CN109327481B - Block chain-based unified online authentication method and system for whole network - Google Patents

Block chain-based unified online authentication method and system for whole network Download PDF

Info

Publication number
CN109327481B
CN109327481B CN201811540343.1A CN201811540343A CN109327481B CN 109327481 B CN109327481 B CN 109327481B CN 201811540343 A CN201811540343 A CN 201811540343A CN 109327481 B CN109327481 B CN 109327481B
Authority
CN
China
Prior art keywords
user
block chain
information corresponding
data storage
storage node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811540343.1A
Other languages
Chinese (zh)
Other versions
CN109327481A (en
Inventor
蒋文保
章峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Information Science and Technology University
Original Assignee
Beijing Information Science and Technology University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Information Science and Technology University filed Critical Beijing Information Science and Technology University
Priority to CN201811540343.1A priority Critical patent/CN109327481B/en
Publication of CN109327481A publication Critical patent/CN109327481A/en
Application granted granted Critical
Publication of CN109327481B publication Critical patent/CN109327481B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a block chain-based whole-network unified online authentication method and a block chain-based whole-network unified online authentication system, wherein the method comprises the following steps: setting N servers in a whole network divided into S areas, and setting at least one server in each area as a data storage node, wherein other servers are set as authentication service nodes; a first data storage node receives first user request information sent by a user side; generating first response information according to the first user request information, and sending the first response information to the user side; acquiring block chain information corresponding to the first user according to the first response information, storing the block chain information corresponding to the first user in a block, and sending the block chain information corresponding to the first user to other data storage nodes; and the first authentication service node receives a second user request sent by the user side and verifies the second user request.

Description

Block chain-based unified online authentication method and system for whole network
Technical Field
The invention relates to the field of communication, in particular to a block chain-based whole-network unified online authentication method and system.
Background
Under a public key cryptosystem, a public key digital signature technology needs to bind an entity identity and a public key by relying on a CA (certificate authority) issued by a Public Key Infrastructure (PKI) so as to ensure the authenticity of the entity public key. The user public key and the user identity are bound in the form of a public key certificate, and a mature scheme for solving the network security problem is formed. However, PKI comes at a cost in management, storage and computation of certificates by introducing a trusted third party CA:
1. the process is complex, such as the issuance, the release, the acquisition, the verification, the revocation and the like of the certificate;
2. the certificate directory needing to be online provides certificate downloading and state query services for the user at any time, so that maintenance cost is increased;
3. if the number of the communication objects of the user is more, the user must store and manage the certificates locally, so that the use overhead of the user side is increased;
4. the problem of large-scale key management is that a method of physically adding a CA is generally adopted, and cross authentication and trust management also exist among users of each CA.
Furthermore, most of us now access cloud services almost every day. For example,
1) using network-based e-mail systems, such as Gmail, QQ, internet email, etc. to send messages to each other;
2) using social networking sites such as QQ, WeChat and Twitter to share information and connect with friends;
3) television and movies can be viewed on demand using Netflix and Hulu;
4) digital media, such as photographs, videos, and documents, are stored using cloud storage services, such as Google Drive, iCloud, and Dropbox.
Enterprises deploy applications and services through cloud services to reduce operating costs and perfect cash flow.
Cloud providers offer cloud services responsible for authentication, authorization, and accounting (AAA) frameworks. This framework provides on-demand, scalable, resilient, reliable, and redundant cloud services. The AAA framework developed by the provider maintains client and server services for users based on a client-server model. The user interacts with the client, and the client application communicates with the central server over the internet, requesting a response. The user must register with the provider and create a digital identity. In this process, the user must provide sensitive user data such as detailed information like name, username, phone number, email, and bank or credit card. These user sensitive data are stored on a central server across multiple data centers.
Also, users must create multiple digital identities between multiple providers to access their services separately. Research has shown that the process of creating multiple digital identities is inconvenient and cumbersome from a user experience point of view, because the user must repeat the same registration process over and over again, and remember multiple passwords for different services. And the central server of the provider is a major target for hackers, which user data is vulnerable to hacking.
In addition, the CA certificate system is disordered in management, and each enterprise is provided with a CA core mechanism, so that the certificate is not authoritative enough and is not completely safe.
Therefore, a network-wide unified authentication method and system need to be established.
Disclosure of Invention
The present invention provides a block chain-based method and system for unified online authentication over the entire network, which at least overcome the above-mentioned drawbacks.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
one aspect of the present invention provides a block chain-based unified online authentication method for a whole network, including: setting N servers in a whole network divided into S areas, and setting at least one server in each area as a data storage node, wherein other servers are set as authentication service nodes, S is more than or equal to 1, and N is more than or equal to 1; a first data storage node receives first user request information sent by a user side; the first data storage node generates first response information according to the first user request information and sends the first response information to the user side; the first data storage node acquires block chain information corresponding to a first user according to first response information, stores the block chain information corresponding to the first user in a block, and sends the block chain information corresponding to the first user to other data storage nodes, wherein the first response information at least comprises a first user unique identifier and a secret key distributed for the first user unique identifier, and the block chain information corresponding to the first user at least comprises a first user public key in the secret key distributed for the first user unique identifier; and the first authentication service node receives a second user request sent by the user side and verifies the second user request.
Wherein, the method further comprises: receiving the block chain information corresponding to the first user by other data storage nodes, and verifying the block chain information corresponding to the first user; after the other data storage nodes pass the verification, the block chain information corresponding to the first user is stored in the respective blocks.
Wherein the first authentication service node verifying the second user request comprises: the first authentication service node inquires whether block chain information corresponding to the second user is stored; when the first authentication service node inquires the block chain information corresponding to the second user, verifying the second user request according to the block chain information corresponding to the second user; and when the first authentication service node does not inquire the blockchain information corresponding to the second user, the first authentication service node sends an acquisition request to the data storage node connected with the first authentication service node, receives acquisition response information returned by the data storage node connected with the first authentication service node, and verifies the second user request according to the acquisition response information.
Wherein, the method further comprises: the first data storage node receives third user request information sent by a user side; the first data storage node generates third response information according to the third user request information and sends the third response information to the user side; the first data storage node receives confirmation information of third response information sent by the user side, the block chain information corresponding to a third user is obtained according to the third response information, the block chain information corresponding to the third user is stored in the block, and the block chain information corresponding to the third user is sent to other data storage nodes, wherein the third response information at least comprises logout information corresponding to the unique identifier of the third user, and the block chain information corresponding to the third user at least comprises the logout information corresponding to the unique identifier of the third user.
Wherein, the method further comprises: and setting a unique user identifier for each user, wherein the unique user identifier is identified by adopting a hierarchical identification method.
In another aspect, the present invention provides a block chain-based global unified online authentication system, including: setting N servers in a whole network divided into S areas, setting at least one server in each area as a data storage node, and setting other servers as authentication service nodes, wherein S is more than or equal to 1, and N is more than or equal to 1; the first data storage node is used for receiving first user request information sent by a user side; generating first response information according to the first user request information, and sending the first response information to the user side; acquiring block chain information corresponding to a first user according to first response information, storing the block chain information corresponding to the first user in a block, and sending the block chain information corresponding to the first user to other data storage nodes, wherein the first response information at least comprises a first user unique identifier and a secret key distributed for the first user unique identifier, and the block chain information corresponding to the first user at least comprises a first user public key in the secret key distributed for the first user unique identifier; and the first authentication service node is used for receiving a second user request sent by the user side and verifying the second user request.
The other data storage nodes are used for receiving the block chain information corresponding to the first user and verifying the block chain information corresponding to the first user; and after the verification is passed, storing the block chain information corresponding to the first user in the respective block.
The first authentication service node is specifically used for inquiring whether block chain information corresponding to the second user is stored; when the block chain information corresponding to the second user is inquired, verifying the second user request according to the block chain information corresponding to the second user; and when the block chain information corresponding to the second user is not inquired, sending an acquisition request to the data storage node connected with the second user, receiving acquisition response information returned by the data storage node connected with the second user, and verifying the second user request according to the acquisition response information.
The first data storage node is also used for receiving third user request information sent by the user side; the first data storage node generates third response information according to the third user request information and sends the third response information to the user side; receiving confirmation information of the third response information sent by the user side, acquiring block chain information corresponding to the third user according to the third response information, storing the block chain information corresponding to the third user in a block, and sending the block chain information corresponding to the third user to other data storage nodes, wherein the third response information at least comprises logout information corresponding to the unique identifier of the third user, and the block chain information corresponding to the third user at least comprises logout information corresponding to the unique identifier of the third user.
Wherein, the system still includes: and setting a unique user identifier for each user, wherein the unique user identifier is identified by adopting a hierarchical identification method.
It can be seen from the above technical solutions that, by using the block chain-based unified online authentication method and system provided by the embodiments of the present invention, the public key of the user can be stored in the block chain, and authentication is performed through the authentication service node in each authentication, so that the user does not need to create multiple digital identities and is not easily attacked by hackers when accessing services, and meanwhile, the authority of the certificate (public key) can be enhanced.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a block chain-based global unified online authentication system according to an embodiment of the present invention;
fig. 2 is a flowchart of a block chain-based global unified online authentication method according to an embodiment of the present invention;
fig. 3 is a flowchart of an application in a block chain-based method for unified online authentication over the entire network according to an embodiment of the present invention;
fig. 4 is a verification flowchart in the block chain-based global unified online authentication method according to the embodiment of the present invention;
fig. 5 is a logout flowchart in the block chain-based global unified online authentication method according to the embodiment of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
Fig. 1 shows a schematic structural diagram of a block chain-based global unified online authentication system according to an embodiment of the present invention, and referring to fig. 1, the block chain-based global unified online authentication system according to an embodiment of the present invention includes:
n servers are arranged in a whole network divided into S areas 10, at least one server is arranged in each area to serve as a data storage node 101, and other servers are arranged in each area to serve as authentication service nodes 102, wherein S is larger than or equal to 1, and N is larger than or equal to 1.
The first data storage node 101 is configured to receive first user request information sent by a user side; generating first response information according to the first user request information, and sending the first response information to the user side; acquiring block chain information corresponding to a first user according to first response information, storing the block chain information corresponding to the first user in a block, and sending the block chain information corresponding to the first user to other data storage nodes, wherein the first response information at least comprises a first user unique identifier and a secret key distributed for the first user unique identifier, and the block chain information corresponding to the first user at least comprises a first user public key in the secret key distributed for the first user unique identifier;
the first authentication service node 102 is configured to receive a second user request sent by a user side, and verify the second user request.
The first data storage node 101 may be any data storage node 101 in any area 10, which is not specifically referred to in the present invention. The first authentication service node 102 may also be any authentication service node 102 in any area 10, which is not specifically referred to in the present invention. Each data storage node 101 forms a block chain, and the other authentication service nodes perform authentication services.
Specifically, S areas are divided in the whole network, and each area 10 includes at least one server as the data storage node 101 and at least one server as the authentication service node 102. For example: in order to ensure smooth communication among various regions, the embodiment of the invention adopts a partition strategy. For example: according to the national regions, the Chinese area can be divided into China, south China, north China and other areas. In each region, an unequal number of data storage nodes 101 may be provided in consideration of the scale of user access.
First, as an optional implementation manner of the embodiment of the present invention, the block chain-based whole network unified online authentication system provided in the embodiment of the present invention further includes: and setting a unique user identifier for each user, wherein the unique user identifier is identified by adopting a hierarchical identification method. For a first user, the user unique identifier of the first user is the first user unique identifier, for a second user, the user unique identifier of the second user is the second user unique identifier, and so on, which is not described again. Specifically, the block chain-based global unified online authentication system provided in the embodiment of the present invention needs to define a global unique nameID (user unique identifier), which may be set by referring to a domain name structure. For example, a teacher at the information management institute of Beijing information technology university is called xxx, and then under the whole network, we can define the nameID of the teacher as: xxx. At the end position, count, geneic, and the like are preset. Consider the case where a non-national property organization or other organization joins the public blockchain. Where the nameID will be directly hooked to the pin. The method is important privacy of individuals, and the encrypted storage can be carried out on the block chain, so that the safety of the information is ensured. The encryption mode can refer to an encryption method adopted by bitcoin: i.e. irreversible encryption of the user's public key.
In the embodiment of the invention, the first user request information can be an application request of a user, and the first user request information can be used for requesting to provide new user registration and key distribution service. Wherein the key distribution may be distributed by, but not limited to: after the user connects the block chains, when performing registration, the data storage node (first data storage node) that receives the first user request information may generate a key (a public key and a private key of the user itself) corresponding to the first user according to the unique identifier (unique nameID of the first user), for example, but not limited to, an RSA algorithm may be adopted, and send the key corresponding to the first user, after the first user confirms, the first user locally stores the private key of the first user, and discloses the public key of the first user through the block chain, that is, the first data storage node broadcasts the public key of the first user to the data storage nodes 101 in each block chain, and thus, each data storage node 101 in the block chain may obtain the registration information of the first user.
As an optional implementation manner of the embodiment of the present invention, each of the other data storage nodes 101 is configured to receive the blockchain information corresponding to the first user, and verify the blockchain information corresponding to the first user; and after the verification is passed, storing the block chain information corresponding to the first user in the respective block. Specifically, after the first data storage node 101 broadcasts the public key of the first user to each data storage node, each data storage node 101 may store the first user public key by a chunk. Of course, verifying the information to be stored prior to storage may ensure the authenticity of the stored information. In practical applications, considering that the performance of the user computer is not sufficient, a large amount of data may not be stored, and several public open storage servers for storing all data on a block chain may be arranged in, for example, china.
As an optional implementation manner of the embodiment of the present invention, each authentication service node 102 may provide an authentication service and provide a query function. The second user request may be an authentication request, and each authentication service node 102 may verify the second user request sent by the user side connected to the authentication service node. The first authentication service node 101 is specifically configured to query whether block chain information corresponding to the second user is stored; when the block chain information corresponding to the second user is inquired, verifying the second user request according to the block chain information corresponding to the second user; and when the block chain information corresponding to the second user is not inquired, sending an acquisition request to the data storage node connected with the second user, receiving acquisition response information returned by the data storage node connected with the second user, and verifying the second user request according to the acquisition response information. Specifically, the authentication service node 102 is a node that can perform authentication service and possess query functions as an authentication service node except for the blockchain formed by the data storage nodes 101. Wherein: authentication service means that each authentication service node can authenticate any access request sent to it. And verifying the legality of the request according to the public key of the other party, and passing the correct verification. Similarly, the other party can apply for mutual authentication. The query function means: each time the verification request digest is started, the authentication service node 102 will first query whether its cache holds the legitimate public key of the other party. And if the data does not exist, performing an inquiry request to the data storage node 101, and caching a request result. In practical applications, the caching time of the authentication service node 102 may be set to 86400s, for example, and then operations such as deleting may be performed.
As an optional implementation manner of the embodiment of the present invention, the first data storage node is further configured to receive third user request information sent by the user side; the first data storage node generates third response information according to the third user request information and sends the third response information to the user side; receiving confirmation information of the third response information sent by the user side, acquiring block chain information corresponding to the third user according to the third response information, storing the block chain information corresponding to the third user in a block, and sending the block chain information corresponding to the third user to other data storage nodes, wherein the third response information at least comprises logout information corresponding to the unique identifier of the third user, and the block chain information corresponding to the third user at least comprises logout information corresponding to the unique identifier of the third user. Specifically, in order to prevent the situation that the private key is partially forgotten or lost, the embodiment of the present invention provides a logout procedure, and the third user request may be a logout request.
Therefore, the main functions of the data storage node 101 provided by the embodiment of the present invention may include:
1) and the timely updating and storage of the data in the block chain are ensured.
2) And the functions of new user registration, key distribution, broadcast writing into blocks of each storage node in the block chain are provided.
3) And ensuring that users and authentication service nodes in each large area can normally access.
4) And the correct operation of each data storage node on the block chain by adopting a consensus algorithm is ensured.
5) And the data consistency of all the data storage nodes is ensured, and in addition, the consistency of other data stored by other nodes is ensured.
Therefore, through the block chain-based whole-network unified online authentication system provided by the embodiment of the invention, the user public key can be stored in the block chain, and authentication is performed through the authentication service node in each authentication, so that a user does not need to create a plurality of digital identities and is not easy to be attacked by hackers when accessing services, and meanwhile, the authority of the certificate (public key) can be enhanced.
Fig. 2 to fig. 5 show various flowcharts of the block chain based unified online authentication method for the whole network provided by the embodiment of the present invention, and the block chain based unified online authentication method for the whole network provided by the embodiment of the present invention is applied to the above system. Referring to fig. 2 to fig. 5, a block chain-based global unified online authentication method provided in an embodiment of the present invention includes:
s201, setting N servers in a whole network divided into S areas, setting at least one server in each area as a data storage node, and setting other servers as authentication service nodes, wherein S is more than or equal to 1, and N is more than or equal to 1;
s202, a first data storage node receives first user request information sent by a user side;
s203, the first data storage node generates first response information according to the first user request information and sends the first response information to the user side;
s204, the first data storage node acquires block chain information corresponding to the first user according to the first response information, stores the block chain information corresponding to the first user in a block, and sends the block chain information corresponding to the first user to other data storage nodes, wherein the first response information at least comprises a first user unique identifier and a secret key distributed for the first user unique identifier, and the block chain information corresponding to the first user at least comprises a first user public key in the secret key distributed for the first user unique identifier;
s205, the first authentication service node receives a second user request sent by the user side; the first authentication service node verifies the second user request.
Therefore, through the block chain-based whole-network unified online authentication method provided by the embodiment of the invention, the user public key can be stored in the block chain, and authentication is performed through the authentication service node in each authentication, so that a user does not need to create a plurality of digital identities and is not easy to be attacked by hackers when accessing services, and meanwhile, the authority of the certificate (public key) can be enhanced.
As an optional implementation manner of the embodiment of the present invention, the block chain-based unified online authentication method for a whole network further includes: and setting a unique user identifier for each user, wherein the unique user identifier is identified by adopting a hierarchical identification method. Thereby identifying the user by a user unique identification.
As an optional implementation manner of the embodiment of the present invention, the block chain-based unified online authentication method for a whole network further includes: receiving the block chain information corresponding to the first user by other data storage nodes, and verifying the block chain information corresponding to the first user; after the other data storage nodes pass the verification, the block chain information corresponding to the first user is stored in the respective blocks. Specifically, after the first data storage node broadcasts the public key of the first user to each data storage node, each data storage node may store the first user public key by the chunk. Of course, verifying the information to be stored prior to storage may ensure the authenticity of the stored information. In practical applications, considering that the performance of the user computer is not sufficient, a large amount of data may not be stored, and several public open storage servers for storing all data on a block chain may be arranged in, for example, china.
As an optional implementation manner of the embodiment of the present invention, the verifying, by the first authentication service node, the second user request includes: the first authentication service node inquires whether block chain information corresponding to the second user is stored; when the first authentication service node inquires the block chain information corresponding to the second user, verifying the second user request according to the block chain information corresponding to the second user; and when the first authentication service node does not inquire the blockchain information corresponding to the second user, the first authentication service node sends an acquisition request to the data storage node connected with the first authentication service node, receives acquisition response information returned by the data storage node connected with the first authentication service node, and verifies the second user request according to the acquisition response information. Specifically, the authentication service node is a block chain formed by the data storage nodes, and each of the rest servers can be used as the authentication service node to perform authentication service and have a query function. Wherein: authentication service means that each authentication service node can authenticate any access request sent to it. And verifying the legality of the request according to the public key of the other party, and passing the correct verification. Similarly, the other party can apply for mutual authentication. The query function means: when the request abstract is verified, the authentication service node firstly inquires whether the cache of the authentication service node stores the legal public key of the other party. And if not, performing a query request on the data storage section, and caching a request result. In practical applications, the caching time of the authentication service node may be set to 86400s, for example, and then operations such as deletion may be performed.
As an optional implementation manner of the embodiment of the present invention, the block chain-based unified online authentication method for a whole network further includes: the first data storage node receives third user request information sent by a user side; the first data storage node generates third response information according to the third user request information and sends the third response information to the user side; the first data storage node receives confirmation information of third response information sent by the user side, the block chain information corresponding to a third user is obtained according to the third response information, the block chain information corresponding to the third user is stored in the block, and the block chain information corresponding to the third user is sent to other data storage nodes, wherein the third response information at least comprises logout information corresponding to the unique identifier of the third user, and the block chain information corresponding to the third user at least comprises the logout information corresponding to the unique identifier of the third user. Specifically, in order to prevent the situation that the private key is partially forgotten or lost, the embodiment of the present invention provides a logout procedure, and the third user request may be a logout request.
Fig. 3 is a flowchart of an application flow in the block chain based unified online authentication method for the whole network, which is provided by the embodiment of the present invention, and referring to fig. 3, the application flow in the block chain based unified online authentication method for the whole network provided by the embodiment of the present invention includes:
the method comprises the steps that a user side applies for an account, a first data storage node verifies whether application is legal or not, the user side is informed to reapply when the application is illegal, a user key and a nameID are generated when the application is legal, and the user key and the nameID are sent to the user side;
the user side verifies the information, reappears if the information is not confirmed, stores the information if the information is confirmed, and notifies the first data storage node;
the first data node records the user public key into the block and broadcasts the user public key to other data storage nodes;
the other data storage nodes verify the block, write the user public key into the block when the user public key is legal, and inform the first data storage node when the user public key is illegal;
the first data storage node generates write failure information and informs the user side, and the user side confirms the write failure information.
Specifically, the first data storage node is a data storage node with an enrollment function, which is closer to the user. When the user applies for success, the blockchain stores the user's nameID and the corresponding public key, as well as other personal identification information, such as: cell phone number, fingerprint, etc., and in addition, a boolean value as to whether the nameID is invalid. Where the nameID will be the primary key for the data store, it will be stored encrypted in the blockchain, and the user's public key will be publicly queryable information. The other personal identity information is privatized and is not publicly processed. Privatization of other identity information of an individual is achieved, for example, by: 1. the information is encrypted; 2. when the related intelligent contracts are written, the related intelligent contracts are privatized, and the content of the information cannot be directly presented in any output result. The storage information data structure is shown as follows:
nameID public key Other identity information Whether or not it is out of service
Encryption processing Corresponding public key information { storage in dictionary } Boolean value
Fig. 4 is a verification flow chart of the block chain-based global network unified online authentication method according to the embodiment of the present invention, and referring to fig. 4, the verification flow of the block chain-based global network unified online authentication method according to the embodiment of the present invention includes:
a user terminal logs in a block chain and initiates a request to a first authentication service node;
the first authentication service node checks whether to cache the user public key;
when the user public key does not exist, inquiring the user public key from the data storage node, returning the user public key to the first authentication service node after the user public key is inquired by the data storage node, and returning nonexistence information to the first authentication service node after the user public key is not inquired by the data storage node;
and when the authentication request exists, verifying whether the request is legal or not, judging that the authentication is passed and informing the user side after the request is legal, and judging that the authentication is not passed after the existence information is received.
Specifically, when the user side accesses the block chain and accesses the target, the user side signs the target by using the private key of the user side and sends the target to the corresponding authentication service node. The authentication service node firstly checks whether the public key of the user exists in the cache of the authentication service node, if so, signature verification is carried out, and if correct, the signature passes. If the authentication server does not cache the user public key, the data storage node needs to be queried, if the user public key exists in the data storage node, the authentication service node caches a query result, verifies the query result and passes the verification if the query result is correct. If the user public key is not available, the verification is not passed. Similarly, the user may also apply for information to authenticate the authentication service node.
Fig. 5 is a logout flow chart in the block chain-based network-wide unified online authentication method according to the embodiment of the present invention, and referring to fig. 5, the logout flow in the block chain-based network-wide unified online authentication method according to the embodiment of the present invention includes:
the method comprises the steps that a user side applies for logout, a first data storage node verifies whether application is legal or not, informs the user side to reapply when the application is illegal, generates a logout record when the application is legal, and sends the logout record to the user side;
the user side verifies the information, reappears if the information is not confirmed, confirms logout if the information is confirmed, and notifies the first data storage node;
the first data node records the log-off record into a block and broadcasts the log-off record to other data storage nodes;
the other data storage nodes verify the block, write the logout record into the block when the block is legal, and inform the first data storage node when the block is illegal;
the first data storage node generates logout failure information and informs the user side, and the user side confirms the logout failure information.
Specifically, in order to prevent the situation that a private key is partially forgotten or lost, the invention provides a logout flow. When a user initiates a logout process, corresponding data of self information needs to be provided, and if the data node is correct to carry out authentication, a new record < nameID, a public key and other identity information are generated, and if the record is correct, the record is invalid (True). Broadcast and log block, indicate that the nameID has expired. If the user needs a new key, the application process needs to be carried out again.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The above examples are only for describing the preferred embodiments of the present invention, and are not intended to limit the scope of the present invention, and various modifications and improvements made to the technical solution of the present invention by those skilled in the art without departing from the spirit of the present invention should fall within the protection scope defined by the claims of the present invention.

Claims (8)

1. A block chain-based whole network unified online authentication method is characterized by comprising the following steps:
setting N servers in a whole network divided into S areas, setting at least one server in each area as a data storage node, and setting other servers as authentication service nodes, wherein S is more than or equal to 1, and N is more than or equal to 1;
a first data storage node receives first user request information sent by a user side;
the first data storage node generates first response information according to the first user request information and sends the first response information to the user side;
the first data storage node acquires block chain information corresponding to a first user according to the first response information, stores the block chain information corresponding to the first user in a block, and sends the block chain information corresponding to the first user to other data storage nodes, wherein the first response information at least comprises a first user unique identifier and a secret key distributed for the first user unique identifier, and the block chain information corresponding to the first user at least comprises a first user public key in the secret key distributed for the first user unique identifier;
a first authentication service node receives a second user request sent by a user side and verifies the second user request;
the method further comprises the following steps:
receiving the block chain information corresponding to the first user by each other data storage node, and verifying the block chain information corresponding to the first user;
and after the other data storage nodes pass the verification, storing the block chain information corresponding to the first user in respective blocks.
2. The method of claim 1, wherein the first authentication service node verifying the second user request comprises:
the first authentication service node inquires whether block chain information corresponding to a second user is stored;
when the first authentication service node inquires the block chain information corresponding to the second user, verifying the second user request according to the block chain information corresponding to the second user;
and when the first authentication service node does not inquire the blockchain information corresponding to the second user, sending an acquisition request to a data storage node connected with the first authentication service node, receiving acquisition response information returned by the data storage node connected with the first authentication service node, and verifying the second user request according to the acquisition response information.
3. The method of any of claims 1 to 2, further comprising:
the first data storage node receives third user request information sent by a user side;
the first data storage node generates third response information according to the third user request information, and sends the third response information to the user side;
the first data storage node receives confirmation information of third response information sent by the user side, acquires block chain information corresponding to a third user according to the third response information, stores the block chain information corresponding to the third user in a block, and sends the block chain information corresponding to the third user to other data storage nodes, wherein the third response information at least comprises logout information corresponding to the unique identifier of the third user, and the block chain information corresponding to the third user at least comprises the logout information corresponding to the unique identifier of the third user.
4. The method of claim 1, further comprising:
and setting a unique user identifier for each user, wherein the unique user identifier is identified by adopting a hierarchical identification method.
5. A block chain-based whole-network unified online authentication system is characterized by comprising:
setting N servers in a whole network divided into S areas, setting at least one server in each area as a data storage node, and setting other servers as authentication service nodes, wherein S is more than or equal to 1, and N is more than or equal to 1;
the first data storage node is used for receiving first user request information sent by a user side; generating first response information according to the first user request information, and sending the first response information to the user side; acquiring block chain information corresponding to a first user according to the first response information, storing the block chain information corresponding to the first user in a block, and sending the block chain information corresponding to the first user to other data storage nodes, wherein the first response information at least comprises a first user unique identifier and a secret key distributed for the first user unique identifier, and the block chain information corresponding to the first user at least comprises a first user public key in the secret key distributed for the first user unique identifier;
the first authentication service node is used for receiving a second user request sent by a user side and verifying the second user request;
each of the other data storage nodes is configured to receive the blockchain information corresponding to the first user, and verify the blockchain information corresponding to the first user; and after the verification is passed, storing the block chain information corresponding to the first user in the respective block.
6. The system according to claim 5, wherein the first authentication service node is specifically configured to query whether blockchain information corresponding to the second user is stored; when the block chain information corresponding to the second user is inquired, verifying the second user request according to the block chain information corresponding to the second user; and when the block chain information corresponding to the second user is not inquired, sending an acquisition request to a data storage node connected with the second user, receiving acquisition response information returned by the data storage node connected with the second user, and verifying the second user request according to the acquisition response information.
7. The system according to any one of claims 5 to 6, wherein the first data storage node is further configured to receive a third user request message sent by a user end; the first data storage node generates third response information according to the third user request information, and sends the third response information to the user side; receiving confirmation information of third response information sent by the user side, acquiring block chain information corresponding to a third user according to the third response information, storing the block chain information corresponding to the third user in a block, and sending the block chain information corresponding to the third user to other data storage nodes, wherein the third response information at least comprises logout information corresponding to the unique identifier of the third user, and the block chain information corresponding to the third user at least comprises the logout information corresponding to the unique identifier of the third user.
8. The system of claim 5, further comprising:
and setting a unique user identifier for each user, wherein the unique user identifier is identified by adopting a hierarchical identification method.
CN201811540343.1A 2018-12-17 2018-12-17 Block chain-based unified online authentication method and system for whole network Active CN109327481B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811540343.1A CN109327481B (en) 2018-12-17 2018-12-17 Block chain-based unified online authentication method and system for whole network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811540343.1A CN109327481B (en) 2018-12-17 2018-12-17 Block chain-based unified online authentication method and system for whole network

Publications (2)

Publication Number Publication Date
CN109327481A CN109327481A (en) 2019-02-12
CN109327481B true CN109327481B (en) 2021-12-14

Family

ID=65257456

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811540343.1A Active CN109327481B (en) 2018-12-17 2018-12-17 Block chain-based unified online authentication method and system for whole network

Country Status (1)

Country Link
CN (1) CN109327481B (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109981637B (en) * 2019-03-21 2021-07-16 浙江工商大学 Multi-source cross composite authentication method for Internet of things based on block chain
CN109862041B (en) * 2019-03-27 2021-06-15 深圳市网心科技有限公司 Digital identity authentication method, equipment, device, system and storage medium
CN110191153B (en) * 2019-04-24 2022-03-22 成都派沃特科技股份有限公司 Social communication method based on block chain
CN110166460B (en) * 2019-05-24 2021-12-14 北京思源理想控股集团有限公司 Service account registration method and device, storage medium and electronic device
US10756901B2 (en) 2019-08-01 2020-08-25 Alibaba Group Holding Limited Blockchain-based identity authentication method, apparatus, and device
CN111859347B (en) * 2019-08-01 2024-07-05 创新先进技术有限公司 Identity verification method, device and equipment based on block chain
CN110661812A (en) * 2019-10-10 2020-01-07 国网山东省电力公司信息通信公司 Block chain-based cascade authentication system
CN111400772A (en) * 2020-03-06 2020-07-10 厦门区块链云科技有限公司 Distributed digital identity system based on block chain
CN111460470B (en) * 2020-03-12 2024-03-22 上海生慧樘科技有限公司 Internet order processing method and device
CN111666554B (en) * 2020-06-03 2023-09-12 泰康保险集团股份有限公司 Certificate authentication method, device, equipment and storage medium
CN114066546A (en) * 2020-07-30 2022-02-18 阿里巴巴集团控股有限公司 Data processing method, network system and electronic equipment
CN111901432A (en) * 2020-07-31 2020-11-06 广东尚恒智汇科技发展有限公司 Block chain-based safety data exchange method
CN112351019B (en) * 2020-10-29 2021-08-13 北京邮电大学 Identity authentication system and method

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10862959B2 (en) * 2016-11-28 2020-12-08 Keir Finlow-Bates Consensus system and method for adding data to a blockchain
ES2894500T3 (en) * 2017-02-01 2022-02-14 Equifax Inc Verification of an identity based on multiple distributed data sources using a blockchain to safeguard identity
WO2018214133A1 (en) * 2017-05-25 2018-11-29 深圳前海达闼云端智能科技有限公司 Method, device and system for fido authentication based on blockchain
CN107231351B (en) * 2017-05-25 2021-01-08 远光软件股份有限公司 Electronic certificate management method and related equipment
CN107483498A (en) * 2017-09-22 2017-12-15 中国联合网络通信集团有限公司 Academic authentication method and system based on block chain
CN107770182B (en) * 2017-10-30 2020-09-08 中国联合网络通信集团有限公司 Data storage method of home gateway and home gateway
CN108647966A (en) * 2018-05-09 2018-10-12 深圳市融讯科技有限公司 A kind of data interactive method and device based on block chain
CN108881471B (en) * 2018-07-09 2020-09-11 北京信息科技大学 Union-based whole-network unified trust anchor system and construction method
CN108989048A (en) * 2018-08-02 2018-12-11 中国联合网络通信集团有限公司 Cryptographic key distribution method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN109327481A (en) 2019-02-12

Similar Documents

Publication Publication Date Title
CN109327481B (en) Block chain-based unified online authentication method and system for whole network
US11438173B2 (en) Methods and apparatus for providing blockchain participant identity binding
KR102274294B1 (en) How to retrieve access data to a blockchain network using a highly available trusted execution environment
CN109829326B (en) Cross-domain authentication and fair audit de-duplication cloud storage system based on block chain
US20200084027A1 (en) Systems and methods for encryption of data on a blockchain
CN114172735A (en) Double-chain mixed block chain data sharing method and system based on intelligent contract
Shi et al. BacS: a blockchain-based access control scheme in distributed internet of things
Lu et al. A Fine‐Grained IoT Data Access Control Scheme Combining Attribute‐Based Encryption and Blockchain
Li et al. A Blockchain‐Based Public Auditing Protocol with Self‐Certified Public Keys for Cloud Data
US20240048367A1 (en) Distributed anonymized compliant encryption management system
CN111901432A (en) Block chain-based safety data exchange method
Guo et al. Using blockchain to control access to cloud data
EP3817320B1 (en) Blockchain-based system for issuing and validating certificates
Chae et al. A study on secure user authentication and authorization in OAuth protocol
WO2023221719A1 (en) Data processing method and apparatus, computer device, and readable storage medium
Ganesh et al. An efficient integrity verification and authentication scheme over the remote data in the public clouds for mobile users
Yan et al. Storage optimization for certificates in blockchain based PKI system
Ramesh et al. Public auditing for shared data with efficient user revocation in the cloud
Li et al. Audit as You Go: A Smart Contract‐Based Outsourced Data Integrity Auditing Scheme for Multiauditor Scenarios with One Person, One Vote
US20230308296A1 (en) Method of managing authentication information of certificate independently of certificate authority
Arya et al. Data sharing for dynamic group in the cloud environment by using group signature approach
Raja et al. Public key based third party auditing system using random masking and bilinear total signature for privacy in public cloud environment
Guo¹ et al. Check for updates Using Blockchain to Control Access to Cloud Data
MARQUÈS et al. From False-Free to Privacy-Oriented Communitarian Microblogging Social Networks
Dwivedi et al. Edge Computing and Blockchain-Based Distributed Audit of Outsourced Dynamic Data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant