CN110213264A - Auth method, equipment and storage medium based on alliance's block chain - Google Patents

Auth method, equipment and storage medium based on alliance's block chain Download PDF

Info

Publication number
CN110213264A
CN110213264A CN201910466958.2A CN201910466958A CN110213264A CN 110213264 A CN110213264 A CN 110213264A CN 201910466958 A CN201910466958 A CN 201910466958A CN 110213264 A CN110213264 A CN 110213264A
Authority
CN
China
Prior art keywords
block chain
user
service node
node
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910466958.2A
Other languages
Chinese (zh)
Inventor
路成业
王凌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Iallchain Co Ltd
Original Assignee
Iallchain Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Iallchain Co Ltd filed Critical Iallchain Co Ltd
Priority to CN201910466958.2A priority Critical patent/CN110213264A/en
Publication of CN110213264A publication Critical patent/CN110213264A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present invention provides a kind of auth method based on alliance's block chain, equipment and storage medium.This method includes that user node obtains the first block chain mark of first service node to be logged in and the second block chain mark of second service node;The first IP address of second service node is searched from account book according to the second block chain mark, and the first checking request is sent to second service node based on the first IP address;Receive the random number that second service node returns;Random number, the first block chain mark are encrypted to obtain the first encryption data using the shared key of agreement;Verifying message is sent to the first IP address, the first encryption data is calculated the second encryption data obtained with second service node itself according to verifying message and is compared by second service node, and when comparing consistent, returns to validating documents;Validating documents and the second block chain mark are sent to first service node and verified.The present invention improves the safety and efficiency of authentication.

Description

Auth method, equipment and storage medium based on alliance's block chain
Technical field
The present embodiments relate to block chain technical field more particularly to a kind of authentication sides based on alliance's block chain Method, equipment and storage medium.
Background technique
There are many Internet Service Providers (Internet Service Provider, abbreviation on the internet ISP)/Web content service provider (Internet Content Provider, abbreviation ICP), each user are enjoying ISP/ICP It must be registered on the ISP/ICP before the service of offer, for example currently everyone generally has wechat, Alipay etc. each Kind of APP, and if each APP is registered, and if the account registered on different APP as password, is easy to Library attack is hit, the safety of account is lower, and if the account registered on different APP, password are different, and hold very much Easily pass into silence, give for change again account, password it is cumbersome.
Summary of the invention
The embodiment of the present invention provides a kind of auth method based on alliance's block chain, equipment and storage medium, to When improving user using Internet service, the efficiency and safety of authentication avoid user from remembering a large number of users name and password Trouble, solve the problems, such as the username and password of the multiple Internet services of user it is consistent caused by be easy hit library attack.
In a first aspect, the embodiment of the present invention provides a kind of auth method based on alliance's block chain, this method comprises:
User node in alliance's block chain obtains of the first service node in alliance's block chain to be logged in One block chain mark and user once registered the second block chain mark of the second service node of user name;The user Node, which identifies to search from the account book of alliance's block chain according to the second block chain, obtains the second service node First IP address, and the first checking request is sent to the second service node based on first IP address, described first tests Card request includes that the third block chain of the user node identifies;The user node receives the second service node according to institute State the random number of the first checking request return;The user node is registering the use using the user of user input The random number, the first block chain mark are carried out with the first shared key of the second service node agreement when name in an account book Encryption obtains the first encryption data;The user node is based on first IP address and sends verifying to the second service node Message, the verifying message includes first encryption data and the user name, so that the second service node is receiving To after the verifying message, first encryption data and the second service node itself are calculated to the second encryption number obtained According to being compared, and when both comparing consistent, Xiang Suoshu user node sends validating documents, and the validating documents include using The user name and the first block chain mark after the private key signature of the second service node, second encryption data The second shared key being arranged when register the user name for the second service node using the user to it is described at random What several, the described first block chain mark was encrypted;The user node takes the validating documents and described second The second block chain mark of business node is sent to the first service node, so that the first service node is based on second service The public key of node verifies the signature in the validating documents, and provides service when being verified for the user.
In one embodiment, the validating documents further include timestamp information.
In one embodiment, the user node is by the second of the validating documents and the second service node Block chain mark is sent to the first service node, comprising:
The user node is in the preset time range of the received validating documents by the validating documents and institute The the second block chain mark for stating second service node is sent to the first service node.
In one embodiment, the user node receives the second service node according to first checking request The random number of return, comprising:
The user node receive the second service node sent to the second IP address of the user node it is random Number.
Second aspect, the embodiment of the present invention provide a kind of user node, and the user node is suitable for a kind of alliance's block Chain, the user node include:
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as being executed by the processor following Operation:
The the first block chain mark for obtaining the first service node in alliance's block chain to be logged in and user were once Through registering the second block chain mark of the second service node of user name;It is identified according to the second block chain from the alliance Search the first IP address for obtaining the second service node in the account book of block chain, and based on first IP address to described Second service node sends the first checking request, and first checking request includes the third block chain mark of the user node Know;Receive the random number that the second service node is returned according to first checking request;The institute inputted using the user First shared key of the user when registering the user name with second service node agreement is stated to the random number, described First block chain mark is encrypted to obtain the first encryption data;It is sent out based on first IP address to the second service node Verifying message is sent, the verifying message includes first encryption data and the user name, so that the second service node After receiving the verifying message, first encryption data and the second service node itself are calculated into second obtained Encryption data is compared, and when both comparisons are consistent, Xiang Suoshu user node sends validating documents, the validating documents packet The user name and the first block chain mark after including the private key signature using the second service node, described second adds The second shared key that ciphertext data is arranged when registering the user name for the second service node using the user is to institute State random number, the first block chain mark is encrypted;By the validating documents and the second service node The second block chain mark be sent to the first service node so that the first service node is based on second service node Public key verifies the signature in the validating documents, and provides service when being verified for the user.
In one embodiment, the validating documents further include timestamp information.
In one embodiment, the processor is being executed the validating documents and the second service node When second block chain mark is sent to the operation of the first service node, it is used for:
By the validating documents and the second service section in the preset time range of the received validating documents The second block chain mark of point is sent to the first service node.
In one embodiment, the processor is executing the reception second service node according to first verifying When requesting the operation of the random number returned, it is used for:
Receive the random number that the second service node is sent to the second IP address of the user node.
The third aspect, the embodiment of the present invention provide a kind of alliance's block chain, which includes above-mentioned second aspect The user node.
Fourth aspect, the embodiment of the present invention provide a kind of computer readable storage medium, are stored thereon with computer program, The computer program is executed by processor to realize method described in first aspect.
Provided in an embodiment of the present invention in the auth method of alliance's block chain, equipment and storage medium, alliance User node in block chain was once infused in the first block chain mark for getting first service node to be logged in and user After volume crosses the second block chain mark of the second service node of user name, the account from alliance's block chain is identified according to the second block chain The first IP address of second service node is obtained in this, and user is carried to the transmission of second service node based on the first IP address First checking request of the third block chain mark of node, so that second service node is fed back at random according to the first checking request Number, after the random number for receiving second service node feeding back, using the first shared key of user's input to the random number It is encrypted with the first block chain mark, and the first encryption data and user name that encryption obtains is carried and sent out in verifying message It is sent in the first IP address of second service node, so that second service node is close using the second encryption in advance with user's agreement The second encryption data that key encrypts to the random number and the first block chain mark, and encryption is obtained encrypts number with first According to comparing, and send to user node when the two is consistent include second service node private key signature validating documents, use Family node receives and the second block chain of the validating documents and second service node mark is sent to first after the validating documents Service node, so that first service node verifies the signature in validating documents according to the public key of second service node, if It is verified, then provides service for user.Technical solution based on the embodiment of the present invention, as long as user is in alliance's block chain User name and user key are had registered on upper any service node, so that it may log in area, alliance using the user name and user key Other service nodes on block chain, and enjoy the service of the service node remember a large number of users name and close so as to avoid user The trouble of key improves the convenience of authentication, and the embodiment of the present invention is by using P2P for the verifying message in verification process The mode of (being sent directly in the IP address of recipient) is sent to recipient, so that verifying message is not recorded in area, alliance In block chain, can be avoided in this way verifying message it is obtained by a hacker, reduce hit library attack risk, in addition, due to the present invention implement User node directly can obtain random number from once registered service node in example, do not need other intermediate nodes and turn Hair, thus the efficiency of authentication can be further improved, mitigate the forwarding pressure of intermediate node.
Detailed description of the invention
Fig. 1 is a kind of schematic diagram of communication system provided in an embodiment of the present invention;
Fig. 2 is a kind of flow chart of the auth method based on alliance's block chain provided in an embodiment of the present invention;
Fig. 3 is a kind of flow chart of auth method based on alliance's block chain provided in an embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram of user node provided in an embodiment of the present invention.
Through the above attached drawings, it has been shown that the specific embodiment of the disclosure will be hereinafter described in more detail.These attached drawings It is not intended to limit the scope of this disclosure concept by any means with verbal description, but is by referring to specific embodiments Those skilled in the art illustrate the concept of the disclosure.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all implementations consistent with this disclosure.On the contrary, they be only with it is such as appended The example of the consistent device and method of some aspects be described in detail in claims, the disclosure.
Auth method provided in an embodiment of the present invention based on alliance's block chain, it is intended to solve in the prior art if The account that user registers in different application programs (APP) is as password, it is easy to be hit library attack, the safety of account It is lower, and if the account registered on different APP, password are different, and be easy to pass into silence, give account, close for change again The cumbersome technical problem of code, particularly, the embodiment of the present invention also focuses on the basis of solving above-mentioned technical problem Improve the efficiency of authentication.This method can be adapted for communication system shown in FIG. 1.As shown in Figure 1, the communication system packet Include: first service node 11, second service node 12, user node 13, third service node 14, the 4th service node 15, with And the 5th service node 16, wherein first service node 11, second service node 12, user node 13, third service node 14, the 4th service node 15 and the 5th service node 16 belong to same alliance's block chain.Wherein, second service node 12, Three service nodes 14, the 4th service node 15 and the 5th service node 16 can provide different services for user, and citing comes It says, second service node 12, third service node 14, the 4th service node 15 and the 5th service node 16 can be used respectively In offer " pushing away spy " service, " facebook " service, " wechat " service and " Alipay " service, certainly it is only for illustrate without It is uniquely to limit.In addition, only schematically illustrate herein, the structure and alliance's block chain of alliance's block chain are not limited Node number.
How technical solution of the present invention and technical solution of the present invention are solved with specifically embodiment below above-mentioned Technical problem is described in detail.These specific embodiments can be combined with each other below, for the same or similar concept Or process may repeat no more in certain embodiments.Below in conjunction with attached drawing, the embodiment of the present invention is described.
Fig. 2 is a kind of flow chart of the auth method based on alliance's block chain provided in an embodiment of the present invention.The party Method is suitable for a kind of alliance's block chain, and the structure of alliance's block chain is referred to Fig. 1, and specific step is as follows for this method:
User node in step 201, alliance's block chain obtains the first service in alliance's block chain to be logged in Second block chain of the second service node that the first block chain of node identifies and user once registered user name identifies.
Step 202, the user node are identified according to the second block chain and are looked into from the account book of alliance's block chain The first IP address for obtaining the second service node is looked for, and is sent based on first IP address to the second service node First checking request, first checking request include the third block chain mark of the user node.
Step 203, the user node receive the second service node according to first checking request return with Machine number.
Step 204, the user node use the user of user input when registering the user name and institute It states the first shared key of second service node agreement and is encrypted to obtain the to the random number, the first block chain mark One encryption data.
Step 205, the user node are based on first IP address and send verifying message to the second service node, The verifying message includes first encryption data and the user name so that the second service node receive it is described After verifying message, first encryption data and the second service node itself are calculated into the second encryption data obtained and carried out It compares, and when both comparisons are consistent, Xiang Suoshu user node sends validating documents.
Wherein, the validating documents include using the second service node private key signature after the user name and institute The first block chain mark is stated, second encryption data is that the second service node uses the user registering the user The second shared key being arranged when name encrypts the random number, the first block chain mark.
Step 206, the user node are by the validating documents and the second block chain mark of the second service node Knowledge is sent to the first service node, so that the public key of the first service node based on second service node is to the verifying Signature in voucher is verified, and provides service when being verified for the user.
By taking Fig. 1 as an example, second service node 12, third service node 14, the 4th service node 15, Yi Ji in Fig. 1 The building of five service nodes 16 forms alliance's block chain, and provides authentication service for other service nodes or user node.It should Preserved in the wound generation block of alliance's block chain second service node 12, third service node 14, the 4th service node 15 and The information such as the block chain mark of the 5th service node 16, public key, IP address, second service node 12, third service node 14, Four service nodes 15 and the 5th service node 16 carry out alliance's block chain collectively as the original node of this alliance block chain Management, includes whether that some service node is allowed to access this alliance block chain etc..
User by the mode under block chain chain carries out the registration of user name and key or in alliance's block chain It was registered on some service node, in this example, it is assumed that user registered on second service node 12, but not in the first clothes It is engaged in registering on node 11.
Specifically, in the present embodiment, the node of alliance's block chain, for example second service node 12 is in alliance's block chain State the block chain mark (for the ease of distinguishing, hereinafter referred to as the second block chain mark) of oneself, which uses broadcast message And the mode of private key signature is published in alliance's block chain, the block chain mark of second service node 12 is recorded in alliance's block In the account book of chain.
User node 13 is when requesting the service of first service node 11, it is possible, firstly, to be prompted by user interface User inputs the first block chain mark of first service node 11 and the second block chain of second service node 12 identifies, Huo Zheye It can be according to the information of the service that first service node 11 and second service node 12 can be provided (such as service name " wechat " Deng) or other information associated with first service node 11, second service node 12, it is obtained from the account book of alliance's block chain It takes the first block chain of first service node 11 to identify to identify with the second block chain of second service node 12.
Obtain the first block chain mark and the second block chain mark after, user node 13 according to the second block chain identify from The first IP address of second service node is searched in the account book of alliance's block chain, to ask the first verifying according to the first IP address It asks and is sent to second service node 12, wherein identified in the first checking request including at least the third block chain of user node 13, It optionally, in other embodiments may include user name, the second block chain mark of second service node etc. of user's input Information.
Second service node 12 generates a random number after receiving the first checking request of user node 13, and leads to It crosses the mode on chain or under chain and the random number is sent to user node 13, for example, being sent random number to by way of P2P In second IP address of user node 13, so that user node 13 is received from its second IP address obtains random number.Or Random number Jing Guo 12 private key signature of second service node can be carried in broadcast message, be broadcast in alliance's block chain, So that user node 13 obtains random number from the broadcast message.
User node 13 obtains the first shared key of user's input, the first shared key after receiving random number It should be the key that user arranges when registering user name on second service node with second service node 12.User node 13 passes through First shared key encrypts the random number and aforementioned the first block chain mark got that receive, obtains first and adds Ciphertext data.Then, it based on the first IP address or broadcast message of second service node 12, is tested to the transmission of second service node 12 Message is demonstrate,proved, the first encryption data is included at least in the verifying message, the user name that user inputs, can also include using optionally Identification information, the second block chain mark of second service node 12 at family etc..
Second service node 12 obtains the first block chain mark and is used from verifying message after receiving verifying message Name in an account book, then, the second shared key arranged when registering the user name on it based on user is (if the first of user's input is total It is errorless to enjoy key, then the first shared key and the second shared key should be same keys) user node 13 is sent to it Random number and the first block chain mark are encrypted to obtain the second encryption data.
After obtaining the second encryption data, second service node 12 compares the second encryption data and the first encryption data Right, if the two is consistent, certification passes through, and generates validating documents, and pass through the second IP address or broadcast message of user node 13, The validating documents are sent to user node 13.The validating documents include at least the user name and the first block chain mark Know, can also include the identification information and timestamp information of the user optionally, the information in the validating documents is by the The private key signature of two service nodes 12.It can prevent the playback of malicious attack side from attacking by adding timestamp information in validating documents It hits.
User node 13 is after receiving the validating documents, in preset time range by the validating documents and second service The second block chain mark of node 12 is sent to first service node 11, and first service node is according to the public affairs of second service node 12 Key verifies the signature in validating documents, if being verified, provides services to the user.Wherein, if being more than described default Then the validating documents fail time range, prevent attacker's Replay Attack, or in other embodiments, verifying can also be arranged Effective access times (for example, primary) of voucher, when the access times of validating documents are more than this effective access times, then this is tested Card voucher loses effectiveness.
Provided in this embodiment in the auth method of alliance's block chain, equipment and storage medium, alliance's block User node in chain was once registered in the first block chain mark for getting first service node to be logged in and user After the second block chain mark of the second service node of user name, according to the second block chain mark from the account book of alliance's block chain The first IP address of second service node is obtained, and user node is carried to the transmission of second service node based on the first IP address Third block chain mark the first checking request so that second service node according to the first checking request feed back random number, After the random number for receiving second service node feeding back, using the first shared key of user's input to the random number and first Block chain mark is encrypted, and obtained the first encryption data of encryption and user name carried and is sent to the in verifying message In first IP address of two service nodes, so that second service node is using the second encryption key in advance with user's agreement to institute It states random number and the first block chain mark is encrypted, and the second encryption data that encryption is obtained and the first encryption data carry out Comparison, and the validating documents comprising second service node private key signature, user node are sent to user node when the two is consistent It receives and the second block chain of the validating documents and second service node mark is sent to first service section after the validating documents Point, so that first service node verifies the signature in validating documents according to the public key of second service node, if verifying is logical It crosses, then provides service for user.Technical solution based on the embodiment of the present invention, as long as user is any on alliance's block chain User name and user key are had registered on service node, so that it may log on alliance's block chain using the user name and user key Other service nodes, and enjoy the service of the service node, the fiber crops of a large number of users name and key remembered so as to avoid user It is tired, the convenience of authentication is improved, the present embodiment is by (directly sending out the verifying message in verification process using P2P Be sent in the IP address of recipient) mode be sent to recipient so that verifying message be not recorded in alliance's block chain, this Sample can be avoided verifying message it is obtained by a hacker, reduce hit library attack risk, in addition, can by user node in this present embodiment Directly to obtain random number from once registered service node, the forwarding of other intermediate nodes is not needed, thus can be into one The efficiency of the raising authentication of step, mitigates the forwarding pressure of intermediate node.
Fig. 3 is a kind of flow chart of auth method based on alliance's block chain provided in an embodiment of the present invention, such as Fig. 3 It is shown, on the basis of Fig. 2 embodiment, this method comprises:
User node in step 301, alliance's block chain obtains the first service in alliance's block chain to be logged in Second block chain of the second service node that the first block chain of node identifies and user once registered user name identifies.
Step 302, the user node are identified according to the second block chain and are looked into from the account book of alliance's block chain The first IP address for obtaining the second service node is looked for, and is sent based on first IP address to the second service node First checking request, first checking request include the third block chain mark of the user node.
Step 303, the user node receive that the second service node is returned according to first checking request Three encryption datas include random number in the third encryption data.
Wherein, the third encryption data is that second service node carries out random number using the Encryption Algorithm made an appointment What encryption obtained.
Step 304, the user node are decrypted from third encryption data and obtain random number, and are inputted using the user The user when registering the user name with the second service node agreement the first shared key to the random number, The first block chain mark is encrypted to obtain the first encryption data.
Step 305, the user node are based on first IP address and send verifying message to the second service node, The verifying message includes the 4th encryption data, includes first encryption data and the user in the 4th encryption data Name is decrypted from the 4th encryption data and obtains the so that the second service node is after receiving the verifying message One encryption data and user name, and first encryption data and the second service node itself are calculated into second obtained and added Ciphertext data is compared, and when both comparisons are consistent, Xiang Suoshu user node sends validating documents.
Wherein, the 4th encryption data be user node according to the Encryption Algorithm made an appointment to the first encryption data and User name carries out encryption acquisition.
The validating documents include the user name and described the after the private key signature using the second service node One block chain mark, second encryption data are that the second service node uses the user when registering the user name The second shared key being arranged encrypts the random number, the first block chain mark.
Second service node adds validating documents using the Encryption Algorithm made an appointment when sending validating documents It is close.User node obtains validating documents by decryption.
Step 306, the user node are by the validating documents and the second block chain mark of the second service node Knowledge is sent to the first service node, so that the public key of the first service node based on second service node is to the verifying Signature in voucher is verified, and provides service when being verified for the user.
The present embodiment improves peace of the verification information in transmission process by encrypting to the information in verification process Quan Xing prevents verification information from being intercepted by attacker, reduces the generation for hitting library attack time.
Fig. 4 is a kind of structural schematic diagram of user node provided in an embodiment of the present invention, which is suitable for one kind Alliance's block chain, user node provided in an embodiment of the present invention can execute the above-mentioned auth method based on alliance's block chain Execution embodiment of the method process flow.As shown in figure 4, user node 40 includes: memory 41, processor 42, computer Program and communication interface 43;Wherein, the computer program stores in the memory, and is configured as being held by processor 42 The following operation of row:
The the first block chain mark for obtaining the first service node in alliance's block chain to be logged in and user were once Through registering the second block chain mark of the second service node of user name;It is identified according to the second block chain from the alliance Search the first IP address for obtaining the second service node in the account book of block chain, and based on first IP address to described Second service node sends the first checking request, and first checking request includes the third block chain mark of the user node Know;Receive the random number that the second service node is returned according to first checking request;The institute inputted using the user First shared key of the user when registering the user name with second service node agreement is stated to the random number, described First block chain mark is encrypted to obtain the first encryption data;It is sent out based on first IP address to the second service node Verifying message is sent, the verifying message includes first encryption data and the user name, so that the second service node After receiving the verifying message, first encryption data and the second service node itself are calculated into second obtained Encryption data is compared, and when both comparisons are consistent, Xiang Suoshu user node sends validating documents, the validating documents packet The user name and the first block chain mark after including the private key signature using the second service node, described second adds The second shared key that ciphertext data is arranged when registering the user name for the second service node using the user is to institute State random number, the first block chain mark is encrypted;By the validating documents and the second service node The second block chain mark be sent to the first service node so that the first service node is based on second service node Public key verifies the signature in the validating documents, and provides service when being verified for the user.
In one embodiment, the validating documents further include timestamp information.
In one embodiment, the processor is being executed the validating documents and the second service node When second block chain mark is sent to the operation of the first service node, it is used for:
By the validating documents and the second service section in the preset time range of the received validating documents The second block chain mark of point is sent to the first service node.
In one embodiment, the processor is executing the reception second service node according to first verifying When requesting the operation of the random number returned, it is used for:
Receive the random number that the second service node is sent to the second IP address of the user node.
The user node of embodiment illustrated in fig. 4 can be used for executing the technical solution of above method embodiment, realization principle Similar with technical effect, details are not described herein again.
The embodiment of the present invention also provides a kind of alliance's block chain, which includes as described in above-mentioned Fig. 4 embodiment User node.
In addition, the embodiment of the present invention also provides a kind of computer readable storage medium, it is stored thereon with computer program, institute Computer program is stated to be executed by processor to realize the auth method based on alliance's block chain described in above-described embodiment Execution method.
In several embodiments provided by the present invention, it should be understood that disclosed device and method can pass through it Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, only Only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can be tied Another system is closed or is desirably integrated into, or some features can be ignored or not executed.Another point, it is shown or discussed Mutual coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or logical of device or unit Letter connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of hardware adds SFU software functional unit.
The above-mentioned integrated unit being realized in the form of SFU software functional unit can store and computer-readable deposit at one In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a computer It is each that equipment (can be personal computer, server or the network equipment etc.) or processor (processor) execute the present invention The part steps of embodiment the method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (Read- Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. it is various It can store the medium of program code.
Those skilled in the art can be understood that, for convenience and simplicity of description, only with above-mentioned each functional module Division progress for example, in practical application, can according to need and above-mentioned function distribution is complete by different functional modules At the internal structure of device being divided into different functional modules, to complete all or part of the functions described above.On The specific work process for stating the device of description, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution The range of scheme.

Claims (10)

1. a kind of auth method based on alliance's block chain, which is characterized in that the described method includes:
User node in alliance's block chain obtains the firstth area of the first service node in alliance's block chain to be logged in Block chain mark and user once registered the second block chain mark of the second service node of user name;
The user node, which identifies to search from the account book of alliance's block chain according to the second block chain, obtains described the First IP address of two service nodes, and the first verifying is sent to the second service node based on first IP address and is asked It asks, first checking request includes the third block chain mark of the user node;
The user node receives the random number that the second service node is returned according to first checking request;
The user node uses the user of user input when registering the user name and the second service section First shared key of point agreement is encrypted to obtain the first encryption data to the random number, the first block chain mark;
The user node is based on first IP address and sends verifying message, the verifying message to the second service node Including first encryption data and the user name, so that the second service node is after receiving the verifying message, First encryption data and the second service node itself are calculated the second encryption data obtained to be compared, and than When consistent to the two, Xiang Suoshu user node sends validating documents, and the validating documents include using the second service node Private key signature after the user name and the first block chain mark, second encryption data be the second service section The second shared key that point is arranged using the user when registering the user name is to the random number, the first block chain What mark was encrypted;
Second block chain of the validating documents and second service node mark is sent to described by the user node First service node, so that the public key of the first service node based on second service node is to the signature in the validating documents It is verified, and provides service when being verified for the user.
2. the method according to claim 1, wherein the validating documents further include timestamp information.
3. according to the method described in claim 2, it is characterized in that, the user node is by the validating documents and described The second block chain mark of two service nodes is sent to the first service node, comprising:
The user node is in the preset time range of the received validating documents by the validating documents and described The second block chain mark of two service nodes is sent to the first service node.
4. method according to any one of claim 1-3, which is characterized in that the user node receives second clothes The random number that business node is returned according to first checking request, comprising:
The user node receives the random number that the second service node is sent to the second IP address of the user node.
5. a kind of user node, the user node is suitable for a kind of alliance's block chain, which is characterized in that the user node packet It includes:
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as executing following operation by the processor:
The the first block chain mark and user for obtaining the first service node in alliance's block chain to be logged in once were infused Volume crosses the second block chain mark of the second service node of user name;
It is searched from the account book of alliance's block chain according to the second block chain mark and obtains the second service node First IP address, and the first checking request is sent to the second service node based on first IP address, described first tests Card request includes that the third block chain of the user node identifies;
Receive the random number that the second service node is returned according to first checking request;
First arranged when registering the user name with the second service node using the user of user input Shared key is encrypted to obtain the first encryption data to the random number, the first block chain mark;
Verifying message is sent to the second service node based on first IP address, the verifying message includes described first Encryption data and the user name, so that after receiving the verifying message, described first is added for the second service node Ciphertext data calculates the second encryption data obtained with the second service node itself and is compared, and consistent comparing the two When, Xiang Suoshu user node sends validating documents, and the validating documents include the private key signature using the second service node The user name and the first block chain mark afterwards, second encryption data are described in the second service node uses The second shared key that user is arranged when registering the user name adds the random number, the first block chain mark It is close to obtain;
Second block chain of the validating documents and second service node mark is sent to the first service node, So that the public key of the first service node based on second service node verifies the signature in the validating documents, and Service is provided when being verified for the user.
6. user node according to claim 5, which is characterized in that the validating documents further include timestamp information.
7. user node according to claim 6, which is characterized in that the processor execute by the validating documents with And the second block chain of the second service node identifies when being sent to the operation of the first service node, is used for:
By the validating documents and the second service node in the preset time range of the received validating documents Second block chain mark is sent to the first service node.
8. the user node according to any one of claim 5-7, which is characterized in that the processor is executing reception institute When stating the operation for the random number that second service node is returned according to first checking request, it is used for:
Receive the random number that the second service node is sent to the second IP address of the user node.
9. a kind of alliance's block chain, which is characterized in that including the user node as described in any one of claim 5-8.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program Such as method of any of claims 1-4 is realized when being executed by processor.
CN201910466958.2A 2019-05-30 2019-05-30 Auth method, equipment and storage medium based on alliance's block chain Pending CN110213264A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910466958.2A CN110213264A (en) 2019-05-30 2019-05-30 Auth method, equipment and storage medium based on alliance's block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910466958.2A CN110213264A (en) 2019-05-30 2019-05-30 Auth method, equipment and storage medium based on alliance's block chain

Publications (1)

Publication Number Publication Date
CN110213264A true CN110213264A (en) 2019-09-06

Family

ID=67789855

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910466958.2A Pending CN110213264A (en) 2019-05-30 2019-05-30 Auth method, equipment and storage medium based on alliance's block chain

Country Status (1)

Country Link
CN (1) CN110213264A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111030829A (en) * 2019-12-24 2020-04-17 山东爱城市网信息技术有限公司 Method, device and medium for authorizing login of third-party application based on block chain
CN111562902A (en) * 2020-05-07 2020-08-21 成都库珀区块链科技有限公司 Random number generation method and device based on block chain
CN113542305A (en) * 2021-08-11 2021-10-22 苏州同济区块链研究院有限公司 Witness-end-and-shared symmetric-key-based block chaining and verification method and system
CN113612789A (en) * 2021-08-11 2021-11-05 苏州同济区块链研究院有限公司 Witness-end and public-key-sharing-based block chaining evidence-storing method and device
CN115150072A (en) * 2022-06-20 2022-10-04 中国联合网络通信集团有限公司 Cloud network issuing authentication method, equipment, device and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105049434A (en) * 2015-07-21 2015-11-11 中国科学院软件研究所 Identity authentication method and encryption communication method under peer-to-peer network environment
CN107079036A (en) * 2016-12-23 2017-08-18 深圳前海达闼云端智能科技有限公司 Registration and authorization method, apparatus and system
CN107395349A (en) * 2017-08-16 2017-11-24 深圳国微技术有限公司 A kind of block chain network cryptographic key distribution method based on self-certified public key system
CN107786339A (en) * 2016-08-31 2018-03-09 陈新 It is layered controllable alliance's block catenary system
CN108235806A (en) * 2017-12-28 2018-06-29 深圳达闼科技控股有限公司 Method, device and system for safely accessing block chain, storage medium and electronic equipment
US20180234413A1 (en) * 2017-02-13 2018-08-16 Zentel Japan Corporation Authenticated Network
CN109767220A (en) * 2019-01-15 2019-05-17 中国联合网络通信集团有限公司 Method of commerce based on block chain and the transaction system based on block chain

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105049434A (en) * 2015-07-21 2015-11-11 中国科学院软件研究所 Identity authentication method and encryption communication method under peer-to-peer network environment
CN107786339A (en) * 2016-08-31 2018-03-09 陈新 It is layered controllable alliance's block catenary system
CN107079036A (en) * 2016-12-23 2017-08-18 深圳前海达闼云端智能科技有限公司 Registration and authorization method, apparatus and system
US20180234413A1 (en) * 2017-02-13 2018-08-16 Zentel Japan Corporation Authenticated Network
CN107395349A (en) * 2017-08-16 2017-11-24 深圳国微技术有限公司 A kind of block chain network cryptographic key distribution method based on self-certified public key system
CN108235806A (en) * 2017-12-28 2018-06-29 深圳达闼科技控股有限公司 Method, device and system for safely accessing block chain, storage medium and electronic equipment
CN109767220A (en) * 2019-01-15 2019-05-17 中国联合网络通信集团有限公司 Method of commerce based on block chain and the transaction system based on block chain

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111030829A (en) * 2019-12-24 2020-04-17 山东爱城市网信息技术有限公司 Method, device and medium for authorizing login of third-party application based on block chain
CN111562902A (en) * 2020-05-07 2020-08-21 成都库珀区块链科技有限公司 Random number generation method and device based on block chain
CN111562902B (en) * 2020-05-07 2023-08-11 成都库珀创新科技有限公司 Block chain-based random number generation method and device
CN113542305A (en) * 2021-08-11 2021-10-22 苏州同济区块链研究院有限公司 Witness-end-and-shared symmetric-key-based block chaining and verification method and system
CN113612789A (en) * 2021-08-11 2021-11-05 苏州同济区块链研究院有限公司 Witness-end and public-key-sharing-based block chaining evidence-storing method and device
CN115150072A (en) * 2022-06-20 2022-10-04 中国联合网络通信集团有限公司 Cloud network issuing authentication method, equipment, device and storage medium

Similar Documents

Publication Publication Date Title
Limbasiya et al. Advanced formal authentication protocol using smart cards for network applicants
CN110213264A (en) Auth method, equipment and storage medium based on alliance's block chain
CN110213046A (en) Auth method, equipment and storage medium based on alliance's block chain
Jiang et al. Cryptanalysis of smart‐card‐based password authenticated key agreement protocol for session initiation protocol of Zhang et al.
CN111464503B (en) Network dynamic defense method, device and system based on random multidimensional transformation
CN105262748B (en) Identity authentication method and system are carried out to user terminal in wide area network
CN110198316A (en) Auth method, equipment and storage medium based on alliance's block chain
CN110225017A (en) Auth method, equipment and storage medium based on alliance's block chain
CN110166255A (en) Auth method, equipment and storage medium based on alliance's block chain
CN110213263B (en) Identity authentication method, equipment and storage medium based on alliance block chain
CN103023911A (en) Authentication method for access of trusted network devices to trusted network
Arshad et al. Security analysis and improvement of two authentication and key agreement schemes for session initiation protocol
Alhaidary et al. Vulnerability analysis for the authentication protocols in trusted computing platforms and a proposed enhancement of the offpad protocol
Kumar Cloud computing: threats, attacks and solutions
CN110138558A (en) Transmission method, equipment and the computer readable storage medium of session key
Guo et al. Uppresso: Untraceable and unlinkable privacy-preserving single sign-on services
Donald et al. A secure authentication scheme for MobiCloud
Lagarde Security assessment of authentication and authorization mechanisms in ethereum, quorum, hyperledger fabric and corda
Pradeep et al. Formal verification of authentication and confidentiality for TACACS+ security protocol using scyther
Aiash A formal analysis of authentication protocols for mobile devices in next generation networks
He et al. Preventing iot ddos attacks using blockchain and ip address obfuscation
CN110176994A (en) Session cipher key distributing method, equipment and storage medium based on alliance's block chain
CN116506118A (en) Identity privacy protection method in PKI certificate transparentization service
CN110213047A (en) Transmission method, equipment and the computer readable storage medium of session key
Tan et al. Securing password authentication for web-based applications

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
AD01 Patent right deemed abandoned
AD01 Patent right deemed abandoned

Effective date of abandoning: 20220415