CN109327481A - A kind of unified online authentication method and system of the whole network based on block chain - Google Patents
A kind of unified online authentication method and system of the whole network based on block chain Download PDFInfo
- Publication number
- CN109327481A CN109327481A CN201811540343.1A CN201811540343A CN109327481A CN 109327481 A CN109327481 A CN 109327481A CN 201811540343 A CN201811540343 A CN 201811540343A CN 109327481 A CN109327481 A CN 109327481A
- Authority
- CN
- China
- Prior art keywords
- user
- block chain
- data memory
- chain information
- information corresponding
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The unified online authentication method and system of the whole network based on block chain that the present invention provides a kind of, wherein method includes: that N number of server is arranged in the whole network for being divided into S region, at least one server is set in each area as data memory node, wherein, other servers are set as authentication service node;First data memory node receives the first user request information that user terminal is sent;The first response message is generated according to the first user request information, the first response message is sent to user terminal;According to the first response information acquisition block chain information corresponding with the first user, block chain information corresponding with the first user is stored within a block, and block chain information corresponding with the first user is sent to other each data memory nodes;First authentication service node receives the second user request that user terminal is sent, and verifies to second user request.
Description
Technical field
The present invention relates to the communications field more particularly to a kind of unified online authentication method of the whole network based on block chain and it is
System.
Background technique
Under public-key cryptosystem, public key digital signature technology need to rely on the CA certificate that Public Key Infrastructure (PKI) is issued
Entity identities and public key are bound, to guarantee the authenticity of entity public key.By client public key and user's body in the form of public key certificate
Part is bound, and the mature scheme for solving network security problem is formd.But PKI passes through introducing trusted third party CA, thus
Bring the cost in the management, storage and calculating of certificate:
1. certificate is signed and issued, issued, obtaining, verifying, cancelling, process is complex;
2. needing online certificate catalogue is that user provides certificate downloading and status inquiry service at any time, increases maintenance and open
Pin;
3. if user must be locally stored and manage these certificates, increase use the object of user's communication is relatively more
Family end uses expense;
4. the problem of extensive key management be usually used physically increase CA method, and the user of each CA it
Between the problem of there is also cross-certification and trust managements.
In addition, most of us people almost can access cloud service daily now.For example,
1) network-based e-mail system, such as Gmail, QQ are used, Netease's mailbox etc. sends mutually information;
2) the social network sites shared informations such as QQ, WeChat and Twitter are used and are contacted with friend;
3) it can be watched TV with on-demand service using Netflix and Hulu and film;
4) use cloud storage service, as Google Drive, iCloud and Dropbox store Digital Media, such as photo,
Video and document.
Enterprise is by cloud service disposing application program and service, to cut operating costs and improve cash flow.
Cloud provider provides cloud service and is responsible for certification, authorization and accounting (AAA) frame.The offer of this frame is on-demand, can expand
Exhibition, elasticity, reliable and redundancy cloud service.The AAA frame of provider's exploitation is based on client-server model, ties up for user
Protect client and server service.User interacts with client, and client application is taken by internet and center
Business device is communicated, requests to respond.User must register to provider and create digital identity.In this process, Yong Hubi
Sensitive user data, such as the details such as name, user name, telephone number, Email and bank or credit card must be provided.
These user's sensitive datas are stored on the central server across multiple data centers.
There are also be exactly that user must create multiple digital identities between multiple providers and go to access their service respectively.
Studies have shown that because user must be iteratively repeated identical registration process, and remembeing different services from the point of view of user experience angle
Multiple passwords, so the process for creating multiple digital identities is inconvenient and trouble.And the central server of provider is black
The main target of visitor, these user data are easy hacked.
In addition, CA certificate system, managerial confusion, the CA core institution of oneself is respectively arranged in each enterprise, so that certificate sheet
Body is just not authoritative enough, and not exclusively safety.
It is therefore desirable to establish a whole network unified authentication method and system.
Summary of the invention
The present invention is directed at least overcome one of drawbacks described above to provide a kind of unified online authenticating party of the whole network based on block chain
Method and system.
In order to achieve the above objectives, technical solution of the present invention is specifically achieved in that
One aspect of the present invention provides a kind of unified online authentication method of the whole network based on block chain, comprising: is drawing
It is divided into the whole network in S region and N number of server is set, at least one server is set as data in each area and stores section
Point, wherein other servers are set as authentication service node, S >=1, N >=1;First data memory node receives user terminal hair
The first user request information sent;First data memory node generates the first response message according to the first user request information, will
First response message is sent to user terminal;First data memory node is corresponding with the first user according to the first response information acquisition
Block chain information stores block chain information corresponding with the first user within a block, and will block chain corresponding with the first user
Information is sent to other each data memory nodes, wherein the first response message include at least first user's unique identification and
For the key of first user's unique identification distribution, it is that the first user is unique that block chain information corresponding with the first user, which includes at least,
Identify the first client public key in the key of distribution;First authentication service node receives the second user request that user terminal is sent,
Second user request is verified.
Wherein, method further include: other each data memory nodes receive block chain information corresponding with the first user, right
Block chain information corresponding with the first user is verified;Other each data memory nodes are after being verified, respective
Block chain information corresponding with the first user is stored in block.
Wherein, it includes: the first authentication service querying node that the first authentication service node, which carries out verifying to second user request,
Whether with second user corresponding block chain information is stored with;First authentication service node inquired it is corresponding with second user
Block chain information when, according to block chain information corresponding with second user to second user request verify;First certification
Service node is sent when not inquired block chain information corresponding with second user to data memory node connected to it
Acquisition request, and the acquisition response message that data memory node connected to it returns is received, and according to acquisition response message pair
Second user request is verified.
Wherein, method further include: the first data memory node receives the third user request information that user terminal is sent;First
Data memory node generates third response message according to third user request information, and third response message is sent to user terminal;
First data memory node receives the confirmation message to third response message that user terminal is sent, according to third response information acquisition
Block chain information corresponding with third user stores block chain information corresponding with third user within a block, and will be with third
The corresponding block chain information of user is sent to other each data memory nodes, wherein third response message includes at least and the
The corresponding log-off message of three user's unique identifications, block chain information corresponding with third user include at least unique with third user
Identify corresponding log-off message.
Wherein, method further include: be each user setting user unique identification, user's unique identification uses stratification
Identification method is identified.
Another aspect of the present invention provides a kind of unified online Verification System of the whole network based on block chain, comprising: is dividing
N number of server is set in the whole network for S region, at least one server is set as data in each area and stores section
Other servers are arranged as authentication service node, wherein S >=1, N >=1 in point;First data memory node is used for receiving
The first user request information that family end is sent;The first response message is generated according to the first user request information, the first response is believed
Breath is sent to user terminal;According to the first response information acquisition block chain information corresponding with the first user, within a block storage with
The corresponding block chain information of first user, and block chain information corresponding with the first user is sent to other each data storages
Node, wherein the first response message includes at least first user's unique identification and distributes for first user's unique identification close
Key, block chain information corresponding with the first user include at least the first user in the key for the distribution of first user's unique identification
Public key;First authentication service node tests second user request for receiving the second user request of user terminal transmission
Card.
Wherein, other each data memory nodes, for receiving corresponding with the first user block chain information, to first
The corresponding block chain information of user is verified;After being verified, stored in respective block corresponding with the first user
Block chain information.
Wherein, the first authentication service node is believed specifically for whether inquiry is stored with block chain corresponding with second user
Breath;When having inquired block chain information corresponding with second user, according to block chain information corresponding with second user to
Two users request is verified;When not inquired block chain information corresponding with second user, to data connected to it
Memory node sends acquisition request, and receives the acquisition response message that data memory node connected to it returns, and according to obtaining
Response message is taken to verify second user request.
Wherein, the first data memory node is also used to receive the third user request information of user terminal transmission;First data
Memory node generates third response message according to third user request information, and third response message is sent to user terminal;It receives
The confirmation message to third response message that user terminal is sent, according to third response information acquisition block corresponding with third user
Chain information stores block chain information corresponding with third user within a block, and will block chain information corresponding with third user
It is sent to other each data memory nodes, wherein third response message includes at least corresponding with third user's unique identification
Log-off message, and the corresponding block chain information of third user include at least log-off message corresponding with third user's unique identification.
Wherein, system further include: be each user setting user unique identification, user's unique identification uses stratification
Identification method is identified.
As seen from the above technical solution provided by the invention, provide through the embodiment of the present invention based on block chain
The unified online authentication method and system of the whole network, client public key can be stored in block chain, when each certification, be passed through
Authentication service node is authenticated, so that user when accessing service, does not have to create multiple digital identities, is also not readily susceptible to black
Visitor's attack, while the authority of certificate (public key) can also be enhanced.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, required use in being described below to embodiment
Attached drawing be briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this
For the those of ordinary skill in field, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is the structural schematic diagram of the unified online Verification System of the whole network provided in an embodiment of the present invention based on block chain;
Fig. 2 is the flow chart of the unified online authentication method of the whole network provided in an embodiment of the present invention based on block chain;
Fig. 3 is the application process in the unified online authentication method of the whole network provided in an embodiment of the present invention based on block chain
Figure;
Fig. 4 is the verifying process in the unified online authentication method of the whole network provided in an embodiment of the present invention based on block chain
Figure;
Fig. 5 is the logout flow path in the unified online authentication method of the whole network provided in an embodiment of the present invention based on block chain
Figure.
Specific embodiment
Detailed description of embodiments of the present invention with reference to the accompanying drawing.
Fig. 1 shows the structural representation of the unified online Verification System of the whole network provided in an embodiment of the present invention based on block chain
Figure, referring to Fig. 1, the unified online Verification System of the whole network based on block chain provided in an embodiment of the present invention, comprising:
N number of server is set in the whole network for being divided into S region 10, at least one server is set in each area
As data memory node 101, other servers are set as authentication service node 102, wherein S >=1, N >=1.
First data memory node 101, for receiving the first user request information of user terminal transmission;According to the first user
Solicited message generates the first response message, and the first response message is sent to user terminal;According to the first response information acquisition and the
The corresponding block chain information of one user stores block chain information corresponding with the first user within a block, and will be with the first user
Corresponding block chain information is sent to other each data memory nodes, wherein the first response message includes at least the first user
Unique identification and the key distributed for first user's unique identification, block chain information corresponding with the first user, which includes at least, is
The first client public key in the key of first user's unique identification distribution;
First authentication service node 102, for receive user terminal transmission second user request, to second user request into
Row verifying.
Wherein, the first data memory node 101 can be any data memory node 101 in any region 10, this
Generation is not referred specifically in the present invention.First authentication service node 102, or any authentication service in any region 10
Node 102, this does not also refer specifically to generation in the present invention.Wherein, each data memory node 101 forms block chain, other
Authentication service node carries out authentication service.
Specifically, S region is divided in the whole network, each region 10 includes at least one and is used as data memory node 101
Server, including at least a server as authentication service node 102.Such as: in order to guarantee, between each area
Communicate smooth, the embodiment of the present invention takes the strategy of subregion.Such as: sub-national is pressed, CHINESE REGION can then be divided into Central China, China
The areas such as south, North China.In each area, it is contemplated that the data memory node that number does not wait can be set in the scale of user's access
101。
Firstly, an optional embodiment as the embodiment of the present invention, provided in an embodiment of the present invention to be based on block chain
The unified online Verification System of the whole network further include: be each user setting user unique identification, user's unique identification uses
Hierarchical identifier method is identified.For the first user, user's unique identification i.e. first user's unique identification, for
For second user, user's unique identification is second user unique identification, and so on, it repeats no more.Specifically, of the invention
The unified online Verification System of the whole network based on block chain that embodiment provides needs to define the unique nameID (user of a whole network
Unique identification), it can be and be configured referring to domain name structure.Such as certain of information management institute of Beijing Information Science & Technology University
One teacher is xxx, then we can be by the nameID of the teacher under the whole network is defined as:
xxx.sim.bistu.bj.cn.country.In end position, country and generic etc. has been preset.In view of occurring
The situation of the publicly-owned block chain is added in non-character of state tissue or its hetero-organization.Wherein, nameID will with personal identification
Location links directly.This is personal important privacy, and the present invention can carry out encryption storage on block chain, it is ensured that the safety of information
Property.Its cipher mode is referred to the encryption method of bit coin use: carrying out irreversible encryption to the public key of user.
In the embodiment of the present invention, the first user request information can request for the application of user, be requested using the first user
Information can request to provide new user's registration, key distribution service.Wherein key distribution can be through but not limited to such as under type
It is distributed: after user connects block chain, when being registered, receiving the data memory node of the first user request information
(the first data memory node) can generate opposite with the first user according to first user's unique identification (its unique nameID)
The key (public and private key of user itself) answered, such as RSA Algorithm can be used but be not limited to, and will be corresponding with the first user
Key be sent to the first user, after the first user confirmation, the first user locally will save the private key of itself, and pass through
Block chain discloses the public key of itself, i.e. the first client public key is broadcast to the number in each block chain by the first data memory node
According to memory node 101, each data memory node 101 in block chain can obtain the registration information of the first user as a result,.
As an optional embodiment of the embodiment of the present invention, other each data memory nodes 101, for receive with
The corresponding block chain information of first user, verifies block chain information corresponding with the first user;After being verified,
Block chain information corresponding with the first user is stored in respective block.Specifically, in the first data memory node 101 to each
After data memory node broadcasts the public key of the first user, each data memory node 101 can store first by block and use
Family public key.Certainly, the information stored before storing to needs verifies the authenticity that can guarantee the information of storage.In reality
In the application of border, it is contemplated that the deficiency of user computer performance possibly can not store large batch of data, can be in for example middle border
The interior several publicly-owned open storage servers for saving all data on block chain of setting.
As an optional embodiment of the embodiment of the present invention, each authentication service node 102 can provide certification clothes
Business, and query function is provided.Wherein, second user request can be certification request, and each authentication service node 102 can be right
The second user request that user terminal connected to it is sent is verified.First authentication service node 101, specifically for inquiry be
It is no to be stored with block chain information corresponding with second user;When having inquired block chain information corresponding with second user, root
Second user request is verified according to block chain information corresponding with second user;It is corresponding with second user not inquired
Block chain information when, send acquisition request to data memory node connected to it, and receive data connected to it storage
The acquisition response message that node returns, and second user request is verified according to response message is obtained.Specifically, certification clothes
Business node 102 is in addition to the block chain that data memory node 101 is constituted, remaining each server can be used as certification clothes
Business node carries out authentication service, and possesses query function.Wherein: authentication service refers to that each authentication service node is ok
Authenticate any access request for being sent to it.According to the public key of other side come the legitimacy of checking request, correctly it is verified.Equally
, other side can also apply for two-way authentication.Query function refers to: whenever starting checking request abstract, authentication service node 102
Whether the caching for first inquiring itself is all preserved to the legal public key of other side.If it does not exist, then it is carried out to data memory node 101
Inquiry request, and request results are cached.In practical application, the cache-time of authentication service node 102 can for example be set
It is set to 86400s, the operation such as deletion can be executed later.
As an optional embodiment of the embodiment of the present invention, the first data memory node is also used to receive user terminal
The third user request information of transmission;First data memory node generates third response message according to third user request information,
Third response message is sent to user terminal;The confirmation message to third response message that user terminal is sent is received, according to third
Response information acquisition block chain information corresponding with third user stores block chain letter corresponding with third user within a block
Breath, and block chain information corresponding with third user is sent to other each data memory nodes, wherein third response message
Including at least log-off message corresponding with third user's unique identification, block chain information corresponding with third user include at least with
The corresponding log-off message of third user's unique identification.Specifically, the appearance of private key situation is forgotten or lost in part in order to prevent, this
Inventive embodiments provide logout flow path, and third user request can be de-registration request.
Therefore, the major function of data memory node 101 provided in an embodiment of the present invention may include:
1) guarantee timely updating for the data in block chain, save.
2) new user's registration, key distribution are provided, the function of the block of each memory node in block chain is written in broadcast.
3) guarantee that the user of each great Qu and authentication service node can normally access.
4) guarantee that each data memory node is using the correct running of common recognition algorithm on block chain.
5) guarantee the data consistency of all data memory nodes, in addition, guaranteeing other data saved with other nodes
Consistency.
It, can be with it can be seen that the unified online Verification System of the whole network based on block chain provided through the embodiment of the present invention
Client public key is stored in block chain, when each certification, is authenticated by authentication service node, so that user exists
When access service, does not have to create multiple digital identities, be not readily susceptible to hacker attack, while certificate (public key) can also be enhanced yet
Authority.
Fig. 2 to Fig. 5 is shown in the unified online authentication method of the whole network provided in an embodiment of the present invention based on block chain
Each flow chart, the unified online authentication method of the whole network based on block chain provided in an embodiment of the present invention are applied to above system,
Only the unified online authentication method of the whole network to provided in an embodiment of the present invention based on block chain is briefly described below, other are not
Matters to the greatest extent, referring specifically to the related description of above system.It is provided in an embodiment of the present invention based on block chain referring to fig. 2 to Fig. 5
The unified online authentication method of the whole network, comprising:
S201, is arranged N number of server in the whole network for being divided into S region, at least one clothes is arranged in each area
Device be engaged in as data memory node, other servers are set as authentication service node, wherein S >=1, N >=1;
S202, the first data memory node receive the first user request information that user terminal is sent;
S203, the first data memory node generate the first response message according to the first user request information, by the first response
Information is sent to user terminal;
S204, the first data memory node according to the first response information acquisition block chain information corresponding with the first user,
Block chain information corresponding with the first user is stored within a block, and block chain information corresponding with the first user is sent to it
His each data memory node, wherein the first response message include at least first user's unique identification and for the first user only
The key of one mark distribution, block chain information corresponding with the first user include at least as the close of first user's unique identification distribution
The first client public key in key;
S205, the first authentication service node receive the second user request that user terminal is sent;First authentication service node pair
Second user request is verified.
It, can be with it can be seen that the unified online authentication method of the whole network based on block chain provided through the embodiment of the present invention
Client public key is stored in block chain, when each certification, is authenticated by authentication service node, so that user exists
When access service, does not have to create multiple digital identities, be not readily susceptible to hacker attack, while certificate (public key) can also be enhanced yet
Authority.
As an optional embodiment of the embodiment of the present invention, the whole network provided in an embodiment of the present invention based on block chain
Unified online authentication method further include: be each user setting user unique identification, user's unique identification uses stratification
Identification method is identified.Carry out identity user from there through user's unique identification.
As an optional embodiment of the embodiment of the present invention, the whole network provided in an embodiment of the present invention based on block chain
Unified online authentication method further include: other each data memory nodes receive block chain information corresponding with the first user, right
Block chain information corresponding with the first user is verified;Other each data memory nodes are after being verified, respective
Block chain information corresponding with the first user is stored in block.Specifically, it is stored in the first data memory node to each data
After the public key of the first user of node broadcasts, each data memory node can store the first client public key by block.Certainly,
The information stored before storing to needs verifies the authenticity that can guarantee the information of storage.In practical applications, it examines
Consider the deficiency of user computer performance, possibly can not store large batch of data, can be for example arranged within Chinese territory it is several
The publicly-owned open storage server for saving all data on block chain.
As an optional embodiment of the embodiment of the present invention, the first authentication service node requests to carry out to second user
Verifying includes: whether the first authentication service querying node is stored with block chain information corresponding with second user;First certification clothes
Node be engaged in when having inquired block chain information corresponding with second user, according to block chain information pair corresponding with second user
Second user request is verified;First authentication service node is not inquiring block chain information corresponding with second user
When, acquisition request is sent to data memory node connected to it, and receive obtaining for data memory node return connected to it
Response message is taken, and second user request is verified according to response message is obtained.Specifically, authentication service node is divisor
Except the block chain constituted according to memory node, remaining each server can be used as authentication service node and carry out certification clothes
Business, and possess query function.Wherein: authentication service refers to, each authentication service node, which can authenticate, any is sent to its
Access request.According to the public key of other side come the legitimacy of checking request, correctly it is verified.Likewise, other side can also be with Shen
It please two-way authentication.Query function refers to: whenever starting checking request abstract, authentication service node all will first inquire the slow of itself
The legal public key for whether preserving other side deposited.If it does not exist, then to data store section carry out inquiry request, and by request results into
Row caching.In practical application, the cache-time of authentication service node for example can be set to 86400s, can execute deletion later
Deng operation.
As an optional embodiment of the embodiment of the present invention, the whole network provided in an embodiment of the present invention based on block chain
Unified online authentication method further include: the first data memory node receives the third user request information that user terminal is sent;First
Data memory node generates third response message according to third user request information, and third response message is sent to user terminal;
First data memory node receives the confirmation message to third response message that user terminal is sent, according to third response information acquisition
Block chain information corresponding with third user stores block chain information corresponding with third user within a block, and will be with third
The corresponding block chain information of user is sent to other each data memory nodes, wherein third response message includes at least and the
The corresponding log-off message of three user's unique identifications, block chain information corresponding with third user include at least unique with third user
Identify corresponding log-off message.Specifically, part is forgotten or loses the appearance of private key situation in order to prevent, and the embodiment of the present invention mentions
Logout flow path is supplied, third user request can be de-registration request.
Fig. 3 is the application process in the unified online authentication method of the whole network provided in an embodiment of the present invention based on block chain
Figure, the application process packet referring to Fig. 3, in the unified online authentication method of the whole network based on block chain provided in an embodiment of the present invention
It includes:
User terminal application account, whether the verifying application of the first data memory node is legal, and when applying for illegal, notice is used
Family end is applied again, and the key and nameID of user are generated when applying for legal, and the key of user is sent to nameID
User terminal;
User terminal verification information, does not confirm, applies again, and confirmation then stores self information, and the first data is notified to store
Node;
Client public key is charged to block and broadcasted to other data memory nodes by the first back end;
When legal block is written in client public key by other data memory nodes verifying block, when illegal, notice
First data memory node;
First data memory node generates write-in failure information, notifies user terminal, user terminal confirmation write-in failure information.
Specifically, the first data memory node therein refers to and deposits apart from the closer data for having registering functional of user
Store up node.After user applies successfully, in block chain by save user nameID and corresponding public key and one its
His personally identifiable information, such as: cell-phone number, the information such as fingerprint, in addition, the boolean whether failed also on the nameID
Value.Wherein nameID by be data storage major key, it will encrypt and store in block chain, and the public key of user will be it is open can
The information of inquiry.Other personal identity informations, can be privatizations, not make open handle.Such as it realizes in the following way a
The privatization of other identity informations of people: 1, its information will be encrypted;It 2, will when writing relevant intelligent contract
It carries out privatization processing to it, in any output result, the content of the information all will not directly occur.Wherein, storage letter
Cease data structure schematically as follows:
| nameID | Public key | Other identity informations | Whether fail |
| Encryption | Corresponding public key information | It is stored in the form of dictionary | Boolean |
Fig. 4 is the verifying process in the unified online authentication method of the whole network provided in an embodiment of the present invention based on block chain
Figure, referring to fig. 4, the verifying process packet in the unified online authentication method of the whole network based on block chain provided in an embodiment of the present invention
It includes:
User terminal logs in block chain, initiates to request to the first authentication service node;
First authentication service node checks whether cache user public key;
In the absence of, to data memory node inquire client public key, data memory node is after inquiring client public key
Client public key is back to the first authentication service node, is returned after inquiry is less than client public key and information is not present to the first certification
Service node, the first authentication service node cache the client public key after receiving client public key;
In the presence of, whether checking request legal, and after checking request is legal, decision verification passes through and notify user terminal,
Receiving Austria there is no after information, decision verification does not pass through.
Specifically, it when user terminal accesses block chain, when access target, can all be signed, be sent out with the private key of itself
To corresponding authentication service node.Whether authentication service node can first check in own cache there are also the public key of user, have then into
Row signature verification, correctly then passes through.If certificate server does not cache the client public key, need to carry out to data memory node
Inquiry, if there are client public key for data memory node, authentication service node caches query result, and is verified,
It is correct then pass through.If no user public key, verifies and does not pass through.Likewise, user can also be with application authentication authentication service node
Information.
Fig. 5 is the logout flow path in the unified online authentication method of the whole network provided in an embodiment of the present invention based on block chain
Figure, the logout flow path packet referring to Fig. 5, in the unified online authentication method of the whole network based on block chain provided in an embodiment of the present invention
It includes:
User terminal application is nullified, and whether the verifying application of the first data memory node is legal, and when applying for illegal, notice is used
Family end is applied again, generates log-out when applying for legal, and log-out is sent to user terminal;
User terminal verification information, does not confirm, applies again, and confirmation then confirms cancellation, and notifies the first data storage section
Point;
Log-out is charged to block and broadcasted to other data memory nodes by the first back end;
When legal block is written in log-out by other data memory nodes verifying block, when illegal, notice
First data memory node;
First data memory node, which generates, nullifies failure information, notifies user terminal, and failure information is nullified in user terminal confirmation.
Specifically, the appearance of private key situation is forgotten or lost in part in order to prevent, and the present invention provides logout flow paths.User
In starting logout flow path, it will need to provide the corresponding data of self information, whether correctly, correctly back end will be authenticated
To then generate new record<nameID, public key, other identity informations, whether fail (True)>.Block is broadcasted and charged to, is indicated
The nameID is no longer valid.If user needs new key, need to carry out application process again.
Any process described otherwise above or method description are construed as in flow chart or herein, and expression includes
It is one or more for realizing specific logical function or process the step of executable instruction code module, segment or portion
Point, and the range of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discussed suitable
Sequence, including according to related function by it is basic simultaneously in the way of or in the opposite order, to execute function, this should be of the invention
Embodiment person of ordinary skill in the field understood.
Those skilled in the art are understood that realize all or part of step that above-described embodiment method carries
It suddenly is that relevant hardware can be instructed to complete by program, the program can store in a kind of computer-readable storage medium
In matter, which when being executed, includes the steps that one or a combination set of embodiment of the method.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example
Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not
Centainly refer to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be any
One or more embodiment or examples in can be combined in any suitable manner.
Above embodiment is only that preferred embodiments of the present invention will be described, is not carried out to the scope of the present invention
It limits, without departing from the spirit of the design of the present invention, this field ordinary engineering and technical personnel is to technical solution of the present invention
The various changes and improvements made, should fall within the scope of protection determined by the claims of the present invention.
Claims (10)
1. a kind of unified online authentication method of the whole network based on block chain characterized by comprising
N number of server is set in the whole network for being divided into S region, at least one server work is set in each region
For data memory node, other servers are set as authentication service node, wherein S >=1, N >=1;
First data memory node receives the first user request information that user terminal is sent;
First data memory node generates the first response message according to first user request information, by first sound
Information is answered to be sent to the user terminal;
First data memory node according to first response information acquisition block chain information corresponding with the first user,
The block chain information corresponding with the first user is stored in block, and will the block chain information hair corresponding with the first user
Send to other each data memory nodes, wherein first response message include at least first user's unique identification with
And the key for the first user unique identification distribution, the block chain information corresponding with the first user include at least as institute
State the first client public key in the key of first user's unique identification distribution;
First authentication service node receives the second user request that user terminal is sent, and verifies to second user request.
2. the method according to claim 1, wherein further include:
Other each described data memory nodes receive the block chain information corresponding with the first user, are used with first described
The corresponding block chain information in family is verified;
Other each described data memory nodes store described corresponding with the first user after being verified in respective block
Block chain information.
3. the method according to claim 1, wherein the first authentication service node asks the second user
It asks verify and includes:
Whether the first authentication service querying node is stored with block chain information corresponding with second user;
The first authentication service node when having inquired the block chain information corresponding with second user, according to described and
The corresponding block chain information of second user verifies second user request;
The first authentication service node connects when not inquired the block chain information corresponding with second user to it
The data memory node connect sends acquisition request, and receives the acquisition response letter that the data memory node connected to it returns
Breath, and second user request is verified according to the acquisition response message.
4. method according to any one of claims 1 to 3, which is characterized in that further include:
First data memory node receives the third user request information that user terminal is sent;
First data memory node generates third response message according to the third user request information, and the third is rung
Information is answered to be sent to the user terminal;
First data memory node receives the confirmation message to third response message that the user terminal is sent, according to described
Third response information acquisition block chain information corresponding with third user stores the area corresponding with third user within a block
Block chain information, and the block chain information corresponding with third user is sent to other each data memory nodes,
In, the third response message includes at least log-off message corresponding with third user's unique identification, described and third user couple
The block chain information answered includes at least the log-off message corresponding with third user's unique identification.
5. the method according to claim 1, wherein further include:
For each user setting user unique identification, user's unique identification is identified using hierarchical identifier method.
6. a kind of unified online Verification System of the whole network based on block chain characterized by comprising
N number of server is set in the whole network for being divided into S region, at least one server work is set in each region
For data memory node, other servers are set as authentication service node, wherein S >=1, N >=1;
First data memory node, for receiving the first user request information of user terminal transmission;It is asked according to first user
It asks information to generate the first response message, first response message is sent to the user terminal;According to the first response letter
Breath obtains block chain information corresponding with the first user, stores the block chain information corresponding with the first user within a block,
And the block chain information corresponding with the first user is sent to other each data memory nodes, wherein described
One response message include at least first user's unique identification and be the first user unique identification distribution key, it is described with
The corresponding block chain information of first user includes at least the first user in the key for the first user unique identification distribution
Public key;
First authentication service node requests to carry out for receiving the second user request of user terminal transmission to the second user
Verifying.
7. system according to claim 6, which is characterized in that other each described data memory nodes, for receiving
Block chain information corresponding with the first user is stated, the block chain information corresponding with the first user is verified;It is verifying
By rear, the block chain information corresponding with the first user is stored in respective block.
8. system according to claim 6, which is characterized in that the first authentication service node, specifically for inquiry be
It is no to be stored with block chain information corresponding with second user;Inquiring the block chain information corresponding with second user
When, second user request is verified according to the block chain information corresponding with second user;It is not inquiring
When the block chain information corresponding with second user, acquisition request is sent to data memory node connected to it, and receive
The acquisition response message that the data memory node connected to it returns, and according to the acquisition response message to described second
User's request is verified.
9. according to the described in any item systems of claim 6 to 8, which is characterized in that first data memory node is also used to
Receive the third user request information that user terminal is sent;First data memory node is according to the third user request information
Third response message is generated, the third response message is sent to the user terminal;Receive that the user terminal sends to the
The confirmation message of three response messages, according to third response information acquisition block chain information corresponding with third user, in area
The block chain information corresponding with third user is stored in block, and the block chain information corresponding with third user is sent
To other each data memory nodes, wherein the third response message includes at least and third user's unique identification pair
The log-off message answered, the block chain information corresponding with third user include at least described corresponding with third user's unique identification
Log-off message.
10. system according to claim 1, which is characterized in that further include:
For each user setting user unique identification, user's unique identification is identified using hierarchical identifier method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811540343.1A CN109327481B (en) | 2018-12-17 | 2018-12-17 | Block chain-based unified online authentication method and system for whole network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811540343.1A CN109327481B (en) | 2018-12-17 | 2018-12-17 | Block chain-based unified online authentication method and system for whole network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109327481A true CN109327481A (en) | 2019-02-12 |
| CN109327481B CN109327481B (en) | 2021-12-14 |
Family
ID=65257456
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811540343.1A Active CN109327481B (en) | 2018-12-17 | 2018-12-17 | Block chain-based unified online authentication method and system for whole network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109327481B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109862041A (en) * | 2019-03-27 | 2019-06-07 | 深圳市网心科技有限公司 | A kind of digital identification authentication method, unit, system and storage medium |
| CN109981637A (en) * | 2019-03-21 | 2019-07-05 | 浙江工商大学 | A kind of compound authentication method of Internet of Things multi-source intersection based on block chain |
| CN110166460A (en) * | 2019-05-24 | 2019-08-23 | 北京思源互联科技有限公司 | Register method and device, storage medium, the electronic device of service account |
| CN110191153A (en) * | 2019-04-24 | 2019-08-30 | 成都派沃特科技股份有限公司 | Social communication method based on block chain |
| CN110555296A (en) * | 2019-08-01 | 2019-12-10 | 阿里巴巴集团控股有限公司 | identity verification method, device and equipment based on block chain |
| CN110661812A (en) * | 2019-10-10 | 2020-01-07 | 国网山东省电力公司信息通信公司 | Block chain-based cascade authentication system |
| CN111400772A (en) * | 2020-03-06 | 2020-07-10 | 厦门区块链云科技有限公司 | Distributed digital identity system based on block chain |
| CN111460470A (en) * | 2020-03-12 | 2020-07-28 | 陈海全 | Internet order processing method and device |
| US10756901B2 (en) | 2019-08-01 | 2020-08-25 | Alibaba Group Holding Limited | Blockchain-based identity authentication method, apparatus, and device |
| CN111666554A (en) * | 2020-06-03 | 2020-09-15 | 泰康保险集团股份有限公司 | Certificate authentication method, device, equipment and storage medium |
| CN111901432A (en) * | 2020-07-31 | 2020-11-06 | 广东尚恒智汇科技发展有限公司 | Block chain-based safety data exchange method |
| CN112351019A (en) * | 2020-10-29 | 2021-02-09 | 北京邮电大学 | Identity authentication system and method |
| CN114066546A (en) * | 2020-07-30 | 2022-02-18 | 阿里巴巴集团控股有限公司 | Data processing method, network system and electronic equipment |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170075941A1 (en) * | 2016-11-28 | 2017-03-16 | Keir Finlow-Bates | Consensus system and method for adding data to a blockchain |
| CN107231351A (en) * | 2017-05-25 | 2017-10-03 | 远光软件股份有限公司 | The management method and relevant device of electronic certificate |
| CN107483498A (en) * | 2017-09-22 | 2017-12-15 | 中国联合网络通信集团有限公司 | Academic authentication method and system based on block chain |
| CN107770182A (en) * | 2017-10-30 | 2018-03-06 | 中国联合网络通信集团有限公司 | The date storage method and home gateway of home gateway |
| CN108064440A (en) * | 2017-05-25 | 2018-05-22 | 深圳前海达闼云端智能科技有限公司 | FIDO authentication method, device and system based on block chain |
| WO2018143983A1 (en) * | 2017-02-01 | 2018-08-09 | Equifax, Inc. | Verifying an identity based on multiple distributed data sources using a blockchain to safeguard the identity |
| CN108647966A (en) * | 2018-05-09 | 2018-10-12 | 深圳市融讯科技有限公司 | A kind of data interactive method and device based on block chain |
| CN108881471A (en) * | 2018-07-09 | 2018-11-23 | 北京信息科技大学 | A kind of the whole network based on alliance uniformly trusts anchor system and construction method |
| CN108989048A (en) * | 2018-08-02 | 2018-12-11 | 中国联合网络通信集团有限公司 | Cryptographic key distribution method, device, equipment and storage medium |
-
2018
- 2018-12-17 CN CN201811540343.1A patent/CN109327481B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170075941A1 (en) * | 2016-11-28 | 2017-03-16 | Keir Finlow-Bates | Consensus system and method for adding data to a blockchain |
| WO2018143983A1 (en) * | 2017-02-01 | 2018-08-09 | Equifax, Inc. | Verifying an identity based on multiple distributed data sources using a blockchain to safeguard the identity |
| CN107231351A (en) * | 2017-05-25 | 2017-10-03 | 远光软件股份有限公司 | The management method and relevant device of electronic certificate |
| CN108064440A (en) * | 2017-05-25 | 2018-05-22 | 深圳前海达闼云端智能科技有限公司 | FIDO authentication method, device and system based on block chain |
| CN107483498A (en) * | 2017-09-22 | 2017-12-15 | 中国联合网络通信集团有限公司 | Academic authentication method and system based on block chain |
| CN107770182A (en) * | 2017-10-30 | 2018-03-06 | 中国联合网络通信集团有限公司 | The date storage method and home gateway of home gateway |
| CN108647966A (en) * | 2018-05-09 | 2018-10-12 | 深圳市融讯科技有限公司 | A kind of data interactive method and device based on block chain |
| CN108881471A (en) * | 2018-07-09 | 2018-11-23 | 北京信息科技大学 | A kind of the whole network based on alliance uniformly trusts anchor system and construction method |
| CN108989048A (en) * | 2018-08-02 | 2018-12-11 | 中国联合网络通信集团有限公司 | Cryptographic key distribution method, device, equipment and storage medium |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109981637A (en) * | 2019-03-21 | 2019-07-05 | 浙江工商大学 | A kind of compound authentication method of Internet of Things multi-source intersection based on block chain |
| CN109862041B (en) * | 2019-03-27 | 2021-06-15 | 深圳市网心科技有限公司 | Digital identity authentication method, equipment, device, system and storage medium |
| CN109862041A (en) * | 2019-03-27 | 2019-06-07 | 深圳市网心科技有限公司 | A kind of digital identification authentication method, unit, system and storage medium |
| CN110191153A (en) * | 2019-04-24 | 2019-08-30 | 成都派沃特科技股份有限公司 | Social communication method based on block chain |
| CN110166460A (en) * | 2019-05-24 | 2019-08-23 | 北京思源互联科技有限公司 | Register method and device, storage medium, the electronic device of service account |
| CN110166460B (en) * | 2019-05-24 | 2021-12-14 | 北京思源理想控股集团有限公司 | Service account registration method and device, storage medium and electronic device |
| CN110555296A (en) * | 2019-08-01 | 2019-12-10 | 阿里巴巴集团控股有限公司 | identity verification method, device and equipment based on block chain |
| US10756901B2 (en) | 2019-08-01 | 2020-08-25 | Alibaba Group Holding Limited | Blockchain-based identity authentication method, apparatus, and device |
| CN110661812A (en) * | 2019-10-10 | 2020-01-07 | 国网山东省电力公司信息通信公司 | Block chain-based cascade authentication system |
| CN111400772A (en) * | 2020-03-06 | 2020-07-10 | 厦门区块链云科技有限公司 | Distributed digital identity system based on block chain |
| CN111460470A (en) * | 2020-03-12 | 2020-07-28 | 陈海全 | Internet order processing method and device |
| CN111460470B (en) * | 2020-03-12 | 2024-03-22 | 上海生慧樘科技有限公司 | Internet order processing method and device |
| CN111666554A (en) * | 2020-06-03 | 2020-09-15 | 泰康保险集团股份有限公司 | Certificate authentication method, device, equipment and storage medium |
| CN111666554B (en) * | 2020-06-03 | 2023-09-12 | 泰康保险集团股份有限公司 | Certificate authentication method, device, equipment and storage medium |
| CN114066546A (en) * | 2020-07-30 | 2022-02-18 | 阿里巴巴集团控股有限公司 | Data processing method, network system and electronic equipment |
| CN111901432A (en) * | 2020-07-31 | 2020-11-06 | 广东尚恒智汇科技发展有限公司 | Block chain-based safety data exchange method |
| CN112351019A (en) * | 2020-10-29 | 2021-02-09 | 北京邮电大学 | Identity authentication system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109327481B (en) | 2021-12-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109327481A (en) | A kind of unified online authentication method and system of the whole network based on block chain | |
| EP3788523B1 (en) | System and method for blockchain-based cross-entity authentication | |
| US10284379B1 (en) | Public key infrastructure based on the public certificates ledger | |
| US9225525B2 (en) | Identity management certificate operations | |
| US8898457B2 (en) | Automatically generating a certificate operation request | |
| US20170251025A1 (en) | Systems and methods for distributed data sharing with asynchronous third-party attestation | |
| CN111316303A (en) | System and method for block chain based cross entity authentication | |
| Luecking et al. | Decentralized identity and trust management framework for Internet of Things | |
| CN111049835B (en) | Unified identity management system of distributed public certificate service network | |
| Abraham et al. | Revocable and offline-verifiable self-sovereign identities | |
| CN107872455A (en) | A kind of cross-domain single login system and its method | |
| Babu et al. | A distributed identity‐based authentication scheme for internet of things devices using permissioned blockchain system | |
| Arasan et al. | Computationally efficient and secure anonymous authentication scheme for cloud users | |
| EP2957064A1 (en) | Method of privacy-preserving proof of reliability between three communicating parties | |
| Al-Janabi et al. | Development of certificate authority services for web applications | |
| Chattaraj et al. | HEAP: an efficient and fault-tolerant authentication and key exchange protocol for Hadoop-assisted big data platform | |
| EP3817320B1 (en) | Blockchain-based system for issuing and validating certificates | |
| Cho et al. | TwinPeaks: An approach for certificateless public key distribution for the internet and internet of things | |
| CN114079645B (en) | Method and device for registering service | |
| KR102118556B1 (en) | Method for providing private blockchain based privacy information management service | |
| Kim et al. | Can we create a cross-domain federated identity for the industrial Internet of Things without Google? | |
| Yeh et al. | Applying lightweight directory access protocol service on session certification authority | |
| CN101242263B (en) | Grid secure processing method based on extensive market language security policy | |
| Fugkeaw et al. | Multi-Application Authentication based on Multi-Agent System. | |
| CN109905365B (en) | Distributed deployed single sign-on and service authorization system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |