As shown in Figure 1, this method is applied to
Server-side may comprise steps of:
Step 102, server-side receives certification request, and the certification request is initiated by client for event to be certified, institute
State event to be certified be declared as it is related to specified object.
In one embodiment, specifying object is the object determined specified by " statement ".Specified object can be personal, mechanism
(such as enterprise) or both includes.The quantity of specified object can be limited for one or more, this specification not to this
System.
It in one embodiment, can be by arbitrary form to the incidence relation between " event to be certified " and " specified object "
It is stated, this specification is limited not to this.For example, can be by the content of " event to be certified " and " specified object "
Information is presented in same image, for example the image can be propagating poster, and the content of " event to be certified " is a surname in poster
Content, the information of " specified object " are passed as famous person's photo in poster, is equivalent to the promotional content stated in the artificial poster of this
Endorsement;For another example the information of the content of " event to be certified " and " specified object " can be printed upon on same paper, such as should
Paper can be business card, the content of " event to be certified " be job information in business card, " specified object " information be in business card
Name, be equivalent to state the business card issuer (i.e. the corresponding user of the name) be in corresponding position.
Step 104, the server-side obtains transaction event relevant to the event to be certified, the friendship from block chain
Easy event is signed by transaction association object by pre-registered digital identity.
In one embodiment, transaction association object can be registered to obtain corresponding digital body in advance at above-mentioned server-side
Part;Alternatively, the transaction association object can register to obtain at other service providers corresponding digital identity, and other clothes
Business provider can provide identity authentication service to above-mentioned server-side, or open to above-mentioned server-side to acquired reality
The access authority of mapping relations between body part and digital identity allows the server-side voluntarily to implement authentication.
In one embodiment, transaction association object can be mechanism, which can be used the entity identities of itself upper
The server-side stated is registered at other service providers, obtains corresponding digital identity.Transaction association object can be a
People, the entity identities which can be used itself are registered at above-mentioned server-side or other service providers, are obtained
Corresponding digital identity;Alternatively, the individual can obtain first as the employee of the artificial a certain structure of this or there are when certain association
The certification for obtaining a certain mechanism, obtains the signature that the registered digital identity of the mechanism is implemented, and being equivalent to the mechanism is the individual
Identity endorse, then the individual can be registered at above-mentioned server-side or other service providers by the signature
To corresponding digital identity.Certainly, transaction association object can also obtain digital identity by other means, and this specification is not
This is limited.
In one embodiment, when there are single transaction association object, the signature to transaction event is single signature;When depositing
In multiple transaction association objects, the signature to transaction event is multi-signature.
In one embodiment, transaction association object can be the publisher of transaction event, i.e., the transaction association object is to friendship
After easy event is signed, (by itself corresponding block chain node, block chain is directly distributed to the publication of block chain;Alternatively,
It is committed to server-side, block chain is distributed to by itself corresponding block chain node by server-side) transaction event.
In one embodiment, transaction association object is not the publisher of transaction event, which can be to this
After transaction event is signed, publisher is transferred to be distributed in block chain;Wherein, transaction association object can be to the publication
Side and transaction event are authenticated respectively, for example confirm that the identity of the publisher is true, reliable, confirm that the content of transaction event is true
It is real, reliable, and sign after being identified through certification for transaction event, otherwise do not implement to sign.For publisher's
When identity is authenticated, can limiting the publisher, there are preset association relationships, such as transaction association pair with transaction association object
Interior employee as enterprise, publisher being the enterprise, transaction association object is individual for another example, publisher is the transaction association
Address list good friend of object etc., and when the preset association relationship is not present, then it is assumed that the identity of publisher is unauthenticated.
In one embodiment, publisher can be by itself corresponding block chain node, the publication transaction thing into block chain
Part.
In one embodiment, transaction event can be committed to server-side by publisher, and be corresponded to by server-side by itself
Block chain node issue transaction event into block chain.Server-side can identity to publisher, the content of transaction event into
Row verifying: if the signature that transaction event includes is the signature of the publisher, and the identity of the publisher is registered to server-side
Or other service providers, then server-side can consider that the identity of publisher, the content of transaction event are true and reliable, Ke Yifa
Cloth is to block chain;If the signature that transaction event includes is the signature of the transaction association object except the publisher, service
End can be verified between the publisher and the transaction association object with the presence or absence of above-mentioned preset association relationship, such as transaction association
The interior employee that object is enterprise, publisher is the enterprise, transaction association object is individual for another example, publisher is that the transaction is closed
The address list good friend etc. for joining object can consider the identity of publisher, in transaction event when there are the preset association relationship
Rong Jun is true and reliable, can be distributed to block chain, otherwise it is assumed that the identity of publisher is unauthenticated, refusal is distributed to block
Chain.
Wherein, the server-side can inquire the pre-registered digital identity of the publisher;When the number of the publisher
Body part is based on the transaction association object to the signature that the publisher provides and when registering, and the server-side determines exist
The preset association relationship.For example, publisher can authenticate its entity identities by requests transaction affiliated partner in advance, and transaction association
Object can provide digital signature (by the private key of transaction association object after the entity identities for approving publisher to the publisher
Signed to obtain), and publisher can register the digital identity of itself based on the digital signature, so that the number of the publisher
Digital identity of the identity in registration just with transaction association object establishes incidence relation.So, server-side is receiving hair
After the above-mentioned transaction event that cloth side is submitted, can based on the incidence relation to the identity of the publisher, the content of transaction event into
Row verifying.
In one embodiment, transaction described in this specification (transfer) refers to that user passes through the visitor of block chain
The creation of family end, and a data for needing finally to be distributed in the distributed data base of block chain.Wherein, the friendship in block chain
Easily, there are points of the transaction of narrow sense and the transaction of broad sense.The transaction of narrow sense refers to the value that user issues to block chain
Transfer;For example, transaction can be one that user initiates in block chain and transfer accounts in traditional bit coin block chain network.
And the transaction of broad sense refers to the business datum being intended to business that user issues to block chain;For example, operator can be with
Alliance's chain is built based on actual business demand, alliance's chain is relied on and disposes some other types unrelated with value Transfer
In line service (for example, authentication business, business of renting a house, vehicle scheduling business, settlement of insurance claim business, credit services, medical services
Deng), and in this kind of alliance's chain, transaction can be the service message being intended to business that user issues in alliance's chain
Or service request.
In one embodiment, by the way that transaction event is deposited card in block chain, it can be ensured that the content of the transaction event is pacified
It is complete reliable, will not be tampered, and can be investigated from block chain account book at any time, there is high reliability and trusted
Degree.
In one embodiment, the available transaction anchoring information of server-side, the transaction anchoring information is declared as and institute
It is related to state event to be certified;Then, the server-side obtains the corresponding transaction event of the transaction anchoring information from block chain,
Using as transaction event relevant to the event to be certified.For example, when transaction event is released to based on a certain transaction
When block chain, which can be the information such as transaction journal number;For another example, when the transaction event is generated as block
When a certain intelligent contract in chain, which can title for the intelligence contract, the corresponding friendship of intelligence contract
The information such as easy serial number.
In one embodiment, the event content of the available transaction event of server-side, with for authenticate the transaction event with
Consistency between above-mentioned event to be certified, it is ensured that the transaction event can be used to implement body relevant to the event to be certified
Part certification.It especially, can be to avoid criminal couple when server-side obtains transaction event by above-mentioned transaction anchoring information
After transaction anchoring information is modified, misguidance is made to server-side.For example, for the propagating poster comprising famous person's photo,
Transaction anchoring information can be presented in the propagating poster in the form of two dimensional code etc., and if criminal is by the two dimension
Code anchoring is the transaction event that the famous person is directed to that other events are signed, then by the event to the transaction event
Appearance is checked, and the malfeasance of criminal can be recognized accurately, avoid judging by accident.
In one embodiment, server-side can call intelligent contract, and the intelligence contract is for authenticating the transaction event
With the consistency between the event to be certified;Similar with above-described embodiment, the present embodiment can likewise ensure that the transaction thing
Part can be used to implement authentication relevant to the event to be certified, and the judgement operation only for consistency can be by intelligence
Contract is automatically performed, is not completed by server-side, can also be based on the automatic of intelligent contract to mitigate the processing pressure of server-side
It executes characteristic and ensures the objectivity and fairness of authentication result.
In one embodiment, server-side can to client return transaction event event content, for client (or its
User) understand details, or the consistency between transaction event and event to be certified is verified for it.
Step 106, the server-side is according to the signature of the transaction event, the entity identities of pre-recorded each object
Mapping relations between digital identity determine the entity identities of the transaction association object, for authenticating described specified pair
As if no is the transaction association object.
In one embodiment, by obtaining transaction event relevant to event to be certified, and verifying for the transaction thing
Whether the signature of part, it is genuine and believable to be accurately judged to declared relationship between event to be certified and specified object, such as
When on propagating poster including famous person's photo, can determine whether the famous person is really the promotional content endorsement on poster, then compare
Whether the position for such as determining that name on piece includes is true.
In one embodiment, the entity identities for the transaction association object determined can be sent to client by server-side,
So that the entity identities of the transaction association object are compared by client or its user with the entity identities of specified object, with
Determine whether the two is consistent.
In one embodiment, server-side can be actively by the entity of the entity identities of the transaction association object and specified object
Identity is compared, to authenticate whether the specified object is the transaction association object, and further to the client
Return authentication result.Wherein, it in authentication result can only include the judging result of " whether consistent ", or can also further wrap
The entity identities of the object containing transaction association so that client (or its user) understands details, or verify above-mentioned judgement for it
As a result.
Fig. 2 is the flow chart for another authentication method that an exemplary embodiment provides.As shown in Fig. 2, this method application
In client, may comprise steps of:
Step 202, client initiates certification request to server-side for event to be certified, to indicate the server-side from area
Transaction event relevant with the event to be certified is obtained in block chain, the transaction event is passed through by transaction association object to be infused in advance
The digital identity of volume is signed.
In one embodiment, transaction association object can be registered to obtain corresponding digital body in advance at above-mentioned server-side
Part;Alternatively, the transaction association object can register to obtain at other service providers corresponding digital identity, and other clothes
Business provider can provide identity authentication service to above-mentioned server-side, or open to above-mentioned server-side to acquired reality
The access authority of mapping relations between body part and digital identity allows the server-side voluntarily to implement authentication.
In one embodiment, transaction association object can be mechanism, which can be used the entity identities of itself upper
The server-side stated is registered at other service providers, obtains corresponding digital identity.Transaction association object can be a
People, the entity identities which can be used itself are registered at above-mentioned server-side or other service providers, are obtained
Corresponding digital identity;Alternatively, the individual can obtain first as the employee of the artificial a certain structure of this or there are when certain association
The certification for obtaining a certain mechanism, obtains the signature that the registered digital identity of the mechanism is implemented, and being equivalent to the mechanism is the individual
Identity endorse, then the individual can be registered at above-mentioned server-side or other service providers by the signature
To corresponding digital identity.Certainly, transaction association object can also obtain digital identity by other means, and this specification is not
This is limited.
In one embodiment, when there are single transaction association object, the signature to transaction event is single signature;When depositing
In multiple transaction association objects, the signature to transaction event is multi-signature.
In one embodiment, transaction described in this specification (transfer) refers to that user passes through the visitor of block chain
The creation of family end, and a data for needing finally to be distributed in the distributed data base of block chain.Wherein, the friendship in block chain
Easily, there are points of the transaction of narrow sense and the transaction of broad sense.The transaction of narrow sense refers to the value that user issues to block chain
Transfer;For example, transaction can be one that user initiates in block chain and transfer accounts in traditional bit coin block chain network.
And the transaction of broad sense refers to the business datum being intended to business that user issues to block chain;For example, operator can be with
Alliance's chain is built based on actual business demand, alliance's chain is relied on and disposes some other types unrelated with value Transfer
In line service (for example, authentication business, business of renting a house, vehicle scheduling business, settlement of insurance claim business, credit services, medical services
Deng), and in this kind of alliance's chain, transaction can be the service message being intended to business that user issues in alliance's chain
Or service request.
In one embodiment, the client can identify bar pattern (such as item associated with the event to be certified
Shape code, two dimensional code etc.), obtain transaction anchoring information;Then, the transaction anchoring information can be uploaded to institute by the client
Server-side is stated, to obtain the transaction event from block chain by the server-side.For example, when transaction event is based on a certain friendship
When being easily released to block chain, which can be the information such as transaction journal number;For another example, when the transaction event
When a certain intelligent contract being generated as in block chain, which can be title, intelligence of the intelligence contract
The information such as the corresponding transaction journal number of contract.
Step 204, the client receives the entity identities of the transaction association object, to be for authenticating specified object
No is the transaction association object, wherein the specified object is declared as, and the transaction related to the event to be certified
The entity identities of affiliated partner are by the server-side according to the signature of the transaction event, the entity of pre-recorded each object
Mapping relations between identity and digital identity and determine;Recognize alternatively, the client receives the identity that the server-side returns
Card is as a result, the identity authentication result is used to show whether the specified object is the transaction association object.
In one embodiment, by obtaining transaction event relevant to event to be certified, and verifying for the transaction thing
Whether the signature of part, it is genuine and believable to be accurately judged to declared relationship between event to be certified and specified object, such as
When on propagating poster including famous person's photo, can determine whether the famous person is really the promotional content endorsement on poster, then compare
Whether the position for such as determining that name on piece includes is true.
In one embodiment, specifying object is the object determined specified by " statement ".Specified object can be personal, mechanism
(such as enterprise) or both includes.The quantity of specified object can be limited for one or more, this specification not to this
System.
It in one embodiment, can be by arbitrary form to the incidence relation between " event to be certified " and " specified object "
It is stated, this specification is limited not to this.For example, can be by the content of " event to be certified " and " specified object "
Information is presented in same image, for example the image can be propagating poster, and the content of " event to be certified " is a surname in poster
Content, the information of " specified object " are passed as famous person's photo in poster, is equivalent to the promotional content stated in the artificial poster of this
Endorsement;For another example the information of the content of " event to be certified " and " specified object " can be printed upon on same paper, such as should
Paper can be business card, the content of " event to be certified " be job information in business card, " specified object " information be in business card
Name, be equivalent to state the business card issuer (i.e. the corresponding user of the name) be in corresponding position.
In one embodiment, the client can receive in the event for the transaction event that the server-side returns
Hold, for authenticating the consistency between the transaction event and the event to be certified, it is ensured that the transaction event can be used for
Realize authentication relevant to the event to be certified.Especially, it is handed over when server-side is obtained by above-mentioned transaction anchoring information
When easy event, after being modified to avoid criminal to transaction anchoring information, misguidance is made to server-side.For example,
For the propagating poster comprising famous person's photo, transaction anchoring information can be presented in publicity sea in the form of two dimensional code etc.
In report, and if the two dimensional code is anchored and is directed to the transaction event that other events are signed for the famous person by criminal,
It is so checked by the event content to the transaction event, the malfeasance of criminal can be recognized accurately, avoid
It judges by accident.For example, showing that the transaction event is not and event phase to be certified when transaction event and event to be certified are inconsistent
The transaction event of pass, therefore client can be determined that specified object is not that the transaction of transaction event relevant to event to be certified is closed
Join object.
In one embodiment, the client can receive the content authentication of the server-side return as a result, the content
Authentication result is used to show the consistency between the transaction event and the event to be certified.It in other words, can be by server-side
Consistency between transaction event and above-mentioned event to be certified is authenticated, and obtain above-mentioned content authentication as a result, with
Inform client.Further, client can also receive the event content of the transaction event of server-side return, so that client
(or its user) will be seen that the consistency between details, or verifying transaction event and event to be certified.
Fig. 3 is a kind of schematic diagram for registration digital identity that an exemplary embodiment provides.As shown in figure 3, certification authority
(being specifically as follows the service end side application program run on the corresponding electronic equipment of certification authority) can be by entity authentication, number
According to analysis, the indirectly means such as certification, the registering functional of digital identity is provided.
By taking enterprise AA as an example, material and information needed for registration being provided to certification authority, and certification authority is verifying
After corresponding digital identity, such as mathematic for business identity 1 can be distributed to enterprise AA;Meanwhile certification authority can recorde
Mapping relations between business entity's identity 1 of enterprise AA and the mathematic for business identity 1, in order to subsequent implementation authentication.
Certification authority also issues public private key pair to enterprise AA, so that enterprise AA generates the number label for characterizing its mathematic for business identity 1
Name (or electronic signature).
Similarly, enterprise B B can be registered to certification authority and be obtained corresponding digital identity, such as mathematic for business
Identity 2.Meanwhile certification authority can recorde the pass of the mapping between business entity's identity 2 of enterprise B B and the mathematic for business identity 2
System, and the public private key pair for generating digital signature is issued to enterprise B B.
Analogously with the process of enterprise AA, enterprise B B registration digital identity, it is personal can also by similar mode to
Certification authority registers to obtain corresponding digital identity.For example, user A can provide registration required material and letter to certification authority
Breath, and certification authority can distribute corresponding digital identity, such as number identity 1 after being verified to user A.Together
When, certification authority can recorde the mapping relations between the user subject identity 1 of user A and the number identity 1, in order to
Subsequent implementation authentication.Certification authority also issues public private key pair to user A, so that user A is generated for characterizing its number of users
The digital signature of body part 1.
And for user B, in addition to registering to obtain digital identity to certification authority by the way of similar with user A
Except, if there are certain to be associated between the user B and enterprise B B, for example the user B is the employee of enterprise B B, then the user
B can also complete to register by enterprise B B.For example, user B can propose to authenticate to enterprise B B, which ties compared to certification
For structure is directly registered, after the material of required offer and information etc. frequently more simplify, and enterprise B B confirmation user B is by certification
Digital signature, such as the mathematic for business signature 2 generated by private key can be provided to the user B;And user B can be based on the enterprise
Industry digital signature 2 is registered to certification authority, to obtain the digital identity of certification authority's distribution, such as number identity
2.Meanwhile certification authority can recorde the mapping relations between the user subject identity 2 of user B and the number identity 2, and
The public private key pair for generating digital signature is issued to user B.
Based on foregoing description, any enterprise, individual etc. can register to certification authority, so that certification authority can be with
The mapping relations between the entity identities of each enterprise or individual and the digital identity of distribution are recorded respectively, and are issued for generating
The public private key pair of digital signature.
Below with reference to Fig. 4-5, by taking the famous person on propagating poster endorses information as an example, the certificate scheme of this specification is carried out
Detailed description.
Fig. 4 is the schematic diagram that a kind of information that an exemplary embodiment provides deposits card.As shown in Figure 4, it is assumed that user A is certain
One famous person, when the user A is authorized production propagating poster with intention xxx, i.e. when the user A is with xxx endorsement is meant, user
A can deposit card relevant information to block chain.
In one embodiment, the user equipment 1 that user A is used can be any types such as mobile phone, plate, PC,
This specification is limited not to this.By the client side application program run on the user equipment 1, enable user A
Enough complete the operation that card relevant information is deposited to block chain.For example, user A can be generated such as on the user equipment 1, " I is authorized
The proof information of xxx ", and the private key by calling certification authority to issue signs to the proof information, for example obtains corresponding
Digital signature be SIG_U1.Before calling private key to generate signature, authentication can be carried out to user A, for example password is tested
Card, input habit verifying or physiological characteristic verifying based on forms such as fingerprint, vocal print, face, irises etc., and after being verified
Allow to generate and sign, does not otherwise allow to generate and sign.
It certainly, actually can also be by for proving the generating process of information " I authorizes xxx " and digital signature SIG_U1
Certification authority completes, and user equipment 1 can be only used for providing interactive interface to user A, carry out authentication to user A (especially
It is the verifying based on physiological characteristic;It certainly, can also be complete by certification authority for password authentification, input habit verifying etc.
At) and certification authority between realize data transmission so that user A can indicate certification authority generate prove information sum number word
Signature.
In one embodiment, user equipment 1 can be configured as the block chain node in block chain, then the user sets
Standby 1 can submit a block chain transaction to block chain, and [I authorizes xxx;SIG_U1] so that [I authorizes for block chain transaction
xxx;SIG_U1] it is recorded into the block chain account book of the unified maintenance of each block chain node.
In one embodiment, user equipment 1 itself and it is not configured as block chain node, then the user equipment 1 can lead to
It crosses and will demonstrate that information " I authorizes xxx " and digital signature SIG_U1 are sent to block chain node, from block chain node to block
Chain submits above-mentioned block chain to trade, and [I authorizes xxx;SIG_U1], can equally making block chain transaction, [I authorizes xxx;
SIG_U1] it is recorded into the block chain account book of the unified maintenance of each block chain node.For example, certification authority can be configured as
One block chain node, and the service end side of the client side application program by running on user equipment 1, certification authority's place's operation
Application program, user equipment 1 can will demonstrate that information " I authorizes xxx " and digital signature SIG_U1 are sent to certification authority, and
Submitting above-mentioned block chain to trade from certification authority to block chain, [I authorizes xxx;SIG_U1].
In one embodiment, for the block chain transaction being published, [I authorizes xxx;SIG_U1], it can be formed corresponding
Access interface, in order to access during subsequent authentication.For example, the access interface can using quick response code form into
Row is presented, and the two dimensional code can be sent to the manufacturing mechanism (such as enterprise AA) of propagating poster by block chain node, so that
The two dimensional code can be added in propagating poster by enterprise AA.
After user B views propagating poster as shown in Figure 4, the xxx product that is publicized according to the propagating poster and
The photo of user A, can associate user A naturally may endorse for the xxx product, it is also possible to be criminal with
Meaning has used the photo of user A, then user B can be authenticated by the two dimensional code on the propagating poster, to determine that user A is
No authorize really endorses to the xxx product.
Fig. 5 is a kind of schematic diagram for Certificate Authority situation that an exemplary embodiment provides.As shown in Figure 5, it is assumed that user B
Operation has the application program of client-side on the electronic equipment 2 used, can call the camera module on the electronic equipment 2,
The two-dimensional code scanning content uploading that is scanned, and will identify that the two dimensional code on propagating poster as shown in Figure 4 extremely authenticates
Mechanism, to give authentication processing by certification authority.
In one embodiment, two-dimensional code scanning content includes the access interface information generated in embodiment illustrated in fig. 4, certification
Mechanism can inquire block chain account book based on the two-dimensional code scanning content:
In the first scenario, certification authority possibly can not inquire any block chain transaction, show on propagating poster
Two dimensional code is the garbage that criminal is arbitrarily arranged, and user A is issued not into block chain and authorized with to xxx product
Proof information, then certification authority can be determined that as authentification failure, i.e. user A and unauthorized.
In the latter case, certification authority is accessible trades to corresponding block chain, but in block chain transaction simultaneously
Comprising digital signature or comprising digital signature and non-user A corresponding to SIG_U1, show the two dimension on propagating poster
Code is the personation information that criminal is arbitrarily arranged, the card that user A is issued not into block chain and authorized to xxx product
Bright information, then certification authority can be determined that as authentification failure, i.e. user A and unauthorized.
In a third case, certification authority is accessible trades to corresponding block chain, includes in block chain transaction
Digital signature be SIG_U1, certification authority can issue record based on the mapping relations and public private key pair recorded in Fig. 3, really
Fixed digital signature SIG_U1 corresponds to user A.So, it includes user A to xxx product that block chain transaction, which has certain probability,
The proof information authorized;But under certain probability, block chain transaction may be carried out comprising user A to other products
The proof information of authorization, and not directed to the authorization message of xxx product, thus certification authority can further hand over the block chain
The content for easily being included is authenticated, with ensure it includes proof information be " I authorizes xxx " or similar description, and be not
Irrelevant contents such as " I authorize yyy ".
In one embodiment, authentication information can be back to user equipment 2 by certification authority, so that user equipment 2 can
Related content to be shown to user B.For example, when the block chain transaction that authentication structures are accessed includes to prove information really
When " I authorizes xxx " and digital signature SIG_U1, authentication information can with as shown in figure 5, include prove information " I authorizes xxx " with
And (digital signature can reflect out digital identity to the corresponding entity identities of digital signature SIG_U1 " user A ", further combined with number
The mapping relations of body part and entity identities can determine entity identities).
In one embodiment, in authentication information can also comprising certification conclusion, such as " passing through certification " or " authorization ",
" unauthenticated " or " unauthorized " etc..Certainly, conclusion is authenticated not necessarily;Even if only trading comprising block chain in authentication information
The content for being included, the corresponding entity information of digital signature for being included etc., user B equally can be by checking the authentication information
And the content in combination propagating poster, determine whether user A authorizes.For example, when authentication information includes " not inquire authorization letter
When the contents such as breath ", " I authorizes yyy ", " signature: user C ", " unsigning ", user B can determine user A not to xxx product
It is authorized.
Similar to the embodiment of above-mentioned " propagating poster ", the technical solution of this specification obviously can also be applied to it is many its
Under his scene, it may be incorporated for realizing fast and accurately authentication operation.
For example, user B wishes to carry out depositing card to the position of oneself name on piece, to show the authenticity of the position.It is assumed that with
Family B belongs to the CEO of the director of enterprise AA, the chairman of enterprise B B and enterprise CC simultaneously, then name on piece can be needed to remember by user B
The job information " user B: enterprise AA- director, enterprise B chairman B-, enterprise CC-CEO " of load transfers to each enterprise to recognize respectively
Card, and each enterprise can be signed by the private key that itself holds respectively after certification passes through, and user B is obtained
To the Multi Digital Signature SIG_M of above-mentioned job information.Then, user B can be mentioned by user equipment 2 into block chain account book
The transaction of block chain is handed over, includes above-mentioned job information and Multi Digital Signature SIG_M in block chain transaction, and user B can be obtained
The access interface for block chain transaction is obtained, and the two dimensional code for corresponding to the access interface is printed on to the name on piece of user B.
So, when business card is distributed to user X by user B, the user X can by scanning the two dimensional code of this on piece,
Request certification authority is authenticated.And certification authority can inquire phase from block chain by embodiment such as shown in fig. 5
The block chain transaction answered, block chain transaction include job information " user B: enterprise AA- director, enterprise B chairman B-, enterprise CC-
CEO ", and corresponding to the Multi Digital Signature SIG_M of enterprise AA, enterprise B B and enterprise CC, certification authority can be by the position
Information " user B: enterprise AA- director, enterprise B chairman B-, enterprise CC-CEO " enterprise corresponding with Multi Digital Signature SIG_M
The information of AA, enterprise B B and enterprise CC are back to user X, so that user X determines the true of the practical job information marked of name on piece
Reality.
For example, when being labelled with the CEO that user B is the director of enterprise AA, the chairman of enterprise B B and enterprise CC on business card, i.e.,
Contents of visiting cards is declared as related to enterprise AA, enterprise B B, enterprise CC and enterprise DD;So, if including in the transaction of block chain
The signature of enterprise AA, enterprise B B and enterprise CC, and the position marked on business card and the job information for including in the transaction of block chain
Unanimously, then it is considered that the job information marked on business card is true.But if signing messages is inconsistent or position
Information is inconsistent, then showing that the job information marked on business card may be false.
Fig. 6 is a kind of schematic configuration diagram for equipment that an exemplary embodiment provides.Referring to FIG. 6, in hardware view, it should
Equipment includes processor 602, internal bus 604, network interface 606, memory 608 and nonvolatile memory 610, is gone back certainly
It may include hardware required for other business.Processor 602 reads corresponding computer journey from nonvolatile memory 610
Then sequence is run into memory 608, authentication device is formed on logic level.Certainly, other than software realization mode, this theory
Other implementations, such as logical device or the mode of software and hardware combining etc. is not precluded in bright book one or more embodiment
Deng, that is to say, that the executing subject of following process flow is not limited to each logic unit, is also possible to hardware or logic device
Part.
Referring to FIG. 7, in Software Implementation, which may include:
Request reception unit 701, makes server-side receive certification request, and the certification request is directed to thing to be certified by client
Part is initiated, and the event to be certified is declared as related to specified object;
Event acquiring unit 702 makes the server-side obtain transaction relevant to the event to be certified from block chain
Event, the transaction event are signed by transaction association object by pre-registered digital identity;
Identity determination unit 703 makes signature of the server-side according to the transaction event, pre-recorded each object
Entity identities and digital identity between mapping relations, the entity identities of the transaction association object are determined, with for authenticating
Whether the specified object is the transaction association object.
Optionally, the event acquiring unit 702 is specifically used for:
The server-side is set to obtain transaction anchoring information, the transaction anchoring information is declared as and the event to be certified
It is related;
So that the server-side is obtained the corresponding transaction event of the transaction anchoring information from block chain, using as with it is described
The relevant transaction event of event to be certified.
It optionally, further include contents acquiring unit 704 or contract call unit 705;Wherein:
The event content that the contents acquiring unit 704 is used to that the server-side to be made to obtain the transaction event, to be used for
Authenticate the consistency between the transaction event and the event to be certified;
The contract call unit 705 is for making the server-side call intelligent contract, and the intelligence contract is for authenticating
Consistency between the transaction event and the event to be certified.
Optionally, further includes:
Authentication unit 706 makes to specify whether object is the transaction association object described in the server side authentication, to institute
State client return authentication result.
Optionally, further includes:
Return unit 707, make the server-side to the client return the transaction association object entity identities and/
Or the event content of the transaction event.
Optionally,
The transaction event is by the transaction association object publishing to block chain;
Alternatively, the transaction event is different from described after the transaction association object is to transaction event signature
The publisher of transaction association object is distributed to block chain.
Optionally,
The transaction event is distributed to block chain by itself corresponding block chain node by the publisher;
Alternatively, described device further include: release unit 708 makes the server-side receive the described of publisher's submission
Transaction event, and the transaction event is distributed to by block chain by itself corresponding block chain node.
Optionally, further includes:
Authentication unit 709, it is corresponding with the signature that the transaction event is included to make that the server-side verifies the publisher
Transaction association object between whether there is preset association relationship;
When there are the preset association relationship, the release unit 708 sends out the server-side by the transaction event
Cloth is to block chain.
Optionally, the authentication unit 709 is specifically used for:
The server-side is set to inquire the pre-registered digital identity of publisher;
When the digital identity of the publisher be based on the transaction association object to the signature that the publisher provides and
When registration, the server-side is made to determine that there are the preset association relationships.
Fig. 8 is a kind of schematic configuration diagram for equipment that an exemplary embodiment provides.Referring to FIG. 8, in hardware view, it should
Equipment includes processor 802, internal bus 804, network interface 806, memory 808 and nonvolatile memory 810, is gone back certainly
It may include hardware required for other business.Processor 802 reads corresponding computer journey from nonvolatile memory 810
Then sequence is run into memory 808, authentication device is formed on logic level.Certainly, other than software realization mode, this theory
Other implementations, such as logical device or the mode of software and hardware combining etc. is not precluded in bright book one or more embodiment
Deng, that is to say, that the executing subject of following process flow is not limited to each logic unit, is also possible to hardware or logic device
Part.
Referring to FIG. 9, in Software Implementation, which may include:
Request unit 901 makes client initiate certification request to server-side for event to be certified, to indicate the service
End obtains transaction event relevant to the event to be certified from block chain, and the transaction event is passed through by transaction association object
Pre-registered digital identity is signed;
Identity reception unit 902 makes the client receive the entity identities of the transaction association object, for authenticating
Whether specified object is the transaction association object, wherein the specified object be declared as it is related to the event to be certified,
And the entity identities of the transaction association object by the server-side according to the signature of the transaction event, pre-recorded each
Mapping relations between the entity identities and digital identity of object and determine;It is returned alternatively, the client receives the server-side
The identity authentication result returned, the identity authentication result is for showing whether the specified object is the transaction association object.
Optionally, further includes:
Recognition unit 903 makes client identification bar pattern associated with the event to be certified, is traded
Anchoring information;
Uploading unit 904 makes the client that the transaction anchoring information is uploaded to the server-side, by the clothes
Business end obtains the transaction event from block chain.
It optionally, further include content receipt unit 905 or result receiving unit 906;Wherein:
The transaction event that the content receipt unit 905 is used to that the client to be made to receive the server-side return
Event content, for authenticating the consistency between the transaction event and the event to be certified;
The result receiving unit 906 be used to making the client to receive content authentication that the server-side returns as a result,
The content authentication result is used to show the consistency between the transaction event and the event to be certified.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity,
Or it is realized by the product with certain function.A kind of typically to realize that equipment is computer, the concrete form of computer can
To be personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play
In device, navigation equipment, E-mail receiver/send equipment, game console, tablet computer, wearable device or these equipment
The combination of any several equipment.
In a typical configuration, computer includes one or more processors (CPU), input/output interface, network
Interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable
Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),
Digital versatile disc (DVD) or other optical storage, magnetic cassettes, disk storage, quantum memory, based on graphene
Storage medium or other magnetic storage devices or any other non-transmission medium, can be used for storing can be accessed by a computing device
Information.As defined in this article, computer-readable medium does not include temporary computer readable media (transitory media),
Such as the data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability
It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap
Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described want
There is also other identical elements in the process, method of element, commodity or equipment.
It is above-mentioned that this specification specific embodiment is described.Other embodiments are in the scope of the appended claims
It is interior.In some cases, the movement recorded in detail in the claims or step can be come according to the sequence being different from embodiment
It executes and desired result still may be implemented.In addition, process depicted in the drawing not necessarily require show it is specific suitable
Sequence or consecutive order are just able to achieve desired result.In some embodiments, multitasking and parallel processing be also can
With or may be advantageous.
The term that this specification one or more embodiment uses be only merely for for the purpose of describing particular embodiments, and
It is not intended to be limiting this specification one or more embodiment.In this specification one or more embodiment and the appended claims
Used in the "an" of singular, " described " and "the" be also intended to including most forms, unless context understands earth's surface
Show other meanings.It is also understood that term "and/or" used herein refers to and includes one or more associated list
Any or all of project may combine.
It will be appreciated that though this specification one or more embodiment may using term first, second, third, etc. come
Various information are described, but these information should not necessarily be limited by these terms.These terms are only used to same type of information area each other
It separates.For example, the first information can also be referred to as in the case where not departing from this specification one or more scope of embodiments
Two information, similarly, the second information can also be referred to as the first information.Depending on context, word as used in this is " such as
Fruit " can be construed to " ... when " or " when ... " or " in response to determination ".
The foregoing is merely the preferred embodiments of this specification one or more embodiment, not to limit this theory
Bright book one or more embodiment, all within the spirit and principle of this specification one or more embodiment, that is done is any
Modification, equivalent replacement, improvement etc. should be included within the scope of the protection of this specification one or more embodiment.