CN109327312B - Authentication method and device and electronic equipment - Google Patents

Authentication method and device and electronic equipment Download PDF

Info

Publication number
CN109327312B
CN109327312B CN201811258195.4A CN201811258195A CN109327312B CN 109327312 B CN109327312 B CN 109327312B CN 201811258195 A CN201811258195 A CN 201811258195A CN 109327312 B CN109327312 B CN 109327312B
Authority
CN
China
Prior art keywords
transaction
event
server
authenticated
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811258195.4A
Other languages
Chinese (zh)
Other versions
CN109327312A (en
Inventor
林立
闫莺
宋旭阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ant Chain Technology Co ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN202010393386.2A priority Critical patent/CN111600716B/en
Priority to CN201811258195.4A priority patent/CN109327312B/en
Publication of CN109327312A publication Critical patent/CN109327312A/en
Priority to TW108109552A priority patent/TW202016833A/en
Priority to PCT/CN2019/102816 priority patent/WO2020082886A1/en
Application granted granted Critical
Publication of CN109327312B publication Critical patent/CN109327312B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

One or more embodiments of the present specification provide an authentication method, an authentication apparatus, and an electronic device, where the method may include: the server receives an authentication request, wherein the authentication request is initiated by a client aiming at an event to be authenticated, and the event to be authenticated is declared to be related to a specified object; the server side obtains a transaction event related to the event to be authenticated from a block chain, and the transaction event is signed by a transaction related object through a pre-registered digital identity; and the server side determines the entity identity of the transaction related object according to the signature of the transaction event and the mapping relation between the entity identity and the digital identity of each pre-recorded object, so as to authenticate whether the designated object is the transaction related object.

Description

Authentication method and device and electronic equipment
Technical Field
One or more embodiments of the present disclosure relate to the field of identity authentication technologies, and in particular, to an authentication method and apparatus, and an electronic device.
Background
In the related art, when an event is declared to be associated with a certain person or organization, it is often difficult to judge the authenticity of the event, and may even suffer as a result. Meanwhile, for an individual or organization stated to be associated with the event, even if there is no association in fact, it may be regarded as a post-event right-maintaining object, causing unnecessary trouble and dispute.
Disclosure of Invention
In view of this, one or more embodiments of the present disclosure provide an authentication method and apparatus, and an electronic device.
To achieve the above object, one or more embodiments of the present disclosure provide the following technical solutions:
according to a first aspect of one or more embodiments of the present specification, there is provided an authentication method including:
the server receives an authentication request, wherein the authentication request is initiated by a client aiming at an event to be authenticated, and the event to be authenticated is declared to be related to a specified object;
the server side obtains a transaction event related to the event to be authenticated from a block chain, and the transaction event is signed by a transaction related object through a pre-registered digital identity;
and the server side determines the entity identity of the transaction related object according to the signature of the transaction event and the mapping relation between the entity identity and the digital identity of each pre-recorded object, so as to authenticate whether the designated object is the transaction related object.
According to a second aspect of one or more embodiments of the present specification, there is provided an authentication method including:
the method comprises the steps that a client side initiates an authentication request to a server side aiming at an event to be authenticated so as to indicate the server side to acquire a transaction event related to the event to be authenticated from a block chain, wherein the transaction event is signed by a transaction related object through a pre-registered digital identity;
the client receives the entity identity of the transaction related object for authenticating whether a specified object is the transaction related object, wherein the specified object is declared to be related to the event to be authenticated, and the entity identity of the transaction related object is determined by the server according to the signature of the transaction event and the mapping relation between the entity identity and the digital identity of each object recorded in advance; or, the client receives an identity authentication result returned by the server, where the identity authentication result is used to indicate whether the designated object is the transaction-related object.
According to a third aspect of one or more embodiments of the present specification, there is provided an authentication apparatus including:
a request receiving unit that causes a server to receive an authentication request initiated by a client for an event to be authenticated declared as being related to a specified object;
the event acquisition unit is used for enabling the server to acquire a transaction event related to the event to be authenticated from a block chain, wherein the transaction event is signed by a transaction related object through a pre-registered digital identity;
and the identity determining unit is used for enabling the server to determine the entity identity of the transaction related object according to the signature of the transaction event and the mapping relation between the entity identity and the digital identity of each pre-recorded object so as to be used for authenticating whether the specified object is the transaction related object.
According to a fourth aspect of one or more embodiments of the present specification, there is provided an authentication apparatus including:
the system comprises a request unit, a transaction association object and a service end, wherein the request unit enables a client to initiate an authentication request to the service end aiming at an event to be authenticated so as to indicate the service end to acquire a transaction event related to the event to be authenticated from a block chain, and the transaction event is signed by a transaction association object through a pre-registered digital identity;
the identity receiving unit enables the client to receive the entity identity of the transaction related object so as to be used for authenticating whether a specified object is the transaction related object or not, wherein the specified object is declared to be related to the event to be authenticated, and the entity identity of the transaction related object is determined by the server according to the signature of the transaction event and the mapping relation between the entity identity and the digital identity of each object recorded in advance; or, the client receives an identity authentication result returned by the server, where the identity authentication result is used to indicate whether the designated object is the transaction-related object.
According to a fifth aspect of one or more embodiments herein, there is provided an electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of the first aspect by executing the executable instructions.
According to a sixth aspect of one or more embodiments herein, there is provided an electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method according to the second aspect by executing the executable instructions.
Drawings
Fig. 1 is a flowchart of an authentication method provided in an exemplary embodiment.
Fig. 2 is a flow chart of another authentication method provided by an example embodiment.
Fig. 3 is a schematic diagram of registering a digital identity according to an exemplary embodiment.
Fig. 4 is a schematic diagram of an information certificate provided in an exemplary embodiment.
Fig. 5 is a schematic diagram of an authentication and authorization scenario provided by an exemplary embodiment.
Fig. 6 is a schematic structural diagram of an apparatus according to an exemplary embodiment.
Fig. 7 is a block diagram of an authentication apparatus according to an exemplary embodiment.
Fig. 8 is a schematic structural diagram of another apparatus provided in an exemplary embodiment.
Fig. 9 is a block diagram of another authentication apparatus provided in an example embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with one or more embodiments of the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of one or more embodiments of the specification, as detailed in the claims which follow.
It should be noted that: in other embodiments, the steps of the corresponding methods are not necessarily performed in the order shown and described herein. In some other embodiments, the method may include more or fewer steps than those described herein. Moreover, a single step described in this specification may be broken down into multiple steps for description in other embodiments; multiple steps described in this specification may be combined into a single step in other embodiments.
Fig. 1 is a flowchart of an authentication method provided in an exemplary embodiment. As shown in fig. 1, the method applied to the server may include the following steps:
step 102, the server receives an authentication request, the authentication request is initiated by the client for an event to be authenticated, and the event to be authenticated is declared to be related to a specified object.
In one embodiment, the specified object is the object specified by the "declaration". The designated object may be an individual, an organization (e.g., a business, etc.), or both. The number of the designated objects may be one or more, and the specification does not limit this.
In an embodiment, the association relationship between the "event to be authenticated" and the "specified object" may be declared in any form, which is not limited in this specification. For example, the content of the "event to be authenticated" and the information of the "specified object" may be presented in the same image, for example, the image may be a poster for promotion, the content of the "event to be authenticated" is the promotional content in the poster, and the information of the "specified object" is a celebrity photo in the poster, which is equivalent to declaring that the celebrity is endorsement of the promotional content in the poster; for another example, the content of the "event to be authenticated" and the information of the "specified object" may be printed on the same paper, for example, the paper may be a business card, the content of the "event to be authenticated" is position information in the business card, and the information of the "specified object" is a name in the business card, which is equivalent to declaring that an issuer of the business card (i.e., a user corresponding to the name) is in a corresponding position.
And 104, the server side acquires a transaction event related to the event to be authenticated from the block chain, and the transaction event is signed by a transaction related object through a pre-registered digital identity.
In an embodiment, the transaction-related object may be registered in advance at the service end to obtain a corresponding digital identity; alternatively, the transaction related object may be registered at another service provider to obtain a corresponding digital identity, and the other service provider may provide an identity authentication service to the server, or open an access right to the obtained mapping relationship between the entity identity and the digital identity to the server, so that the server may perform identity authentication by itself.
In one embodiment, the transaction-related object may be an organization, which may use its own entity identity to register with the service provider or other service provider to obtain the corresponding digital identity. The transaction related object can be an individual, and the individual can use the entity identity of the individual to register at the server or other service providers to obtain the corresponding digital identity; alternatively, when the individual is an employee of a structure or has some association, the individual may first obtain a certificate of an organization, obtain a signature implemented by a digital identity registered by the organization, which is equivalent to the organization endorsing the identity of the individual, and then the individual may register with the server or other service provider to obtain a corresponding digital identity through the signature. Of course, the transaction-related object may also obtain the digital identity in other ways, which is not limited in this specification.
In one embodiment, when there is a single transaction-related object, the signature for the transaction event is a single signature; when there are multiple transaction-associated objects, the signature for the transaction event is a multiple signature.
In an embodiment, the transaction related object may be a publisher of the transaction event, that is, the transaction related object signs the transaction event and then publishes the transaction event to the blockchain (directly publishes the transaction event to the blockchain through a corresponding blockchain node of the transaction related object, or submits the transaction related object to the server and publishes the transaction event to the blockchain through a corresponding blockchain node of the server).
In an embodiment, the transaction related object is not a publisher of the transaction event, and the transaction related object can be signed and then submitted to the publisher to publish the transaction event to the blockchain; the transaction related object may authenticate the issuer and the transaction event respectively, for example, to confirm that the identity of the issuer is real and reliable, to confirm that the content of the transaction event is real and reliable, and to sign the transaction event after the authentication is confirmed, otherwise, to not implement the signature. When the identity of the publisher is authenticated, the publisher and the transaction related object may be restricted from having a preset association relationship, for example, the transaction related object is an enterprise, the publisher is an internal employee of the enterprise, and further, for example, the transaction related object is a person, the publisher is an address book friend of the transaction related object, and when the preset association relationship does not exist, the identity of the publisher is considered to be not authenticated.
In an embodiment, the publisher may publish the transaction event to the blockchain through its corresponding blockchain node.
In an embodiment, the publisher may submit the transaction event to the server, and publish the transaction event to the blockchain through its corresponding blockchain link point by the server. The server can verify the identity of the publisher and the content of the transaction event: if the signature included in the transaction event is the signature of the publisher and the identity of the publisher is registered to the server or other service providers, the server can consider that the identity of the publisher and the content of the transaction event are both true and reliable and can publish the transaction event to the blockchain; if the signature included in the transaction event is the signature of the transaction related object other than the issuing party, the server may verify whether the preset association relationship exists between the issuing party and the transaction related object, for example, the transaction related object is an enterprise, the issuing party is an internal employee of the enterprise, further, the transaction related object is a person, the issuing party is an address book friend of the transaction related object, and the like.
The server side can inquire the digital identity registered by the publisher in advance; when the digital identity of the publisher is registered based on the signature provided by the transaction correlation object to the publisher, the server determines that the preset correlation relationship exists. For example, the issuing party may request the transaction related object to authenticate the entity identity of the issuing party in advance, and after the transaction related object approves the entity identity of the issuing party, the issuing party may be provided with a digital signature (obtained by signing with a private key of the transaction related object), and the issuing party may register its own digital identity based on the digital signature, so that the digital identity of the issuing party already establishes an association relationship with the digital identity of the transaction related object when registering. Then, after receiving the transaction event submitted by the issuing party, the server may verify the identity of the issuing party and the content of the transaction event based on the association relationship.
In one embodiment, the transaction (transfer) described in this specification refers to a piece of data that a user creates through a client of a blockchain and needs to be finally published to a distributed database of the blockchain. The transactions in the blockchain are classified into narrow transactions and broad transactions. A narrowly defined transaction refers to a transfer of value issued by a user to a blockchain; for example, in a conventional bitcoin blockchain network, the transaction may be a transfer initiated by the user in the blockchain. The broad transaction refers to a piece of business data with business intention, which is issued to the blockchain by a user; for example, an operator may build a federation chain based on actual business requirements, relying on the federation chain to deploy some other types of online business unrelated to value transfer (e.g., authentication business, rental service, vehicle dispatching business, insurance claim settlement business, credit service, medical service, etc.), and in such federation chain, the transaction may be a business message or business request with business intent issued by a user in the federation chain.
In one embodiment, by storing the transaction event in the blockchain, the content of the transaction event can be ensured to be secure and reliable, cannot be tampered, and can be checked from the blockchain account book at any time, so that the method has extremely high reliability and credibility.
In one embodiment, the server may obtain transaction anchor information, which is declared to be related to the event to be authenticated; then, the server side obtains the transaction event corresponding to the transaction anchoring information from the block chain, and the transaction event is used as the transaction event related to the event to be authenticated. For example, when a transaction event is issued to the blockchain based on a certain transaction, the transaction anchor information may be information such as a transaction serial number; for another example, when the transaction event is generated as a certain intelligent contract in the blockchain, the transaction anchor information may be information such as a name of the intelligent contract, a transaction serial number corresponding to the intelligent contract, and the like.
In an embodiment, the server may obtain event content of the transaction event, so as to be used for authenticating consistency between the transaction event and the event to be authenticated, and ensure that the transaction event may be used for implementing identity authentication related to the event to be authenticated. Particularly, when the server side obtains the transaction event through the transaction anchoring information, the phenomenon that a lawbreaker makes wrong guidance to the server side after changing the transaction anchoring information can be avoided. For example, for a propaganda poster containing a photo of a celebrity, transaction anchoring information can be presented in the propaganda poster in the form of a two-dimensional code and the like, and if a lawbreaker anchors the two-dimensional code as a transaction event obtained by signing other events by the celebrity, the lawbreaker can be accurately identified by checking the event content of the transaction event, so that misjudgment is avoided.
In one embodiment, the server may invoke an intelligent contract, the intelligent contract being used to authenticate consistency between the transaction event and the event to be authenticated; similar to the above embodiments, this embodiment may also ensure that the transaction event may be used to implement identity authentication related to the event to be authenticated, and only the operation of determining the consistency may be automatically completed by the intelligent contract, but not completed by the server, so as to reduce the processing pressure of the server, and may also ensure objectivity and fairness of the authentication result based on the automatic execution characteristics of the intelligent contract.
In one embodiment, the server may return the event content of the transaction event to the client for the client (or its user) to know the details or for it to verify the consistency between the transaction event and the event to be authenticated.
And 106, the server determines the entity identity of the transaction related object according to the signature of the transaction event and the pre-recorded mapping relationship between the entity identity and the digital identity of each object, so as to authenticate whether the specified object is the transaction related object.
In one embodiment, by obtaining a transaction event related to an event to be authenticated and verifying a signature for the transaction event, it can be accurately determined whether a declared relationship between the event to be authenticated and a specified object is authentic or not, for example, when a celebrity photo is contained on a promotion poster, whether the celebrity is actually endorsed in promotion content on the poster, whether a position contained on a business card is authentic or not, and the like.
In an embodiment, the server may send the determined entity identity of the transaction related object to the client, so that the client or its user compares the entity identity of the transaction related object with the entity identity of the designated object to determine whether the two are consistent.
In an embodiment, the server may actively compare the entity identity of the transaction related object with the entity identity of the designated object, so as to authenticate whether the designated object is the transaction related object, and further return an authentication result to the client. The authentication result may only include a "whether" determination result, or may further include an entity identity of the transaction-related object, so that the client (or the user thereof) can know details of the determination result, or can verify the determination result.
Fig. 2 is a flow chart of another authentication method provided by an example embodiment. As shown in fig. 2, the method applied to the client may include the following steps:
step 202, a client initiates an authentication request to a server for an event to be authenticated to instruct the server to acquire a transaction event related to the event to be authenticated from a block chain, wherein the transaction event is signed by a transaction related object through a pre-registered digital identity.
In an embodiment, the transaction-related object may be registered in advance at the service end to obtain a corresponding digital identity; alternatively, the transaction related object may be registered at another service provider to obtain a corresponding digital identity, and the other service provider may provide an identity authentication service to the server, or open an access right to the obtained mapping relationship between the entity identity and the digital identity to the server, so that the server may perform identity authentication by itself.
In one embodiment, the transaction-related object may be an organization, which may use its own entity identity to register with the service provider or other service provider to obtain the corresponding digital identity. The transaction related object can be an individual, and the individual can use the entity identity of the individual to register at the server or other service providers to obtain the corresponding digital identity; alternatively, when the individual is an employee of a structure or has some association, the individual may first obtain a certificate of an organization, obtain a signature implemented by a digital identity registered by the organization, which is equivalent to the organization endorsing the identity of the individual, and then the individual may register with the server or other service provider to obtain a corresponding digital identity through the signature. Of course, the transaction-related object may also obtain the digital identity in other ways, which is not limited in this specification.
In one embodiment, when there is a single transaction-related object, the signature for the transaction event is a single signature; when there are multiple transaction-associated objects, the signature for the transaction event is a multiple signature.
In one embodiment, the transaction (transfer) described in this specification refers to a piece of data that a user creates through a client of a blockchain and needs to be finally published to a distributed database of the blockchain. The transactions in the blockchain are classified into narrow transactions and broad transactions. A narrowly defined transaction refers to a transfer of value issued by a user to a blockchain; for example, in a conventional bitcoin blockchain network, the transaction may be a transfer initiated by the user in the blockchain. The broad transaction refers to a piece of business data with business intention, which is issued to the blockchain by a user; for example, an operator may build a federation chain based on actual business requirements, relying on the federation chain to deploy some other types of online business unrelated to value transfer (e.g., authentication business, rental service, vehicle dispatching business, insurance claim settlement business, credit service, medical service, etc.), and in such federation chain, the transaction may be a business message or business request with business intent issued by a user in the federation chain.
In one embodiment, the client may identify a barcode pattern (e.g., barcode, two-dimensional code, etc.) associated with the event to be authenticated, and obtain transaction anchoring information; then, the client may upload the transaction anchor information to the server, so that the server obtains the transaction event from the blockchain. For example, when a transaction event is issued to the blockchain based on a certain transaction, the transaction anchor information may be information such as a transaction serial number; for another example, when the transaction event is generated as a certain intelligent contract in the blockchain, the transaction anchor information may be information such as a name of the intelligent contract, a transaction serial number corresponding to the intelligent contract, and the like.
Step 204, the client receives the entity identity of the transaction related object for authenticating whether a designated object is the transaction related object, wherein the designated object is declared to be related to the event to be authenticated, and the entity identity of the transaction related object is determined by the server according to the signature of the transaction event, and the pre-recorded mapping relationship between the entity identity and the digital identity of each object; or, the client receives an identity authentication result returned by the server, where the identity authentication result is used to indicate whether the designated object is the transaction-related object.
In one embodiment, by obtaining a transaction event related to an event to be authenticated and verifying a signature for the transaction event, it can be accurately determined whether a declared relationship between the event to be authenticated and a specified object is authentic or not, for example, when a celebrity photo is contained on a promotion poster, whether the celebrity is actually endorsed in promotion content on the poster, whether a position contained on a business card is authentic or not, and the like.
In one embodiment, the specified object is the object specified by the "declaration". The designated object may be an individual, an organization (e.g., a business, etc.), or both. The number of the designated objects may be one or more, and the specification does not limit this.
In an embodiment, the association relationship between the "event to be authenticated" and the "specified object" may be declared in any form, which is not limited in this specification. For example, the content of the "event to be authenticated" and the information of the "specified object" may be presented in the same image, for example, the image may be a poster for promotion, the content of the "event to be authenticated" is the promotional content in the poster, and the information of the "specified object" is a celebrity photo in the poster, which is equivalent to declaring that the celebrity is endorsement of the promotional content in the poster; for another example, the content of the "event to be authenticated" and the information of the "specified object" may be printed on the same paper, for example, the paper may be a business card, the content of the "event to be authenticated" is position information in the business card, and the information of the "specified object" is a name in the business card, which is equivalent to declaring that an issuer of the business card (i.e., a user corresponding to the name) is in a corresponding position.
In an embodiment, the client may receive event content of the transaction event returned by the server, so as to authenticate consistency between the transaction event and the event to be authenticated, and ensure that the transaction event may be used to implement identity authentication related to the event to be authenticated. Particularly, when the server side obtains the transaction event through the transaction anchoring information, the phenomenon that a lawbreaker makes wrong guidance to the server side after changing the transaction anchoring information can be avoided. For example, for a propaganda poster containing a photo of a celebrity, transaction anchoring information can be presented in the propaganda poster in the form of a two-dimensional code and the like, and if a lawbreaker anchors the two-dimensional code as a transaction event obtained by signing other events by the celebrity, the lawbreaker can be accurately identified by checking the event content of the transaction event, so that misjudgment is avoided. For example, when the transaction event is inconsistent with the to-be-authenticated event, it indicates that the transaction event is not a transaction event related to the to-be-authenticated event, and therefore the client may determine that the designated object is not a transaction-associated object of the transaction event related to the to-be-authenticated event.
In an embodiment, the client may receive a content authentication result returned by the server, where the content authentication result is used to indicate consistency between the transaction event and the event to be authenticated. In other words, the server side can authenticate the consistency between the transaction event and the to-be-authenticated event, and obtain the content authentication result to inform the client side. Further, the client can also receive the event content of the transaction event returned by the server, so that the client (or a user thereof) can know details or verify the consistency between the transaction event and the event to be authenticated.
Fig. 3 is a schematic diagram of registering a digital identity according to an exemplary embodiment. As shown in fig. 3, the certification authority (specifically, the service-side application running on the electronic device corresponding to the certification authority) may provide a registration function of the digital identity through means of entity authentication, data analysis, indirect authentication, and the like.
Taking enterprise AA as an example, the enterprise AA may be provided with materials and information required for registration, and the authentication authority may assign a corresponding digital identity, such as enterprise digital identity 1, to the enterprise AA after passing the verification; meanwhile, the certification authority may record the mapping relationship between the enterprise entity identity 1 of the enterprise AA and the enterprise digital identity 1, so as to facilitate the subsequent identity certification. The certification authority also issues a public-private key pair to the enterprise AA for the enterprise AA to generate a digital signature (or, electronic signature) that characterizes its enterprise digital identity 1.
Similarly, the enterprise BB may register with the certification authority and obtain a corresponding digital identity, such as enterprise digital identity 2. Meanwhile, the certification authority can record the mapping relation between the enterprise entity identity 2 of the enterprise BB and the enterprise digital identity 2, and issue a public and private key pair for generating the digital signature to the enterprise BB.
Similarly to the process of registering digital identities by the enterprises AA and BB, an individual may also register with a certificate authority in a similar manner to obtain the corresponding digital identity. For example, user a may provide the certification authority with the materials and information required for registration, and the certification authority may assign a corresponding digital identity, such as user digital identity 1, to user a upon verification. Meanwhile, the certification authority may record the mapping relationship between the user entity identity 1 of the user a and the user digital identity 1, so as to facilitate the subsequent identity certification. The certification authority also issues a public-private key pair to user a for user a to generate a digital signature characterizing his user digital identity 1.
In addition to registering with the certification authority to obtain a digital identity in a similar manner as user a, user B may also complete registration via enterprise BB if there is some association between user B and enterprise BB, such as user B being an employee of enterprise BB. For example, user B may present authentication to enterprise BB, which is often more simplified in terms of the materials and information etc. that need to be provided than if user B is directly registered with the authentication structure, and enterprise BB confirms that user B can be provided with a digital signature, such as enterprise digital signature 2 generated by a private key, after authentication; and user B may register with the certificate authority based on the enterprise digital signature 2 to obtain a digital identity assigned by the certificate authority, such as user digital identity 2. Meanwhile, the certification authority may record the mapping relationship between the user entity identity 2 of the user B and the user digital identity 2, and issue a public and private key pair for generating a digital signature to the user B.
Based on the above description, any enterprise, person, etc. may register with the certification authority so that the certification authority may record the mapping relationship between the entity identity and the assigned digital identity of each enterprise or person, respectively, and issue a public-private key pair for generating a digital signature.
The authentication scheme of the present specification will be described in detail below with reference to fig. 4 to 5, taking the example of publicizing celebrity endorsement information on a poster.
Fig. 4 is a schematic diagram of an information certificate provided in an exemplary embodiment. As shown in fig. 4, assuming that user a is a celebrity, user a may store information related to the blockchain certificate when user a agrees to have a poster authorized to make a promotion on xxx, i.e., user a agrees to endorse the xxx.
In an embodiment, the user device 1 used by the user a may be any type of mobile phone, tablet, personal computer, etc., and this specification does not limit this. The user a is enabled to complete the operation of storing the relevant information to the blockchain by the client side application running on the user equipment 1. For example, user a may generate credential information such as "i'm authorized xxx" on the user device 1 and sign the credential information by invoking a private key issued by a certificate authority, such as to obtain a corresponding digital signature SIG U1. Before the private key is called to generate the signature, the identity of the user A can be verified, such as password verification, input habit verification or physiological characteristic verification based on fingerprints, voiceprints, human faces, irises and the like, and the signature is allowed to be generated after the verification is passed, otherwise, the signature is not allowed to be generated.
Of course, the generation of the certification information "i authorize xxx" and the digital signature SIG _ U1 may actually be performed by the certification authority, and the user device 1 may be used only to provide the user a with an interactive interface, to perform authentication (especially based on physiological characteristics; of course, for password authentication, input habit authentication, etc., may also be performed by the certification authority), and to perform data transmission with the certification authority, so that the user a may instruct the certification authority to generate the certification information and the digital signature.
In one embodiment, the user device 1 may be configured as a blockchain node in a blockchain, and then the user device 1 may submit a blockchain transaction [ i authorize xxx; SIG _ U1], causes the blockchain transaction [ i authorize xxx; SIG _ U1 is recorded into a blockchain ledger maintained uniformly by each blockchain node.
In an embodiment, the user equipment 1 itself is not configured as a blockchain node, then the user equipment 1 may submit the above-mentioned blockchain transaction [ i authorizes xxx; SIG _ U1], which may also cause the blockchain transaction [ i authorize xxx; SIG _ U1 is recorded into a blockchain ledger maintained uniformly by each blockchain node. For example, the certification authority may be configured as a blockchain node, and through a client-side application running on the user device 1, a service-side application running at the certification authority, the user device 1 may send the attestation information "i authorize xxx" and the digital signature SIG _ U1 to the certification authority, and submit the above-described blockchain transaction [ i authorize xxx; SIG _ U1 ].
In one embodiment, xxx is authorized for the blockchain transaction issued [ i authorize; SIG _ U1], may form a corresponding access interface to facilitate access during subsequent authentication. For example, the access interface may be presented in the form of a two-dimensional code, and the tile link points may transmit the two-dimensional code to a production facility (e.g., a business AA) that promotes the poster so that the business AA may add the two-dimensional code to the promotion poster.
When user B views the promotional poster as shown in fig. 4, it is naturally assumed that user a may endorse the xxx product, but that a lawbreaker may use the photo of user a at will, based on the xxx product promoted by the promotional poster and the photo of user a, user B can authenticate with the two-dimensional code on the promotional poster to determine whether user a indeed authorizes endorsement of the xxx product.
Fig. 5 is a schematic diagram of an authentication and authorization scenario provided by an exemplary embodiment. As shown in fig. 5, it is assumed that a client-side application program runs on the electronic device 2 used by the user B, and the camera module on the electronic device 2 may be called to scan the two-dimensional code on the poster shown in fig. 4, and upload the scanned content of the two-dimensional code identified to the certification authority, so that the certification authority performs certification processing.
In an embodiment, the two-dimensional code scanning content includes the access interface information generated in the embodiment shown in fig. 4, and the certification authority may query the blockchain ledger based on the two-dimensional code scanning content:
in the first case, the certification authority may not inquire any blockchain transaction, which indicates that the two-dimensional code on the poster is useless information set by a lawless person at will, and the user a does not issue certification information for authorizing the xxx product to the blockchain, so the certification authority may determine that the certification is failed, that is, the user a is not authorized.
In the second case, the certification authority may access the corresponding blockchain transaction, but the blockchain transaction does not contain a digital signature or contains a digital signature other than SIG _ U1 corresponding to user a, indicating that the two-dimensional code on the poster is counterfeit information set by a lawless person at will, and user a does not issue certification information for authorizing the xxx products to the blockchain, so that the certification authority may determine that the certification is failed, that is, user a is not authorized.
In a third case, the certification authority may access a corresponding blockchain transaction having a digital signature SIG U1 contained therein, and may determine that the digital signature SIG U1 corresponds to user a based on the mapping recorded in fig. 3 and the record of issuance of the public-private key pair. Then the blockchain transaction has a certain probability of containing proof of authorization of user a to the xxx product; however, with a certain probability, the blockchain transaction may contain proof information that the user a authorizes other products, but not authorization information for xxx products, and thus the certification authority may further certify the content contained in the blockchain transaction to ensure that the proof information contained in the blockchain transaction is "i authorize xxx" or similar description, rather than "i authorize yyy" or other irrelevant content.
In an embodiment, the authentication authority may return authentication information to the user device 2 so that the user device 2 may present the relevant content to the user B. For example, when the blockchain transaction accessed by the authentication structure does contain the certification information "i authorize xxx" and the digital signature SIG _ U1, the certification information may include the certification information "i authorize xxx" and the entity identity "user a" corresponding to the digital signature SIG _ U1 (the digital signature may reflect the digital identity, and further, in combination with the mapping relationship between the digital identity and the entity identity, the entity identity may be determined), as shown in fig. 5.
In an embodiment, the authentication information may further include an authentication conclusion, such as "authenticated" or "authorized", "unauthorized" or "unauthorized", etc. Of course, the authentication conclusion is not necessary; even if the authentication information only contains the content contained in the blockchain transaction, the entity information corresponding to the contained digital signature and the like, the user B can also determine whether the user A is authorized by viewing the authentication information and combining the content in the promotion poster. For example, when the authentication information contains "no inquiry of authorization information", "i authorizes yyy", "signature: user C, user B may determine that user a does not authorize the xxx product, when user C, user unsigned, etc.
Similar to the above-mentioned "poster publicity" embodiment, the technical solution of the present specification can be obviously applied to many other scenarios, and can be used to implement a fast and accurate authentication operation.
For example, user B may wish to certify a job on his/her own business card to indicate the authenticity of the job. Assuming that the user B belongs to the director of the enterprise AA, the chairman of the enterprise BB, and the CEO of the enterprise CC at the same time, the user B may set the job information "user B: the enterprise AA-director, the enterprise BB-chairman and the enterprise CC-CEO are respectively submitted to each enterprise for authentication, and each enterprise can respectively carry out signature through a private key held by the enterprise after the authentication is passed, so that the user B can obtain a multiple digital signature SIG _ M of the position information. Then, the user B may submit a blockchain transaction, which includes the position information and the multiple digital signature SIG _ M, to the blockchain account book through the user device 2, and the user B may obtain an access interface for the blockchain transaction and print a two-dimensional code corresponding to the access interface on the business card of the user B.
Then, when the user B distributes the business card to the user X, the user X may request authentication by the authentication agency by scanning the two-dimensional code on the business card. The certification authority may query the blockchain transaction from the blockchain, such as the embodiment shown in fig. 5, and the blockchain transaction contains the position information "user B: enterprise AA-director, enterprise BB-chairman, enterprise CC-CEO ", and multiple digital signatures SIG _ M corresponding to enterprise AA, enterprise BB, and enterprise CC, the certification authority may transmit the job information" user B: and returning the information of the enterprise AA, the enterprise BB, the chairperson, the enterprise CC-CEO' and the enterprise AA, the enterprise BB and the enterprise CC corresponding to the multiple digital signature SIG _ M to the user X, so that the user X determines the authenticity of the position information actually marked on the business card.
For example, when the name card is marked with the director of the user B as the enterprise AA, the chairperson of the enterprise BB and the CEO of the enterprise CC, that is, the name card content is declared to be related to the enterprise AA, the enterprise BB, the enterprise CC and the enterprise DD; then, if the signatures of enterprise AA, enterprise BB and enterprise CC are included in the blockchain transaction, and the position marked on the business card is consistent with the position information included in the blockchain transaction, the position information marked on the business card may be considered to be authentic. However, if the signature information is inconsistent or the job information is inconsistent, it indicates that the job information marked on the business card may not be authentic.
FIG. 6 is a schematic block diagram of an apparatus provided in an exemplary embodiment. Referring to fig. 6, at the hardware level, the apparatus includes a processor 602, an internal bus 604, a network interface 606, a memory 608 and a non-volatile memory 610, but may also include hardware required for other services. The processor 602 reads the corresponding computer program from the non-volatile memory 610 into the memory 608 and runs it, forming an authentication device on a logical level. Of course, besides software implementation, the one or more embodiments in this specification do not exclude other implementations, such as logic devices or combinations of software and hardware, and so on, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.
Referring to fig. 7, in a software implementation, the authentication apparatus may include:
a request receiving unit 701 that causes a server to receive an authentication request initiated by a client for an event to be authenticated, the event to be authenticated being declared as being related to a specified object;
an event obtaining unit 702, configured to enable the server to obtain, from a blockchain, a transaction event related to the event to be authenticated, where the transaction event is signed by a transaction related object through a pre-registered digital identity;
the identity determining unit 703 enables the server to determine the entity identity of the transaction-related object according to the signature of the transaction event and the pre-recorded mapping relationship between the entity identity and the digital identity of each object, so as to authenticate whether the designated object is the transaction-related object.
Optionally, the event obtaining unit 702 is specifically configured to:
enabling the server to acquire transaction anchoring information, wherein the transaction anchoring information is declared to be related to the event to be authenticated;
and enabling the server to acquire the transaction event corresponding to the transaction anchoring information from the blockchain to serve as the transaction event related to the event to be authenticated.
Optionally, a content obtaining unit 704 or a contract invoking unit 705 is further included; wherein:
the content obtaining unit 704 is configured to enable the server to obtain event content of the transaction event, so as to authenticate consistency between the transaction event and the event to be authenticated;
the contract invoking unit 705 is configured to enable the server to invoke an intelligent contract, where the intelligent contract is used to authenticate consistency between the transaction event and the event to be authenticated.
Optionally, the method further includes:
the authentication unit 706 authenticates the server to determine whether the specified object is the transaction-related object, so as to return an authentication result to the client.
Optionally, the method further includes:
the returning unit 707 enables the server to return the entity identity of the transaction related object and/or the event content of the transaction event to the client.
Alternatively to this, the first and second parts may,
the transaction event is issued to the blockchain by the transaction correlation object;
or, after the transaction-related object signs the transaction event, the transaction event is issued to the blockchain by an issuer distinct from the transaction-related object.
Alternatively to this, the first and second parts may,
the transaction event is distributed to a block chain by the publisher through the corresponding block chain link points;
alternatively, the apparatus further comprises: the issuing unit 708 enables the server to receive the transaction event submitted by the issuer and issue the transaction event to the blockchain through the corresponding blockchain link.
Optionally, the method further includes:
a verification unit 709, configured to enable the server to verify whether a preset association relationship exists between the issuer and a transaction association object corresponding to a signature included in the transaction event;
when the preset association relationship exists, the issuing unit 708 enables the server to issue the transaction event to the blockchain.
Optionally, the verification unit 709 is specifically configured to:
enabling the server to inquire the digital identity pre-registered by the publisher;
and when the digital identity of the publisher is registered based on the signature provided by the transaction correlation object to the publisher, enabling the server to judge that the preset correlation relationship exists.
FIG. 8 is a schematic block diagram of an apparatus provided in an exemplary embodiment. Referring to fig. 8, at the hardware level, the apparatus includes a processor 802, an internal bus 804, a network interface 806, a memory 808, and a non-volatile memory 810, but may also include hardware required for other services. The processor 802 reads the corresponding computer program from the non-volatile memory 810 into the memory 808 and runs it, forming an authentication device on a logical level. Of course, besides software implementation, the one or more embodiments in this specification do not exclude other implementations, such as logic devices or combinations of software and hardware, and so on, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.
Referring to fig. 9, in a software implementation, the authentication apparatus may include:
a request unit 901, enabling a client to initiate an authentication request to a server for an event to be authenticated, so as to instruct the server to obtain a transaction event related to the event to be authenticated from a block chain, where the transaction event is signed by a transaction related object through a pre-registered digital identity;
an identity receiving unit 902, configured to enable the client to receive an entity identity of the transaction related object, so as to authenticate whether a specified object is the transaction related object, where the specified object is declared to be related to the event to be authenticated, and the entity identity of the transaction related object is determined by the server according to a signature of the transaction event, and a mapping relationship between a pre-recorded entity identity and a digital identity of each object; or, the client receives an identity authentication result returned by the server, where the identity authentication result is used to indicate whether the designated object is the transaction-related object.
Optionally, the method further includes:
an identifying unit 903, configured to enable the client to identify a barcode pattern associated with the event to be authenticated, so as to obtain transaction anchoring information;
an uploading unit 904, enabling the client to upload the transaction anchor information to the server, so that the server obtains the transaction event from the blockchain.
Optionally, a content receiving unit 905 or a result receiving unit 906 is further included; wherein:
the content receiving unit 905 is configured to enable the client to receive event content of the transaction event returned by the server, so as to authenticate consistency between the transaction event and the event to be authenticated;
the result receiving unit 906 is configured to enable the client to receive a content authentication result returned by the server, where the content authentication result is used to indicate consistency between the transaction event and the event to be authenticated.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The terminology used in the description of the one or more embodiments is for the purpose of describing the particular embodiments only and is not intended to be limiting of the description of the one or more embodiments. As used in one or more embodiments of the present specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in one or more embodiments of the present description to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of one or more embodiments herein. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The above description is only for the purpose of illustrating the preferred embodiments of the one or more embodiments of the present disclosure, and is not intended to limit the scope of the one or more embodiments of the present disclosure, and any modifications, equivalent substitutions, improvements, etc. made within the spirit and principle of the one or more embodiments of the present disclosure should be included in the scope of the one or more embodiments of the present disclosure.

Claims (22)

1. An authentication method, comprising:
the server receives an authentication request, wherein the authentication request is initiated by a client aiming at an event to be authenticated, and the event to be authenticated is declared to be related to a specified object;
the server side obtains a transaction event related to the event to be authenticated from a block chain, and the transaction event is signed by a transaction related object through a pre-registered digital identity;
the server side obtains the event content of the transaction event so as to be used for authenticating the consistency between the transaction event and the event to be authenticated;
or the server side calls an intelligent contract, and the intelligent contract is used for authenticating the consistency between the transaction event and the event to be authenticated;
or the server returns the transaction content of the transaction event to the client so that the client can authenticate the consistency between the transaction event and the event to be authenticated;
and under the condition that the transaction event and the event to be authenticated meet the consistency, the server side determines the entity identity of the transaction related object according to the signature of the transaction event and the pre-recorded mapping relation between the entity identity and the digital identity of each object so as to authenticate whether the specified object is the transaction related object.
2. The method of claim 1, wherein the server obtains the transaction event related to the event to be authenticated from a blockchain, and the method comprises the following steps:
the server side acquires transaction anchoring information which is declared to be related to the event to be authenticated;
and the server side acquires the transaction event corresponding to the transaction anchoring information from the block chain to serve as the transaction event related to the event to be authenticated.
3. The method of claim 1, further comprising:
and the server side authenticates whether the specified object is the transaction related object or not so as to return an authentication result to the client side.
4. The method of claim 1, further comprising:
and the server returns the entity identity of the transaction related object to the client.
5. The method of claim 1, wherein the first and second light sources are selected from the group consisting of,
the transaction event is issued to the blockchain by the transaction correlation object;
or, after the transaction-related object signs the transaction event, the transaction event is issued to the blockchain by an issuer distinct from the transaction-related object.
6. The method of claim 5, wherein the first and second light sources are selected from the group consisting of,
the transaction event is distributed to a block chain by the publisher through the corresponding block chain link points;
alternatively, the method further comprises: and the server receives the transaction event submitted by the publisher and publishes the transaction event to a block chain through a block chain link point corresponding to the server.
7. The method of claim 6, further comprising:
the server side verifies whether a preset association relationship exists between the issuing party and a transaction association object corresponding to the signature contained in the transaction event;
and when the preset incidence relation exists, the server side issues the transaction event to a block chain.
8. The method according to claim 7, wherein the step of the server verifying whether a preset association relationship exists between the publisher and the transaction association object corresponding to the signature included in the transaction event comprises:
the server side inquires a digital identity pre-registered by the publisher;
when the digital identity of the publisher is registered based on the signature provided by the transaction correlation object to the publisher, the server determines that the preset correlation relationship exists.
9. An authentication method, comprising:
the method comprises the steps that a client side initiates an authentication request to a server side aiming at an event to be authenticated so as to indicate the server side to acquire a transaction event related to the event to be authenticated from a block chain, wherein the transaction event is signed by a transaction related object through a pre-registered digital identity;
the client receives the event content of the transaction event returned by the server so as to be used for authenticating the consistency between the transaction event and the event to be authenticated;
or, the client receives a content authentication result returned by the server, wherein the content authentication result is used for indicating the consistency between the transaction event and the event to be authenticated;
under the condition that consistency is met between the transaction event and the event to be authenticated, the client receives an entity identity of the transaction related object for authenticating whether a specified object is the transaction related object, wherein the specified object is declared to be related to the event to be authenticated, and the entity identity of the transaction related object is determined by the server according to a signature of the transaction event and a mapping relation between the entity identity and a digital identity of each object which is recorded in advance; or, the client receives an identity authentication result returned by the server, where the identity authentication result is used to indicate whether the designated object is the transaction-related object.
10. The method of claim 9, further comprising:
the client identifies the bar code pattern associated with the event to be authenticated to obtain transaction anchoring information;
and the client uploads the transaction anchoring information to the server so that the server acquires the transaction event from the block chain.
11. An authentication apparatus comprising:
a request receiving unit that causes a server to receive an authentication request initiated by a client for an event to be authenticated declared as being related to a specified object;
the event acquisition unit is used for enabling the server to acquire a transaction event related to the event to be authenticated from a block chain, wherein the transaction event is signed by a transaction related object through a pre-registered digital identity;
the content acquisition unit enables the server to acquire the event content of the transaction event so as to be used for authenticating the consistency between the transaction event and the event to be authenticated;
or, the contract invoking unit enables the server to invoke an intelligent contract, and the intelligent contract is used for authenticating the consistency between the transaction event and the event to be authenticated;
or, the transaction content returning unit enables the server to return the transaction content of the transaction event to the client, so that the client can authenticate the consistency between the transaction event and the event to be authenticated;
and the identity determining unit is used for enabling the server to determine the entity identity of the transaction related object according to the signature of the transaction event and the mapping relation between the entity identity and the digital identity of each pre-recorded object under the condition that the transaction event and the to-be-authenticated event meet the consistency so as to authenticate whether the specified object is the transaction related object.
12. The apparatus according to claim 11, wherein the event obtaining unit is specifically configured to:
enabling the server to acquire transaction anchoring information, wherein the transaction anchoring information is declared to be related to the event to be authenticated;
and enabling the server to acquire the transaction event corresponding to the transaction anchoring information from the blockchain to serve as the transaction event related to the event to be authenticated.
13. The apparatus of claim 11, further comprising:
and the authentication unit enables the server to authenticate whether the specified object is the transaction related object or not so as to return an authentication result to the client.
14. The apparatus of claim 11, further comprising:
and the return unit is used for enabling the server to return the entity identity of the transaction related object to the client.
15. The apparatus of claim 11, wherein the first and second electrodes are disposed in a substantially cylindrical configuration,
the transaction event is issued to the blockchain by the transaction correlation object;
or, after the transaction-related object signs the transaction event, the transaction event is issued to the blockchain by an issuer distinct from the transaction-related object.
16. The apparatus as set forth in claim 15, wherein,
the transaction event is distributed to a block chain by the publisher through the corresponding block chain link points;
alternatively, the apparatus further comprises: and the issuing unit enables the server to receive the transaction event submitted by the issuing party and issues the transaction event to the block chain through the corresponding block chain link point.
17. The apparatus of claim 16, further comprising:
the verification unit enables the server to verify whether a preset association relationship exists between the issuing party and a transaction association object corresponding to the signature contained in the transaction event;
and when the preset incidence relation exists, the issuing unit enables the server to issue the transaction event to the blockchain.
18. The apparatus of claim 17, the validation unit to:
enabling the server to inquire the digital identity pre-registered by the publisher;
and when the digital identity of the publisher is registered based on the signature provided by the transaction correlation object to the publisher, enabling the server to judge that the preset correlation relationship exists.
19. An authentication apparatus comprising:
the system comprises a request unit, a transaction association object and a service end, wherein the request unit enables a client to initiate an authentication request to the service end aiming at an event to be authenticated so as to indicate the service end to acquire a transaction event related to the event to be authenticated from a block chain, and the transaction event is signed by a transaction association object through a pre-registered digital identity;
the content receiving unit enables the client to receive the event content of the transaction event returned by the server, so as to be used for authenticating the consistency between the transaction event and the event to be authenticated;
or, a result receiving unit, configured to enable the client to receive a content authentication result returned by the server, where the content authentication result is used to indicate consistency between the transaction event and the event to be authenticated;
the identity receiving unit enables the client to receive the entity identity of the transaction related object under the condition that the transaction event and the event to be authenticated meet the consistency so as to authenticate whether the specified object is the transaction related object or not, wherein the specified object is declared to be related to the event to be authenticated, and the entity identity of the transaction related object is determined by the server according to the signature of the transaction event and the pre-recorded mapping relation between the entity identity and the digital identity of each object; or, the client receives an identity authentication result returned by the server, where the identity authentication result is used to indicate whether the designated object is the transaction-related object.
20. The apparatus of claim 19, further comprising:
the identification unit enables the client to identify the bar code pattern associated with the event to be authenticated to obtain transaction anchoring information;
and the uploading unit enables the client to upload the transaction anchoring information to the server so that the server acquires the transaction event from the block chain.
21. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of any one of claims 1-8 by executing the executable instructions.
22. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of any one of claims 9-10 by executing the executable instructions.
CN201811258195.4A 2018-10-26 2018-10-26 Authentication method and device and electronic equipment Active CN109327312B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN202010393386.2A CN111600716B (en) 2018-10-26 2018-10-26 Authentication method and device and electronic equipment
CN201811258195.4A CN109327312B (en) 2018-10-26 2018-10-26 Authentication method and device and electronic equipment
TW108109552A TW202016833A (en) 2018-10-26 2019-03-20 Authentication methods and devices and electronic equipment
PCT/CN2019/102816 WO2020082886A1 (en) 2018-10-26 2019-08-27 Authentication method and apparatus as well as electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811258195.4A CN109327312B (en) 2018-10-26 2018-10-26 Authentication method and device and electronic equipment

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202010393386.2A Division CN111600716B (en) 2018-10-26 2018-10-26 Authentication method and device and electronic equipment

Publications (2)

Publication Number Publication Date
CN109327312A CN109327312A (en) 2019-02-12
CN109327312B true CN109327312B (en) 2020-03-24

Family

ID=65261732

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202010393386.2A Active CN111600716B (en) 2018-10-26 2018-10-26 Authentication method and device and electronic equipment
CN201811258195.4A Active CN109327312B (en) 2018-10-26 2018-10-26 Authentication method and device and electronic equipment

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN202010393386.2A Active CN111600716B (en) 2018-10-26 2018-10-26 Authentication method and device and electronic equipment

Country Status (3)

Country Link
CN (2) CN111600716B (en)
TW (1) TW202016833A (en)
WO (1) WO2020082886A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111600716B (en) * 2018-10-26 2023-09-29 创新先进技术有限公司 Authentication method and device and electronic equipment
CN109978551A (en) * 2019-03-29 2019-07-05 北京投肯科技有限公司 A kind of account information confirmation and method for retrieving and device based on block chain
CN110086626B (en) * 2019-04-22 2023-05-05 如般量子科技有限公司 Quantum secret communication alliance chain transaction method and system based on asymmetric key pool pair
CN110599190B (en) * 2019-09-27 2022-10-21 支付宝(杭州)信息技术有限公司 Identity authentication method and device based on block chain
CN113542288B (en) * 2019-10-11 2023-06-30 支付宝(杭州)信息技术有限公司 Service authorization method, device, equipment and system
CN111010395B (en) * 2019-12-17 2021-09-24 支付宝(杭州)信息技术有限公司 Credit-based information identifier generation method and device
CN113704712A (en) * 2020-05-21 2021-11-26 北京金山云网络技术有限公司 Identity authentication method, device and system and electronic equipment
CN113807700B (en) * 2021-09-18 2023-10-27 厦门大学 Method and system for issuing and receiving aircraft in-wing command scheduling based on block chain

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106845210A (en) * 2017-01-19 2017-06-13 布比(北京)网络技术有限公司 Event authentication method and apparatus
CN107368259A (en) * 2017-05-25 2017-11-21 阿里巴巴集团控股有限公司 A kind of method and apparatus that business datum is write in the catenary system to block
CN107742212A (en) * 2017-10-13 2018-02-27 深圳怡化电脑股份有限公司 Assets verification method, apparatus and system based on block chain
CN108183801A (en) * 2017-12-29 2018-06-19 中链科技有限公司 A kind of service authentication method, system and computer readable storage medium
CN108234135A (en) * 2017-12-29 2018-06-29 中链科技有限公司 A kind of service authentication method, system and computer readable storage medium
CN108520462A (en) * 2018-03-30 2018-09-11 阿里巴巴集团控股有限公司 Business based on block chain executes method and device, electronic equipment
CN108573741A (en) * 2017-12-25 2018-09-25 北京金山云网络技术有限公司 Business datum recording method, device, equipment and storage medium

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9858569B2 (en) * 2014-03-21 2018-01-02 Ramanan Navaratnam Systems and methods in support of authentication of an item
US20180197263A1 (en) * 2015-09-25 2018-07-12 Assa Abloy Ab Virtual credentials and licenses
WO2017218986A1 (en) * 2016-06-16 2017-12-21 The Bank Of New York Mellon Managing verifiable, cryptographically strong transactions
CN106384236B (en) * 2016-08-31 2019-07-16 江苏通付盾科技有限公司 Based on the ca authentication management method of block chain, apparatus and system
WO2018049656A1 (en) * 2016-09-18 2018-03-22 深圳前海达闼云端智能科技有限公司 Blockchain-based identity authentication method, device, node and system
CN107086909B (en) * 2017-03-07 2021-01-12 创新先进技术有限公司 Identity information generation method and device and identity verification method and device
CN107257340B (en) * 2017-06-19 2019-10-01 阿里巴巴集团控股有限公司 A kind of authentication method, authentication data processing method and equipment based on block chain
CN108123936B (en) * 2017-12-13 2021-04-13 北京科技大学 Access control method and system based on block chain technology
CN108111543B (en) * 2018-02-06 2020-08-04 上海冲量网络科技有限公司 Digital identity recognition system on block chain
CN108416588A (en) * 2018-02-14 2018-08-17 北京三六五八网络科技有限公司 Data processing method and device for electronic transaction verification
CN108667618B (en) * 2018-05-10 2020-07-03 阿里巴巴集团控股有限公司 Data processing method, device, server and system for member management of block chain
CN111600716B (en) * 2018-10-26 2023-09-29 创新先进技术有限公司 Authentication method and device and electronic equipment

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106845210A (en) * 2017-01-19 2017-06-13 布比(北京)网络技术有限公司 Event authentication method and apparatus
CN107368259A (en) * 2017-05-25 2017-11-21 阿里巴巴集团控股有限公司 A kind of method and apparatus that business datum is write in the catenary system to block
CN107742212A (en) * 2017-10-13 2018-02-27 深圳怡化电脑股份有限公司 Assets verification method, apparatus and system based on block chain
CN108573741A (en) * 2017-12-25 2018-09-25 北京金山云网络技术有限公司 Business datum recording method, device, equipment and storage medium
CN108183801A (en) * 2017-12-29 2018-06-19 中链科技有限公司 A kind of service authentication method, system and computer readable storage medium
CN108234135A (en) * 2017-12-29 2018-06-29 中链科技有限公司 A kind of service authentication method, system and computer readable storage medium
CN108520462A (en) * 2018-03-30 2018-09-11 阿里巴巴集团控股有限公司 Business based on block chain executes method and device, electronic equipment

Also Published As

Publication number Publication date
CN111600716A (en) 2020-08-28
CN111600716B (en) 2023-09-29
TW202016833A (en) 2020-05-01
CN109327312A (en) 2019-02-12
WO2020082886A1 (en) 2020-04-30

Similar Documents

Publication Publication Date Title
CN109327312B (en) Authentication method and device and electronic equipment
US11924324B2 (en) Registry blockchain architecture
US11139976B2 (en) System and method, which using blockchain and mobile devices, provides the validated and authenticated identity of an individual to a valid and authenticated requestor
US20210383377A1 (en) Decentralized identity verification platforms
US11764974B2 (en) Method and system for certification and authentication of objects
CN110447023B (en) Method and apparatus for acquiring and recording tracking information on a blockchain
JP6768960B2 (en) 2D barcode processing methods, devices, and systems
CN109559224B (en) Credit investigation evaluation method and device and electronic equipment
US9426138B2 (en) Identity-independent authentication tokens
US11075766B1 (en) Method and system for certification and authentication of objects
JP2021519488A (en) Systems and methods for using code and images within the blockchain
TW202013930A (en) A method and apparatus for authenticate user identity in a network
CN112106324A (en) Methods, computer program products and devices for creating, registering and verifying digitally stamped assets
CN112307455A (en) Identity authentication method and device based on block chain and electronic equipment
CN109544335B (en) Transaction data processing method, device, equipment and storage medium based on blockchain
CN111738893B (en) Identity authentication method, device, equipment and medium based on blockchain
CN110969531A (en) Borrowing deposit verification and online checking method and system
CN110032846B (en) Identity data anti-misuse method and device and electronic equipment
CN112287311A (en) Service implementation method and device based on block chain
CN112966309A (en) Service implementation method and device based on block chain
CN107483190B (en) Electronic qualification certificate generation method, verification method, generation device and verification device
CN114266680A (en) Block chain-based electronic contract signing method, device and system
KR20170118382A (en) System and method for electronically managing certificate of real name confirmation
US20230224309A1 (en) Method and system for digital identity and transaction verification
CN110599347A (en) Bill processing method, device, computer readable storage medium and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40004250

Country of ref document: HK

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20200923

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20200923

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee after: Advanced innovation technology Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Patentee before: Alibaba Group Holding Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20240913

Address after: Guohao Times City # 20-01, 128 Meizhi Road, Singapore

Patentee after: Ant Chain Technology Co.,Ltd.

Country or region after: Singapore

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee before: Innovative advanced technology Co.,Ltd.

Country or region before: Cayman Islands