CN109740319B - Digital identity verification method and server - Google Patents

Digital identity verification method and server Download PDF

Info

Publication number
CN109740319B
CN109740319B CN201811488855.8A CN201811488855A CN109740319B CN 109740319 B CN109740319 B CN 109740319B CN 201811488855 A CN201811488855 A CN 201811488855A CN 109740319 B CN109740319 B CN 109740319B
Authority
CN
China
Prior art keywords
user
information
key
server
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811488855.8A
Other languages
Chinese (zh)
Other versions
CN109740319A (en
Inventor
刘千仞
文湘江
王光全
廖军
任梦璇
马少武
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201811488855.8A priority Critical patent/CN109740319B/en
Publication of CN109740319A publication Critical patent/CN109740319A/en
Application granted granted Critical
Publication of CN109740319B publication Critical patent/CN109740319B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The embodiment provides a digital identity verification method and a server, and relates to the technical field of internet. By establishing a digital identity for each authenticated user, the digital identity is encrypted by using the second secret key, and if the digital identity is decrypted by using the first secret key in the chain, the user corresponding to the digital identity can be judged to be legal, the privacy of the user can be protected, and the digital identity of the user can be ensured not to be tampered.

Description

Digital identity verification method and server
Technical Field
The invention relates to the technical field of internet, in particular to a digital identity authentication method based on a block chain, a server and a storage medium.
Background
At present, each person has a plurality of accounts, and registers various applications by logging in various websites. It follows that the user privacy is spread unlimitedly, various harassing calls are received every day, and even property loss is caused because the user privacy is leaked. The prior art is mainly used for logging in through social media, and is completed by utilizing a third party authorization mechanism and adopting an OAuth2.0 protocol. The OAuth2.0 protocol focuses on the ease of client developers either on behalf of the user by organizing approved interactions between the resource owner and the HTTP facilitator, or allowing third party applications to gain access on behalf of the user. The protocol provides a special authentication flow for Web application, desktop application, mobile phone, and living room equipment. For example: wechat and Payment treasure login are completed by adopting an OAuth2.0 protocol.
Social media account login has become a mainstream alternative to online registration. This process allows internet users to use single sign-on, using existing information in the platform, such as Facebook, Twitter, wechat, payroll, etc., primarily using the oauth2.0 scheme. Although the scheme has many advantages, such as simplicity and openness, the scheme also has many disadvantages, such as certain loopholes in security. Researchers have found that by a third party App developer, mistakenly using the OAuth2.0 protocol, can be utilized remotely by hackers without the knowledge of the user. Large businesses also protect users' personal information as much as possible, but at an excessive cost.
Disclosure of Invention
Embodiments of the present invention provide a digital identity authentication method, a server, and a storage medium, which can determine whether a user is legitimate on the premise that real information of the user is unknown, thereby protecting privacy of the user and ensuring that the digital identity of the user is not tampered.
In order to achieve the above purpose, the embodiment of the present application adopts the following technical solutions:
in a first aspect, a digital identity verification method is provided, which is applied to an intermediate server, and the method includes: acquiring a first key and a second key of user information of each user in a user set, wherein the user in the user set is an authenticated user stored by the intermediate server, the first key of the user information of the ith user is used for decrypting information encrypted by the second key of the user information of the ith user, the second key of the user information of the ith user is used for decrypting information encrypted by the first key of the user information of the ith user, and i is an index of each user in the user set; sending a first key of user information of each user in the user set to a blockchain server; sending a second key of corresponding user information to terminal equipment corresponding to the user information of each user in the user set; receiving user login request information from an application server, wherein the user login request information comprises first user information; if the first user is the user authenticated by the intermediate server, user authorization request information is sent to an application server; receiving user authorization feedback information from an application server, wherein the user authorization feedback information comprises a second key of the first user information; receiving first authentication information from an application server; determining second verification information according to the first verification information and the first user information; determining first encryption information according to the second verification information and a second key of the first user information; and sending the first encryption information and the second verification information to a blockchain server.
In a second aspect, a digital identity verification method is provided, which is applied to a blockchain server, and includes: receiving a first key of user information of each user in a user set from an intermediate server, wherein the users in the user set are authenticated users stored by the intermediate server; receiving first encryption information and second authentication information from an intermediate server, wherein the first encryption information is determined according to the second authentication information and a second key of first user information; and if the first encryption information can be decrypted by the first secret key stored in the block chain server, judging whether the first user is legal or not according to the decrypted information and the second verification information.
In a third aspect, an intermediate server is provided, which includes: the device comprises an acquisition unit, a sending unit, a receiving unit and a determining unit; the acquiring unit is configured to acquire a first key and a second key of user information of each user in a user set, where the user in the user set is an authenticated user stored by the intermediate server, the first key of the user information of the ith user is used to decrypt information encrypted with the second key of the user information of the ith user, the second key of the user information of the ith user is used to decrypt information encrypted with the first key of the user information of the ith user, and i is an index of each user in the user set; the sending unit is used for sending a first key of the user information of each user in the user set to the blockchain server; the sending unit is further configured to send a second key of the corresponding user information to the terminal device corresponding to the user information of each user in the user set; the receiving unit is used for receiving user login request information from an application server, wherein the user login request information comprises first user information; the sending unit is further configured to send user authorization request information to an application server if the first user is a user authenticated by the intermediate server; the receiving unit is further configured to receive user authorization feedback information from an application server, where the user authorization feedback information includes a second key of the first user information; the receiving unit is further used for receiving first verification information from the application server; the determining unit is used for determining second verification information according to the first verification information and the first user information; the determining unit is further configured to determine first encryption information according to the second verification information and a second key of the first user information; the sending unit is further configured to send the first encryption information and the second verification information to a blockchain server.
In a fourth aspect, there is provided a blockchain server, comprising: a receiving unit and a judging unit; the receiving unit is used for receiving a first key of user information of each user in a user set from an intermediate server, wherein the users in the user set are authenticated users stored by the intermediate server; the receiving unit is further configured to receive first encrypted information and second authentication information from an intermediate server, where the first encrypted information is determined according to the second authentication information and a second key of the first user information; the judging unit is configured to judge whether the first user is legal or not according to the decrypted information and the second verification information if the first encrypted information can be decrypted by the first key stored in the blockchain server.
In a fifth aspect, there is provided an intermediate server, comprising: at least one processor, and a memory for storing a computer program such that the computer program, when executed by the at least one processor, implements a digital authentication method as described above in the first aspect.
In a sixth aspect, there is provided a blockchain server, comprising: at least one processor, and a memory for storing a computer program such that the computer program, when executed by the at least one processor, implements a digital authentication method as described in the second aspect above.
In a seventh aspect, there is provided a computer storage medium having a computer program stored thereon, wherein the program, when executed by a processor, implements the digital authentication method according to the first aspect or the digital authentication method according to the second aspect.
The embodiment of the invention provides a digital identity verification method and a server, wherein a digital identity is established for each authenticated user, the digital identity is encrypted by using a second secret key, and if the digital identity is decrypted by using a first secret key on a chain, the user corresponding to the digital identity can be judged to be legal, the privacy of the user can be protected, and the digital identity of the user is ensured not to be tampered.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a system architecture diagram of an operating environment of a digital identity authentication method according to an embodiment of the present invention;
fig. 2 is a flowchart of a digital identity verification method according to an embodiment of the present invention;
fig. 3 is a schematic functional module diagram of an intermediate server according to an embodiment of the present invention;
fig. 4 is a functional block diagram of a blockchain server according to an embodiment of the present invention;
fig. 5 is a functional block diagram of another blockchain server according to an embodiment of the present invention;
fig. 6 is a schematic functional module diagram of another intermediate server according to an embodiment of the present invention;
fig. 7 is a functional module diagram of another blockchain server according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Currently, a user needs to log in various websites or register various applications by using a plurality of account numbers, or log in through WeChat or Paibao account numbers. Fig. 1 illustrates a digital identity authentication system 10 provided in an embodiment of the present application, where the digital identity authentication system 10 includes: user terminal 101, application server 102, blockchain server 104, and intermediary server 103. A user authenticated through the intermediary server 103 may log into a third party application running on the application server 102 without registering and without using a WeChat or Payment Bank Account.
The user terminal 101 is configured to send user login request information to the application server 102, where the user login request information is used to request to log in a third-party application running on the application server 102, and the third-party application is a third-party application registered on the intermediate server 103. The user terminal 101 may be a PC, a mobile phone, an iPAD, a tablet computer, a notebook computer, a personal digital assistant, a wearable mobile electronic terminal such as a smart watch, glasses, or the like.
The application server 102 is used for communication with the user terminal 101 and the intermediate server 103.
The blockchain server 104 is configured to store a first key of the user information of each user in the user set and second encryption information of the user information of each user in the user set, and receive the first encryption information and the second authentication information from the intermediate server 103 to determine whether the first user is legitimate.
The intermediate server 103 includes a user database, where user information is stored in the user database, where the user information is user information authenticated by the intermediate server 103, and the intermediate server 103 may be a server of an operator, and those skilled in the art may understand that the intermediate server 103 may also be another server, which is not limited in this embodiment of the present invention. The intermediate server 103 may communicate with the user terminal 101 through the application server 102 and obtain the authorization of the first user, and may also send second authentication information to the blockchain server 104 so that the blockchain server 104 authenticates the legitimacy of the first user. The intermediate server 103 is further configured to obtain a first key, a second key, and second encryption information of the user information of each user in the user set, send the first key and the second encryption information of the user information of each user in the user set to the blockchain server 104, and send the second key of the corresponding user information to the terminal device corresponding to the user information of each user in the user set.
As shown in fig. 2, the process of completing digital identity verification by the present invention in conjunction with the user terminal 101, the application server 102, the blockchain server 104 and the intermediate server 103 is shown, and the specific process may include:
step 201, the first user sends user login request information to the application server 102 through the user terminal 101.
Optionally, if the first user wants to log in the third-party application running on the application server 102 through the intermediate server 103, the user login request information may be sent to the intermediate server 103 through the application server 102, where the user login request information includes first user information, and the first user information may be a mobile phone number of the first user.
In step 202, the application server 102 forwards the user login request information sent by the user terminal 101 to the intermediate server 103.
It should be noted that the intermediate server 103 may obtain a first key and a second key of each piece of user information in its database in advance, encrypt the user information with the first key, send the first key and the encrypted user information to the block chain server 104, and send the second key to the user terminal corresponding to the user information, that is, the user terminal of the user authenticated by the intermediate server 103 may store the second key corresponding to the user information, for example, the second key may be stored on a SIM card or an eSIM card of the user terminal. The specific process can comprise the following steps:
step 202a, obtaining a first key and a second key of user information of each user in a user set, where the user in the user set is an authenticated user stored by the intermediate server, the first key of the user information of the ith user is used to decrypt information encrypted with the second key of the user information of the ith user, the second key of the user information of the ith user is used to decrypt information encrypted with the first key of the user information of the ith user, and i is an index of each user in the user set.
For example, the first key of the user information of each user in the user set may be a public key of the user information of each user in the user set, and the second key of the user information of each user in the user set may be a private key of the user information of each user in the user set.
Step 202b, the intermediate server 103 obtains second encryption information of the user information of each user in the user set, wherein the second encryption information of the user information of the ith user is generated by encrypting the user information of the ith user with the first key of the user information of the ith user.
Step 202c, the intermediate server 103 sends the second encryption information and the first key of the user information of each user in the user set to the blockchain server 104.
Step 202d, the intermediate server 103 sends the second key of the corresponding user information to the terminal device corresponding to the user information of each user in the user set.
Step 203, if the first user is a user authenticated by the intermediate server 103, the intermediate server 103 sends user authorization request information to the application server 102.
Optionally, after receiving the user login request information, the intermediate server 103 may verify whether the first user information is a user authenticated by the intermediate server 103, and if the first user is a user authenticated by the intermediate server 103, the intermediate server 103 sends the user authorization request information to the application server 102.
If the first user is not the user authenticated by the intermediate server 103, the intermediate server 103 sends a first notification message to the application server 102, the first notification message is used to notify the application server 102 that the first user is not a user authenticated by the intermediate server 103, after receiving the first notification message, the application server 102 sends a second notification message to the user terminal 101, the second notification message is for notifying the user terminal that the first user is not a user authenticated by the intermediate server 103, or the second notification message is used to notify the first user that the third party application running on the application server 102 cannot be logged in through the intermediate server 103, or the second notification message is used to notify that the first user may become an authenticated user of the intermediate server 103, and then logs in to the third party application running on the application server 102 via the intermediate server 103.
Step 204, the application server 102 forwards the user authorization request information to the user terminal 101.
It should be noted that the user authorization request message is used to request the first user to authorize the intermediate server 103 to verify whether the first user is legitimate through the blockchain server 104.
Step 205, the user terminal 101 sends user authorization feedback information to the application server 102, where the user authorization feedback information includes the second key of the first user information.
It should be noted that, if the first user agrees that the authorization intermediate server 103 verifies whether the first user is legal through the blockchain server 104, the user terminal 101 sends user authorization feedback information to the application server 102, where the user authorization feedback information includes the second key of the first user information. Optionally, the user authorization feedback information further includes a usage scope of the user information of the first user, for example, whether to allow the third-party application to use the user information.
Step 206, the application server 102 forwards the user authorization feedback information to the intermediate server 103.
Step 207, the application server 102 sends the first authentication information to the intermediate server 103.
It should be noted that, if the first user agrees to authorize the intermediate server 103 to verify whether the first user is legal through the blockchain server 104, the application server 102 may send the first verification information to the intermediate server 103. For example, the first verification information may be a text segment input by the first user in the third-party application, and the first verification information may also be a text segment selected by the first user on the third-party application, and those skilled in the art may understand that the application server 102 may also obtain the first verification information and send the first verification information to the intermediate server 103 by other ways, which is not limited in this embodiment of the invention.
It should be noted that, step 206 and step 207 do not represent a sequential order, and step 206 may be executed first and then step 207 may be executed, step 207 may be executed first and then step 206 may be executed, or steps 206 and 207 may be executed simultaneously.
Step 208, the intermediate server 103 determines second authentication information according to the first authentication information and the first user information.
Optionally, the intermediate server 103 may include the first user information in the first verification information to randomly generate second verification information, where the second verification information may be a piece of random text.
For example, the first authentication information is test, and the first user information is 18601101234. The intermediate server 103 may combine the first verification information and the first user information, and an alternative combination manner may be that the first verification information is before and the first user information is after, for example: test 18601101234; another optional combination may be that the first user information is before and the first verification information is after, for example: 18601101234 test. Those skilled in the art will appreciate that the intermediate server 103 may also adopt other merging manners, and the present invention is not limited thereto. The intermediate server 103 may generate random text from the merged information. For example, if the merged information is test18601101234, the intermediate server 103 may generate a 15-bit string from the merged information, [ t ] [ e ] [ t ] [1] [8] [6] [0] [1] [1] [0] [1] [2] [3] [4], and first randomly extract one character from the 15-bit string, for example: [3] then, the character [3] is generated into a fixed-length character string according to a preset rule, for example: 3adcf, then, randomly extracting the remaining characters from the 15-bit character string, and finally, determining a random text according to the 15-bit character string, for example: 3adcf 1 uiejeiqod 0yhge 1iowm txsli 4hnxm sxlsn 0 bxm 1dflp tyxgb 8nneq 6xeal 2niwq 1 bhdt.
Step 209, the intermediate server 103 determines the first encryption information according to the second authentication information and the second key of the first user information.
Optionally, determining first encryption information according to the second verification information and a second key of the first user information, including: encrypting the second verification information by using a second key of the first user information to generate first encrypted information; or, performing hash encryption on the second authentication information; and encrypting the information subjected to the hash encryption by using a second key of the first user information to generate first encrypted information.
Step 210, the intermediate server 103 sends the first encryption information and the second verification information to the blockchain server 104.
Step 211, if the first key stored in the blockchain server 104 can decrypt the first encrypted information, the blockchain server 104 determines whether the first user is legal according to the decrypted information and the second verification information.
Optionally, if the first key stored in the blockchain server 104 can decrypt the first encrypted information, the blockchain server 104 determining, according to the decrypted information and the second verification information, whether the first user is legal includes: decrypting the first encrypted information by using a first key stored in the blockchain server 104 to generate first decrypted information, and if the first decrypted information is the same as the second verification information, that is, the second verification information is not tampered, judging that the first user is legal; if the first decryption information is different from the second verification information, namely the second verification information is tampered, judging that the first user is illegal; or decrypting the first encrypted information by using a first key stored in the blockchain server 104 to generate first decrypted information, performing hash encryption on the second verification information, and if the information subjected to the hash encryption is the same as the first decrypted information, that is, the second verification information is not tampered, judging that the first user is legal; and if the information after the hash encryption is different from the first decryption information, namely the second verification information is tampered, judging that the first user is illegal.
Step 212, the blockchain server 104 sends a feedback message to the intermediate server 103, where the feedback message is used to indicate whether the first user can log in to the application running on the application server 102.
It should be noted that, if the first user is legal, the blockchain server 104 sends a first feedback message to the intermediate server 103, where the first feedback message is used to indicate that the first user may log in an application running on the application server 102; if the first user is illegal, the blockchain server 104 sends a second feedback message to the intermediate server 103, where the second feedback message is used to indicate that the first user may not log in to the application running on the application server 102.
Step 213, the intermediate server 103 forwards the feedback message to the application server 102.
Step 214, the application server 102 forwards the feedback message to the user terminal 101.
The embodiment of the invention provides a digital identity verification method, which comprises the steps of establishing a digital identity for each authenticated user, encrypting the digital identity by using a second secret key, judging that the user corresponding to the digital identity is legal if decrypting the digital identity by using a first secret key on a chain, protecting the privacy of the user and ensuring that the digital identity of the user is not tampered.
Correspondingly, the present invention further provides an intermediate server 30, as shown in fig. 3, where the intermediate server 30 includes: an acquisition unit 301, a transmission unit 302, a reception unit 303, and a determination unit 304.
The obtaining unit 301 is configured to obtain a first key and a second key of user information of each user in a user set, where the user in the user set is an authenticated user stored by the intermediate server, the first key of the user information of the ith user is used to decrypt information encrypted with the second key of the user information of the ith user, the second key of the user information of the ith user is used to decrypt information encrypted with the first key of the user information of the ith user, and i is an index of each user in the user set.
For example, the first key of the user information of each user in the user set may be a public key of the user information of each user in the user set, and the second key of the user information of each user in the user set may be a private key of the user information of each user in the user set.
The sending unit 302 is configured to send a first key of user information of each user in the user set to the blockchain server.
The sending unit 302 is further configured to send a second key of the corresponding user information to the terminal device corresponding to the user information of each user in the user set.
The receiving unit 303 is configured to receive user login request information from an application server, where the user login request information includes first user information.
Optionally, after receiving the user login request information, the intermediate server may verify whether the first user information is a user authenticated by the intermediate server, and if the first user is a user authenticated by the intermediate server, the intermediate server sends the user authorization request information to the application server.
If the first user is not the user authenticated by the intermediate server, the intermediate server sends a first notification message to the application server, the first notification message is used for notifying the application server that the first user is not the user authenticated by the intermediate server, after receiving the first notification message, the application server sends a second notification message to the user terminal, the second notification message is used for notifying the user terminal that the first user is not the user authenticated by the intermediate server, or the second notification message is used for notifying the first user that the first user cannot log in a third-party application running on the application server through the intermediate server, or the second notification message is used for notifying the first user that the first user can log in the third-party application running on the application server through the intermediate server after becoming the authenticated user of the intermediate server.
The sending unit 302 is further configured to send user authorization request information to an application server if the first user is a user authenticated by the intermediate server.
The receiving unit 303 is further configured to receive user authorization feedback information from an application server, where the user authorization feedback information includes a second key of the first user information.
It should be noted that, if the first user agrees that the authorization intermediate server verifies whether the first user is legal through the blockchain server, the user terminal sends user authorization feedback information to the application server, where the user authorization feedback information includes the second key of the first user information. Optionally, the user authorization feedback information further includes a usage scope of the user information of the first user, for example, whether to allow the third-party application to use the user information.
The receiving unit 303 is further configured to receive first authentication information from the application server.
It should be noted that, if the first user agrees to authorize the intermediate server to verify whether the first user is legal through the blockchain server, the application server may send the first verification information to the intermediate server. For example, the first verification information may be a text segment input by the first user in the third-party application, and the first verification information may also be a text segment selected by the first user on the third-party application.
The determining unit 304 is configured to determine the second verification information according to the first verification information and the first user information.
Optionally, the intermediate server may include the first user information in the first verification information to randomly generate second verification information, where the second verification information may be a piece of random text.
The determining unit 304 is further configured to determine first encryption information according to the second authentication information and a second key of the first user information.
The sending unit 302 is further configured to send the first encryption information and the second authentication information to a blockchain server.
Further, the obtaining unit 301 is further configured to obtain second encryption information of the user information of each user in the user set, where the second encryption information of the user information of the ith user is generated by encrypting the user information of the ith user with the first key of the user information of the ith user.
The sending unit 302 is further configured to send second encryption information of the user information of each user in the user set to the blockchain server.
Further, the determining unit 304 is specifically configured to: performing hash encryption on the second verification information; and encrypting the information subjected to the hash encryption by using a second key of the first user information to generate first encrypted information.
Further, the sending unit 302 is further configured to send a second key of the first user information to a blockchain server if the first user is legal.
The embodiment of the invention provides an intermediate server, wherein a digital identity is established for each authenticated user, the digital identity is encrypted by using a second secret key, and if the digital identity is decrypted by using a first secret key on a chain, the user corresponding to the digital identity can be judged to be legal, the privacy of the user can be protected, and the digital identity of the user is ensured not to be tampered.
Correspondingly, the present invention further provides a blockchain server 40, as shown in fig. 4, where the blockchain server 40 includes: a receiving unit 401 and a judging unit 402.
The receiving unit 401 is configured to receive, from an intermediate server, a first key of user information of each user in a user set, where the user in the user set is an authenticated user stored by the intermediate server.
The receiving unit 401 is further configured to receive first encrypted information and second authentication information from the intermediate server, where the first encrypted information is determined according to the second authentication information and a second key of the first user information.
The determining unit 402 is configured to, if the first key stored in the blockchain server can decrypt the first encrypted information, determine whether the first user is legal according to the decrypted information and the first verification information.
Further, as shown in fig. 5, the blockchain server 40 further includes an obtaining unit 403.
The receiving unit 401 is further configured to receive, from the intermediate server, second encryption information of each user information in the user information set.
The receiving unit 401 is further configured to receive, from the intermediate server, the second key of the first user information if the first user is legal.
The obtaining unit 403 is configured to obtain the first user information according to the second encryption information of the user information of each user in the user set and the second key of the first user information.
The embodiment of the invention provides a block chain server, wherein a digital identity is established for each authenticated user, the digital identity is encrypted by using a second secret key, and if the digital identity is decrypted by using a first secret key on a chain, the user corresponding to the digital identity can be judged to be legal, the privacy of the user can be protected, and the digital identity of the user is ensured not to be tampered.
The embodiment of the present invention further provides an intermediate server 60, as shown in fig. 6, where the intermediate server 60 includes a memory 601 and a processor 602. Fig. 6 is a schematic diagram, and the other modules of the intermediate server and the structural relationship of the modules are not limited. The memory 601 is used for storing a computer program; the processor 602, by invoking computer-executable instructions stored in the memory 601, may cause the intermediary server 103 to perform the digital authentication method in the above-described method embodiments.
The embodiment of the present invention further provides a blockchain server 70, as shown in fig. 7, where the blockchain server 70 includes a memory 701 and a processor 702. Fig. 7 is a schematic diagram, and does not limit other modules of the blockchain server and the structural relationship between the modules. The memory 701 is used for storing computer execution instructions; the processor 702 may invoke the computer executable instructions stored in the memory 701 to cause the blockchain server 104 to perform the digital identity authentication method in the above-described method embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed method and apparatus may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may be physically included alone, or two or more units may be integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (10)

1. A digital identity verification method is applied to an intermediate server and is characterized by comprising the following steps:
acquiring a first key and a second key of user information of each user in a user set, wherein the user in the user set is an authenticated user stored by the intermediate server, the first key of the user information of the ith user is used for decrypting information encrypted by the second key of the user information of the ith user, the second key of the user information of the ith user is used for decrypting information encrypted by the first key of the user information of the ith user, and i is an index of each user in the user set;
sending a first key of user information of each user in the user set to a blockchain server;
sending a second key of corresponding user information to terminal equipment corresponding to the user information of each user in the user set;
receiving user login request information from an application server, wherein the user login request information comprises first user information;
if the first user is the user authenticated by the intermediate server, user authorization request information is sent to an application server, and the user authorization request information is used for requesting the first user to authorize the intermediate server to verify whether the first user is legal or not through the block chain server;
receiving user authorization feedback information from an application server, wherein the user authorization feedback information comprises a second key of the first user information;
receiving first authentication information from an application server;
determining second verification information according to the first verification information and the first user information;
determining first encryption information according to the second verification information and a second key of the first user information;
sending the first encryption information and the second verification information to a blockchain server;
and if the first encryption information can be decrypted by the first secret key stored in the blockchain server, the blockchain server judges whether the first user is legal or not according to the decrypted information and the second verification information.
2. The digital identity authentication method of claim 1, wherein after obtaining the first key and the second key of the user information of each user in the user set, the method further comprises:
acquiring second encryption information of user information of each user in the user set, wherein the second encryption information of the user information of the ith user is generated by encrypting the user information of the ith user by using a first key of the user information of the ith user;
and sending second encryption information of the user information of each user in the user set to a block chain server.
3. The digital identity authentication method according to any one of claims 1 or 2, wherein determining first encryption information based on the second authentication information and a second key of the first user information comprises:
performing hash encryption on the second verification information;
and encrypting the information subjected to the hash encryption by using a second key of the first user information to generate first encrypted information.
4. The digital identity verification method of claim 1, further comprising:
and if the first user is legal, sending a second secret key of the first user information to a block chain server.
5. An intermediary server, comprising: the device comprises an acquisition unit, a sending unit, a receiving unit and a determining unit;
the acquiring unit is configured to acquire a first key and a second key of user information of each user in a user set, where the user in the user set is an authenticated user stored by the intermediate server, the first key of the user information of the ith user is used to decrypt information encrypted with the second key of the user information of the ith user, the second key of the user information of the ith user is used to decrypt information encrypted with the first key of the user information of the ith user, and i is an index of each user in the user set;
the sending unit is used for sending a first key of the user information of each user in the user set to the blockchain server;
the sending unit is further configured to send a second key of the corresponding user information to the terminal device corresponding to the user information of each user in the user set;
the receiving unit is used for receiving user login request information from an application server, wherein the user login request information comprises first user information;
the sending unit is further configured to send user authorization request information to an application server if the first user is a user authenticated by the intermediate server, where the user authorization request information is used to request the first user to authorize the intermediate server to verify whether the first user is legal or not through the blockchain server;
the receiving unit is further configured to receive user authorization feedback information from an application server, where the user authorization feedback information includes a second key of the first user information;
the receiving unit is further used for receiving first verification information from the application server;
the determining unit is used for determining second verification information according to the first verification information and the first user information;
the determining unit is further configured to determine first encryption information according to the second verification information and a second key of the first user information;
the sending unit is further configured to send the first encryption information and the second verification information to a blockchain server;
and if the first encryption information can be decrypted by the first secret key stored in the blockchain server, the blockchain server judges whether the first user is legal or not according to the decrypted information and the second verification information.
6. The intermediary server of claim 5,
the acquiring unit is further configured to acquire second encryption information of the user information of each user in the user set, where the second encryption information of the user information of the ith user is generated by encrypting the user information of the ith user with the first key of the user information of the ith user;
the sending unit is further configured to send second encryption information of the user information of each user in the user set to the blockchain server.
7. The intermediate server according to claim 5 or 6, wherein the determining unit is specifically configured to:
performing hash encryption on the second verification information;
and encrypting the information subjected to the hash encryption by using a second key of the first user information to generate first encrypted information.
8. The intermediate server of claim 5 or 6,
the sending unit is further configured to send a second key of the first user information to a blockchain server if the first user is legal.
9. An intermediary server, comprising: at least one processor, and a memory, wherein,
the memory is for storing a computer program such that the computer program when executed by the at least one processor implements the digital identity verification method of any one of claims 1-4.
10. A computer storage medium on which a computer program is stored, which program, when being executed by a processor, carries out the digital authentication method according to any one of claims 1-4.
CN201811488855.8A 2018-12-06 2018-12-06 Digital identity verification method and server Active CN109740319B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811488855.8A CN109740319B (en) 2018-12-06 2018-12-06 Digital identity verification method and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811488855.8A CN109740319B (en) 2018-12-06 2018-12-06 Digital identity verification method and server

Publications (2)

Publication Number Publication Date
CN109740319A CN109740319A (en) 2019-05-10
CN109740319B true CN109740319B (en) 2021-03-12

Family

ID=66358542

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811488855.8A Active CN109740319B (en) 2018-12-06 2018-12-06 Digital identity verification method and server

Country Status (1)

Country Link
CN (1) CN109740319B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110991253B (en) * 2019-11-08 2023-04-28 中国联合网络通信集团有限公司 Face digital identity recognition method and device based on blockchain
TR201922803A2 (en) * 2019-12-31 2021-07-26 Turkcell Technology Research And Development Co A digital identity creation system
CN111741028B (en) 2020-08-24 2020-11-24 支付宝(杭州)信息技术有限公司 Service processing method, device, equipment and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101719205A (en) * 2009-12-25 2010-06-02 国家广播电影电视总局电影数字节目管理中心 Digital copyright management method and system
CN108566375A (en) * 2018-03-12 2018-09-21 深圳壹账通智能科技有限公司 The method, terminal and storage medium of message communicating between multiterminal based on block chain
CN108564353A (en) * 2018-04-27 2018-09-21 数字乾元科技有限公司 Payment system based on block chain and method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11182781B2 (en) * 2014-06-16 2021-11-23 Bank Of America Corporation Block chain encryption tags
CN104901933B (en) * 2014-08-12 2016-08-17 腾讯科技(深圳)有限公司 Current voucher distribution method, device, subscriber equipment, application server and system
WO2018214133A1 (en) * 2017-05-25 2018-11-29 深圳前海达闼云端智能科技有限公司 Method, device and system for fido authentication based on blockchain
CN107579817A (en) * 2017-09-12 2018-01-12 广州广电运通金融电子股份有限公司 User ID authentication method, apparatus and system based on block chain
CN107888382B (en) * 2017-11-24 2019-11-19 中钞信用卡产业发展有限公司杭州区块链技术研究院 A kind of methods, devices and systems of the digital identity verifying based on block chain

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101719205A (en) * 2009-12-25 2010-06-02 国家广播电影电视总局电影数字节目管理中心 Digital copyright management method and system
CN108566375A (en) * 2018-03-12 2018-09-21 深圳壹账通智能科技有限公司 The method, terminal and storage medium of message communicating between multiterminal based on block chain
CN108564353A (en) * 2018-04-27 2018-09-21 数字乾元科技有限公司 Payment system based on block chain and method

Also Published As

Publication number Publication date
CN109740319A (en) 2019-05-10

Similar Documents

Publication Publication Date Title
US11323272B2 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
US11070368B2 (en) System, method, and program for transmitting and receiving any type of secure digital data
CN111917773B (en) Service data processing method and device and server
CN111615105B (en) Information providing and acquiring method, device and terminal
US10445487B2 (en) Methods and apparatus for authentication of joint account login
Huang et al. Using one-time passwords to prevent password phishing attacks
US9038196B2 (en) Method for authenticating a user requesting a transaction with a service provider
US9197420B2 (en) Using information in a digital certificate to authenticate a network of a wireless access point
CN112425114B (en) Password manager protected by public key-private key pair
CN112333198A (en) Secure cross-domain login method, system and server
US10045210B2 (en) Method, server and system for authentication of a person
KR20170129866A (en) Automated demonstration of device integrity using block chains
JP2016063533A (en) Network authentication method for electronic transactions
CN109981576B (en) Key migration method and device
JP2008269610A (en) Protecting sensitive data intended for remote application
KR20150059347A (en) Mobile terminal, terminal and method for authentication using security cookie
CN109740319B (en) Digital identity verification method and server
US20210241270A1 (en) System and method of blockchain transaction verification
Aravindhan et al. One time password: A survey
US20180262471A1 (en) Identity verification and authentication method and system
WO2014141263A1 (en) Asymmetric otp authentication system
KR101799517B1 (en) A authentication server and method thereof
KR101936941B1 (en) Electronic approval system, method, and program using biometric authentication
Spychalski et al. Conceptual design and analysis of a mobile digital identity for eHealth applications
KR102534012B1 (en) System and method for authenticating security level of content provider

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant