CN111131171B - Node authentication method and device based on block chain network - Google Patents
Node authentication method and device based on block chain network Download PDFInfo
- Publication number
- CN111131171B CN111131171B CN201911218904.0A CN201911218904A CN111131171B CN 111131171 B CN111131171 B CN 111131171B CN 201911218904 A CN201911218904 A CN 201911218904A CN 111131171 B CN111131171 B CN 111131171B
- Authority
- CN
- China
- Prior art keywords
- node
- certificate
- attribute information
- authentication
- block chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a node authentication method and device based on a block chain network.A certificate signing node signs attribute information of each certificate in a cross-chain node to obtain a node certificate, so that the cross-chain node generates data to be authenticated according to the authentication attribute information of a first block chain network and the node certificate, and sends the data to be authenticated to an authentication node in the first block chain network to authenticate the authentication node. The node certificate of the cross-chain node is obtained by signing the authentication attribute information of at least two block chain networks to be accessed, so that the cross-chain node uses one node certificate to manage the authentication process of accessing the cross-chain node into a plurality of block chain networks, and the complexity of node certificate management and authentication can be reduced; in addition, the authentication attribute information of other block chain networks cannot be revealed during authentication, so that the security of the authentication attribute information of each block chain network can be ensured.
Description
Technical Field
The invention relates to the technical field of financial technology (Fintech), in particular to a node authentication method and device based on a block chain network.
Background
With the development of computer technology, more and more technologies are applied in the financial field, the traditional financial industry is gradually changing to financial technology (Fintech), and the blockchain technology is no exception, but the financial technology also puts higher requirements on the blockchain technology due to the requirements of security and real-time performance of the financial industry.
At present, a common cross-link point authentication strategy is: before the cross-link node joins a plurality of block chain networks, the node certificate of the cross-link node in each block chain network is acquired from the certificate issuing node respectively, when any block chain network is joined, the cross-link node only needs to send the node certificate of the cross-link node in the block chain network to be joined, so that the block chain network authenticates the node certificate, if the authentication is passed, the block chain network can allow the cross-link node to join the block chain network, and if the authentication is not passed, the block chain network does not allow the cross-link node to join the block chain network. In this implementation manner, node certificates of the interlinking nodes in different blockchain networks cannot be reused, and if a plurality of blockchain networks are to be added, the interlinking nodes need to possess the node certificates of the interlinking nodes in the plurality of blockchain networks respectively, and a node certificate corresponding to each blockchain network needs to be used for node authentication.
In summary, there is a need for a node authentication method based on a blockchain network, so as to solve the technical problem in the prior art that management and authentication of node certificates are complicated due to the fact that node certificates of chain-spanning nodes in each blockchain network are maintained respectively by chain-spanning nodes.
Disclosure of Invention
The embodiment of the invention provides a node authentication method and device based on a block chain network, which are used for solving the technical problem that in the prior art, management and authentication of node certificates are complex because node certificates of cross-chain nodes in each block chain network are maintained respectively at cross-chain nodes.
In a first aspect, a node authentication method based on a blockchain network provided in an embodiment of the present invention includes:
receiving a node certificate across link points; the node certificate is obtained by signing each certificate attribute information in the chain-crossing node for a certificate signing and issuing node, wherein each certificate attribute information comprises authentication attribute information of at least two block chain networks to be accessed by the chain-crossing node; further, the cross-link node generates data to be authenticated according to authentication attribute information of the first block chain network and the node certificate; the first block chain network is one of the at least two block chain networks to be accessed; the cross-link node sends the data to be authenticated to an authentication node in the first block chain network; and the data to be authenticated is used for the authentication node to authenticate the authentication attribute information of the first block chain network according to the node certificate in the data to be authenticated.
In the embodiment of the invention, the node certificate of the cross-link node is obtained by signing the authentication attribute information of at least two block chain networks to be accessed in the cross-link node, and the authentication process of accessing the cross-link node into a plurality of block chain networks can be managed by using one node certificate without respectively setting the node certificate corresponding to each block chain network, so that the complexity of node certificate management and authentication can be reduced; in addition, the node certificate in the scheme is obtained by signing the authentication attribute information of the plurality of block chain networks, but not in a plaintext form of the authentication attribute information of the plurality of block chain networks, so that the authentication attribute information of other block chain networks cannot be leaked when the authentication attribute information of any block chain network is authenticated by the mode, and the safety of the authentication attribute information of each block chain network can be ensured.
In one possible implementation, the certificate attribute information includes first type certificate attribute information and second type certificate attribute information; the first type certificate attribute information has higher priority than the second type certificate attribute information; in a specific implementation, before the receiving, by the cross-link node, the node certificate, the method further includes: the cross-link node receives a signature public key corresponding to a signature private key sent by the certificate signing node, blinds first type certificate attribute information in each certificate attribute information by using the signature public key to obtain a first ciphertext, and sends the first ciphertext to the certificate signing node, wherein the first ciphertext is used for the certificate signing node to sign second type certificate attribute information in each certificate attribute information by using the signature private key to obtain the node certificate.
In the implementation mode, the first type certificate attribute information with higher importance degree is blinded through the span link node, and then the signature is carried out through the certificate signing and issuing node, so that the safety of the first type certificate attribute information can be ensured while the certificate signing and issuing node successfully signs the certificate to the span link node.
In one possible implementation manner, before the generating, by the inter-link node, data to be authenticated according to the authentication attribute information of the first blockchain network and the node certificate, the method further includes: the span link point offsets the node certificate.
In the implementation mode, the node certificate is shifted, and the data to be authenticated is generated based on the shifted node certificate, so that the situation that the node certificate is used by the cross-link node to perform authentication can be avoided from being tracked by the certificate issuing node according to the issuing process, the node certificate is used by the cross-link node in a safe environment, and the authentication safety is improved.
In a second aspect, an embodiment of the present invention provides a node authentication method based on a blockchain network, where the method includes:
the certificate signing and issuing node acquires each certificate attribute information in the cross-chain node; each certificate attribute information comprises authentication attribute information of at least two block chain networks to be accessed by the cross-link node; the certificate signing and issuing node signs each certificate attribute information in the cross-chain node to obtain a node certificate of the cross-chain node, and sends the node certificate to the cross-chain node; the node certificate is used for the cross-link node to generate data to be authenticated by using authentication attribute information of a first block chain network, the first block chain network is one of the at least two block chain networks to be accessed, and the data to be authenticated is used for an authentication node in the first block chain network to authenticate the authentication attribute information of the first block chain network.
In a possible implementation manner, the signing, by the certificate issuing node, each certificate attribute information in the cross-chain node to obtain the node certificate of the cross-chain node includes: the certificate signing and issuing node determines a signature public key corresponding to the signature private key according to the signature private key and each piece of certificate attribute information, and sends the signature public key to the span link node, wherein the signature public key is used for blinding the first type of certificate attribute information in each piece of certificate attribute information by the span link node to obtain a first ciphertext; further, the certificate issuing node receives the first ciphertext sent by the cross-chain node, and signs the second type certificate attribute information in each certificate attribute information by using the first ciphertext and the signature private key to obtain the node certificate.
In a third aspect, an apparatus for authenticating a node based on a blockchain network according to an embodiment of the present invention includes:
a transceiver module for receiving a node certificate; the node certificate is obtained by signing each certificate attribute information in a cross-link node by a certificate signing and issuing node, wherein each certificate attribute information comprises authentication attribute information of at least two block chain networks to be accessed by the cross-link node;
the generation module is used for generating data to be authenticated according to the authentication attribute information of the first block chain network and the node certificate; the first block chain network is one of the at least two block chain networks to be accessed;
the transceiver module is further configured to send the data to be authenticated to an authentication node in the first blockchain network; and the data to be authenticated is used for the authentication node to authenticate the authentication attribute information of the first block chain network according to the node certificate in the data to be authenticated.
In one possible implementation, the certificate attribute information includes first type certificate attribute information and second type certificate attribute information; the first type certificate attribute information has higher priority than the second type certificate attribute information; the device further comprises a processing module; before the receiving and sending module receives the node certificate, the receiving and sending module also receives a signature public key corresponding to a signature private key sent by the certificate signing and issuing node; the processing module uses the signature public key to blindly classify the first type certificate attribute information in each certificate attribute information to obtain a first ciphertext; and the transceiver module further sends the first ciphertext to the certificate issuing node, where the first ciphertext is used for the certificate issuing node to sign the second type certificate attribute information in each certificate attribute information by using the signature private key, so as to obtain the node certificate.
In a possible implementation manner, before the generation module generates the data to be authenticated according to the authentication attribute information of the first blockchain network and the node certificate, the generation module further performs offset on the node certificate.
In a fourth aspect, an apparatus for node authentication based on a blockchain network according to an embodiment of the present invention includes:
the acquisition module is used for acquiring each certificate attribute information in the cross-chain nodes; each certificate attribute information comprises authentication attribute information of at least two block chain networks to be accessed by the cross-link node;
the processing module is used for signing the attribute information of each certificate in the cross-chain node to obtain a node certificate of the cross-chain node;
a transceiver module for sending the node certificate to the cross-chain node; the node certificate is used for the cross-link node to generate data to be authenticated by using authentication attribute information of a first block chain network, the first block chain network is one of the at least two block chain networks to be accessed, and the data to be authenticated is used for an authentication node in the first block chain network to authenticate the authentication attribute information of the first block chain network.
In a possible implementation manner, the processing module further determines a signature public key corresponding to the signature private key according to the signature private key and the attribute information of each certificate; correspondingly, the transceiver module further sends the signature public key to the interlink node, where the signature public key is used for blinding the first type certificate attribute information in each certificate attribute information by the interlink node to obtain a first ciphertext; receiving the first ciphertext sent by the cross-chain node; and the processing module also uses the first ciphertext and the signature private key to sign the second type certificate attribute information in each certificate attribute information to obtain the node certificate.
In a fifth aspect, an embodiment of the present invention provides a computing device, including at least one processor and at least one memory, where the memory stores a computer program, and when the program is executed by the processor, the processor is caused to execute the node authentication method based on a blockchain network according to any of the first aspect or the second aspect.
In a sixth aspect, an embodiment of the present invention provides a computer-readable storage medium, which stores a computer program executable by a computing device, and when the program runs on the computing device, the computer program causes the computing device to execute the node authentication method based on a blockchain network according to any of the first aspect or the second aspect.
These and other aspects of the invention are apparent from and will be elucidated with reference to the embodiments described hereinafter.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
FIG. 1 is a schematic diagram of a possible system architecture according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a node authentication method based on a blockchain network according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of determining a node certificate across link points according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a node authentication apparatus based on a blockchain network according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of another node authentication apparatus based on a blockchain network according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a computing device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic diagram of a possible system architecture provided by an embodiment of the present invention, as shown in fig. 1, the system architecture includes a certificate issuing node 100, a cross-link node 110, and at least two blockchain networks, such as a blockchain network 121 and a blockchain network 122; the at least two blockchain networks are blockchain networks to be joined at the inter-link node 110, and the certificate issuing node 100 and the inter-link node 110, and the inter-link node 110 and each blockchain network may be connected, for example, by a wired manner, or may be connected by a wireless manner, which is not limited.
In the embodiment of the present invention, the certificate issuing node 100 refers to a relatively authoritative security certification authority, such as a Chinese Financial Certification Authority (CFCA), and the certificate issuing node 100 can generate a node certificate with a signature of the certificate issuing node 100 according to a certificate issuing request across link nodes.
As shown in fig. 1, each of the block chain networks may be provided with one or more block chain nodes, and any two of the one or more block chain nodes are communicatively connected to maintain the block chain network together, for example, the block chain network 121 is provided with a block link point 1211, a block link point 1212, a block link point 1213 and a block link point 1214, any two of the block link points 1211 to 1214 may be communicatively connected, the block chain network 122 is provided with a block link point 1221, a block link point 1222, a block link point 1223 and a block link point 1224, and any two of the block link points 1221 to 1224 may be communicatively connected.
In this embodiment of the present invention, a blockchain link point in a blockchain network may have multiple functions, for example, a routing function, a transaction function, a blockchain function, a consensus function, and the like, where the routing function refers to that a blockchain node may transmit transaction information transmitted by a client to other blockchain nodes in the blockchain network to implement communication between the blockchain link points, the transaction function and the consensus function refer to that a blockchain link point may support a transaction with a user or a transaction with other blockchain nodes through consensus, and may record all transactions executed in the blockchain link point (or the blockchain network), and the blockchain function refers to that a blockchain link point may generate a new block in the blockchain network based on an execution condition of the transaction. Wherein the routing function is a function that each blockchain node in the blockchain network must have, and other functions can be set by those skilled in the art according to actual needs.
It should be noted that a blockchain node in a blockchain network may be on a physical machine (server), and a blockchain node may specifically refer to a process or a series of processes running in the server. For example, the block link point 1211 may be a process running on a server, or may refer to a server, which is not limited in particular.
In the embodiment of the present invention, the inter-link node 110 may be connected to each blockchain network in various ways, for example, the inter-link node 110 may be connected to only one blockchain link point in the blockchain network, or may be connected to all blockchain link points in the blockchain network, or may be connected to some blockchain link points in the blockchain network, which is not limited in particular.
Based on the system architecture illustrated in fig. 1, fig. 2 is a node authentication method provided in an embodiment of the present invention, where the method includes:
step 201, signing each certificate attribute information in a cross-link node by a certificate signing node to obtain a node certificate of the cross-link node; the certificate attribute information comprises authentication attribute information of at least two block chain networks to be accessed by the cross-link node.
In the embodiment of the present invention, each piece of certificate attribute information may include first type certificate attribute information and second type certificate attribute information, where the first type certificate attribute information is certificate attribute information related to privacy data of a cross-link node, such as an issuer, a validity period, a user, authentication attribute information of a blockchain network to be joined, and the like of a node certificate, the second type certificate attribute information is certificate attribute information unrelated to the privacy data of the cross-link node, such as a version number, a serial number, a signature algorithm of the node certificate, a message digest algorithm, and the like, and a priority of the first type certificate attribute information is greater than a priority of the second type certificate attribute information.
In a possible implementation manner, after the certificate issuing node determines that the issuing requirement of the node certificate exists in the chain-crossing point, the preset node certificate template can be sent to the chain-crossing node, so that the chain-crossing point determines the node certificate template corresponding to the chain-crossing point according to the preset node certificate template; the preset node certificate template is used to identify the deployment form of each set certificate attribute information, and the certificate attribute information may be set by a person skilled in the art according to experience, or may also be set according to a service requirement, for example, may include a certificate attribute name and a corresponding certificate attribute value, which is not limited.
In specific implementation, the preset node certificate template may be composed of an attribute name template and an attribute key value pair template, the attribute name template is a list container, and stores each set certificate attribute name, and may also support operations such as adding a new certificate attribute name, deleting an existing certificate attribute name, modifying an existing certificate attribute name, or querying an existing attribute certificate name; correspondingly, the attribute key-value pair template is a key-value pair container used for storing each certificate attribute name and the corresponding certificate attribute value, and can also support operations of adding a new certificate attribute name and the corresponding certificate attribute value, deleting the existing certificate attribute name and the corresponding certificate attribute value, modifying the existing certificate attribute name and the corresponding certificate attribute value or inquiring the existing certificate attribute name and the corresponding certificate attribute value and the like.
In this embodiment of the present invention, each set certificate attribute name includes an authentication attribute name of a to-be-added blockchain network, for example, digital identity information (i.e., a chain id) of the to-be-added blockchain network, and may further include any one or more of a version number, a serial number, and a user, without limitation.
Correspondingly, after the cross-chain node acquires the preset node certificate template, each certificate attribute name can be selected from the set certificate attribute names stored in the attribute name template, and the attribute name template corresponding to the cross-chain link point is obtained through assembly.
For example, as shown in fig. 1, the blockchain networks to be joined by the inter-link node 110 are the blockchain network 121 and the blockchain network 122, and if the attribute name of each certificate in the inter-link node 110 further includes a version number and a user, the attribute name template corresponding to the inter-link node 110 may be:
{ version number, user, id of chain 121, id of chain 122 }
Accordingly, if the version number is 1.0, the id of chain 121 is 0x12ab, and the id of chain 122 is 0xbc68, then the attribute key-value pair template corresponding to the cross-link point 110 may be:
{ version number ═ 1.0, user ═ cross-chain node 110 ", id of chain 121 ═ 0x12 ab", id of chain 122 ═ 0xbc68 "}
In the embodiment of the invention, the authentication attribute information of the blockchain network to be added is set in each certificate attribute information, and the node certificate is obtained based on the signature of the authentication attribute information of the blockchain network to be added, so that the node certificate can contain the characteristics of each blockchain network to be added, and the node certificate can authenticate when the blockchain network to be added is added across chain nodes and can ensure the accuracy of authentication.
Step 202, the certificate issuing node sends the node certificate of the cross-chain node to the cross-chain node.
Step 203, the inter-link node generates data to be authenticated according to authentication attribute information and a node certificate of a first block chain network, where the first block chain network is one of the at least two block chain networks to be accessed.
In one example, in addition to sending the node certificate of the cross-chain node 110 to the cross-chain node 110, the certificate issuing node 100 may also send a blind key used in signing the node certificate to the cross-chain node 110 at the same time; correspondingly, after receiving the node certificate and the blind key, the cross-link node 110 may further shift the blind key, and generate the data to be authenticated according to the shifted blind key, the node certificate, and the authentication attribute information of the first blockchain network. The offset may be set empirically by a person skilled in the art, for example, a certain value may be increased or decreased, a certain value may be multiplied by a point or divided by a point, and the like, and is not limited in particular.
In this example, by offsetting the blind key used by the certificate issuing node and generating the data to be authenticated based on the offset blind key and the node certificate, the situation that the certificate issuing node tracks the node certificate used by the span-link node to perform authentication according to the blind key can be avoided, so that the span-link node is ensured to use the node certificate in a safe environment, and the authentication safety is improved.
As shown in fig. 1, in a specific implementation, if the first blockchain network is the blockchain network 121 and the inter-link node 110 wants to access the blockchain network 121, the inter-link node 110 may generate the data to be authenticated using the authentication attribute information "id of the chain 121" 0x12ab "of the blockchain network 121 and the node certificate, and if the first blockchain network is the blockchain network 122 and the inter-link node 110 wants to access the blockchain network 122, the inter-link node 110 may generate the data to be authenticated using the authentication attribute information" id of the chain 122 "0 x12 0xbc 68" of the blockchain network 122 and the node certificate.
And step 204, the cross-link node sends the data to be authenticated to an authentication node in the first block chain network.
Step 205, the authentication node in the first block chain network authenticates the authentication attribute information of the first block chain network according to the node certificate in the data to be authenticated, and determines whether the cross-link node can access the first block chain network according to the authentication result.
In an example, after receiving data to be authenticated sent by the inter-link node 110, the authentication node in the first blockchain network may first analyze the data to be authenticated to obtain a node certificate of the inter-link node 110 and authentication attribute information of the first blockchain network, then construct a certification function based on the node certificate of the inter-link node 110 and the authentication attribute information of the first blockchain network, and load the certification function, where if the loading result is successful, it indicates that the inter-link node 110 passes authentication, and therefore the inter-link node 110 is allowed to access the first blockchain network, and if the loading result is failed, it indicates that the inter-link node 110 does not pass authentication, and therefore the inter-link node 110 is not allowed to access the first blockchain network.
The attestation function may be set based on a signature process of the node certificate, and is not limited.
In this embodiment of the present invention, the authentication node may be any blockchain node in the first blockchain network, and the inter-chain node 110 may be connected to only one blockchain link point in the first blockchain network, or may be connected to all blockchain link points in the first blockchain network, or may be connected to some blockchain link points in the first blockchain network. In a specific implementation, if the inter-link node 110 is connected to only one block link point in the first block link network, the inter-link node 110 may send the data to be authenticated to the connected block link point, so that the connected block link point synchronizes the data to be authenticated to other block link nodes in the first block link network, and after receiving the data to be authenticated, any block link point in the first block link network may verify the data to be authenticated to obtain an authentication result of the block link point to the inter-link node; further, each block link point in the first block chain network may further perform consensus on the authentication result of the cross-link node 110 for each block link point, obtain the authentication result, and determine whether to allow the cross-link node 110 to access the first block chain network according to the authentication result.
In the embodiment of the invention, the node certificate of the cross-link node is obtained by signing the authentication attribute information of at least two block chain networks to be accessed in the cross-link node, and the authentication process of accessing the cross-link node into a plurality of block chain networks can be managed by using one node certificate without respectively setting the node certificate corresponding to each block chain network, so that the complexity of node certificate management and authentication can be reduced; in addition, the node certificate in the scheme is obtained by signing the authentication attribute information of the plurality of block chain networks, but not in a plaintext form of the authentication attribute information of the plurality of block chain networks, so that the authentication attribute information of other block chain networks cannot be leaked when the authentication attribute information of any block chain network is authenticated by the mode, and the safety of the authentication attribute information of each block chain network can be ensured.
In step 201, the certificate issuing node 100 may generate a node certificate across the chain nodes 110 in a variety of ways, one possible way of generation being described in detail below.
Fig. 3 is a schematic flowchart of a process for generating a node certificate of a cross-link node according to an embodiment of the present invention, as shown in fig. 3, the method includes:
step 301, the certificate issuing node determines a signature public key corresponding to the signature private key according to each certificate attribute information in the cross-link node.
In a specific implementation, the cross-link node 110 may first generate a certificate signing request according to each certificate attribute information, and send the certificate signing request to the certificate issuing node 100, so that the certificate issuing node 100 determines a signature public key corresponding to the signature private key according to the signature private key and the certificate signing request.
In one example, the cross-chain node 110 may extract the second-type certificate attribute information from the respective certificate attribute information and then generate the certificate signing request based on the respective certificate attribute name and the second-type certificate attribute information. For example, if the inter-link node 110 generates a certificate attribute name template and a certificate attribute key value pair template corresponding to the inter-link node based on a preset node certificate template, the inter-link node 110 may extract a key value pair of the second type of certificate attribute information from the certificate attribute key value pair template corresponding to the inter-link node 110, and then generate a certificate signature request according to the key value pair of the second type of certificate attribute information and the certificate attribute name template corresponding to the inter-link node 110.
In the above example, each piece of certificate attribute information includes first type certificate attribute information and second type certificate attribute information, and since the first type certificate attribute information is attribute information related to private data of a chain-spanning node, after a chain-spanning node is assembled to obtain a certificate attribute name template and a certificate attribute key value pair template corresponding to the chain-spanning node, the security of the private data of the chain-spanning node can be protected by sending only the certificate attribute name template and the second type certificate attribute information corresponding to the chain-spanning node to a certificate issuing node, and in particular, the security of authentication attribute information of each to-be-accessed block chain network is ensured.
In a specific implementation, after obtaining the certificate signing request, the certificate signing node 100 may parse the certificate signing request to obtain each certificate attribute name and second type certificate attribute information, then calculate to obtain the first information and the second information corresponding to each certificate attribute name by using the signature private key and each certificate attribute name, and may use the first information and the second information corresponding to each certificate attribute name as the signature public key corresponding to the signature private key.
In a possible implementation manner, the certificate issuing node 100 may determine the signature private key and the signature public key corresponding to the signature private key by using the following steps a to d:
step a, the certificate signing node determines a first signature private key and a second signature private key.
In specific implementation, the certificate signing node 100 may randomly select a first prime number psafe and a second prime number qsafe, and calculate, according to the first prime number psafe and the second prime number qsafe, a first signature private key p and a second signature private key q according to the following formulas:
p=psafe/2
q=qsafe/2
wherein, the first prime number and the second prime number can be both big prime numbers (i.e. the order is larger than 2)256A prime number of) the first private signature key p and the second private signature key q may have 1024 bits.
And b, calculating by the certificate signature node according to the first signature private key and the second signature private key to obtain a first random blind key.
In a specific implementation, the certificate signing node 100 may first calculate the modulo n according to the first prime number psafe and the second prime number qsafe according to the following formula:
n=psafe*qsafe
then, a random number x is selected from the interval range (0, n)1According to a random number x1And modulo n, calculating to obtain a first random blind key S according to the following formula1:
S1=x1 2modn
Wherein modn is the remainder of the modulus n.
And c, the certificate signature node calculates to obtain the first information and each piece of second information corresponding to each certificate attribute name according to the first random blind key, the first signature private key, the second signature private key and each certificate attribute name.
In a specific implementation, if there are L certificate attribute information, the certificate signing node 100 may first select the interval range [2, p × q-L]Internally selecting a random number xZ1Then according to the random number xZ1And a first random blind key S1The first information Z is calculated according to the following formula1:
Further, the certificate signing node 100 may again range from interval [2, p × q-L]Random numbers x corresponding to L pieces of certificate attribute information are selected from the random numbersZ21、xZ22、xZ23、……、xZ2LAnd according to the first random blind key S1And calculating the random number corresponding to each certificate attribute information according to the following formula to obtain second information Z corresponding to each certificate attribute information2i:
Wherein x isZ2iCorresponding to i-th certificate attribute informationRandom number, 0<i≤L。
And d, taking the first signature private key and the second signature private key as signature private keys, and taking the first random blind key, the first information and the second information corresponding to each certificate attribute information as signature public keys corresponding to the signature private keys.
In this embodiment of the present invention, the certificate signing node 100 may directly use the first random blind key S1First information Z1The second information corresponding to each certificate attribute information is used as a signature public key corresponding to the signature private key, or modulo n and the first random blind key S can be used1First information Z1Second information corresponding to each certificate attribute information is used as a signature public key corresponding to the signature private key; taking the latter as an example, the public signature key corresponding to the private signature key may be a first random blind key S based on modulo n1First information Z1A vector (n, S) of L +3 columns in one row constructed by the second information corresponding to each certificate attribute information1,Z1,Z21,Z22,……,Z2L) Or the first random blind key S based on modulo n1First information Z1A vector (n, S) of L +3 rows and a column constructed by second information corresponding to each certificate attribute information1,Z1,Z21,Z22,……,Z2L)TAnd are not limited.
It should be noted that the above is only an exemplary and simple description, and the listed formulas are only for convenience of description and do not constitute a limitation to the solution, and in a specific implementation, the formulas may also be set by a person skilled in the art according to experience, and are not specifically limited.
Step 302, the certificate issuing node sends the signature public key corresponding to the signature private key to the cross-link node.
Step 303, performing blinding on the first type certificate attribute information in each certificate attribute information by using the signature public key across the chain nodes to obtain a first ciphertext.
In a specific implementation, after the cross-link node 110 receives the public signature key sent by the certificate issuing node 100, the public signature key may be first sent from the certificate attribute key pairAnd extracting attribute information of each first-type certificate from the template, setting a second random blind key, and blinding the attribute information of each first-type certificate by using the signature public key and the second random blind key to obtain a first ciphertext. For example, if the certificate attribute key-value pair template corresponding to the cross-link node 110 is CvThe "version number of 1.0", the user "cross-link node 110", the id of the chain 121 "0 x12 ab", the id of the chain 122 "0 xbc 68", and "version number of 1.0" belong to the second type certificate attribute information, the "user" cross-link node 110 "," id of the chain 121 "0 x12 ab", and "id of the chain 122" 0xbc68 "belong to the first type certificate attribute information, and the cross-link node 110 may blindly process the certificate attribute key value pair template as CvThe first type certificate attribute information to be blinded in (1) is "user ═ across-link node 110", "id of chain 121 ═ 0x12 ab", "id of chain 122 ═ 0xbc 68", "etc.
In one example, the first ciphertext may be calculated based on the following equation:
U=S1*S2*Zm1 m1*Zm2 m2*……*ZmT mT
wherein U is the first ciphertext, S2Is a second random blind key, m1、m2、……、mTFor T first-type certificate attribute information, each of which includes a certificate attribute name and a certificate attribute value, Zm1、Zm2、……、ZmTSecond information corresponding to the attribute information of the T first-type certificates, 0<T<=L。
It should be noted that the above is only an exemplary and simple description, the listed first ciphertext may be generated according to another formula, for example, U ═ K + S in a specific implementation, and the first ciphertext is only for convenience of description and does not constitute a limitation to the scheme1*S2*Z1 m1*Z2 m2*……*ZL mTOr U-K S1*S2*Z1 m1*Z2 m2*……*ZL mTK is a random number, and is not particularly limited.
And step 304, the cross-link node sends the first ciphertext to the certificate issuing node.
And 305, the certificate issuing node signs the second type certificate attribute information in each certificate attribute information by using the first ciphertext and the signature private key to obtain a node certificate of the cross-link node.
In one example, after receiving the first ciphertext, the certificate issuing node 100 may set a third random blind key, and generate a second ciphertext according to the first information, the first ciphertext, the third random blind key, the first random key, and each second-type certificate attribute information, according to the following formula:
Q=Z1/(U*S1 S3*Zr1 r1*Zr2 r2*……*ZrW rW)
wherein Q is the second ciphertext, S3Is a third random blind key, r1、r2、……、rWFor W second-type certificate attribute information, each including a certificate attribute name and a certificate attribute value, Zr1、Zr2、……、ZrWSecond information corresponding to W second-type certificate attribute information, 0<W<L, and W + T L.
Correspondingly, after the second ciphertext is generated, the certificate issuing node 100 may randomly generate a prime e, and sign the second ciphertext by using the prime e, a modulo n, a signature private key p, and a signature private key q according to the following formula, so as to obtain a node certificate a of the cross-chain node:
A=Q(1/e)mod(p*q)modn
in the above example, the first type certificate attribute information is blinded by using the second random blind key to obtain the first ciphertext, the first ciphertext and the second type certificate attribute information are blinded by using the third random blind key to obtain the second ciphertext, and the second ciphertext is finally signed by using the signature private key, so that the security of the first type certificate attribute information and the second type certificate attribute information can be protected while the node certificate is successfully signed by the certificate issuing node.
In one example, the certificate issuing node may simultaneously send the node certificate a of the cross-chain node and a third random blind key S used in the process of generating the node certificate a3And the prime e is sent to the cross-link node; correspondingly, node certificate A and third random blind key S are received by crossing chain nodes3After the prime e, the third random blind key S may be first matched3And/or shifting the prime number e, and then generating the data to be authenticated according to the shifted information. The offset may be set empirically by one skilled in the art, for example, the second random blind key S may be used2For the third random blind key S3Performing addition offset (or difference offset), and based on node certificate A and offset information S3+S2(or S)3-S2) And a prime e to generate data to be authenticated, or a second random blind key S can be used2For the third random blind key S3Performing dot-by-dot offset (or dot-by-dot offset) based on the node certificate A and offset information S3*S2(or S)3/S2) And generating data to be authenticated by using the prime number e, and the like, which are not limited in particular.
In the implementation mode, the first type certificate attribute information with higher importance degree is blinded through the span link node, and then signature blinding is carried out through the certificate signing and issuing node, so that the safety of the first type certificate attribute information can be ensured while the certificate signing and issuing node successfully signs the certificate to the span link node.
In the above embodiment of the present invention, a certificate signing and issuing node signs each certificate attribute information in a cross-link node to obtain a node certificate, and sends the node certificate to the cross-link node, where each certificate attribute information includes authentication attribute information of at least two block chain networks to which the cross-link node is to be accessed; correspondingly, after receiving a node certificate across chain nodes, generating data to be authenticated according to authentication attribute information of a first block chain network and the node certificate, and sending the data to be authenticated to an authentication node in the first block chain network, where the first block chain network is one of at least two block chain networks to be accessed, and the data to be authenticated is used for the authentication node to authenticate the authentication attribute information of the first block chain network according to the node certificate in the data to be authenticated. In the embodiment of the invention, the node certificate of the cross-link node is obtained by signing the authentication attribute information of at least two block chain networks to be accessed in the cross-link node, and the authentication process of accessing the cross-link node into a plurality of block chain networks can be managed by using one node certificate without respectively setting the node certificate corresponding to each block chain network, so that the complexity of node certificate management and authentication can be reduced; in addition, the node certificate in the scheme is obtained by signing the authentication attribute information of the plurality of block chain networks, but not in a plaintext form of the authentication attribute information of the plurality of block chain networks, so that the authentication attribute information of other block chain networks cannot be leaked when the authentication attribute information of any block chain network is authenticated by the mode, and the safety of the authentication attribute information of each block chain network can be ensured.
For the above method flow, an embodiment of the present invention further provides a node authentication apparatus based on a blockchain network, and specific contents of the apparatus may be implemented with reference to the above method.
Fig. 4 is a schematic structural diagram of a node authentication apparatus based on a blockchain network according to an embodiment of the present invention, including:
a transceiving module 401 for receiving a node certificate; the node certificate is obtained by signing each certificate attribute information in a cross-link node by a certificate signing and issuing node, wherein each certificate attribute information comprises authentication attribute information of at least two block chain networks to be accessed by the cross-link node;
a generating module 402, configured to generate data to be authenticated according to the authentication attribute information of the first blockchain network and the node certificate; the first block chain network is one of the at least two block chain networks to be accessed;
the transceiver module 401 is further configured to send the data to be authenticated to an authentication node in the first blockchain network; and the data to be authenticated is used for the authentication node to authenticate the authentication attribute information of the first block chain network according to the node certificate in the data to be authenticated.
Optionally, the certificate attribute information includes first type certificate attribute information and second type certificate attribute information; the first type certificate attribute information has higher priority than the second type certificate attribute information;
the apparatus further comprises a processing module 403;
before the transceiver module 401 receives the node certificate, it is further configured to: receiving a signature public key corresponding to the signature private key sent by the certificate issuing node;
the processing module 403 is configured to: blinding the first type certificate attribute information in each certificate attribute information by using the signature public key to obtain a first ciphertext;
the transceiver module 401 is further configured to: and sending the first ciphertext to the certificate issuing node, wherein the first ciphertext is used for the certificate issuing node to sign the second type certificate attribute information in each certificate attribute information by using the signature private key to obtain the node certificate.
Optionally, before the generating module 402 generates the data to be authenticated according to the authentication attribute information of the first blockchain network and the node certificate, the generating module is further configured to:
offsetting the node certificate.
Fig. 5 is a schematic structural diagram of another node authentication apparatus based on a blockchain network according to an embodiment of the present invention, including:
an obtaining module 501, configured to obtain attribute information of each certificate in a cross-link node; each certificate attribute information comprises authentication attribute information of at least two block chain networks to be accessed by the cross-link node;
a processing module 502, configured to sign each certificate attribute information in the cross-link node to obtain a node certificate of the cross-link node;
a transceiver module 503, configured to send the node certificate to the inter-link node; the node certificate is used for the cross-link node to generate data to be authenticated by using authentication attribute information of a first block chain network, the first block chain network is one of the at least two block chain networks to be accessed, and the data to be authenticated is used for an authentication node in the first block chain network to authenticate the authentication attribute information of the first block chain network.
Optionally, the processing module 502 is further configured to: determining a signature public key corresponding to the signature private key according to the signature private key and the attribute information of each certificate;
the transceiver module 503 is further configured to: sending the signature public key to the interlinkage node, wherein the signature public key is used for blinding the first type certificate attribute information in each certificate attribute information by the interlinkage node to obtain a first ciphertext; receiving the first ciphertext sent by the cross-chain node;
the processing module 502 is further configured to: and signing the second type certificate attribute information in each certificate attribute information by using the first ciphertext and the signature private key to obtain the node certificate.
From the above, it can be seen that: in the above embodiment of the present invention, a certificate signing and issuing node signs each certificate attribute information in a cross-link node to obtain a node certificate, and sends the node certificate to the cross-link node, where each certificate attribute information includes authentication attribute information of at least two block chain networks to which the cross-link node is to be accessed; correspondingly, after receiving a node certificate across chain nodes, generating data to be authenticated according to authentication attribute information of a first block chain network and the node certificate, and sending the data to be authenticated to an authentication node in the first block chain network, where the first block chain network is one of at least two block chain networks to be accessed, and the data to be authenticated is used for the authentication node to authenticate the authentication attribute information of the first block chain network according to the node certificate in the data to be authenticated. In the embodiment of the invention, the node certificate of the cross-link node is obtained by signing the authentication attribute information of at least two block chain networks to be accessed in the cross-link node, and the authentication process of accessing the cross-link node into a plurality of block chain networks can be managed by using one node certificate without respectively setting the node certificate corresponding to each block chain network, so that the complexity of node certificate management and authentication can be reduced; in addition, the node certificate in the scheme is obtained by signing the authentication attribute information of the plurality of block chain networks, but not in a plaintext form of the authentication attribute information of the plurality of block chain networks, so that the authentication attribute information of other block chain networks cannot be leaked when the authentication attribute information of any block chain network is authenticated by the mode, and the safety of the authentication attribute information of each block chain network can be ensured.
Based on the same inventive concept, an embodiment of the present invention further provides a computing device, as shown in fig. 6, including at least one processor 601 and a memory 602 connected to the at least one processor, where a specific connection medium between the processor 601 and the memory 602 is not limited in the embodiment of the present invention, and the processor 601 and the memory 602 are connected through a bus in fig. 6 as an example. The bus may be divided into an address bus, a data bus, a control bus, etc.
In the embodiment of the present invention, the memory 602 stores instructions executable by the at least one processor 601, and the at least one processor 601 may execute the steps included in the node authentication method based on the blockchain network by executing the instructions stored in the memory 602.
The processor 601 is a control center of the computing device, and may connect various parts of the computing device by using various interfaces and lines, and implement data processing by executing or executing instructions stored in the memory 602 and calling data stored in the memory 602. Optionally, the processor 601 may include one or more processing units, and the processor 601 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application program, and the like, and the modem processor mainly processes an instruction issued by an operation and maintenance worker. It will be appreciated that the modem processor described above may not be integrated into the processor 601. In some embodiments, the processor 601 and the memory 602 may be implemented on the same chip, or in some embodiments, they may be implemented separately on separate chips.
The processor 601 may be a general-purpose processor, such as a Central Processing Unit (CPU), a digital signal processor, an Application Specific Integrated Circuit (ASIC), a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof, configured to implement or perform the methods, steps, and logic blocks disclosed in the embodiments of the present invention. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the disclosed method in connection with the node authentication embodiment based on the blockchain network can be directly embodied as being executed by a hardware processor, or can be executed by a combination of hardware and software modules in the processor.
The memory 602, which is a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules. The Memory 602 may include at least one type of storage medium, and may include, for example, a flash Memory, a hard disk, a multimedia card, a card-type Memory, a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Programmable Read Only Memory (PROM), a Read Only Memory (ROM), a charge Erasable Programmable Read Only Memory (EEPROM), a magnetic Memory, a magnetic disk, an optical disk, and so on. The memory 602 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory 602 in the embodiments of the present invention may also be circuitry or any other device capable of performing a storage function for storing program instructions and/or data.
Based on the same inventive concept, an embodiment of the present invention further provides a computer-readable storage medium, which stores a computer program executable by a computing device, and when the program runs on the computing device, the computer program causes the computing device to execute the node authentication method based on the blockchain network as described in any of fig. 2 or fig. 3.
It should be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (12)
1. A node authentication method based on a block chain network is characterized by comprising the following steps:
receiving a node certificate across link points; the node certificate is obtained by signing each certificate attribute information in the chain-crossing node for a certificate signing and issuing node, wherein each certificate attribute information comprises authentication attribute information of at least two block chain networks to be accessed by the chain-crossing node;
the cross-link node generates data to be authenticated according to authentication attribute information of the first block chain network and the node certificate; the first block chain network is one of the at least two block chain networks to be accessed;
the cross-link node sends the data to be authenticated to an authentication node in the first block chain network; and the data to be authenticated is used for the authentication node to authenticate the authentication attribute information of the first block chain network according to the node certificate in the data to be authenticated.
2. The method of claim 1, wherein the certificate attribute information comprises first type certificate attribute information and second type certificate attribute information; the first type certificate attribute information has higher priority than the second type certificate attribute information;
before the cross-link node receives the node certificate, the method further comprises:
the cross-link node receives a signature public key corresponding to a signature private key sent by the certificate signing and issuing node;
the cross-link node blinds the first type certificate attribute information in each certificate attribute information by using the signature public key to obtain a first ciphertext;
and the cross-link node sends the first ciphertext to the certificate issuing node, and the first ciphertext is used for the certificate issuing node to sign the second type certificate attribute information in each certificate attribute information by using the signature private key to obtain the node certificate.
3. The method of claim 1, wherein before the cross-chain node generates the data to be authenticated according to the authentication attribute information of the first blockchain network and the node certificate, the method further comprises:
the span link point offsets the node certificate.
4. A node authentication method based on a block chain network is characterized by comprising the following steps:
the certificate signing and issuing node acquires each certificate attribute information in the cross-chain node; each certificate attribute information comprises authentication attribute information of at least two block chain networks to be accessed by the cross-link node;
the certificate signing and issuing node signs the attribute information of each certificate in the cross-chain node to obtain a node certificate of the cross-chain node;
the certificate signing node sends the node certificate to the cross-chain node; the node certificate is used for the cross-link node to generate data to be authenticated by using authentication attribute information of a first block chain network, the first block chain network is one of the at least two block chain networks to be accessed, and the data to be authenticated is used for an authentication node in the first block chain network to authenticate the authentication attribute information of the first block chain network.
5. The method of claim 4, wherein signing the certificate attribute information of each certificate in the cross-chain node by the certificate issuing node to obtain the node certificate of the cross-chain node comprises:
the certificate signing and issuing node determines a signature public key corresponding to the signature private key according to the signature private key and the attribute information of each certificate;
the certificate signing and issuing node sends the signature public key to the interlink node, and the signature public key is used for blinding the first type certificate attribute information in each certificate attribute information by the interlink node to obtain a first ciphertext;
the certificate issuing node receives the first ciphertext sent by the cross-chain node;
and the certificate issuing node signs the second type certificate attribute information in each certificate attribute information by using the first ciphertext and the signature private key to obtain the node certificate.
6. An apparatus for node authentication based on a blockchain network, the apparatus comprising:
a transceiver module for receiving a node certificate; the node certificate is obtained by signing each certificate attribute information in a cross-link node by a certificate signing and issuing node, wherein each certificate attribute information comprises authentication attribute information of at least two block chain networks to be accessed by the cross-link node;
the generation module is used for generating data to be authenticated according to the authentication attribute information of the first block chain network and the node certificate; the first block chain network is one of the at least two block chain networks to be accessed;
the transceiver module is further configured to send the data to be authenticated to an authentication node in the first blockchain network; and the data to be authenticated is used for the authentication node to authenticate the authentication attribute information of the first block chain network according to the node certificate in the data to be authenticated.
7. The apparatus of claim 6, wherein the certificate attribute information comprises first type certificate attribute information and second type certificate attribute information; the first type certificate attribute information has higher priority than the second type certificate attribute information;
the device further comprises a processing module;
before the transceiver module receives the node certificate, the transceiver module is further configured to: receiving a signature public key corresponding to the signature private key sent by the certificate issuing node;
the processing module is used for: blinding the first type certificate attribute information in each certificate attribute information by using the signature public key to obtain a first ciphertext;
the transceiver module is further configured to: and sending the first ciphertext to the certificate issuing node, wherein the first ciphertext is used for the certificate issuing node to sign the second type certificate attribute information in each certificate attribute information by using the signature private key to obtain the node certificate.
8. The apparatus of claim 6, wherein before the generating module generates the data to be authenticated according to the authentication attribute information of the first blockchain network and the node certificate, the generating module is further configured to:
offsetting the node certificate.
9. An apparatus for node authentication based on a blockchain network, the apparatus comprising:
the acquisition module is used for acquiring each certificate attribute information in the cross-chain nodes; each certificate attribute information comprises authentication attribute information of at least two block chain networks to be accessed by the cross-link node;
the processing module is used for signing the attribute information of each certificate in the cross-chain node to obtain a node certificate of the cross-chain node;
a transceiver module for sending the node certificate to the cross-chain node; the node certificate is used for the cross-link node to generate data to be authenticated by using authentication attribute information of a first block chain network, the first block chain network is one of the at least two block chain networks to be accessed, and the data to be authenticated is used for an authentication node in the first block chain network to authenticate the authentication attribute information of the first block chain network.
10. The apparatus of claim 9,
the processing module is further configured to: determining a signature public key corresponding to the signature private key according to the signature private key and the attribute information of each certificate;
the transceiver module is further configured to: sending the signature public key to the interlinkage node, wherein the signature public key is used for blinding the first type certificate attribute information in each certificate attribute information by the interlinkage node to obtain a first ciphertext; receiving the first ciphertext sent by the cross-chain node;
the processing module is further configured to: and signing the second type certificate attribute information in each certificate attribute information by using the first ciphertext and the signature private key to obtain the node certificate.
11. A computing device comprising at least one processor and at least one memory, wherein the memory stores a computer program that, when executed by the processor, causes the processor to perform the method of any of claims 1 to 3 or 4 and 5.
12. A computer-readable storage medium storing a computer program executable by a computing device, the program, when run on the computing device, causing the computing device to perform the method of any of claims 1 to 3 or 4 and 5.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911218904.0A CN111131171B (en) | 2019-12-03 | 2019-12-03 | Node authentication method and device based on block chain network |
| PCT/CN2020/121113 WO2021109720A1 (en) | 2019-12-03 | 2020-10-15 | Node authentication method and device employing blockchain network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911218904.0A CN111131171B (en) | 2019-12-03 | 2019-12-03 | Node authentication method and device based on block chain network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111131171A CN111131171A (en) | 2020-05-08 |
| CN111131171B true CN111131171B (en) | 2021-05-11 |
Family
ID=70497265
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911218904.0A Active CN111131171B (en) | 2019-12-03 | 2019-12-03 | Node authentication method and device based on block chain network |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN111131171B (en) |
| WO (1) | WO2021109720A1 (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111131171B (en) * | 2019-12-03 | 2021-05-11 | 深圳前海微众银行股份有限公司 | Node authentication method and device based on block chain network |
| CN111737707B (en) * | 2020-05-14 | 2022-09-27 | 云南云烁巴克云科技有限公司 | Block chain based verification package generation and verification method, server and electronic equipment |
| CN111917865B (en) * | 2020-07-29 | 2022-09-20 | 成都质数斯达克科技有限公司 | Block chain network system, gateway and networking method |
| CN112733174B (en) * | 2020-10-29 | 2022-07-19 | 腾讯科技(深圳)有限公司 | Authentication management method and system of block chain system and electronic equipment |
| CN112953960B (en) * | 2021-03-10 | 2023-02-03 | 东软集团股份有限公司 | Identity authentication method, device and equipment for block chain access |
| CN112910660B (en) * | 2021-03-25 | 2023-02-24 | 中国工商银行股份有限公司 | Certificate issuing method, adding method and transaction processing method of blockchain system |
| CN115514504A (en) * | 2021-06-04 | 2022-12-23 | 顺丰科技有限公司 | Cross-alliance node authentication method and device, computer equipment and storage medium |
| CN115834590A (en) * | 2021-09-15 | 2023-03-21 | 华为技术有限公司 | Block chain system |
| CN113850599B (en) * | 2021-12-01 | 2022-02-15 | 南京金宁汇科技有限公司 | Cross-link transaction method and system applied to alliance link |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105719185A (en) * | 2016-01-22 | 2016-06-29 | 杭州复杂美科技有限公司 | Block chain data comparison and consensus method |
| CN108259469A (en) * | 2017-12-19 | 2018-07-06 | 浪潮软件集团有限公司 | Cluster security authentication method based on block chain, node and cluster |
| CN108256864A (en) * | 2018-02-13 | 2018-07-06 | 中链科技有限公司 | Between a kind of block chain across the foundation of chain alliance and communication means, system |
| CN108933667A (en) * | 2018-05-03 | 2018-12-04 | 深圳市京兰健康医疗大数据有限公司 | A kind of management method and management system of the public key certificate based on block chain |
| CN109636599A (en) * | 2018-11-07 | 2019-04-16 | 广西师范大学 | License block chain secret protection and monitoring and managing method based on group ranking |
| CN109743172A (en) * | 2018-12-06 | 2019-05-10 | 国网山东省电力公司电力科学研究院 | Based on alliance's block chain V2G network cross-domain authentication method, information data processing terminal |
| CN110061851A (en) * | 2019-04-28 | 2019-07-26 | 广州大学 | A kind of across trust domain authentication method and system of decentralization |
| CN110071807A (en) * | 2019-03-22 | 2019-07-30 | 湖南天河国云科技有限公司 | The point-to-point node authentication method of block chain, system and computer readable storage medium |
| CN110266655A (en) * | 2019-05-30 | 2019-09-20 | 中国工商银行股份有限公司 | A kind of across chain interconnected method, equipment and system based on block chain |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108683630B (en) * | 2018-04-03 | 2020-05-29 | 阿里巴巴集团控股有限公司 | Cross-block-chain authentication method and device and electronic equipment |
| CN108737370B (en) * | 2018-04-05 | 2020-10-16 | 西安电子科技大学 | Block chain-based Internet of things cross-domain authentication system and method |
| CN109327309A (en) * | 2018-11-08 | 2019-02-12 | 北京中电华大电子设计有限责任公司 | A kind of domain traversal key management method based on IBC Yu PKI mixed system |
| CN110457942B (en) * | 2018-12-07 | 2022-11-04 | 深圳市智税链科技有限公司 | Signature verification method for uplink data block, service node and medium |
| CN110505058B (en) * | 2019-08-20 | 2021-07-20 | 西安电子科技大学 | Identity authentication method for heterogeneous block chain in cross-chain scene |
| CN111131171B (en) * | 2019-12-03 | 2021-05-11 | 深圳前海微众银行股份有限公司 | Node authentication method and device based on block chain network |
-
2019
- 2019-12-03 CN CN201911218904.0A patent/CN111131171B/en active Active
-
2020
- 2020-10-15 WO PCT/CN2020/121113 patent/WO2021109720A1/en active Application Filing
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105719185A (en) * | 2016-01-22 | 2016-06-29 | 杭州复杂美科技有限公司 | Block chain data comparison and consensus method |
| CN108259469A (en) * | 2017-12-19 | 2018-07-06 | 浪潮软件集团有限公司 | Cluster security authentication method based on block chain, node and cluster |
| CN108256864A (en) * | 2018-02-13 | 2018-07-06 | 中链科技有限公司 | Between a kind of block chain across the foundation of chain alliance and communication means, system |
| CN108933667A (en) * | 2018-05-03 | 2018-12-04 | 深圳市京兰健康医疗大数据有限公司 | A kind of management method and management system of the public key certificate based on block chain |
| CN109636599A (en) * | 2018-11-07 | 2019-04-16 | 广西师范大学 | License block chain secret protection and monitoring and managing method based on group ranking |
| CN109743172A (en) * | 2018-12-06 | 2019-05-10 | 国网山东省电力公司电力科学研究院 | Based on alliance's block chain V2G network cross-domain authentication method, information data processing terminal |
| CN110071807A (en) * | 2019-03-22 | 2019-07-30 | 湖南天河国云科技有限公司 | The point-to-point node authentication method of block chain, system and computer readable storage medium |
| CN110061851A (en) * | 2019-04-28 | 2019-07-26 | 广州大学 | A kind of across trust domain authentication method and system of decentralization |
| CN110266655A (en) * | 2019-05-30 | 2019-09-20 | 中国工商银行股份有限公司 | A kind of across chain interconnected method, equipment and system based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021109720A1 (en) | 2021-06-10 |
| CN111131171A (en) | 2020-05-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111131171B (en) | Node authentication method and device based on block chain network | |
| US10790976B1 (en) | System and method of blockchain wallet recovery | |
| US10067810B2 (en) | Performing transactions between application containers | |
| US8874900B2 (en) | Direct anonymous attestation scheme with outsourcing capability | |
| CN105162583B (en) | A kind of single, single-stage and multistage key pair dispersing method and its system | |
| CN112215608A (en) | Data processing method and device | |
| CN111327564B (en) | Access method and device for alliance chain | |
| CN112069550B (en) | Electronic contract evidence-storing system based on intelligent contract mode | |
| CN111080296B (en) | Verification method and device based on blockchain system | |
| CN110942302A (en) | Block chain certificate revocation and verification method, issuing node and verification node | |
| CN113326525B (en) | Data processing method and device based on intelligent contract | |
| CN114221972A (en) | Relay blockchain system and cross-chain transaction method | |
| US10630471B1 (en) | System and method for enforcement of correctness for key derivation | |
| CN111628863B (en) | Data signature method and device, electronic equipment and storage medium | |
| CN113706150B (en) | Block confirmation method and device | |
| CN110798322A (en) | Operation request method, device, storage medium and processor | |
| CN112184245B (en) | Transaction identity confirmation method and device for cross-region block chain | |
| CN113507528B (en) | Data processing method and electronic equipment | |
| CN109698750A (en) | Block generation method, device, equipment and the readable storage medium storing program for executing of block chain | |
| CN112861184A (en) | Asset certification verification and generation method and device and electronic equipment | |
| CN111539729A (en) | Transaction signature checking method and device based on block chain | |
| CN112116461A (en) | Block chain and consensus method thereof | |
| CN114546271B (en) | Data read-write method, device and system based on block chain | |
| CN118400095B (en) | Consensus method and device for block chain system | |
| CN112528341A (en) | Method for generating authorization file, calling method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |