CN111651791A - Block chain private key storage and identity authentication device - Google Patents

Block chain private key storage and identity authentication device Download PDF

Info

Publication number
CN111651791A
CN111651791A CN202010624023.5A CN202010624023A CN111651791A CN 111651791 A CN111651791 A CN 111651791A CN 202010624023 A CN202010624023 A CN 202010624023A CN 111651791 A CN111651791 A CN 111651791A
Authority
CN
China
Prior art keywords
private key
storage unit
block chain
identity authentication
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010624023.5A
Other languages
Chinese (zh)
Inventor
王啟辉
王佑民
元艺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Cloud Chain Intelligent Blockchain Technology Co ltd
Original Assignee
Wuhan Cloud Chain Intelligent Blockchain Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Cloud Chain Intelligent Blockchain Technology Co ltd filed Critical Wuhan Cloud Chain Intelligent Blockchain Technology Co ltd
Priority to CN202010624023.5A priority Critical patent/CN111651791A/en
Publication of CN111651791A publication Critical patent/CN111651791A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/556Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mathematical Physics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a block chain private key storage and identity authentication device in the field of block chains, which is convenient for identity authentication of different operators and safe storage of respective private keys when a data chaining operator uses the same trusted operating device.

Description

Block chain private key storage and identity authentication device
Technical Field
The application relates to the field of block chains, in particular to block chain private key storage and identity authentication.
Background
The characteristics of the block chain technology such as non-tampering, decentralization, information desensitization, whole-course historical record and the like meet the requirements of information disclosure, government function flattening, social trust construction and the like in electronic government affairs. The block chain technology can ensure the integrity and credibility of data from a basic level, can help governments to better promote management and service quality, and actively promotes the construction and development of electronic government affairs. However, in the process of information generation, circulation, storage and long-term storage of government affair data, whether the generated and circulated data is real, complete, reliable and available is a prerequisite condition for application and popularization of the technology. Therefore, in the e-government construction and development process, it is necessary to integrate management and service through computer technology by applying mature information technology and communication technology, so as to solve many security problems such as legality, security, reliability and non-attack of data uplink.
Data uplink writes data into block chains, and different block chains have different uplink modes. For an audit type block chain related to public interest, uplink needs to be audited, and especially, a manual uplink mode is adopted, and uplink information needs to be ensured to be safe and reliable.
Disclosure of Invention
The application aims to provide a device for storing and authenticating a block chain private key, which can solve the problems of identity authentication of block chain data chaining operators and the safety of a chaining process.
The application provides a block chain private key storage and identity authentication device, the device includes: the storage unit (1) is internally provided with data uplink authorization public information and is used for storing public information such as data uplink input authorizer units, names and the like; the encryption storage unit (2) is internally provided with biological information of the data uplink authorizer and is used for encrypting and storing biological information data of the data uplink input authorizer; the encryption storage unit (3) is internally provided with a one-time burning private key and is used for ensuring that the private key is not illegally read, copied or modified; the built-in safety encryption chip (4) is used for comparing the authorized human biological information prestored in the external biological information acquisition equipment and the encryption storage unit: when the verification is passed, the encryption chip signs public information of a data uplink authorizer and information about to be uplink of the PC terminal by using a pre-burned private key, and broadcasts the public information and the information to the block chain network through external equipment. Through the mode, the data is broadcasted after the biological identity information of the data uplink authorizer is verified in an off-line mode, and the data is ensured to be legally uplink and the security of uplink data by the authorizer. Since the biological information of the authorizer is compared in the device, the biological privacy of the uplink authorizer is further protected.
The private key storage and identity authentication device is characterized in that the private key is stored in a non-tamper erasable one-time burning mode and is burned after the block chain private key is generated;
the private key storage and identity authentication device is characterized in that the private key is stored in the device in an encrypted manner, is isolated by a security encryption chip and cannot be acquired and copied by the outside;
the private key storage and identity authentication device is characterized in that the biological information is stored in the device in an encrypted manner, is isolated by a security encryption chip and cannot be obtained by the outside;
the private key storage and identity authentication device is characterized in that the comparison of the biological information is carried out in the device, and the external part cannot attack and forge the authentication process;
the private key storage and identity authentication device is characterized in that the uplink data signature process is completed inside the device, and the outside does not contact the signature process;
the private key storage and identity authentication device is characterized in that the biological information storage unit and the private key storage unit are stored in an encrypted mode and are restored in the security encryption chip.
The block chain private key storage and identity authentication device comprises a storage unit (1) for storing public information of a data uplink authorizer and encrypted storage unit (2) for storing public information of the data uplink authorizer and biological information of the data uplink authorizer respectively, wherein public information such as a uplink recording authorizer unit, a name and the like and the biological information of the uplink authorizer are stored in the storage unit (1) for storing the public information of the data uplink authorizer and the encrypted storage unit (2) for storing; burning the private key recorded into the authorizer into an encrypted storage unit (3) of the one-time burning private key; after the external biological information collector collects the biological information of the authorized cochain person, the safety encryption chip (4) compares the collected information of the external biological information collecting equipment with the authorized human biological information prestored in the encryption storage unit (2) of the data cochain authorized human biological information; after the comparison is passed, allowing the secure encryption chip (4) to call the private key information burned by the encryption storage unit (3) burning the private key once, and performing private key signature encryption on the uplink data in the secure encryption chip (4); after encryption is completed, data transmission and data uplink broadcasting are carried out through an external computer.
Preferably, the application also provides a separation/combination mode of the block chain private key storage and identity authentication device, the one-time erasable encrypted data unit and/or encrypted biological data storage unit are independent from the device and are presented in a traditional form including but not limited to an IC card and a TF card, and the traditional slot is used for insertion and reading, so as to reduce the use cost of the device and improve the use efficiency of the device.
Has the advantages that: different from the prior art, the block chain private key storage and identity authentication device has the advantages that the biological information of the block chain private key storage and identity authentication device is stored in the terminal after being encrypted, and is verified in the terminal security encryption chip (4), so that the risk of disclosure of a privacy data platform is prevented; the block chain private key data are stored in the equipment terminal after being encrypted, signature processing is carried out on the uplink data in the trusted execution environment, the private key is always in the equipment and cannot be leaked in the processing process, and the safety of private key storage is improved.
Drawings
Fig. 1 is a schematic structural diagram of a block chain private key storage and identity authentication apparatus according to the present invention.
The reference numbers illustrate: 1-a storage unit of public information of data uplink authorization, 2-an encryption storage unit of biological information of a data uplink authorizer, 3-an encryption storage unit of a one-time burning private key, and 4-a security encryption chip.
Fig. 2 is a flowchart illustrating a work flow of the device for storing and authenticating a blockchain private key according to the present invention.
Detailed Description
The technical solutions implemented in the present application will be described clearly and completely with reference to the accompanying drawings, and obviously, the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The application provides a block chain private key storage and identity authentication device, the device includes: the storage unit (1) is internally provided with data uplink authorization public information and is used for storing public information such as data uplink input authorizer units, names and the like; the encryption storage unit (2) is internally provided with biological information of the data uplink authorizer and is used for encrypting and storing biological information data of the data uplink input authorizer; the encryption storage unit (3) is internally provided with a one-time burning private key and is used for ensuring that the private key is not illegally read, copied or modified; the built-in safety encryption chip (4) is used for comparing the authorized human biological information prestored in the external biological information acquisition equipment and the encryption storage unit: when the verification is passed, the encryption chip signs public information of a data uplink authorizer and information about to be uplink of the PC terminal by using a pre-burned private key, and broadcasts the public information and the information to the block chain network through external equipment. Through the mode, the data is broadcasted after the biological identity information of the data uplink authorizer is verified in an off-line mode, and the data is ensured to be legally uplink and the security of uplink data by the authorizer. The biological information of the authorizer is compared in the device, so that the biological privacy of the uplink authorizer is protected;
the private key storage and identity authentication device is characterized in that the private key is stored in a non-tamper erasable one-time burning mode and is burned after the block chain private key is generated;
the private key storage and identity authentication device is characterized in that the private key is stored in the device in an encrypted manner, is isolated by a security encryption chip and cannot be acquired and copied by the outside;
the private key storage and identity authentication device is characterized in that the biological information is stored in the device in an encrypted manner, is isolated by a security encryption chip and cannot be obtained by the outside;
the private key storage and identity authentication device is characterized in that the comparison of the biological information is carried out in the device, and the external part cannot attack and forge the authentication process;
the private key storage and identity authentication device is characterized in that the uplink data signature process is completed inside the device, and the outside does not contact the signature process;
the private key storage and identity authentication device is characterized in that the biological information storage unit and the private key storage unit are stored in an encrypted mode and are restored in the security encryption chip;
the block chain private key storage and identity authentication device comprises a storage unit (1) for storing public information of a data uplink authorizer and encrypted storage unit (2) for storing public information of the data uplink authorizer and biological information of the data uplink authorizer respectively, wherein public information such as a uplink recording authorizer unit, a name and the like and the biological information of the uplink authorizer are stored in the storage unit (1) for storing the public information of the data uplink authorizer and the encrypted storage unit (2) for storing; burning the private key recorded into the authorizer into an encrypted storage unit (3) of the one-time burning private key; after the external biological information collector collects the biological information of the authorized cochain person, the safety encryption chip (4) compares the collected information of the external biological information collecting equipment with the authorized human biological information prestored in the encryption storage unit (2) of the data cochain authorized human biological information; after the comparison is passed, allowing the secure encryption chip (4) to call the private key information burned by the encryption storage unit (3) burning the private key once, and performing private key signature encryption on the uplink data in the secure encryption chip (4); after encryption is completed, data transmission and data uplink broadcasting are carried out through an external computer.
The application also provides a separation/combination mode of the block chain private key storage and identity authentication device, the one-time erasable encrypted data unit and/or the encrypted biological data storage unit can be independent of the device and presented in a traditional form including but not limited to an IC card and a TF card, and the traditional slot is used for inserting and reading, so that the use cost of the device is reduced and the use efficiency of the device is improved.
Specifically, the IC Card (Integrated Circuit Card) used in the technical solution is specifically defined as: a microelectronic chip is embedded in a card substrate conforming to the ISO 7816 standard in the form of a card. The communication mode between the IC card and the reader/writer may be a contact type or a non-contact type. The IC card is an integrated circuit card, and the IC card chip has the capability of writing data and storing the data, and can judge the content in the memory of the IC card. The IC card is packaged with a chip meeting the ISO standard, 6-8 contacts are used for communicating with external equipment, the IC card can be provided with colorful patterns and explanatory characters according to the ISO standard, and part of the contacts of the IC card and the definition thereof are as follows: VCC: IC card working power supply; GND: grounding; VPP: a memory programming power supply; CLK: timing and synchronization of the signals of interest; I/O: inputting and outputting serial data in the card; RST: a reset signal. When the IC card is inserted into the IC card reader, the contacts are correspondingly connected, and the very large scale integrated circuit on the IC card starts to work. IC cards can be classified into memory cards, noncontact IC cards, optical cards, noncontact smart IC cards, and smart cards according to the difference in integrated circuits embedded in the cards. The portable multifunctional electric heating cooker has the characteristics of small and light volume and convenient carrying; the storage capacity is large, the CPU card contains a microprocessor, and the memory can be divided into a plurality of application areas, so that the card has multiple purposes and is convenient to store; the reliability is high, and the IC card has strong antimagnetic, antistatic and anti-interference capabilities and higher reliability than a magnetic card; the service life is long, and the information can be read and written ten thousand times and is long; the security is strong, the security is high, the IC card has the hardware security setting, can control the read-write characteristic of some districts in the IC card, if try to decipher, these districts are auto-locked, namely can't read and write the operation. The information in the IC card can not be copied after being encrypted, the password is checked wrongly, and the card has a self-destruction function, so that the data in the IC card is safe and reliable; the network requirement is not high, the safety and reliability of the IC card ensure that the IC card has low requirements on the real-time performance and the sensitivity of a computer network in application, and can be applied in an environment with low network quality or under the condition of no connection; the IC card read-write mechanism is simpler and more reliable than the magnetic card read-write mechanism, and has the advantages of low cost, easy popularization and simple maintenance. The TF Card (Trans-Flash Card) used in the technical scheme is specifically defined as a very small Flash memory Card, the format of the TF Card is created by SanDisk, and the TF Card is originally called T-Flash and is later changed into Trans-Flash; the reason for the rename of Micro SD is because of its adoption by the SD Association (SDA). Other memory cards adopted by the SDA include Mini SD and SD cards. It is mainly applied to mobile phones, but has been used in GPS devices, portable music players and some flash memory disks due to its minute volume and increasing storage capacity. The volume of the memory card is 15mm x 11mm x1mm, is almost equal to the size of a fingernail, and is the smallest memory card at present. It can also be used by connecting to the SD card slot through the SD adapter card. The block chain (Blockchain) is an important concept of the bitcoin, and is essentially a decentralized database, and is also used as a bottom layer technology of the bitcoin, and a series of data blocks which are generated by correlation by using a cryptographic method, wherein each data block contains information of a batch of bitcoin network transactions and is used for verifying the validity (anti-counterfeiting) of the information and generating the next block And three types of association and privatization are adopted. Public Block Chains (Public Block Chains) refer to: any individual or group in the world can send a transaction and the transaction can be validated against the blockchain, and anyone can participate in their consensus process. The public block chain is the earliest block chain and is also the most widely applied block chain, the virtual digital currencies of each big bitcoins series are all based on the public block chain, and only one block chain corresponding to the currency is available in the world. Union block chain (consortium block Chains): a plurality of preselected nodes are designated as bookkeepers by a group, the generation of each block is determined by all the preselected nodes (the preselected nodes participate in the consensus process), other access nodes can participate in the transaction, but no other person can perform limited query through an API opened by the block chain without asking for the bookkeeping process (the bookkeeping process is still managed in nature, only becomes distributed bookkeeping, and how many preselected nodes decide that the bookkeepers of each block become main risk points of the block chain). Private Block chain (Private Block Chains): the block chain general ledger technology is only used for accounting, the block chain general ledger technology can be a company, and can also be an individual, the block chain can solely share the writing authority of the block chain, and the block chain is not greatly different from other distributed storage schemes. Traditional finance attempts to experiment a private block chain, while public chain applications such as bitcoin are industrialized, and private chain application products are groped. The method has the characteristics that (1) decentralization is performed, the block chain technology does not depend on an additional third-party management mechanism or hardware facilities, no central control is performed, all nodes realize self-verification, transmission and management of information through distributed accounting and storage except for the block chain which is integrated, and the decentralization is the most prominent and essential characteristic of the block chain; (2) the block chain technology is open, except that private information of each party of transaction is encrypted, data of the block chain is open to all people, and anyone can inquire the data of the block chain and develop related applications through a public interface, so that the information of the whole system is highly transparent; (3) the independence is realized, based on the standard and the protocol (various mathematical algorithms such as Hash algorithm and the like adopted by similar bitcoins) which are in accordance with the negotiation, the whole block chain system does not depend on other third parties, all nodes can automatically and safely verify and exchange data in the system, and no manual intervention is needed; (4) safety, as long as 51% of all data nodes cannot be mastered, network data cannot be arbitrarily manipulated and modified, so that a block chain per se becomes relatively safe, and subjective and artificial data change is avoided; (5) anonymity, unless required by legal regulations, the identity information of each block node does not need to be disclosed or verified technically, and information transfer can be performed anonymously. Specifically, the architecture model comprises a data layer, a network layer, a consensus layer, an excitation layer, a contract layer and an application layer. The data layer encapsulates a bottom layer data block, basic data such as related data encryption and time stamp and a basic algorithm; the network layer comprises a distributed networking mechanism, a data transmission mechanism, a data verification mechanism and the like; the consensus layer mainly encapsulates various consensus algorithms of the network nodes; the incentive layer integrates economic factors into a block chain technology system, and mainly comprises an economic incentive issuing mechanism, an economic incentive distributing mechanism and the like; the contract layer mainly encapsulates various scripts, algorithms and intelligent contracts and is the basis of the programmable characteristic of the block chain; the application layer encapsulates various application scenarios and cases of the blockchain. In the model, a chained block structure based on a timestamp, a consensus mechanism of distributed nodes, economic excitation based on consensus computing power and a flexible programmable intelligent contract are the most representative innovation points of the block chain technology. The related core technologies comprise a distributed account book, asymmetric encryption, a consensus mechanism and an intelligent contract. The distributed account book means that transaction accounting is completed by a plurality of nodes distributed in different places together, and each node records a complete account, so that the nodes can participate in monitoring transaction validity and can also jointly make a proof for the transaction. Unlike traditional distributed storage, the uniqueness of distributed storage of blockchains is mainly reflected in two aspects: firstly, each node of the block chain stores complete data according to a block chain structure, and the traditional distributed storage generally divides the data into a plurality of parts according to a certain rule for storage. Secondly, the storage of each node of the block chain is independent and equal in status, the consistency of the storage is ensured by means of a consensus mechanism, and the traditional distributed storage generally synchronizes data to other backup nodes through a central node. No one node can record ledger data alone, thereby avoiding the possibility of a single bookkeeper being controlled or being bribered to account falsely. The accounting nodes are enough, so that the account is not lost unless all the nodes are damaged theoretically, and the safety of the account data is ensured. Asymmetric encryption, transaction information stored on the blockchain is public, but account identity information is highly encrypted and can only be accessed under the authorization of the data owner, so that the security of the data and the privacy of individuals are guaranteed. The consensus mechanism is how to achieve consensus among all accounting nodes to identify the validity of a record, and is a means for identification and a means for preventing tampering. The block chain provides four different consensus mechanisms, is suitable for different application scenarios, and balances efficiency and safety. The consensus mechanism of the block chain has the characteristics of 'few obedience majority' and 'human-equal', wherein the 'few obedience majority' does not completely refer to the number of nodes, and can also be the computing power, the number of shares or other characteristic quantities which can be compared by a computer. "equal people" means that when the nodes meet the condition, all the nodes have the right to give priority to the consensus result, are directly identified by other nodes, and finally possibly become the final consensus result. Taking bitcoins as an example, workload proofs are used that it is possible to falsify a record that does not exist only if accounting nodes that control more than 51% of the total network are involved. When enough nodes are added to the blockchain, the method is basically impossible, and therefore the possibility of counterfeiting is eliminated. The intelligent contract is based on the credible and non-tamper data, and can automatically execute some predefined rules and terms. Taking insurance as an example, if the information of each person (including medical information and risk occurrence information) is true and credible, it is easy to carry out automatic settlement in some standardized insurance products. In the day-to-day business of insurance companies, the reliance on trusted data is increasing and decreasing, although transactions are not as frequent as in the banking and security industries. Therefore, the inventor thinks that the block chain technology can effectively help the insurance company to improve the risk management capability from the perspective of data management. In particular, mainly applicant risk management and insurance company risk supervision.
The first embodiment is as follows: and E, government affair data uplink private key storage and identity authentication.
Government affair data effectively promote the development of efficient and convenient government affair service through block chain technology sharing, but also bring about safety problems: the management terminal is responsible for data cochain, authorization management and approval management and has a high-level authority for cochain of government affair information data to the shared exchange platform, so that the management terminal becomes a target which is easy to attack. Therefore, it is important to enhance the security of the data uplink process and identify the authorized data uplink person.
Example two: one embodiment of performing government data secure uplink and ensuring the identity authentication of the government data authorized uplink by adopting a block chain private key storage and identity authentication device is as follows:
the block chain private key storage and identity authentication device adopts an external contact type smart card as a storage unit (1) of public information of a data chain authorization person, an encryption storage unit (2) and an encryption storage unit (3) of biological information of the data chain authorization person; burning an account private key of a preset data cochain authorizer onto the smart card at one time; and storing the public information and the biological information of the data uplink authorizer on the contact type intelligent card.
Example three: the block chain private key storage and identity authentication device comprises the following specific implementation modes of chain private key storage and identity authentication in government affairs data: firstly, inserting a contact type smart card in which a block chain private key and authorized uplink person information are recorded into a contact type card slot of a device;
collecting biological information of authorized cochain people by using a biological information collector; the safety encryption chip reads and compares the biological information collected by the contact type intelligent card and the biological information collector; after the comparison is passed, the device indicator light starts to flash to prompt application of calling private key information burnt by the contact type intelligent card; the connection device controller allows the secure encryption chip to call private key information burnt by the contact type smart card, and private key signature encryption is carried out on the uplink data in the secure encryption chip; the device performs data transmission and data uplink broadcasting through the external computer through the USB line.
The foregoing embodiments are merely illustrative of the principles and utilities of the present invention and are not intended to limit the invention. Any person skilled in the art can modify or change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical spirit of the present invention be covered by the claims of the present invention.

Claims (8)

1. A blockchain private key storage and identity authentication apparatus, comprising: the biological information encryption storage unit is used for encrypting and storing biological information data of an authorized person which is input in a chain way; the storage unit for burning the private key once is used for ensuring that the chain private key is not illegally copied or modified in the block chain; and the safety encryption chip is used for comparing the external biological information acquisition information with the pre-stored biological information in an off-line manner inside the equipment, and carrying out signature encryption on the uplink information after the verification is passed.
2. The device of claim 1, wherein the private key is stored in a one-time burn-in mode that is not tamper-able and erasable, and the burn-in is performed after the block chain private key is generated.
3. The private key storage and identity authentication device of claim 1, wherein the private key encryption is stored in the device, isolated by the secure encryption chip, and cannot be obtained and copied from the outside.
4. The private key storage and identity authentication device of claim 1, wherein the biometric information is stored encrypted within the device, isolated by a secure encryption chip, and not accessible from the outside.
5. The private key storage and identity authentication device of claim 1, wherein the comparison of the biometric information is performed inside the device, and the authentication process cannot be attacked or forged from the outside.
6. The private key storage and identity authentication apparatus of claim 1, wherein the uplink data signing process is performed by the apparatus without external access to the signing process.
7. A block chain private key storage and identity authentication device is characterized in that a biological information storage unit and a private key storage unit are stored in an encryption mode and are restored in a security encryption chip.
8. A block chain private key storage and identity authentication device is characterized in that a public information storage unit, a biological information storage unit and a private key storage unit are all presented in a module mode, and the public information storage unit, the biological information storage unit and the private key storage unit comprise but are not limited to TF (TransFlash) card and IC (Integrated Circuit) card storage forms.
CN202010624023.5A 2020-07-02 2020-07-02 Block chain private key storage and identity authentication device Pending CN111651791A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010624023.5A CN111651791A (en) 2020-07-02 2020-07-02 Block chain private key storage and identity authentication device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010624023.5A CN111651791A (en) 2020-07-02 2020-07-02 Block chain private key storage and identity authentication device

Publications (1)

Publication Number Publication Date
CN111651791A true CN111651791A (en) 2020-09-11

Family

ID=72348545

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010624023.5A Pending CN111651791A (en) 2020-07-02 2020-07-02 Block chain private key storage and identity authentication device

Country Status (1)

Country Link
CN (1) CN111651791A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112347188A (en) * 2020-10-16 2021-02-09 零氪科技(北京)有限公司 Authorization and access auditing system and method based on private chain
CN114786170A (en) * 2022-05-09 2022-07-22 中国联合网络通信集团有限公司 Method, terminal, USIM and system for switching uplink data security processing entity

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112347188A (en) * 2020-10-16 2021-02-09 零氪科技(北京)有限公司 Authorization and access auditing system and method based on private chain
CN114786170A (en) * 2022-05-09 2022-07-22 中国联合网络通信集团有限公司 Method, terminal, USIM and system for switching uplink data security processing entity
CN114786170B (en) * 2022-05-09 2023-06-23 中国联合网络通信集团有限公司 Uplink data security processing entity switching method, terminal, USIM and system

Similar Documents

Publication Publication Date Title
Jurgensen et al. Smart cards: the developer's toolkit
US7549057B2 (en) Secure transactions with passive storage media
JPS63229541A (en) Data exchange system
US20060149972A1 (en) Method for realizing security storage and algorithm storage by means of semiconductor memory device
KR100349033B1 (en) Storage medium having electronic circuit and method of managing the storage medium
CN111651791A (en) Block chain private key storage and identity authentication device
WO2022267185A1 (en) Blockchain network-based secure and efficient item transaction method and system, and storage medium
GB2541013A (en) User identification system and method
Schaumüller-Bichl IC-Cards in High-Security Applications
CN112911002B (en) Block chain data sharing encryption method
CN113159940A (en) Transaction method, system and computer equipment for enhanced bit currency wallet
Kose et al. A SECURE DESIGN ON MIFARE CLASSIC CARDS FOR ENSURING CONTACTLESS PAYMENT AND CONTROL SERVICES
Quiroz et al. Requirements for a new Peruvian electronic identity card
Henninger et al. Usability of holographic data storage technology for biometric data in governmental ID documents
Jeon Four-factor verification methodology for entity authentication assurance
JP2000251050A (en) Ic card, ic card information reader, centralized ic card information managing device, method and system for detecting illegally recorded information on ic card
Kose et al. ADVANCES IN CYBER-PHYSICAL SYSTEMS Vol. 7, Num. 1, 2022 A SECURE DESIGN ON MIFARE CLASSIC CARDS FOR ENSURING CONTACTLESS PAYMENT AND CONTROL SERVICES
MorphoePass Security Target
Autor et al. Specification of the Security Target TCOS Residence Permit Card Version 1.1 Release 1-PI/SLE78CLX1440P Version: 1.1. 1/20141124
Giessmann Specification of the Security Target TCOS Identity Card Version 1.0 Release 1/P5CD128/145-FSV02 Version: 1.0. 1/20110114
Autor et al. Specification of the Security Target TCOS Identity Card Version 1.0 Release 2/SLE78CLX1440P Version: 1.0. 2/20120712
Autor et al. Specification of the Security Target TCOS Residence Permit Card Version 1.0 Release 1/SLE78CLX1440P Version: 1.0. 1/20110816
EVANGELISTA Security Target SOMA-c003 Electronic Passport
JPH0916740A (en) Portable information recording medium and method for writings/reading information to/from the same
TW202026933A (en) Data security system and operation method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination