CN110069918A - A kind of efficient double factor cross-domain authentication method based on block chain technology - Google Patents

A kind of efficient double factor cross-domain authentication method based on block chain technology Download PDF

Info

Publication number
CN110069918A
CN110069918A CN201910287332.5A CN201910287332A CN110069918A CN 110069918 A CN110069918 A CN 110069918A CN 201910287332 A CN201910287332 A CN 201910287332A CN 110069918 A CN110069918 A CN 110069918A
Authority
CN
China
Prior art keywords
domain
user
client
information
clienta
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910287332.5A
Other languages
Chinese (zh)
Other versions
CN110069918B (en
Inventor
马小峰
徐晶晶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wutong Chain Digital Technology Research Institute Suzhou Co ltd
Original Assignee
Suzhou Tongji Block Chain Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Tongji Block Chain Research Institute Co Ltd filed Critical Suzhou Tongji Block Chain Research Institute Co Ltd
Priority to CN201910287332.5A priority Critical patent/CN110069918B/en
Publication of CN110069918A publication Critical patent/CN110069918A/en
Application granted granted Critical
Publication of CN110069918B publication Critical patent/CN110069918B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0645Rental transactions; Leasing transactions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Software Systems (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Medical Informatics (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention relates to a kind of efficient double factor cross-domain authentication methods based on block chain technology, which comprises the following steps: step 1: the design of system overall architecture;Step 2: working-flow;Step 21: user's registration process;Step 22: user's local authentication;Step 23: the cross-domain certification in user strange land.Device numbering and the cross-domain certificate scheme of password double factor of the invention guarantees the safety of the cross-domain certification of user while improving the efficiency of the cross-domain certification of user.

Description

A kind of efficient double factor cross-domain authentication method based on block chain technology
Technical field
The invention belongs to the cross-domain field of authentication of PKI authentication more particularly to a kind of efficient double factors based on block chain technology Cross-domain authentication method.
Background technique
Electric car timesharing is leased in shared platform, it is desirable that user cross-platform can use vehicle, i.e. A electric car timesharing The vehicle that the companies such as every other B, C, D operate in alliance can be used in the user of leasing company, can utmostly expire in this way Sufficient user's daily trip demand, user need not again with the APP of Duo Jia electric car leasing company, hand over more parts of cash pledges, and B, C, D etc. Company need not also spend again high to be obtained objective cost and can be obtained the business of hiring a car of company A user.
However in distributed environment, each company, department manage user for convenience, and corresponding resource access control is arranged System processed forms relatively independent domain, it is clear that in order to realize the cross-platform purpose using vehicle of above-mentioned user, the money of single company Source cannot provide complete application service, and user needs to carry out cross-domain certification when accessing the resource of other companies.Traditional PKI Cross-domain to authenticate the problems such as there are certificate management difficulties, certificate server cross-certification, the new technologies such as biological identification are due to using life The problems such as object feature causes user identity privacy leakage as key transaction, therefore how efficiently and safely to realize that user is cross-domain Certification is that this system first has to the critical issue solved.
While the user of a company realizes the access use of more company's available resources by cross-domain certification, need Protect the transaction privacy information of user.Although having " assumed name's property " by the transaction system of representative of bit coin, due to user Reusability public key Hash obviously can establish certain association as transaction ID between transaction, attack can be passed through by disliking attacker System, analysis Transaction Information, monitoring trading flow direction steal privacy of user to guess.Have at present it is some by cryptological technique, Mixed coin mechanism, data subregion protect the scheme of privacy of user safety, but this system be characterized in that user there may be Traffic offence responsibility needs to trace, therefore devises for this system based on delegatable double-encryption mechanism.
Cross-domain certification more mature at present is typically via PKI authentication system.PKI is established based on public key theory , it has the service functions such as public key management, authenticated encryption, integrity detection, safety time stamp.The PKI course of work is to surround The life cycle expansion of digital certificate, responsibility is by CA (Certificate Authority) certification authority, by user Public key information and the identification information of user be blended together, the digital certificate that can verify that identity is formed, for proving that user is Who.By digital signature, encryption and the management of key and certificate, to guarantee information transmission security.
In general, compare there are three types of the PKI authentication models of mainstream, respectively classification authentication model, reticular structure authentication model, Bridge ca authentication model.
All users depend on root CA, this unique trust center in hierarchical structure.Hierarchical structure authentication model is such as schemed Shown in 1-1, if root CA breaks down or security weaknesses, entire PKI system will be on the hazard.And from alliance system It is difficult to construct the root CA that all mechanisms all trust.
Reticular structure authentication model, as shown in Figs. 1-2, flexibility is stronger compared with hierarchical structure, if event occurs for single CA Barrier not will lead to entire PKI system collapse.But the building of the model certification path of this two-way authentication is excessively complicated, will lead to card Book path discovery is difficult, and the certificate chain that when cross-domain certification is verified is longer.
Bridge ca authentication model, as shown in Figure 1-3, be derivative on the basis of being classified authentication model and reticular structure authentication model , can be used for connecting different PKI systems.The difference is that, bridge CA is not as entire with hierarchical structure authentication model The root of trust center and certification path in system, compared with the authentication model of reticular structure, certification path discovery is relatively easy to, with The authentication model of hierarchical structure is compared, and the discovery of certification path is with regard to relatively difficult.
For the problems such as cross-domain authentication process of conventional authentication system is complicated, certification path complex management is difficult, block The characteristics such as decentralization that chain has, anti-tamper, traceable can effectively solve the key pipe faced in authentication and management The problems such as reason, trust, safety and privacy, provides credible, transparent, distributed storage etc. and supports for authentication and management.Mesh Preceding existing scholar studies block chain in cross-domain authenticated connection, such as Zhou Zhicheng, Zhang Haodi are based respectively on fuzzy extraction Theory simultaneously combines block chain technology, proposes biological characteristic double factor ID authentication mechanism scheme, and analyze the safety of scheme Property and efficiency.
But week, et al. scheme be not fully suitable for system designed by this paper, wherein chief reason has the most 3 points, first is that user involved by electric car timesharing lease shared platform is numerous, user's device therefor is irregular, does not have Unified physical characteristics collecting equipment;Second is that biological characteristic is different from other features, the inherent nothing for individual subscriber Method change, when being related to physical characteristics collecting, user has the misgivings for worrying biological characteristic leakage, is unfavorable for the popularization of system;Three It is to be needed in verification process frequently using fuzzy extractive technique and recovery algorithms, the case where mass users high concurrent is requested Under, efficiency is lower.
Summary of the invention
In order to solve the above technical problems, the object of the present invention is to provide a kind of efficient double factor based on block chain technology across Domain authentication method.
To achieve the above object, the present invention adopts the following technical scheme:
A kind of efficient double factor cross-domain authentication method based on block chain technology, comprising the following steps:
Step 1: the design of system overall architecture;
According to the A of Diffie-Hellman algorithm, the step of B session key agreement mechanism are as follows:
Step 11: randomly selecting Big prime n and original g, and two information disclose, and A, B arrange two information It is good;
Step 12: A generates a several x at random, calculates X=gxThen X is sent to B by modn;
Step 13: B generates a several y at random, calculates Y=gyThen Y is sent to B by modn;
Step 14: A calculates K=Yxmodn;
Step 15: B calculates K '=Xymodn;
Step 2: working-flow;
Step 21: user's registration process;
Step 1: the domain A user i inputs user name ID and static password password PW on local client ClientA;
Step 2: client ClientA extracts user equipment number DID, and device numbering and static password password are made respectively Hash operation generates H (DID), H (PW), deletes local cache, passes through Diffie-Hellman algorithm and the domain A certificate server ServerA consult session key K, and the information such as ID, H (PW), H (DID) are sent to the domain A certification clothes by session key encryption Be engaged in device ServerA;
Step 3: the domain A certificate server ServerA receives the message that client ClientA is sent, and uses what is consulted Session key is decrypted, and obtains ID, H (PW), H (DID), and it is to return to the registered letter of user that whether inquiry ID, which has existed, Breath, otherwise can register;E is obtained using A domain node public key PUBA encryption user H (DID) to user H (DID) first when registrationA (H (DID)), then ServerA node executes intelligent contract, initiates registering transaction and endorses;When common recognition node completes verifying life After block, the information that client ClientA succeeds in registration is returned to;
Step 4: client ClientA receives the message to succeed in registration, user's other information Info is supplemented, by believing safely Road is sent to the domain A certificate server ServerA;
Step 5: the other information Info that the domain A certificate server ServerA supplements user uses A domain node public key PUBA It is encrypted to obtain EA(Info), then ServerA node executes intelligent contract, initiates update user information and trades and endorse;
Step 22: user's local authentication:
Step 1: the domain A user i inputs user name ID and static password password PW on local client ClientA;
Step 2: client ClientA extracts user equipment number DID, and device numbering and static password password are made respectively Hash operation generates H (DID), H (PW), deletes local cache, passes through Diffie-Hellman algorithm and the domain A certificate server ServerA consult session key K, and the information such as ID, H (PW), H (DID) are sent to the domain A certification clothes by session key encryption Be engaged in device ServerA;
Step 3: the domain A certificate server ServerA receives the message that client ClientA is sent, and uses what is consulted Session key is decrypted, and obtains ID, H (PW), H (DID), inquires whether ID in the public account book of block chain has existed, if not In the presence of the return unregistered message of user then pulls the corresponding H of ID (PW) ', E from the public account book of block chain if it existsA(H (DID)) ', the information such as affiliated domain;
Step 4: the domain A certificate server ServerA compares the H (PW) that client ClientA is sent and draws with from block chain The H (PW) ' taken then further uses A domain node public key PUBA encryption user H (DID) if they are the same and obtains EA(H (DID)) is compared EA(H (DID)) and EA(H (DID)) ', the return authentication success message if equal;
Step 23: the cross-domain certification in user strange land;
Step 1: the domain A registration user i inputs logon information ID and PW on the client ClientB of the domain B;
Step 2: client ClientB extracts user equipment number DID, makees Hash operation and generates H (DID), H (PW), deletes Except local cache, by Diffie-Hellman algorithm and the domain B certificate server ServerB consult session key K, and by ID, H (PW), the information such as H (DID) are sent to the domain B certificate server ServerB by session key encryption;
Step 3: the domain B certificate server ServerB receives the message that client ClientB is sent, and uses what is consulted Session key is decrypted, and obtains ID, H (PW), H (DID), inquires whether ID in the public account book of block chain has existed, if not In the presence of the return unregistered message of user then pulls the corresponding H of ID (PW) ', E from the public account book of block chain if it existsA(H (DID)) ', the information such as affiliated domain;
Step 4: the domain B certificate server ServerB compares the H (PW) that client ClientB is sent and draws with from block chain The H (PW) ' taken then further uses A domain node public key PUBA encryption user H (DID) if they are the same and obtains EA(H (DID)) is compared EA(H (DID)) and EA(H (DID)) ', the return authentication success message if equal.
Preferably, a kind of efficient double factor cross-domain authentication method based on block chain technology, in the step 2 also It is authenticated equipped with step 24 user more exchange device.
Preferably, a kind of efficient double factor cross-domain authentication method based on block chain technology, the step 24 are used Family more exchange device certification the following steps are included:
Step 1: after the user's i more exchange device of the domain A, user name ID and static mouth are inputted on local client ClientA Enable password PW;
Step 2: client ClientA extracts user equipment number DID, makees Hash operation respectively and generates H (DID), H (PW), local cache is deleted, by Diffie-Hellman algorithm and the domain A certificate server ServerA consult session key K, And the information such as ID, H (PW), H (DID) are sent to the domain A certificate server ServerA by session key encryption;
Step 3: the domain A certificate server ServerA receives the message that ClientA is sent, close using the session consulted Key is decrypted, and obtains ID, H (PW), H (DID), inquires whether ID in the public account book of block chain has existed, and if it does not exist, returns The unregistered message in reuse family then pulls the corresponding H of ID (PW) ', E from the public account book of block chain if it existsAIt is (H (DID)) ', affiliated The information such as domain.
Step 4: the domain A certificate server ServerA compares the H (PW) that client ClientA is sent and draws with from block chain The H (PW) ' taken then further uses A domain node public key PUBA encryption user H (DID) if they are the same and obtains EA (H (DID)), compares EA(H (DID)) and EA(H (DID)) ', since user has replaced equipment, ServerA is decrypted using A domain node public key PRIA User EA (Info) obtains Info, extracts wherein close guarantor's problem QSecrect, and return to client by trusted channel ClientA。
Step 5: when the domain A user i answers close guarantor's problem ASecrect, client ClientA is by close guarantor's problem answers Hash Change, the information such as ID, H (PW), H (DID), H (ASecrect) are sent to the domain A certificate server by session key encryption ServerA;
Step 6: the domain A certificate server ServerA compares the H (ASecrect) that client ClientA is sent and record In close guarantor's answer H (ASecrect) of block chain ', user information is executed if passing through and updates intelligent contract, updates the H of user (DID), user is returned to after common recognition node completes verifying generation block successfully replace bound device information.
According to the above aspect of the present invention, the present invention has at least the following advantages:
The cryptographic Hash of present device ID is encrypted using the public key of registration domain server, only holds private key ability Decryption device ID cryptographic Hash, therefore even if hacker steals database, it can not also decrypt the specific of the second certification factor of user Content, and Diffie-Hellman consult session key is used in user and server interaction, therefore hacker is difficult to pass through The real condition that user is used to authenticate is stolen, the information security of user has been effectively ensured.During strange land of the present invention is cross-domain It authenticates domain server mainly and block chain node is interactive, since alliance's block chain network interior joint is numerous, when a node responds When overtime, other node can be rapidly switched to and carry out information request, therefore the reliability of this paper scheme is stronger.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention, And can be implemented in accordance with the contents of the specification, the following is a detailed description of the preferred embodiments of the present invention and the accompanying drawings.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this A little attached drawings obtain other relevant attached drawings.
Fig. 1-1 is hierarchical structure authentication model;
Fig. 1-2 is reticular structure authentication model;
Fig. 1-3 is the structural schematic diagram of bridge ca authentication model;
Fig. 2 is the cross-domain authentication architecture figure of double factor of the invention;
Fig. 3 is user's registration procedure Procedure figure of the present invention;
Fig. 4 is user's local authentication flow chart of the present invention;
Fig. 5 is the cross-domain identifying procedure figure in user strange land of the present invention;
Fig. 6 is the flow chart of user of the invention more exchange device;
Fig. 7 is Zhou Zhicheng scheme local authentication flow chart;
Fig. 8 is the cross-domain identifying procedure figure in Zhou Zhicheng scheme strange land;
Fig. 9 is Zhang Haodi scheme local authentication flow chart;
Figure 10 is the cross-domain identifying procedure figure in Zhang Haodi scheme strange land;
Figure 11 is computing cost time-consuming comparison diagram.
Specific embodiment
With reference to the accompanying drawings and examples, specific embodiments of the present invention will be described in further detail.Implement below Example is not intended to limit the scope of the invention for illustrating the present invention.
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction with attached in the embodiment of the present invention Figure, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only this Invention a part of the embodiment, instead of all the embodiments.Embodiments of the present invention, which are generally described and illustrated herein in the accompanying drawings Component can arrange and design with a variety of different configurations.Therefore, the implementation of the invention to providing in the accompanying drawings below The detailed description of example is not intended to limit the range of claimed invention, but is merely representative of selected implementation of the invention Example.Based on the embodiment of the present invention, those skilled in the art are obtained all without making creative work Other embodiments shall fall within the protection scope of the present invention.
Embodiment
A kind of efficient double factor cross-domain authentication method based on block chain technology, comprising the following steps:
Step 1: the design of system overall architecture;
Step 2: working-flow;
Step 21: user's registration process;
Step 22: user's local authentication:
Step 23: the cross-domain certification in user strange land.
As shown in Fig. 2, system overall architecture designs, according to the A of Diffie-Hellman algorithm, B session key agreement machine The step of processed are as follows:
Step 11: randomly selecting Big prime n and original g, and two information disclose, and A, B arrange two information It is good;
Step 12: A generates a several x at random, calculates X=gxThen X is sent to B by modn;
Step 13: B generates a several y at random, calculates Y=gyThen Y is sent to B by modn;
Step 14: A calculates K=Yxmodn;
Step 15: B calculates K '=Xymodn;
Obvious K=YxModn=(gy)xModn=(gx)yModn=XyModn=K ', i.e. A, B obtain identical after negotiating Session encryption key, and listener-in can only hear n, g, X, Y, can not calculate anti-x, the y for releasing two sides of discrete logarithm, therefore both sides The session key of negotiation is difficult to be computed.
As shown in figure 3, step 21: user's registration process;
Step 1: the domain A user i inputs user name ID and static password password PW on local client ClientA;
Step 2: client ClientA extracts user equipment number DID, and device numbering and static password password are made respectively Hash operation generates H (DID), H (PW), deletes local cache, passes through Diffie-Hellman algorithm and the domain A certificate server ServerA consult session key K, and the information such as ID, H (PW), H (DID) are sent to the domain A certification clothes by session key encryption Be engaged in device ServerA;
Step 3: the domain A certificate server ServerA receives the message that client ClientA is sent, and uses what is consulted Session key is decrypted, and obtains ID, H (PW), H (DID), and it is to return to the registered letter of user that whether inquiry ID, which has existed, Breath, otherwise can register;E is obtained using A domain node public key PUBA encryption user H (DID) to user H (DID) first when registrationA (H (DID)), then ServerA node executes intelligent contract, initiates registering transaction and endorses;When common recognition node completes verifying life After block, the information that client ClientA succeeds in registration is returned to;
Step 4: client ClientA receives the message to succeed in registration, user's other information Info is supplemented, by believing safely Road is sent to the domain A certificate server ServerA;
Step 5: the other information Info that the domain A certificate server ServerA supplements user uses A domain node public key PUBA It is encrypted to obtain EA(Info), then ServerA node executes intelligent contract, initiates update user information and trades and endorse;
As shown in figure 4, step 22: user's local authentication:
Step 1: the domain A user i inputs user name ID and static password password PW on local client ClientA;
Step 2: client ClientA extracts user equipment number DID, and device numbering and static password password are made respectively Hash operation generates H (DID), H (PW), deletes local cache, passes through Diffie-Hellman algorithm and the domain A certificate server ServerA consult session key K, and the information such as ID, H (PW), H (DID) are sent to the domain A certification clothes by session key encryption Be engaged in device ServerA;
Step 3: the domain A certificate server ServerA receives the message that client ClientA is sent, and uses what is consulted Session key is decrypted, and obtains ID, H (PW), H (DID), inquires whether ID in the public account book of block chain has existed, if not In the presence of the return unregistered message of user then pulls the corresponding H of ID (PW) ', E from the public account book of block chain if it existsA(H (DID)) ', the information such as affiliated domain;
Step 4: the domain A certificate server ServerA compares the H (PW) that client ClientA is sent and draws with from block chain The H (PW) ' taken then further uses A domain node public key PUBA encryption user H (DID) if they are the same and obtains EA(H (DID)) is compared EA(H (DID)) and EA(H (DID)) ', the return authentication success message if equal;
As shown in figure 5, step 23: the cross-domain certification in user strange land;
Step 1: the domain A registration user i inputs logon information ID and PW on the client ClientB of the domain B;
Step 2: client ClientB extracts user equipment number DID, makees Hash operation and generates H (DID), H (PW), deletes Except local cache, by Diffie-Hellman algorithm and the domain B certificate server ServerB consult session key K, and by ID, H (PW), the information such as H (DID) are sent to the domain B certificate server ServerB by session key encryption;
Step 3: the domain B certificate server ServerB receives the message that client ClientB is sent, and uses what is consulted Session key is decrypted, and obtains ID, H (PW), H (DID), inquires whether ID in the public account book of block chain has existed, if not In the presence of the return unregistered message of user then pulls the corresponding H of ID (PW) ', E from the public account book of block chain if it existsA(H (DID)) ', the information such as affiliated domain;
Step 4: the domain B certificate server ServerB compares the H (PW) that client ClientB is sent and draws with from block chain The H (PW) ' taken then further uses A domain node public key PUBA encryption user H (DID) if they are the same and obtains EA(H (DID)) is compared EA(H (DID)) and EA(H (DID)) ', the return authentication success message if equal.
As shown in fig. 6, being additionally provided with the certification of step 24 user more exchange device in step 2, comprising the following steps:
Step 1: after the user's i more exchange device of the domain A, user name ID and static mouth are inputted on local client ClientA Enable password PW;
Step 2: client ClientA extracts user equipment number DID, makees Hash operation respectively and generates H (DID), H (PW), local cache is deleted, by Diffie-Hellman algorithm and the domain A certificate server ServerA consult session key K, And the information such as ID, H (PW), H (DID) are sent to the domain A certificate server ServerA by session key encryption;
Step 3: the domain A certificate server ServerA receives the message that ClientA is sent, close using the session consulted Key is decrypted, and obtains ID, H (PW), H (DID), inquires whether ID in the public account book of block chain has existed, and if it does not exist, returns The unregistered message in reuse family then pulls the corresponding H of ID (PW) ', E from the public account book of block chain if it existsAIt is (H (DID)) ', affiliated The information such as domain.
Step 4: the domain A certificate server ServerA compares the H (PW) that client ClientA is sent and draws with from block chain The H (PW) ' taken then further uses A domain node public key PUBA encryption user H (DID) if they are the same and obtains EA (H (DID)), compares EA(H (DID)) and EA(H (DID)) ', since user has replaced equipment, ServerA is decrypted using A domain node public key PRIA User EA (Info) obtains Info, extracts wherein close guarantor's problem QSecrect, and return to client by trusted channel ClientA。
Step 5: when the domain A user i answers close guarantor's problem ASecrect, client ClientA is by close guarantor's problem answers Hash Change, the information such as ID, H (PW), H (DID), H (ASecrect) are sent to the domain A certificate server by session key encryption ServerA;
Step 6: the domain A certificate server ServerA compares the H (ASecrect) that client ClientA is sent and record In close guarantor's answer H (ASecrect) of block chain ', user information is executed if passing through and updates intelligent contract, updates the H of user (DID), user is returned to after common recognition node completes verifying generation block successfully replace bound device information.
It is as follows to the safety and efficiency analysis of above-mentioned technology in the present invention:
Safety analysis
Preventing playback attack: Replay Attack (Replay Attacks) is primarily referred to as can by intercepting or eavesdropping acquisition system The received packet of energy, then high frequency sends the packet and makes system that system be made to be busy with response and cannot respond to really request Packet.By in user's registration, verification process, session key all passes through Diffie-Hellman algorithm and generates random short key, because The key generated in this each session is not unique, and then realization prevents Replay Attack, guarantees the forward security of key.
Anti- man-in-the-middle attack: man-in-the-middle attack (Man-in-the-Middle Attack, MITM) is primarily referred to as by blocking It cuts or eavesdrops the data in communication process and the true content of data is distorted, the content after distorting is then forwarded to Recipient, in the case where data do not encrypt, recipient and sender are difficult to find that data have been tampered with.The present invention with By Diffie-Hellman consult session key, go-between must the first meeting of decoding before thinking progress data tampering by family registration and user Key is talked about, since the intractability go-between of discrete logarithm in finite field is difficult to decrypted session content.On the other hand, since user is quiet State password and facility information are all that facility information is calculated by asymmetric encryption by hashed encryption, and in cross-domain certification The ciphertext obtained after method is transmitted, therefore even if attacker can intercepting message, information can not be distorted.Unless recognizing Card node is broken, and public and private key leakage, then the user information of the affiliated node may be tampered.Due to applied field of the invention Scape is business alliance's chain, and security level is higher, with a high credibility between node, therefore does not consider such special circumstances.
Anti- guessing attack: guessing attack is password guessing attack, and usual situation attacker passes through various feelings Condition obtains attacker after the password code of user and just grasps all account informations of the user, system be difficult to differentiate attacker with True user, thus protect user log in password be not leaked it is particularly important.In present invention design, user logs in input After password key, client just deletes local cache after completing Hash operation immediately, and attacker can not directly acquire user and step on Land password.And the password backward recovery after hashed is difficult, even if attacker obtains user's hashed after cracking session key Later log in password, it is also difficult to therefrom restore user log in password.
Secret protection and consistency: in registration phase, the bound device hashed value and supplemental information of user is by registering Domain public key carries out asymmetric encryption, and encrypted information is stored on the public account book of block chain, and only log-on field holds corresponding private Information could be decrypted in key.In cross-domain authenticated, other domains are not necessarily to know the specific hashed value of equipment and user Privacy information, it is only necessary to result of the value transmitted when comparing user authentication after its log-on field adds public key encryption whether on chain Information is consistent, that is, can determine that whether user passes through certification.This mechanism had both realized the protection of privacy of user data, in turn ensured Data consistency, the open and clear property of transaction.
Efficiency analysis
The cross-domain certification of local authentication flow chart and strange land in the week, two people that are referred to such as Fig. 7 into Figure 10, with background technique The scheme of flow chart is compared, the device id as used by present aspect as user authentication second factor have invariance and Value determines that being decrypted into there is no need to the affiliated domain of user can directly come by comparing the ciphertext after public key encryption to user in plain text It is authenticated, participates in verification process without User Registration Area in the cross-domain certification of user, reduce letter when the cross-domain certification of user The interaction frequency and communication overhead are ceased, 1 (computing cost compares when local authentication) is shown in Table and table 2 (calculates when cross-domain certification in strange land Expense comparison).
Table 1:
Table .2
As shown in the following table 3 (typical algorithm arithmetic speed compares), by be 8GB in RAM, processor is 2 core 3.6GB Under Windows system, encrypting plaintext length is 160bytes, and each operation 10000 times tests available various types and calculates behaviour The time overhead of work.
Table 3
Algorithm Time-consuming/s
AES symmetric cryptography 0.027
AES is symmetrically decrypted 0.105
RSA asymmetric encryption 2.25
The asymmetric decryption of RSA 98.757
SHA256 Hash operation 0.044
Exponent arithmetic (101^500) 0.056
As seen from the above table, symmetric cryptography is fastest, and Hash operation and exponent arithmetic arithmetic speed are very fast, AES decryption speed Degree is about the 1/2 of Hash operation and exponent arithmetic, and asymmetric encryption speed is about the 1/4 of Hash operation and exponent arithmetic, Rather than symmetrically decryption speed is then nearly the 1/20 of Hash operation and exponent arithmetic.Three kinds of sides when being not counted in fuzzy extraction operation The comparison of case computing cost time-consuming is as shown in figure 11.
In above 3 kinds of schemes, since asymmetric encryption and asymmetric decryption calculating is employed many times in Zhang Haodi scheme, The program is time-consuming at most, and efficiency is minimum.And the present invention program and Zhou Zhicheng scheme in local authentication more done a Hash and transported It calculates, has done primary fuzzy extraction operation less;In strange land when cross-domain certification, other types operation times are identical, done a mould less Paste extracts operation.Even if not considering the fuzzy extraction recovery operation of fingerprint generally than relatively time-consuming, efficiency of the invention is also caused with week It is suitable at scheme.
But it is obvious that Zhou Zhicheng scheme has the shortcomings that 2, first is that the static password cryptographic Hash y of the user in its scheme, And all direct stored in clear of user's random key R that user recovers by fingerprint by fuzzy extraction is in the service of log-on field Device, if registration domain server is broken at this time, the static password cryptographic Hash y of user, the random key R of user are stolen by hacker, Then hacker can directly simulant-client logged in using information such as ID, y, R to pretend user, the information security of user will be by pole Big threat;Second is that client directly sends the information such as ID, y, R to authenticated domain in plain text in the cross-domain verification process in strange land, if It is monitored in the process by hacker, then the information of user has disclosure risk.And in case of the present invention, the cryptographic Hash of device id is using registration The public key of domain server is encrypted, and only holds private key ability decryption device ID cryptographic Hash, therefore even if hacker steals data Library can not also decrypt the particular content of the second certification factor of user, and use in user and server interaction Diffie-Hellman consult session key, therefore hacker is difficult to the real condition for being used to authenticate by stealing user, has Effect ensure that the information security of user.In addition, Zhou Zhicheng scheme needs the certificate server of log-on field in the cross-domain certification in strange land Verification process is participated in, because registration domain server, there may be situations such as busy, delay machine, network delays, reality is cross-domain to recognize Demonstrate,proving the time may relatively long, and reliability is weaker;And strange land of the present invention it is cross-domain during certification domain server is main and block chain link Point interaction, since alliance's block chain network interior joint is numerous, when a node response timeout, can be rapidly switched to other section Row information request is clicked through, therefore reliability of the invention is stronger.From the above analysis, safety of the invention, efficiency, reliable Property exceeds Zhou Zhicheng scheme.
The above is only a preferred embodiment of the present invention, it is not intended to restrict the invention, it is noted that for this skill For the those of ordinary skill in art field, without departing from the technical principles of the invention, can also make it is several improvement and Modification, these improvements and modifications also should be regarded as protection scope of the present invention.

Claims (3)

1. a kind of efficient double factor cross-domain authentication method based on block chain technology, which comprises the following steps:
Step 1: the design of system overall architecture;
According to the A of Diffie-Hellman algorithm, the step of B session key agreement mechanism are as follows:
Step 11: randomly selecting Big prime n and original g, and two information disclose, and A, B appoint two information;
Step 12: A generates a several x at random, calculates X=gxThen X is sent to B by modn;
Step 13: B generates a several y at random, calculates Y=gyThen Y is sent to B by modn;
Step 14: A calculates K=Yxmodn;
Step 15: B calculates K '=Xymodn;
Step 2: working-flow;
Step 21: user's registration process;
Step 1: the domain A user i inputs user name ID and static password password PW on local client ClientA;
Step 2: client ClientA extracts user equipment number DID, and device numbering and static password password are made Hash respectively Operation generates H (DID), H (PW), deletes local cache, passes through Diffie-Hellman algorithm and the domain A certificate server ServerA consult session key K, and the information such as ID, H (PW), H (DID) are sent to the domain A certification clothes by session key encryption Be engaged in device ServerA;
Step 3: the domain A certificate server ServerA receives the message that client ClientA is sent, and uses the session consulted Key is decrypted, and obtains ID, H (PW), H (DID), and it is to return to the registered information of user that whether inquiry ID, which has existed, no It can then register;E is obtained using A domain node public key PUBA encryption user H (DID) to user H (DID) first when registrationA(H (DID)), then ServerA node executes intelligent contract, initiates registering transaction and endorses;Verifying is completed when common recognition node to generate After block, the information that client ClientA succeeds in registration is returned to;
Step 4: client ClientA receives the message to succeed in registration, supplements user's other information Info, is sent out by safe lane Give the domain A certificate server ServerA;
Step 5: the other information Info that the domain A certificate server ServerA supplements user is carried out using A domain node public key PUBA Encryption obtains EA(Info), then ServerA node executes intelligent contract, initiates update user information and trades and endorse;
Step 22: user's local authentication;
Step 1: the domain A user i inputs user name ID and static password password PW on local client ClientA;
Step 2: client ClientA extracts user equipment number DID, and device numbering and static password password are made Hash respectively Operation generates H (DID), H (PW), deletes local cache, passes through Diffie-Hellman algorithm and the domain A certificate server ServerA consult session key K, and the information such as ID, H (PW), H (DID) are sent to the domain A certification clothes by session key encryption Be engaged in device ServerA;
Step 3: the domain A certificate server ServerA receives the message that client ClientA is sent, and uses the session consulted Key is decrypted, and obtains ID, H (PW), H (DID), inquires whether ID in the public account book of block chain has existed, if it does not exist, The unregistered message of user is returned, then pulls the corresponding H of ID (PW) ', E from the public account book of block chain if it existsA(H (DID)) ', institute Belong to the information such as domain;
Step 4: that the domain A certificate server ServerA compares that client ClientA sends H (PW) and the H that pulls from block chain (PW) ' A domain node public key PUBA encryption user H (DID), is then further used if they are the same obtains EA(H (DID)) compares EA(H And E (DID))A(H (DID)) ', the return authentication success message if equal;
Step 23: the cross-domain certification in user strange land;
Step 1: the domain A registration user i inputs logon information ID and PW on the client ClientB of the domain B;
Step 2: client ClientB extracts user equipment number DID, makees Hash operation and generates H (DID), H (PW), deletes this Ground caching, by Diffie-Hellman algorithm and the domain B certificate server ServerB consult session key K, and by ID, H (PW), the information such as H (DID) are sent to the domain B certificate server ServerB by session key encryption;
Step 3: the domain B certificate server ServerB receives the message that client ClientB is sent, and uses the session consulted Key is decrypted, and obtains ID, H (PW), H (DID), inquires whether ID in the public account book of block chain has existed, if it does not exist, The unregistered message of user is returned, then pulls the corresponding H of ID (PW) ', E from the public account book of block chain if it existsA(H (DID)) ', institute Belong to the information such as domain;
Step 4: that the domain B certificate server ServerB compares that client ClientB sends H (PW) and the H that pulls from block chain (PW) ' A domain node public key PUBA encryption user H (DID), is then further used if they are the same obtains EA(H (DID)) compares EA(H And E (DID))A(H (DID)) ', the return authentication success message if equal.
2. a kind of efficient double factor cross-domain authentication method based on block chain technology according to claim 1, feature exist In: the certification of step 24 user more exchange device is additionally provided in the step 2.
3. a kind of efficient double factor cross-domain authentication method based on block chain technology according to claim 2, feature exist In: step 24 user more exchange device certification the following steps are included:
Step 1: after the user's i more exchange device of the domain A, user name ID is inputted on local client ClientA and static password is close Code PW;
Step 2: client ClientA extracts user equipment number DID, makees Hash operation respectively and generates H (DID), H (PW), deletes Except local cache, by Diffie-Hellman algorithm and the domain A certificate server ServerA consult session key K, and by ID, H (PW), the information such as H (DID) are sent to the domain A certificate server ServerA by session key encryption;
Step 3: the domain A certificate server ServerA receives the message that ClientA is sent, using the session key consulted into Row decryption, obtains ID, H (PW), H (DID), inquires whether ID in the public account book of block chain has existed, and if it does not exist, returns and uses The unregistered message in family then pulls the corresponding H of ID (PW) ', E from the public account book of block chain if it existsA(H (DID)) ', affiliated domain etc. Information.
Step 4: that the domain A certificate server ServerA compares that client ClientA sends H (PW) and the H that pulls from block chain (PW) ' A domain node public key PUBA encryption user H (DID), is then further used if they are the same to obtain EA (H (DID)), compares EA(H And E (DID))A(H (DID)) ', since user has replaced equipment, ServerA uses A domain node public key PRIA decrypted user EA (Info) obtains Info, extracts wherein close guarantor's problem QSecrect, and return to client ClientA by trusted channel.
Step 5: when the domain A user i answers close guarantor's problem ASecrect, client ClientA by close guarantor's problem answers hashed, The information such as ID, H (PW), H (DID), H (ASecrect) are sent to the domain A certificate server ServerA by session key encryption;
Step 6: the domain A certificate server ServerA compares the H (ASecrect) and be recorded in area that client ClientA is sent Close guarantor's answer H (ASecrect) of block chain ', user information is executed if passing through and updates intelligent contract, updates the H (DID) of user, User, which is returned to, after common recognition node completes verifying generation block successfully replaces bound device information.
CN201910287332.5A 2019-04-11 2019-04-11 Efficient double-factor cross-domain authentication method based on block chain technology Active CN110069918B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910287332.5A CN110069918B (en) 2019-04-11 2019-04-11 Efficient double-factor cross-domain authentication method based on block chain technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910287332.5A CN110069918B (en) 2019-04-11 2019-04-11 Efficient double-factor cross-domain authentication method based on block chain technology

Publications (2)

Publication Number Publication Date
CN110069918A true CN110069918A (en) 2019-07-30
CN110069918B CN110069918B (en) 2020-12-04

Family

ID=67367343

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910287332.5A Active CN110069918B (en) 2019-04-11 2019-04-11 Efficient double-factor cross-domain authentication method based on block chain technology

Country Status (1)

Country Link
CN (1) CN110069918B (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110413649A (en) * 2019-08-01 2019-11-05 宁波富万信息科技有限公司 A kind of financial big data processing method and its system platform based on block chain
CN110597883A (en) * 2019-09-19 2019-12-20 腾讯科技(深圳)有限公司 Vehicle rental data processing method and device based on block chain and storage medium
CN111083700A (en) * 2019-12-30 2020-04-28 全链通有限公司 5G terminal equipment access method, equipment and storage medium based on block chain
CN111132166A (en) * 2019-12-30 2020-05-08 江苏全链通信息科技有限公司 5G communication dual-channel access method, equipment and storage medium
CN111464535A (en) * 2020-03-31 2020-07-28 中国电子科技集团公司第三十研究所 Cross-domain trust transfer method based on block chain
CN111695152A (en) * 2020-05-26 2020-09-22 东南大学 MySQL database protection method based on security agent
CN112019349A (en) * 2020-08-28 2020-12-01 南京工程学院 Cross-domain authentication method for power internet of things based on cross-chain technology
CN112765671A (en) * 2021-02-08 2021-05-07 上海万向区块链股份公司 Localized data privacy encryption method and system
CN112989317A (en) * 2021-03-24 2021-06-18 中国电子科技集团公司第三十研究所 Unified distributed PKI certificate identity management system
CN113569210A (en) * 2021-07-09 2021-10-29 远光软件股份有限公司 Distributed identity authentication method, equipment access method and device
CN113972991A (en) * 2020-07-23 2022-01-25 南京理工大学 Cross-domain identity authentication method based on multistage alliance chain
CN114553527A (en) * 2022-02-22 2022-05-27 中国人民解放军78111部队 Block chain-based identity authentication service system crossing CA trust domain
CN116112167A (en) * 2023-04-13 2023-05-12 恒生电子股份有限公司 Key management system, method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107733657A (en) * 2017-10-24 2018-02-23 沈阳师范大学 A kind of high in the clouds is based on PTPM and without CertPubKey signature double factor authentication method
WO2018201147A2 (en) * 2017-04-28 2018-11-01 Neuromesh Inc. Methods, apparatus, and systems for controlling internet-connected devices having embedded systems with dedicated functions
CN108737436A (en) * 2018-05-31 2018-11-02 西安电子科技大学 Based on the cross-domain services device identity identifying method for trusting alliance's block chain
CN108989022A (en) * 2018-06-08 2018-12-11 中国科学院计算技术研究所 A kind of smart item shared key method for building up and system based on block chain
CN109327457A (en) * 2018-11-09 2019-02-12 广州大学 A kind of internet of things equipment identity identifying method and system based on block chain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018201147A2 (en) * 2017-04-28 2018-11-01 Neuromesh Inc. Methods, apparatus, and systems for controlling internet-connected devices having embedded systems with dedicated functions
CN107733657A (en) * 2017-10-24 2018-02-23 沈阳师范大学 A kind of high in the clouds is based on PTPM and without CertPubKey signature double factor authentication method
CN108737436A (en) * 2018-05-31 2018-11-02 西安电子科技大学 Based on the cross-domain services device identity identifying method for trusting alliance's block chain
CN108989022A (en) * 2018-06-08 2018-12-11 中国科学院计算技术研究所 A kind of smart item shared key method for building up and system based on block chain
CN109327457A (en) * 2018-11-09 2019-02-12 广州大学 A kind of internet of things equipment identity identifying method and system based on block chain

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
周致成 等: ""基于区块链技术的生物特征和口令双因子跨域认证方案"", 《计算机应用》 *
张昊迪 等: ""基于区块链技术的跨域身份认证机制研究"", 《广东通信技术》 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110413649A (en) * 2019-08-01 2019-11-05 宁波富万信息科技有限公司 A kind of financial big data processing method and its system platform based on block chain
CN110597883A (en) * 2019-09-19 2019-12-20 腾讯科技(深圳)有限公司 Vehicle rental data processing method and device based on block chain and storage medium
CN110597883B (en) * 2019-09-19 2024-05-07 腾讯科技(深圳)有限公司 Vehicle leasing data processing method and device based on blockchain and storage medium
CN111083700A (en) * 2019-12-30 2020-04-28 全链通有限公司 5G terminal equipment access method, equipment and storage medium based on block chain
CN111132166A (en) * 2019-12-30 2020-05-08 江苏全链通信息科技有限公司 5G communication dual-channel access method, equipment and storage medium
CN111464535A (en) * 2020-03-31 2020-07-28 中国电子科技集团公司第三十研究所 Cross-domain trust transfer method based on block chain
CN111695152A (en) * 2020-05-26 2020-09-22 东南大学 MySQL database protection method based on security agent
CN113972991A (en) * 2020-07-23 2022-01-25 南京理工大学 Cross-domain identity authentication method based on multistage alliance chain
CN112019349A (en) * 2020-08-28 2020-12-01 南京工程学院 Cross-domain authentication method for power internet of things based on cross-chain technology
CN112019349B (en) * 2020-08-28 2022-12-13 南京工程学院 Cross-chain technology-based cross-domain authentication method for power internet of things
CN112765671A (en) * 2021-02-08 2021-05-07 上海万向区块链股份公司 Localized data privacy encryption method and system
CN112989317A (en) * 2021-03-24 2021-06-18 中国电子科技集团公司第三十研究所 Unified distributed PKI certificate identity management system
CN113569210A (en) * 2021-07-09 2021-10-29 远光软件股份有限公司 Distributed identity authentication method, equipment access method and device
CN114553527A (en) * 2022-02-22 2022-05-27 中国人民解放军78111部队 Block chain-based identity authentication service system crossing CA trust domain
CN116112167A (en) * 2023-04-13 2023-05-12 恒生电子股份有限公司 Key management system, method and device

Also Published As

Publication number Publication date
CN110069918B (en) 2020-12-04

Similar Documents

Publication Publication Date Title
CN110069918A (en) A kind of efficient double factor cross-domain authentication method based on block chain technology
CN112218294B (en) 5G-based access method and system for Internet of things equipment and storage medium
CN111046352B (en) Identity information security authorization system and method based on block chain
Bhatia et al. Data security in mobile cloud computing paradigm: a survey, taxonomy and open research issues
CN109687965B (en) Real-name authentication method for protecting user identity information in network
CN102647461B (en) Communication means based on HTTP, server, terminal
US8533806B2 (en) Method for authenticating a trusted platform based on the tri-element peer authentication(TEPA)
CN109361668A (en) A kind of data trusted transmission method
CN106452772B (en) Terminal authentication method and device
CN101534192B (en) System used for providing cross-domain token and method thereof
Kumar An Enhanced Remote User Authentication Scheme with Smart Card.
CN109688119A (en) In a kind of cloud computing can anonymous traceability identity identifying method
CN105681470A (en) Communication method, server and terminal based on hypertext transfer protocol
CN109981287A (en) A kind of code signature method and its storage medium
CN114338242B (en) Cross-domain single sign-on access method and system based on block chain technology
Alzuwaini et al. An Efficient Mechanism to Prevent the Phishing Attacks.
CN105554018A (en) Network real name verification method
US20190007218A1 (en) Second dynamic authentication of an electronic signature using a secure hardware module
CN110572392A (en) Identity authentication method based on HyperLegger network
Barreto et al. An intrusion tolerant identity management infrastructure for cloud computing services
CN108390866A (en) Trusted remote method of proof based on the two-way anonymous authentication of dual-proxy
CN114270386A (en) Authenticator application for consent framework
CN106936760A (en) A kind of apparatus and method of login Openstack cloud system virtual machines
CN113014394A (en) Electronic data evidence storing method and system based on alliance chain
CN108566274B (en) Method, equipment and storage equipment for seamless docking between block chain authentication systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: 11-12 / F, Lingyu Business Plaza, 66 qinglonggang Road, high speed rail new town, Xiangcheng District, Suzhou City, Jiangsu Province, 215100

Patentee after: Suzhou Shutong Digital Technology Co.,Ltd.

Address before: 11-12 / F, Lingyu Business Plaza, 66 qinglonggang Road, high speed rail new town, Xiangcheng District, Suzhou City, Jiangsu Province

Patentee before: SUZHOU TONGJI BLOCKCHAIN RESEARCH INSTITUTE Co.,Ltd.

CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: 11-12 / F, Lingyu Business Plaza, 66 qinglonggang Road, high speed rail new town, Xiangcheng District, Suzhou City, Jiangsu Province

Patentee after: Wutong Chain Digital Technology Research Institute (Suzhou) Co.,Ltd.

Address before: 11-12 / F, Lingyu Business Plaza, 66 qinglonggang Road, high speed rail new town, Xiangcheng District, Suzhou City, Jiangsu Province, 215100

Patentee before: Suzhou Shutong Digital Technology Co.,Ltd.

CP03 Change of name, title or address