CN111404896A - Non-central identity authentication method based on SGX - Google Patents
Non-central identity authentication method based on SGX Download PDFInfo
- Publication number
- CN111404896A CN111404896A CN202010150764.4A CN202010150764A CN111404896A CN 111404896 A CN111404896 A CN 111404896A CN 202010150764 A CN202010150764 A CN 202010150764A CN 111404896 A CN111404896 A CN 111404896A
- Authority
- CN
- China
- Prior art keywords
- identity authentication
- authentication
- sgx
- identity
- trusted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a non-central identity authentication method based on SGX, which comprises the following steps: an SGX encryption module of the identity authentication block chain network and the identity authentication block chain client; generating a trusted space through an SGX software protection extension instruction, encrypting and storing the protected identity authentication data and the identity authentication operation function in the trusted space, and providing a safe and trusted operation space for the identity authentication operation function; the identity authentication blockchain network node realizes non-centralized processing of an identity authentication request initiated by a client (an initiator of identity authentication) to an identity authentication blockchain network. The non-central identity authentication method has the functions of justice, safety, high efficiency and traceability.
Description
Technical Field
The invention belongs to the field of block chain application, and particularly relates to a non-central identity authentication method based on SGX.
Background
For example, suppose application A allows a user to log in using their facebook account, but if the facebook identity authentication system is hacked and cannot be used, the user of application A cannot log in, and this is not controlled at all by the team of application A.
Since traditional identity authentication is carried out by a central entity, security risks and service defects exist in application programs and services, and the traditional identity authentication mainly represents two aspects. Firstly, the robustness of the authentication system is reduced by centralized identity authentication, the central server is easy to be directly damaged after receiving external lawless persons, and the whole system is in a paralyzed state until the central server is repaired without the alternative authentication system for authentication. Secondly, the centralized identity authentication authority is too centralized, the trust of identity authentication is reduced, as long as the central identity authentication server is controlled by others, the identity authentication is not controlled, and the economic loss caused by the central identity authentication server cannot be measured.
Non-central identity authentication is one of the means to improve identity security. The block chain technology is a technical scheme for maintaining the reliability of a data book by using a decentralized and distrust mode. Technically, it is a data block of distributed storage, each block contains information of a whole block chain. The whole network has no central controller in the whole block chain network, information and contracts are not forged, collective maintenance and supervision are carried out, the information on the block chain must be irrevocable and cannot be destroyed randomly, and the block chain information can be verified and traced. These features of blockchain technology provide technical support and security for non-central identity authentication.
SGX (Intel Software Guard extensions) is a set of CPU instructions that support applications to create a trusted space (called Enclave in computer operating systems): the protected area in the address space is used, which ensures the confidentiality and integrity of the information content on the terminal operating system environment. Attempts to access the memory contents of Enclave from a software perspective are not allowed, even if the access is not allowed by high-level privileged software (e.g., host operating system, virtual machine monitor, etc.). The security boundary for Enclave contains only the CPU and itself. The trusted space environment created by the SGX may also be understood as a trusted Execution environment tee (trusted Execution environment). One CPU in SGX can run a plurality of secure Enshares, and concurrent execution is supported.
The invention provides a non-central identity authentication method based on SGX to carry out identity authentication on a user, and a non-central identity authentication block chain replaces a central server to authenticate. In the SGX-based non-central identity authentication method, when one node in an identity authentication block chain is damaged by other malicious attacks, other nodes normally operate to ensure that identity authentication is normally carried out. Meanwhile, the SGX non-central identity authentication method generates a trusted space through an SGX software protection extension instruction, the trusted space encrypts, stores and protects identity authentication data and an identity authentication operation function, and provides a safe and trusted operation space for the identity authentication operation function.
An SGX encryption module of the identity authentication block chain network and the identity authentication block chain client; generating a trusted space through an SGX software protection extension instruction, encrypting and storing the protected identity authentication data and the identity authentication operation function in the trusted space, and providing a safe and trusted operation space for the identity authentication operation function; the identity authentication blockchain network node realizes non-centralized processing of an identity authentication request initiated by a client (an initiator of identity authentication) to an identity authentication blockchain network. The non-central identity authentication method has the functions of justice, safety, high efficiency and traceability.
Disclosure of Invention
Based on the background and the problems in the prior art, the invention designs the SGX-based non-central identity authentication method, which can replace a central server for authentication by a non-central identity authentication block chain, thereby improving the reliability and the robustness of an identity authentication system. The invention also introduces an SGX software protection method to improve the safety of the user identity authentication data.
A non-central identity authentication method based on SGX comprises the following steps:
(1) and constructing a non-central identity authentication block chain network according to the block chain technical principle.
(2) And storing the identity authentication data into the SGX encryption module.
The method comprises the steps that a trusted space is generated through an SGX software protection extension instruction of a blockchain client, and identity authentication data and an identity authentication operation function are stored and protected in an encrypted mode in the trusted space.
(3) And the identity authentication block chain network processes identity authentication.
Different organizations or individuals of identity authentication are used as nodes of non-central identity authentication to construct an identity authentication block chain network. Wherein, the number of the nodes participating in the identity authentication is not less than three.
The identity authentication blockchain network node realizes non-centralized processing of an identity authentication request initiated to an identity authentication blockchain network by a client (an initiator of identity authentication).
Preferably, the SGX protection identity authentication information encryption module generates a trusted space based on the SGX software protection extension instruction, and generates an access key for verifying the access right of the trusted space; the trusted space is used for storing identity authentication data and identity authentication operation functions.
Preferably, the identity authentication module receives and decrypts the identity authentication request message, accesses the SGX protection authentication information encryption module through the access key, and calls an identity authentication function therein to process the identity authentication request, i.e., authenticate the authenticity of the authenticated identity.
When the client transmits the authentication information to the identity authentication block chain network, the client encrypts and transmits data by combining an RSA algorithm and an AES algorithm.
Preferably, the verification consensus module receives the preliminary authentication result and the block broadcasted by the link node of the randomly assigned authentication block, accesses the SGX encryption module through the access key, calls a verification consensus function, realizes verification of the result of the identity authentication, and obtains the number of nodes which are already known in the authentication block chain.
Preferably, the data updating module is configured to, when the identity authentication blockchain network needs to update and update the authentication information, call a data updating function in the data updating module by the blockchain client to perform an updating operation on the stored identity authentication data.
Preferably, the SGX protection identity authentication information encryption module includes:
(a) by means of an SGX technology of an Intel processor, a system enters a trusted mode to execute through hardware mode switching of a CPU;
(b) the SGX technology provides a more advanced key encryption method, the key is a brand-new key generated by an SGX version key, a CPU machine key and a key distributed to a user by an Intel official party under a key generation algorithm, and the key is used for encrypting codes and data of an application program to be loaded. (ii) a
(c) An SGX L loader of a user space loads identity authentication data, an authentication information operation function and key certificates of the identity authentication data and the authentication information operation function to prepare for loading to an Enclave;
(d) dynamically applying for constructing an Enclave in an Intel SGX trusted mode.
(e) The program and data to be loaded are first decrypted by a key certificate in the form of EPC (envelope Page Cache, chinese: trusted Cache Page).
(f) The SGX instruction proves that the decrypted program and data are authentic, loads the program and data into the Enclave, and copies each EPC content loaded into the Enclave.
(g) Starting an Enclave initialization program, forbidding continuous loading and verification of EPC, generating an Enclave identity certificate, and encrypting the certificate to be used as an access key of the Enclave.
(h) And completing the isolation of the SGX, starting to execute through a mirror program in the hardware isolated Enclave, and completing the hardware isolation based on the SGX technology.
A non-central identity authentication method based on SGX, step (2) includes:
(2-1) generating a key certificate of identity authentication data and an authentication information operation function, and uploading the identity authentication data, the authentication information operation function and the key certificate to an SGX L loader, wherein the authentication information operation function comprises an identity authentication function, a verification consensus function and an update data function;
(2-2) performing parameter measurement on the uploaded identity authentication data, the uploaded authentication information operation function and the uploaded key certificate thereof through the SGX driver, allocating an address space and a memory page for a trusted space, creating the trusted space, copying a user key and the uploaded key operation function into the trusted space, and then releasing the SGX L loader to delete data in the processing space;
(2-3) the SGX starts an envelope initialization program, forbids continuous loading and verification of EPC, generates an envelope identity certificate, encrypts the certificate to be used as an access key of the envelope, and stores the envelope mark as the envelope mark in the TCS (thread Control structure) of the envelope to recover and verify the identity of the envelope.
Preferably, the processing of the identity authentication by the identity authentication blockchain network includes:
performing primary identity authentication on an identity authentication event;
(i) the identity authentication block chain network randomly appoints a node to acquire and decrypt identity authentication request information sent by a client;
(ii) an identity authentication block chain network randomly appoints a node to obtain an access key of an SGX trusted space, an identity authentication module is called, initial authentication operation is carried out on decrypted identity authentication information and identity authentication information data in the trusted space, and then the node generates an authentication block and stores a hash value of authentication process information;
(iii) if the decrypted identity authentication information is matched with the identity authentication information data stored in the SGX trusted space, the identity authentication is passed, and then an authentication block and an authentication pass message are broadcasted to the identity authentication block chain network; if the two information are not matched, the authentication broadcast is stopped, and the authentication block and the authentication failure message are broadcast to the identity authentication block chain network.
(II) verifying the result of the preliminary identity authentication;
(I) the identity authentication block chain network node receives the primary authentication result and the authentication block of the identity authentication;
(II) the identity authentication blockchain network node acquires an access key of an SGX trusted space, a verification consensus module is called to carry out verification operation on the primary authentication, and the number of verification passing nodes, namely the number of the consensus passing nodes, is counted in the identity authentication blockchain network;
(III) if the identity authentication blockchain network node passes the preliminary authentication verification, broadcasting the verification to the blockchain network, and achieving consensus on the preliminary identity authentication, and backing up the authentication blockchain; if the node fails the preliminary authentication verification, the node acquires and decrypts the identity authentication request information sent by the client, then repeats the steps (ii) to (iii) according to claim 8, and broadcasts that the original preliminary authentication fails the verification to the identity authentication blockchain network.
And (III) feeding back the final authentication result of the identity authentication event.
And when the node in the identity authentication blockchain network agrees with the authentication result, the result consensus is completed, and the identity authentication blockchain network sends the consensus result to the client.
If a node in the identity authentication block chain network cannot achieve consensus on the identity authentication result, the identity authentication cannot pass.
If a few nodes (1/3 which is less than the total number of the nodes) have a fault problem, the nodes cannot participate in the identity authentication, the number of the block chain links participating in the identity authentication is not less than 3, the block chain links participating in the identity authentication reach the same point of the authentication result, and the identity authentication result is still valid.
The invention at least comprises the following beneficial effects:
(1) the SGX software provides chip-level safety guarantee for the integrity and confidentiality of identity authentication data and authentication information operation functions.
(2) The block chain network is utilized to realize a non-centralized authentication mechanism, so that the whole identity authentication system is more robust and stable, and the capability of resisting malicious attacks is improved.
(3) The decentralized authentication block chain network carries out Hash operation on each identity authentication process, and the generated Hash value is recorded in the block chain for distributed storage, so that the traceability of authentication is increased, and the safety of authentication information is improved.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention.
Drawings
FIG. 1 is a schematic structural diagram of an embodiment of a non-central identity authentication method based on SGX;
FIG. 2 is a flow diagram of a process for handling preliminary authentication caused by an authentication event;
FIG. 3 is a flow diagram of a process for verifying consensus caused by an authentication event;
Detailed Description
In order to clearly illustrate the present invention and make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, so that those skilled in the art can implement the technical solutions in reference to the description text. The technology of the present invention will be described in detail below with reference to the accompanying drawings in conjunction with specific embodiments.
Fig. 1 shows an implementation structure of a non-central identity authentication method based on SGX, including: the system comprises a client, an identity authentication block chain network (authentication block chain for short) and a block chain client SGX trusted space. The identity authentication block chain network is composed of multiple organizations or units participating in identity authentication, each authentication unit is an identity authentication node, and as shown in fig. 1, the identity authentication nodes include a node a, a node B, a node C, a node D, a node E, a node F, and six identity authentication nodes. The blockchain client in this example includes four modules: the SGX protection identity authentication information encryption module, the identity authentication module, the verification consensus module and the data updating module. The SGX protection authentication information encryption module generates a trusted space based on an SGX software protection extension instruction, generates an access key for verifying the access authority of the trusted space, and stores identity authentication data and an identity authentication operation function in the trusted space, wherein the authentication operation function comprises: an authentication function, a verification consensus function, and a data update function, as shown in fig. 1. The identity authentication module, the verification consensus module and the data updating module are respectively used for authenticating identity authentication information, verifying and consensus on the authentication results of other nodes and updating stored identity authentication data.
In the embodiment, firstly, a client sends an identity authentication request to an authentication block chain network, and meanwhile, request information and identity card authentication related data are transmitted to the identity authentication block chain network through an encryption channel; when the identity authentication blockchain network receives a request from a client, the identity authentication request is broadcasted to nodes of the whole network, namely a node A, a node B, a node C, a node D, a node E and a node F, and the identity authentication request is preliminarily authenticated by randomly appointed nodes in the authentication blockchain network nodes and enters an identity authentication module. The processing process of the identity authentication module is as shown in fig. 2, assuming that the identity authentication block chain network randomly designates a node C to perform preliminary authentication, firstly, the node C acquires and decrypts the identity authentication information after being designated, then, the node C acquires an access key of an SGX trusted space, calls the identity authentication module, performs preliminary authentication operation on the decrypted identity authentication information and the identity authentication information data in the trusted space, generates an authentication block by the node C to store a hash value of the authentication process information, and provides traceable information storage for identity authentication; if the decrypted identity authentication information is matched with the identity authentication information data stored in the SGX trusted space, the identity authentication is passed, and then an authentication block and an authentication pass message are broadcasted to the identity authentication block chain network; if the two information are not matched, the authentication broadcast is stopped, and the authentication block and the authentication failure message are broadcast to the identity authentication block chain network.
The network node a, the node B, the node D, the node E, and the node F of the identity authentication blockchain receive the initial identity authentication result and the authentication block broadcasted by the node C, and these nodes perform the verification consensus operation on the results successively, and the flow is shown in fig. 3. If the node A firstly initiates a verification consensus operation, the node A acquires an access key of an SGX trusted space, calls a verification consensus module, performs verification operation on preliminary authentication, and counts the number of nodes passing verification, namely the number of nodes passing the consensus, in an identity authentication blockchain network; if the node A passes the verification of the preliminary authentication, the node A broadcasts the verification to the block chain network, achieves consensus on the preliminary identity authentication and backs up the authentication block; if the node A fails the preliminary authentication verification, the node A acquires and decrypts the identity authentication request information sent by the client, then repeats the node C authentication step and broadcasts the node C authentication result to the identity authentication block chain network that the node C authentication result fails the verification.
And when the node in the identity authentication blockchain network agrees with the authentication result, the result consensus is completed, and the identity authentication blockchain network sends the consensus result to the client.
If a node in the identity authentication block chain network cannot achieve consensus on the identity authentication result, the identity authentication cannot pass.
If a few nodes (1/3 which is less than the total number of the nodes) have a fault problem, the nodes cannot participate in the identity authentication, the number of the block chain links participating in the identity authentication is not less than 3, the block chain links participating in the identity authentication reach the same point of the authentication result, and the identity authentication result is still valid.
The number of modules and the processing scale described herein are intended to simplify the description of the invention. Applications, modifications and variations of the present invention will be apparent to those skilled in the art.
As described above, the SGX-based non-central identity authentication method provided by the invention provides a brand-new technical scheme and thought direction for the existing traditional identity authentication mode, the invention utilizes the SGX software protection extension instruction to generate the trusted space to provide chip-level security guarantee for the integrity and confidentiality of identity authentication information and authentication information operation functions, and also utilizes the block chain network to realize a non-central authentication mechanism, so that the whole identity authentication system is more stable and fair in operation, more reliable and efficient, and meanwhile, the authentication process is transparent, reliable and traceable.
The embodiments described above are presented to enable a person having ordinary skill in the art to make and use the invention. It will be readily apparent to those skilled in the art that various modifications to the above-described embodiments may be made, and the generic principles defined herein may be applied to other embodiments without the use of inventive faculty. Therefore, the present invention is not limited to the above embodiments, and those skilled in the art should make improvements and modifications to the present invention based on the disclosure of the present invention within the protection scope of the present invention.
Claims (8)
1. A non-central identity authentication method based on SGX is characterized by comprising the following steps:
(1) constructing a non-central identity authentication block chain network according to a block chain technical principle;
(2) generating a trusted space by using SGX software at an identity authentication block chain node client, and storing identity authentication related data and functions into the trusted space of the SGX;
(3) and the identity authentication blockchain network processes the identity authentication request event.
2. The SGX-based non-central identity authentication method according to claim 1, wherein the step (1) comprises:
and (4) constructing an identity authentication block chain network by taking different organizations or individuals for identity authentication as nodes for non-central identity authentication. Wherein, the number of the nodes participating in the identity authentication is not less than three.
3. The SGX-based non-central identity authentication method according to claim 1, wherein the step (2) comprises:
the SGX protection identity authentication information encryption module generates a protected content container, namely the trusted space, through a protection extension instruction based on SGX software, and generates a key certificate for verifying the access authority of the trusted space; the identity authentication data storage module is used for storing identity authentication data and an identity authentication operation function;
the identity authentication module receives and decrypts the identity authentication request message, accesses the trusted space Enclave through the access key, and calls an identity authentication function in the trusted space Enclave to realize the processing of the identity authentication request;
the verification consensus module receives the initial authentication result and the blocks broadcasted by the chain nodes of the randomly assigned authentication block, accesses the trusted space through the access key, calls a verification consensus function, realizes verification of the result of the identity authentication and obtains the number of the nodes which are known in the chain of the authentication block;
and the data updating module is used for updating the stored identity authentication data.
4. The SGX-based noncentral identity authentication method according to claim 3, wherein the SGX guard identity authentication information encryption module comprises:
(a) adopting an SGX technology of an Intel processor, and switching a hardware mode of a CPU (Central processing Unit) to enable a system to enter a trusted mode for execution;
(b) generating identity authentication data and a key certificate of an authentication information operation function, and encrypting codes and data of an application program to be loaded;
(c) an SGX L loader of a user space loads identity authentication data, an authentication information operation function and key certificates of the identity authentication data and the authentication information operation function to prepare for loading to a trusted space;
(d) dynamically applying for constructing a trusted space in a trusted mode;
(e) firstly, decrypting a program and data to be loaded in a trusted cache page mode through a key certificate;
(f) the SGX instruction is used for proving that the decrypted program and data are credible, loading the program and the data into a credible space, and copying the content of each credible cache page loaded into the credible space;
(g) starting a trusted space initialization program, forbidding continuous loading and verification of a trusted cache page, generating a trusted space identity certificate, and encrypting the certificate to be used as an access key of a trusted space;
(h) and completing the isolation of the SGX, starting execution through a mirror image program in a trusted space isolated by hardware, and completing the hardware isolation based on the SGX technology.
5. The SGX-based non-central identity authentication method according to claim 1, wherein the step (3) comprises:
performing primary identity authentication on an identity authentication event;
(II) verifying the result of the preliminary identity authentication;
and (III) feeding back the final authentication result of the identity authentication event.
6. The SGX-based non-central identity authentication method of claim 5, wherein step (one) comprises:
(i) the identity authentication block chain network randomly appoints a node to acquire and decrypt identity authentication request information sent by a client;
(ii) an identity authentication block chain network randomly appoints a node to obtain an access key of an SGX trusted space, an identity authentication module is called, initial authentication operation is carried out on decrypted identity authentication information and identity authentication information data in the trusted space, and then the node generates an authentication block and stores a hash value of authentication process information;
(iii) if the decrypted identity authentication information is matched with the identity authentication information data stored in the SGX trusted space, the identity authentication is passed, and then an authentication block and an authentication pass message are broadcasted to the identity authentication block chain network; if the two information are not matched, the authentication broadcast is stopped, and the authentication block and the authentication failure message are broadcast to the identity authentication block chain network.
7. The SGX-based noncentral identity authentication method according to claim 5, wherein the step (two) comprises:
(I) the identity authentication block chain network node receives the primary authentication result and the authentication block of the identity authentication;
(II) the identity authentication blockchain network node acquires an access key of an SGX trusted space, a verification consensus module is called to carry out verification operation on the primary authentication, and the number of verification passing nodes, namely the number of the consensus passing nodes, is counted in the identity authentication blockchain network;
(III) if the identity authentication blockchain network node passes the preliminary authentication verification, broadcasting the verification to the blockchain network, and achieving consensus on the preliminary identity authentication, and backing up the authentication blockchain; if the node fails the preliminary authentication verification, the node acquires and decrypts the identity authentication request information sent by the client, then repeats the steps (ii) to (iii) according to claim 8, and broadcasts that the original preliminary authentication fails the verification to the identity authentication blockchain network.
8. The SGX-based non-central identity authentication method according to claim 5, wherein the step (three) comprises:
and when the node in the identity authentication blockchain network agrees with the authentication result, the result consensus is completed, and the identity authentication blockchain network sends the consensus result to the client.
If a node in the identity authentication block chain network cannot achieve consensus on the identity authentication result, the identity authentication cannot pass.
If a few nodes (1/3 which is less than the total number of the nodes) have a fault problem, the nodes cannot participate in the identity authentication, the number of the block chain links participating in the identity authentication is not less than 3, the block chain links participating in the identity authentication reach the same point of the authentication result, and the identity authentication result is still valid.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010150764.4A CN111404896B (en) | 2020-03-06 | 2020-03-06 | Non-central identity authentication method based on SGX |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010150764.4A CN111404896B (en) | 2020-03-06 | 2020-03-06 | Non-central identity authentication method based on SGX |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111404896A true CN111404896A (en) | 2020-07-10 |
| CN111404896B CN111404896B (en) | 2022-03-04 |
Family
ID=71430557
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010150764.4A Active CN111404896B (en) | 2020-03-06 | 2020-03-06 | Non-central identity authentication method based on SGX |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111404896B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112287393A (en) * | 2020-11-24 | 2021-01-29 | 国网新疆电力有限公司信息通信公司 | Credible identity authentication method and device based on Internet of things and block chain |
| CN112333158A (en) * | 2020-10-20 | 2021-02-05 | 杭州云象网络技术有限公司 | Privacy protection method and system based on block chain all-in-one machine |
| CN112597458A (en) * | 2020-12-22 | 2021-04-02 | 北京八分量信息科技有限公司 | Method and device for identity authentication based on trusted authentication and related product |
| CN113065134A (en) * | 2020-12-28 | 2021-07-02 | 上海能链众合科技有限公司 | Block chain code and data security calculation method |
| CN114268507A (en) * | 2021-12-30 | 2022-04-01 | 天翼物联科技有限公司 | Network cloud security optimization method and system based on SGX and related media |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107257340A (en) * | 2017-06-19 | 2017-10-17 | 阿里巴巴集团控股有限公司 | A kind of authentication method, authentication data processing method and equipment based on block chain |
| CN107508680A (en) * | 2017-07-26 | 2017-12-22 | 阿里巴巴集团控股有限公司 | Digital certificate management method, device and electronic equipment |
| CN107919954A (en) * | 2017-10-20 | 2018-04-17 | 浙江大学 | A kind of block chain user key guard method and device based on SGX |
| CN109981689A (en) * | 2019-04-29 | 2019-07-05 | 清华大学 | Cross-domain logical is isolated by force and safety access control method and device under scenes of internet of things |
| CN110138799A (en) * | 2019-05-30 | 2019-08-16 | 东北大学 | A kind of secure cloud storage method based on SGX |
| CN110493220A (en) * | 2019-08-16 | 2019-11-22 | 腾讯科技(深圳)有限公司 | A kind of data sharing method based on block chain, equipment and storage medium |
-
2020
- 2020-03-06 CN CN202010150764.4A patent/CN111404896B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107257340A (en) * | 2017-06-19 | 2017-10-17 | 阿里巴巴集团控股有限公司 | A kind of authentication method, authentication data processing method and equipment based on block chain |
| CN107508680A (en) * | 2017-07-26 | 2017-12-22 | 阿里巴巴集团控股有限公司 | Digital certificate management method, device and electronic equipment |
| CN107919954A (en) * | 2017-10-20 | 2018-04-17 | 浙江大学 | A kind of block chain user key guard method and device based on SGX |
| CN109981689A (en) * | 2019-04-29 | 2019-07-05 | 清华大学 | Cross-domain logical is isolated by force and safety access control method and device under scenes of internet of things |
| CN110138799A (en) * | 2019-05-30 | 2019-08-16 | 东北大学 | A kind of secure cloud storage method based on SGX |
| CN110493220A (en) * | 2019-08-16 | 2019-11-22 | 腾讯科技(深圳)有限公司 | A kind of data sharing method based on block chain, equipment and storage medium |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112333158A (en) * | 2020-10-20 | 2021-02-05 | 杭州云象网络技术有限公司 | Privacy protection method and system based on block chain all-in-one machine |
| CN112287393A (en) * | 2020-11-24 | 2021-01-29 | 国网新疆电力有限公司信息通信公司 | Credible identity authentication method and device based on Internet of things and block chain |
| CN112597458A (en) * | 2020-12-22 | 2021-04-02 | 北京八分量信息科技有限公司 | Method and device for identity authentication based on trusted authentication and related product |
| CN112597458B (en) * | 2020-12-22 | 2023-12-01 | 北京八分量信息科技有限公司 | Method, device and related product for identity authentication based on trusted authentication |
| CN113065134A (en) * | 2020-12-28 | 2021-07-02 | 上海能链众合科技有限公司 | Block chain code and data security calculation method |
| CN113065134B (en) * | 2020-12-28 | 2024-03-12 | 上海零数众合信息科技有限公司 | Block chain code and data security calculation method |
| CN114268507A (en) * | 2021-12-30 | 2022-04-01 | 天翼物联科技有限公司 | Network cloud security optimization method and system based on SGX and related media |
| CN114268507B (en) * | 2021-12-30 | 2023-12-05 | 天翼物联科技有限公司 | SGX-based network cloud security optimization method, system and related medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111404896B (en) | 2022-03-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111404896B (en) | Non-central identity authentication method based on SGX | |
| CN110120869B (en) | Key management system and key service node | |
| CN111066286B (en) | Retrieving common data for blockchain networks using high availability trusted execution environments | |
| CN110519260B (en) | Information processing method and information processing device | |
| CN109361668A (en) | A kind of data trusted transmission method | |
| WO2021073170A1 (en) | Method and apparatus for data provision and fusion | |
| CN106612180B (en) | Method and device for realizing session identification synchronization | |
| ES2692900T3 (en) | Cryptographic certification of secure hosted execution environments | |
| EP4318286A1 (en) | Secure multi-party computation | |
| EP2278514A1 (en) | System and method for providing secure virtual machines | |
| US20190245857A1 (en) | Method for securing access by software modules | |
| CN105745661A (en) | Policy-based trusted inspection of rights managed content | |
| CN104756127A (en) | Secure data handling by a virtual machine | |
| TW202036347A (en) | Method and apparatus for data storage and verification | |
| US10083128B2 (en) | Generating memory dumps | |
| EP3292495B1 (en) | Cryptographic data | |
| CN113098697B (en) | Block chain data writing and accessing method and device | |
| CN116232593B (en) | Multi-password module sensitive data classification and protection method, equipment and system | |
| CN113259123B (en) | Block chain data writing and accessing method and device | |
| CN108521424B (en) | Distributed data processing method for heterogeneous terminal equipment | |
| KR20210117873A (en) | System and method for distributed autentication based on zero knowledge proof | |
| CN116881936A (en) | Trusted computing method and related equipment | |
| US11610026B2 (en) | Module and method for authenticating data transfer between a storage device and a host device | |
| CN112926065A (en) | Customizable encryption and decryption device, encryption and decryption method and storage equipment | |
| CN114024702A (en) | Information security protection method and computing device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |