CN110213264A - Auth method, equipment and storage medium based on alliance's block chain - Google Patents
Auth method, equipment and storage medium based on alliance's block chain Download PDFInfo
- Publication number
- CN110213264A CN110213264A CN201910466958.2A CN201910466958A CN110213264A CN 110213264 A CN110213264 A CN 110213264A CN 201910466958 A CN201910466958 A CN 201910466958A CN 110213264 A CN110213264 A CN 110213264A
- Authority
- CN
- China
- Prior art keywords
- block chain
- user
- service node
- node
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The present invention provides a kind of auth method based on alliance's block chain, equipment and storage medium.This method includes that user node obtains the first block chain mark of first service node to be logged in and the second block chain mark of second service node;The first IP address of second service node is searched from account book according to the second block chain mark, and the first checking request is sent to second service node based on the first IP address;Receive the random number that second service node returns;Random number, the first block chain mark are encrypted to obtain the first encryption data using the shared key of agreement;Verifying message is sent to the first IP address, the first encryption data is calculated the second encryption data obtained with second service node itself according to verifying message and is compared by second service node, and when comparing consistent, returns to validating documents;Validating documents and the second block chain mark are sent to first service node and verified.The present invention improves the safety and efficiency of authentication.
Description
Technical field
The present embodiments relate to block chain technical field more particularly to a kind of authentication sides based on alliance's block chain
Method, equipment and storage medium.
Background technique
There are many Internet Service Providers (Internet Service Provider, abbreviation on the internet
ISP)/Web content service provider (Internet Content Provider, abbreviation ICP), each user are enjoying ISP/ICP
It must be registered on the ISP/ICP before the service of offer, for example currently everyone generally has wechat, Alipay etc. each
Kind of APP, and if each APP is registered, and if the account registered on different APP as password, is easy to
Library attack is hit, the safety of account is lower, and if the account registered on different APP, password are different, and hold very much
Easily pass into silence, give for change again account, password it is cumbersome.
Summary of the invention
The embodiment of the present invention provides a kind of auth method based on alliance's block chain, equipment and storage medium, to
When improving user using Internet service, the efficiency and safety of authentication avoid user from remembering a large number of users name and password
Trouble, solve the problems, such as the username and password of the multiple Internet services of user it is consistent caused by be easy hit library attack.
In a first aspect, the embodiment of the present invention provides a kind of auth method based on alliance's block chain, this method comprises:
User node in alliance's block chain obtains of the first service node in alliance's block chain to be logged in
One block chain mark and user once registered the second block chain mark of the second service node of user name;The user
Node, which identifies to search from the account book of alliance's block chain according to the second block chain, obtains the second service node
First IP address, and the first checking request is sent to the second service node based on first IP address, described first tests
Card request includes that the third block chain of the user node identifies;The user node receives the second service node according to institute
State the random number of the first checking request return;The user node is registering the use using the user of user input
The random number, the first block chain mark are carried out with the first shared key of the second service node agreement when name in an account book
Encryption obtains the first encryption data;The user node is based on first IP address and sends verifying to the second service node
Message, the verifying message includes first encryption data and the user name, so that the second service node is receiving
To after the verifying message, first encryption data and the second service node itself are calculated to the second encryption number obtained
According to being compared, and when both comparing consistent, Xiang Suoshu user node sends validating documents, and the validating documents include using
The user name and the first block chain mark after the private key signature of the second service node, second encryption data
The second shared key being arranged when register the user name for the second service node using the user to it is described at random
What several, the described first block chain mark was encrypted;The user node takes the validating documents and described second
The second block chain mark of business node is sent to the first service node, so that the first service node is based on second service
The public key of node verifies the signature in the validating documents, and provides service when being verified for the user.
In one embodiment, the validating documents further include timestamp information.
In one embodiment, the user node is by the second of the validating documents and the second service node
Block chain mark is sent to the first service node, comprising:
The user node is in the preset time range of the received validating documents by the validating documents and institute
The the second block chain mark for stating second service node is sent to the first service node.
In one embodiment, the user node receives the second service node according to first checking request
The random number of return, comprising:
The user node receive the second service node sent to the second IP address of the user node it is random
Number.
Second aspect, the embodiment of the present invention provide a kind of user node, and the user node is suitable for a kind of alliance's block
Chain, the user node include:
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as being executed by the processor following
Operation:
The the first block chain mark for obtaining the first service node in alliance's block chain to be logged in and user were once
Through registering the second block chain mark of the second service node of user name;It is identified according to the second block chain from the alliance
Search the first IP address for obtaining the second service node in the account book of block chain, and based on first IP address to described
Second service node sends the first checking request, and first checking request includes the third block chain mark of the user node
Know;Receive the random number that the second service node is returned according to first checking request;The institute inputted using the user
First shared key of the user when registering the user name with second service node agreement is stated to the random number, described
First block chain mark is encrypted to obtain the first encryption data;It is sent out based on first IP address to the second service node
Verifying message is sent, the verifying message includes first encryption data and the user name, so that the second service node
After receiving the verifying message, first encryption data and the second service node itself are calculated into second obtained
Encryption data is compared, and when both comparisons are consistent, Xiang Suoshu user node sends validating documents, the validating documents packet
The user name and the first block chain mark after including the private key signature using the second service node, described second adds
The second shared key that ciphertext data is arranged when registering the user name for the second service node using the user is to institute
State random number, the first block chain mark is encrypted;By the validating documents and the second service node
The second block chain mark be sent to the first service node so that the first service node is based on second service node
Public key verifies the signature in the validating documents, and provides service when being verified for the user.
In one embodiment, the validating documents further include timestamp information.
In one embodiment, the processor is being executed the validating documents and the second service node
When second block chain mark is sent to the operation of the first service node, it is used for:
By the validating documents and the second service section in the preset time range of the received validating documents
The second block chain mark of point is sent to the first service node.
In one embodiment, the processor is executing the reception second service node according to first verifying
When requesting the operation of the random number returned, it is used for:
Receive the random number that the second service node is sent to the second IP address of the user node.
The third aspect, the embodiment of the present invention provide a kind of alliance's block chain, which includes above-mentioned second aspect
The user node.
Fourth aspect, the embodiment of the present invention provide a kind of computer readable storage medium, are stored thereon with computer program,
The computer program is executed by processor to realize method described in first aspect.
Provided in an embodiment of the present invention in the auth method of alliance's block chain, equipment and storage medium, alliance
User node in block chain was once infused in the first block chain mark for getting first service node to be logged in and user
After volume crosses the second block chain mark of the second service node of user name, the account from alliance's block chain is identified according to the second block chain
The first IP address of second service node is obtained in this, and user is carried to the transmission of second service node based on the first IP address
First checking request of the third block chain mark of node, so that second service node is fed back at random according to the first checking request
Number, after the random number for receiving second service node feeding back, using the first shared key of user's input to the random number
It is encrypted with the first block chain mark, and the first encryption data and user name that encryption obtains is carried and sent out in verifying message
It is sent in the first IP address of second service node, so that second service node is close using the second encryption in advance with user's agreement
The second encryption data that key encrypts to the random number and the first block chain mark, and encryption is obtained encrypts number with first
According to comparing, and send to user node when the two is consistent include second service node private key signature validating documents, use
Family node receives and the second block chain of the validating documents and second service node mark is sent to first after the validating documents
Service node, so that first service node verifies the signature in validating documents according to the public key of second service node, if
It is verified, then provides service for user.Technical solution based on the embodiment of the present invention, as long as user is in alliance's block chain
User name and user key are had registered on upper any service node, so that it may log in area, alliance using the user name and user key
Other service nodes on block chain, and enjoy the service of the service node remember a large number of users name and close so as to avoid user
The trouble of key improves the convenience of authentication, and the embodiment of the present invention is by using P2P for the verifying message in verification process
The mode of (being sent directly in the IP address of recipient) is sent to recipient, so that verifying message is not recorded in area, alliance
In block chain, can be avoided in this way verifying message it is obtained by a hacker, reduce hit library attack risk, in addition, due to the present invention implement
User node directly can obtain random number from once registered service node in example, do not need other intermediate nodes and turn
Hair, thus the efficiency of authentication can be further improved, mitigate the forwarding pressure of intermediate node.
Detailed description of the invention
Fig. 1 is a kind of schematic diagram of communication system provided in an embodiment of the present invention;
Fig. 2 is a kind of flow chart of the auth method based on alliance's block chain provided in an embodiment of the present invention;
Fig. 3 is a kind of flow chart of auth method based on alliance's block chain provided in an embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram of user node provided in an embodiment of the present invention.
Through the above attached drawings, it has been shown that the specific embodiment of the disclosure will be hereinafter described in more detail.These attached drawings
It is not intended to limit the scope of this disclosure concept by any means with verbal description, but is by referring to specific embodiments
Those skilled in the art illustrate the concept of the disclosure.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all implementations consistent with this disclosure.On the contrary, they be only with it is such as appended
The example of the consistent device and method of some aspects be described in detail in claims, the disclosure.
Auth method provided in an embodiment of the present invention based on alliance's block chain, it is intended to solve in the prior art if
The account that user registers in different application programs (APP) is as password, it is easy to be hit library attack, the safety of account
It is lower, and if the account registered on different APP, password are different, and be easy to pass into silence, give account, close for change again
The cumbersome technical problem of code, particularly, the embodiment of the present invention also focuses on the basis of solving above-mentioned technical problem
Improve the efficiency of authentication.This method can be adapted for communication system shown in FIG. 1.As shown in Figure 1, the communication system packet
Include: first service node 11, second service node 12, user node 13, third service node 14, the 4th service node 15, with
And the 5th service node 16, wherein first service node 11, second service node 12, user node 13, third service node
14, the 4th service node 15 and the 5th service node 16 belong to same alliance's block chain.Wherein, second service node 12,
Three service nodes 14, the 4th service node 15 and the 5th service node 16 can provide different services for user, and citing comes
It says, second service node 12, third service node 14, the 4th service node 15 and the 5th service node 16 can be used respectively
In offer " pushing away spy " service, " facebook " service, " wechat " service and " Alipay " service, certainly it is only for illustrate without
It is uniquely to limit.In addition, only schematically illustrate herein, the structure and alliance's block chain of alliance's block chain are not limited
Node number.
How technical solution of the present invention and technical solution of the present invention are solved with specifically embodiment below above-mentioned
Technical problem is described in detail.These specific embodiments can be combined with each other below, for the same or similar concept
Or process may repeat no more in certain embodiments.Below in conjunction with attached drawing, the embodiment of the present invention is described.
Fig. 2 is a kind of flow chart of the auth method based on alliance's block chain provided in an embodiment of the present invention.The party
Method is suitable for a kind of alliance's block chain, and the structure of alliance's block chain is referred to Fig. 1, and specific step is as follows for this method:
User node in step 201, alliance's block chain obtains the first service in alliance's block chain to be logged in
Second block chain of the second service node that the first block chain of node identifies and user once registered user name identifies.
Step 202, the user node are identified according to the second block chain and are looked into from the account book of alliance's block chain
The first IP address for obtaining the second service node is looked for, and is sent based on first IP address to the second service node
First checking request, first checking request include the third block chain mark of the user node.
Step 203, the user node receive the second service node according to first checking request return with
Machine number.
Step 204, the user node use the user of user input when registering the user name and institute
It states the first shared key of second service node agreement and is encrypted to obtain the to the random number, the first block chain mark
One encryption data.
Step 205, the user node are based on first IP address and send verifying message to the second service node,
The verifying message includes first encryption data and the user name so that the second service node receive it is described
After verifying message, first encryption data and the second service node itself are calculated into the second encryption data obtained and carried out
It compares, and when both comparisons are consistent, Xiang Suoshu user node sends validating documents.
Wherein, the validating documents include using the second service node private key signature after the user name and institute
The first block chain mark is stated, second encryption data is that the second service node uses the user registering the user
The second shared key being arranged when name encrypts the random number, the first block chain mark.
Step 206, the user node are by the validating documents and the second block chain mark of the second service node
Knowledge is sent to the first service node, so that the public key of the first service node based on second service node is to the verifying
Signature in voucher is verified, and provides service when being verified for the user.
By taking Fig. 1 as an example, second service node 12, third service node 14, the 4th service node 15, Yi Ji in Fig. 1
The building of five service nodes 16 forms alliance's block chain, and provides authentication service for other service nodes or user node.It should
Preserved in the wound generation block of alliance's block chain second service node 12, third service node 14, the 4th service node 15 and
The information such as the block chain mark of the 5th service node 16, public key, IP address, second service node 12, third service node 14,
Four service nodes 15 and the 5th service node 16 carry out alliance's block chain collectively as the original node of this alliance block chain
Management, includes whether that some service node is allowed to access this alliance block chain etc..
User by the mode under block chain chain carries out the registration of user name and key or in alliance's block chain
It was registered on some service node, in this example, it is assumed that user registered on second service node 12, but not in the first clothes
It is engaged in registering on node 11.
Specifically, in the present embodiment, the node of alliance's block chain, for example second service node 12 is in alliance's block chain
State the block chain mark (for the ease of distinguishing, hereinafter referred to as the second block chain mark) of oneself, which uses broadcast message
And the mode of private key signature is published in alliance's block chain, the block chain mark of second service node 12 is recorded in alliance's block
In the account book of chain.
User node 13 is when requesting the service of first service node 11, it is possible, firstly, to be prompted by user interface
User inputs the first block chain mark of first service node 11 and the second block chain of second service node 12 identifies, Huo Zheye
It can be according to the information of the service that first service node 11 and second service node 12 can be provided (such as service name " wechat "
Deng) or other information associated with first service node 11, second service node 12, it is obtained from the account book of alliance's block chain
It takes the first block chain of first service node 11 to identify to identify with the second block chain of second service node 12.
Obtain the first block chain mark and the second block chain mark after, user node 13 according to the second block chain identify from
The first IP address of second service node is searched in the account book of alliance's block chain, to ask the first verifying according to the first IP address
It asks and is sent to second service node 12, wherein identified in the first checking request including at least the third block chain of user node 13,
It optionally, in other embodiments may include user name, the second block chain mark of second service node etc. of user's input
Information.
Second service node 12 generates a random number after receiving the first checking request of user node 13, and leads to
It crosses the mode on chain or under chain and the random number is sent to user node 13, for example, being sent random number to by way of P2P
In second IP address of user node 13, so that user node 13 is received from its second IP address obtains random number.Or
Random number Jing Guo 12 private key signature of second service node can be carried in broadcast message, be broadcast in alliance's block chain,
So that user node 13 obtains random number from the broadcast message.
User node 13 obtains the first shared key of user's input, the first shared key after receiving random number
It should be the key that user arranges when registering user name on second service node with second service node 12.User node 13 passes through
First shared key encrypts the random number and aforementioned the first block chain mark got that receive, obtains first and adds
Ciphertext data.Then, it based on the first IP address or broadcast message of second service node 12, is tested to the transmission of second service node 12
Message is demonstrate,proved, the first encryption data is included at least in the verifying message, the user name that user inputs, can also include using optionally
Identification information, the second block chain mark of second service node 12 at family etc..
Second service node 12 obtains the first block chain mark and is used from verifying message after receiving verifying message
Name in an account book, then, the second shared key arranged when registering the user name on it based on user is (if the first of user's input is total
It is errorless to enjoy key, then the first shared key and the second shared key should be same keys) user node 13 is sent to it
Random number and the first block chain mark are encrypted to obtain the second encryption data.
After obtaining the second encryption data, second service node 12 compares the second encryption data and the first encryption data
Right, if the two is consistent, certification passes through, and generates validating documents, and pass through the second IP address or broadcast message of user node 13,
The validating documents are sent to user node 13.The validating documents include at least the user name and the first block chain mark
Know, can also include the identification information and timestamp information of the user optionally, the information in the validating documents is by the
The private key signature of two service nodes 12.It can prevent the playback of malicious attack side from attacking by adding timestamp information in validating documents
It hits.
User node 13 is after receiving the validating documents, in preset time range by the validating documents and second service
The second block chain mark of node 12 is sent to first service node 11, and first service node is according to the public affairs of second service node 12
Key verifies the signature in validating documents, if being verified, provides services to the user.Wherein, if being more than described default
Then the validating documents fail time range, prevent attacker's Replay Attack, or in other embodiments, verifying can also be arranged
Effective access times (for example, primary) of voucher, when the access times of validating documents are more than this effective access times, then this is tested
Card voucher loses effectiveness.
Provided in this embodiment in the auth method of alliance's block chain, equipment and storage medium, alliance's block
User node in chain was once registered in the first block chain mark for getting first service node to be logged in and user
After the second block chain mark of the second service node of user name, according to the second block chain mark from the account book of alliance's block chain
The first IP address of second service node is obtained, and user node is carried to the transmission of second service node based on the first IP address
Third block chain mark the first checking request so that second service node according to the first checking request feed back random number,
After the random number for receiving second service node feeding back, using the first shared key of user's input to the random number and first
Block chain mark is encrypted, and obtained the first encryption data of encryption and user name carried and is sent to the in verifying message
In first IP address of two service nodes, so that second service node is using the second encryption key in advance with user's agreement to institute
It states random number and the first block chain mark is encrypted, and the second encryption data that encryption is obtained and the first encryption data carry out
Comparison, and the validating documents comprising second service node private key signature, user node are sent to user node when the two is consistent
It receives and the second block chain of the validating documents and second service node mark is sent to first service section after the validating documents
Point, so that first service node verifies the signature in validating documents according to the public key of second service node, if verifying is logical
It crosses, then provides service for user.Technical solution based on the embodiment of the present invention, as long as user is any on alliance's block chain
User name and user key are had registered on service node, so that it may log on alliance's block chain using the user name and user key
Other service nodes, and enjoy the service of the service node, the fiber crops of a large number of users name and key remembered so as to avoid user
It is tired, the convenience of authentication is improved, the present embodiment is by (directly sending out the verifying message in verification process using P2P
Be sent in the IP address of recipient) mode be sent to recipient so that verifying message be not recorded in alliance's block chain, this
Sample can be avoided verifying message it is obtained by a hacker, reduce hit library attack risk, in addition, can by user node in this present embodiment
Directly to obtain random number from once registered service node, the forwarding of other intermediate nodes is not needed, thus can be into one
The efficiency of the raising authentication of step, mitigates the forwarding pressure of intermediate node.
Fig. 3 is a kind of flow chart of auth method based on alliance's block chain provided in an embodiment of the present invention, such as Fig. 3
It is shown, on the basis of Fig. 2 embodiment, this method comprises:
User node in step 301, alliance's block chain obtains the first service in alliance's block chain to be logged in
Second block chain of the second service node that the first block chain of node identifies and user once registered user name identifies.
Step 302, the user node are identified according to the second block chain and are looked into from the account book of alliance's block chain
The first IP address for obtaining the second service node is looked for, and is sent based on first IP address to the second service node
First checking request, first checking request include the third block chain mark of the user node.
Step 303, the user node receive that the second service node is returned according to first checking request
Three encryption datas include random number in the third encryption data.
Wherein, the third encryption data is that second service node carries out random number using the Encryption Algorithm made an appointment
What encryption obtained.
Step 304, the user node are decrypted from third encryption data and obtain random number, and are inputted using the user
The user when registering the user name with the second service node agreement the first shared key to the random number,
The first block chain mark is encrypted to obtain the first encryption data.
Step 305, the user node are based on first IP address and send verifying message to the second service node,
The verifying message includes the 4th encryption data, includes first encryption data and the user in the 4th encryption data
Name is decrypted from the 4th encryption data and obtains the so that the second service node is after receiving the verifying message
One encryption data and user name, and first encryption data and the second service node itself are calculated into second obtained and added
Ciphertext data is compared, and when both comparisons are consistent, Xiang Suoshu user node sends validating documents.
Wherein, the 4th encryption data be user node according to the Encryption Algorithm made an appointment to the first encryption data and
User name carries out encryption acquisition.
The validating documents include the user name and described the after the private key signature using the second service node
One block chain mark, second encryption data are that the second service node uses the user when registering the user name
The second shared key being arranged encrypts the random number, the first block chain mark.
Second service node adds validating documents using the Encryption Algorithm made an appointment when sending validating documents
It is close.User node obtains validating documents by decryption.
Step 306, the user node are by the validating documents and the second block chain mark of the second service node
Knowledge is sent to the first service node, so that the public key of the first service node based on second service node is to the verifying
Signature in voucher is verified, and provides service when being verified for the user.
The present embodiment improves peace of the verification information in transmission process by encrypting to the information in verification process
Quan Xing prevents verification information from being intercepted by attacker, reduces the generation for hitting library attack time.
Fig. 4 is a kind of structural schematic diagram of user node provided in an embodiment of the present invention, which is suitable for one kind
Alliance's block chain, user node provided in an embodiment of the present invention can execute the above-mentioned auth method based on alliance's block chain
Execution embodiment of the method process flow.As shown in figure 4, user node 40 includes: memory 41, processor 42, computer
Program and communication interface 43;Wherein, the computer program stores in the memory, and is configured as being held by processor 42
The following operation of row:
The the first block chain mark for obtaining the first service node in alliance's block chain to be logged in and user were once
Through registering the second block chain mark of the second service node of user name;It is identified according to the second block chain from the alliance
Search the first IP address for obtaining the second service node in the account book of block chain, and based on first IP address to described
Second service node sends the first checking request, and first checking request includes the third block chain mark of the user node
Know;Receive the random number that the second service node is returned according to first checking request;The institute inputted using the user
First shared key of the user when registering the user name with second service node agreement is stated to the random number, described
First block chain mark is encrypted to obtain the first encryption data;It is sent out based on first IP address to the second service node
Verifying message is sent, the verifying message includes first encryption data and the user name, so that the second service node
After receiving the verifying message, first encryption data and the second service node itself are calculated into second obtained
Encryption data is compared, and when both comparisons are consistent, Xiang Suoshu user node sends validating documents, the validating documents packet
The user name and the first block chain mark after including the private key signature using the second service node, described second adds
The second shared key that ciphertext data is arranged when registering the user name for the second service node using the user is to institute
State random number, the first block chain mark is encrypted;By the validating documents and the second service node
The second block chain mark be sent to the first service node so that the first service node is based on second service node
Public key verifies the signature in the validating documents, and provides service when being verified for the user.
In one embodiment, the validating documents further include timestamp information.
In one embodiment, the processor is being executed the validating documents and the second service node
When second block chain mark is sent to the operation of the first service node, it is used for:
By the validating documents and the second service section in the preset time range of the received validating documents
The second block chain mark of point is sent to the first service node.
In one embodiment, the processor is executing the reception second service node according to first verifying
When requesting the operation of the random number returned, it is used for:
Receive the random number that the second service node is sent to the second IP address of the user node.
The user node of embodiment illustrated in fig. 4 can be used for executing the technical solution of above method embodiment, realization principle
Similar with technical effect, details are not described herein again.
The embodiment of the present invention also provides a kind of alliance's block chain, which includes as described in above-mentioned Fig. 4 embodiment
User node.
In addition, the embodiment of the present invention also provides a kind of computer readable storage medium, it is stored thereon with computer program, institute
Computer program is stated to be executed by processor to realize the auth method based on alliance's block chain described in above-described embodiment
Execution method.
In several embodiments provided by the present invention, it should be understood that disclosed device and method can pass through it
Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, only
Only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can be tied
Another system is closed or is desirably integrated into, or some features can be ignored or not executed.Another point, it is shown or discussed
Mutual coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or logical of device or unit
Letter connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of hardware adds SFU software functional unit.
The above-mentioned integrated unit being realized in the form of SFU software functional unit can store and computer-readable deposit at one
In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a computer
It is each that equipment (can be personal computer, server or the network equipment etc.) or processor (processor) execute the present invention
The part steps of embodiment the method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (Read-
Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. it is various
It can store the medium of program code.
Those skilled in the art can be understood that, for convenience and simplicity of description, only with above-mentioned each functional module
Division progress for example, in practical application, can according to need and above-mentioned function distribution is complete by different functional modules
At the internal structure of device being divided into different functional modules, to complete all or part of the functions described above.On
The specific work process for stating the device of description, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent
Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to
So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into
Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution
The range of scheme.
Claims (10)
1. a kind of auth method based on alliance's block chain, which is characterized in that the described method includes:
User node in alliance's block chain obtains the firstth area of the first service node in alliance's block chain to be logged in
Block chain mark and user once registered the second block chain mark of the second service node of user name;
The user node, which identifies to search from the account book of alliance's block chain according to the second block chain, obtains described the
First IP address of two service nodes, and the first verifying is sent to the second service node based on first IP address and is asked
It asks, first checking request includes the third block chain mark of the user node;
The user node receives the random number that the second service node is returned according to first checking request;
The user node uses the user of user input when registering the user name and the second service section
First shared key of point agreement is encrypted to obtain the first encryption data to the random number, the first block chain mark;
The user node is based on first IP address and sends verifying message, the verifying message to the second service node
Including first encryption data and the user name, so that the second service node is after receiving the verifying message,
First encryption data and the second service node itself are calculated the second encryption data obtained to be compared, and than
When consistent to the two, Xiang Suoshu user node sends validating documents, and the validating documents include using the second service node
Private key signature after the user name and the first block chain mark, second encryption data be the second service section
The second shared key that point is arranged using the user when registering the user name is to the random number, the first block chain
What mark was encrypted;
Second block chain of the validating documents and second service node mark is sent to described by the user node
First service node, so that the public key of the first service node based on second service node is to the signature in the validating documents
It is verified, and provides service when being verified for the user.
2. the method according to claim 1, wherein the validating documents further include timestamp information.
3. according to the method described in claim 2, it is characterized in that, the user node is by the validating documents and described
The second block chain mark of two service nodes is sent to the first service node, comprising:
The user node is in the preset time range of the received validating documents by the validating documents and described
The second block chain mark of two service nodes is sent to the first service node.
4. method according to any one of claim 1-3, which is characterized in that the user node receives second clothes
The random number that business node is returned according to first checking request, comprising:
The user node receives the random number that the second service node is sent to the second IP address of the user node.
5. a kind of user node, the user node is suitable for a kind of alliance's block chain, which is characterized in that the user node packet
It includes:
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as executing following operation by the processor:
The the first block chain mark and user for obtaining the first service node in alliance's block chain to be logged in once were infused
Volume crosses the second block chain mark of the second service node of user name;
It is searched from the account book of alliance's block chain according to the second block chain mark and obtains the second service node
First IP address, and the first checking request is sent to the second service node based on first IP address, described first tests
Card request includes that the third block chain of the user node identifies;
Receive the random number that the second service node is returned according to first checking request;
First arranged when registering the user name with the second service node using the user of user input
Shared key is encrypted to obtain the first encryption data to the random number, the first block chain mark;
Verifying message is sent to the second service node based on first IP address, the verifying message includes described first
Encryption data and the user name, so that after receiving the verifying message, described first is added for the second service node
Ciphertext data calculates the second encryption data obtained with the second service node itself and is compared, and consistent comparing the two
When, Xiang Suoshu user node sends validating documents, and the validating documents include the private key signature using the second service node
The user name and the first block chain mark afterwards, second encryption data are described in the second service node uses
The second shared key that user is arranged when registering the user name adds the random number, the first block chain mark
It is close to obtain;
Second block chain of the validating documents and second service node mark is sent to the first service node,
So that the public key of the first service node based on second service node verifies the signature in the validating documents, and
Service is provided when being verified for the user.
6. user node according to claim 5, which is characterized in that the validating documents further include timestamp information.
7. user node according to claim 6, which is characterized in that the processor execute by the validating documents with
And the second block chain of the second service node identifies when being sent to the operation of the first service node, is used for:
By the validating documents and the second service node in the preset time range of the received validating documents
Second block chain mark is sent to the first service node.
8. the user node according to any one of claim 5-7, which is characterized in that the processor is executing reception institute
When stating the operation for the random number that second service node is returned according to first checking request, it is used for:
Receive the random number that the second service node is sent to the second IP address of the user node.
9. a kind of alliance's block chain, which is characterized in that including the user node as described in any one of claim 5-8.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
Such as method of any of claims 1-4 is realized when being executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910466958.2A CN110213264A (en) | 2019-05-30 | 2019-05-30 | Auth method, equipment and storage medium based on alliance's block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910466958.2A CN110213264A (en) | 2019-05-30 | 2019-05-30 | Auth method, equipment and storage medium based on alliance's block chain |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110213264A true CN110213264A (en) | 2019-09-06 |
Family
ID=67789855
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910466958.2A Pending CN110213264A (en) | 2019-05-30 | 2019-05-30 | Auth method, equipment and storage medium based on alliance's block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110213264A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111030829A (en) * | 2019-12-24 | 2020-04-17 | 山东爱城市网信息技术有限公司 | Method, device and medium for authorizing login of third-party application based on block chain |
CN111562902A (en) * | 2020-05-07 | 2020-08-21 | 成都库珀区块链科技有限公司 | Random number generation method and device based on block chain |
CN113542305A (en) * | 2021-08-11 | 2021-10-22 | 苏州同济区块链研究院有限公司 | Witness-end-and-shared symmetric-key-based block chaining and verification method and system |
CN113612789A (en) * | 2021-08-11 | 2021-11-05 | 苏州同济区块链研究院有限公司 | Witness-end and public-key-sharing-based block chaining evidence-storing method and device |
CN115150072A (en) * | 2022-06-20 | 2022-10-04 | 中国联合网络通信集团有限公司 | Cloud network issuing authentication method, equipment, device and storage medium |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105049434A (en) * | 2015-07-21 | 2015-11-11 | 中国科学院软件研究所 | Identity authentication method and encryption communication method under peer-to-peer network environment |
CN107079036A (en) * | 2016-12-23 | 2017-08-18 | 深圳前海达闼云端智能科技有限公司 | Registration and authorization method, apparatus and system |
CN107395349A (en) * | 2017-08-16 | 2017-11-24 | 深圳国微技术有限公司 | A kind of block chain network cryptographic key distribution method based on self-certified public key system |
CN107786339A (en) * | 2016-08-31 | 2018-03-09 | 陈新 | It is layered controllable alliance's block catenary system |
CN108235806A (en) * | 2017-12-28 | 2018-06-29 | 深圳达闼科技控股有限公司 | Method, device and system for safely accessing block chain, storage medium and electronic equipment |
US20180234413A1 (en) * | 2017-02-13 | 2018-08-16 | Zentel Japan Corporation | Authenticated Network |
CN109767220A (en) * | 2019-01-15 | 2019-05-17 | 中国联合网络通信集团有限公司 | Method of commerce based on block chain and the transaction system based on block chain |
-
2019
- 2019-05-30 CN CN201910466958.2A patent/CN110213264A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105049434A (en) * | 2015-07-21 | 2015-11-11 | 中国科学院软件研究所 | Identity authentication method and encryption communication method under peer-to-peer network environment |
CN107786339A (en) * | 2016-08-31 | 2018-03-09 | 陈新 | It is layered controllable alliance's block catenary system |
CN107079036A (en) * | 2016-12-23 | 2017-08-18 | 深圳前海达闼云端智能科技有限公司 | Registration and authorization method, apparatus and system |
US20180234413A1 (en) * | 2017-02-13 | 2018-08-16 | Zentel Japan Corporation | Authenticated Network |
CN107395349A (en) * | 2017-08-16 | 2017-11-24 | 深圳国微技术有限公司 | A kind of block chain network cryptographic key distribution method based on self-certified public key system |
CN108235806A (en) * | 2017-12-28 | 2018-06-29 | 深圳达闼科技控股有限公司 | Method, device and system for safely accessing block chain, storage medium and electronic equipment |
CN109767220A (en) * | 2019-01-15 | 2019-05-17 | 中国联合网络通信集团有限公司 | Method of commerce based on block chain and the transaction system based on block chain |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111030829A (en) * | 2019-12-24 | 2020-04-17 | 山东爱城市网信息技术有限公司 | Method, device and medium for authorizing login of third-party application based on block chain |
CN111562902A (en) * | 2020-05-07 | 2020-08-21 | 成都库珀区块链科技有限公司 | Random number generation method and device based on block chain |
CN111562902B (en) * | 2020-05-07 | 2023-08-11 | 成都库珀创新科技有限公司 | Block chain-based random number generation method and device |
CN113542305A (en) * | 2021-08-11 | 2021-10-22 | 苏州同济区块链研究院有限公司 | Witness-end-and-shared symmetric-key-based block chaining and verification method and system |
CN113612789A (en) * | 2021-08-11 | 2021-11-05 | 苏州同济区块链研究院有限公司 | Witness-end and public-key-sharing-based block chaining evidence-storing method and device |
CN115150072A (en) * | 2022-06-20 | 2022-10-04 | 中国联合网络通信集团有限公司 | Cloud network issuing authentication method, equipment, device and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Limbasiya et al. | Advanced formal authentication protocol using smart cards for network applicants | |
CN110213264A (en) | Auth method, equipment and storage medium based on alliance's block chain | |
CN110213046A (en) | Auth method, equipment and storage medium based on alliance's block chain | |
Jiang et al. | Cryptanalysis of smart‐card‐based password authenticated key agreement protocol for session initiation protocol of Zhang et al. | |
CN111464503B (en) | Network dynamic defense method, device and system based on random multidimensional transformation | |
CN105262748B (en) | Identity authentication method and system are carried out to user terminal in wide area network | |
CN110198316A (en) | Auth method, equipment and storage medium based on alliance's block chain | |
CN110225017A (en) | Auth method, equipment and storage medium based on alliance's block chain | |
CN110166255A (en) | Auth method, equipment and storage medium based on alliance's block chain | |
CN110213263B (en) | Identity authentication method, equipment and storage medium based on alliance block chain | |
CN103023911A (en) | Authentication method for access of trusted network devices to trusted network | |
Arshad et al. | Security analysis and improvement of two authentication and key agreement schemes for session initiation protocol | |
Alhaidary et al. | Vulnerability analysis for the authentication protocols in trusted computing platforms and a proposed enhancement of the offpad protocol | |
Kumar | Cloud computing: threats, attacks and solutions | |
CN110138558A (en) | Transmission method, equipment and the computer readable storage medium of session key | |
Guo et al. | Uppresso: Untraceable and unlinkable privacy-preserving single sign-on services | |
Donald et al. | A secure authentication scheme for MobiCloud | |
Lagarde | Security assessment of authentication and authorization mechanisms in ethereum, quorum, hyperledger fabric and corda | |
Pradeep et al. | Formal verification of authentication and confidentiality for TACACS+ security protocol using scyther | |
Aiash | A formal analysis of authentication protocols for mobile devices in next generation networks | |
He et al. | Preventing iot ddos attacks using blockchain and ip address obfuscation | |
CN110176994A (en) | Session cipher key distributing method, equipment and storage medium based on alliance's block chain | |
CN116506118A (en) | Identity privacy protection method in PKI certificate transparentization service | |
CN110213047A (en) | Transmission method, equipment and the computer readable storage medium of session key | |
Tan et al. | Securing password authentication for web-based applications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
AD01 | Patent right deemed abandoned | ||
AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20220415 |