CN111753014B - Identity authentication method and device based on block chain - Google Patents

Identity authentication method and device based on block chain Download PDF

Info

Publication number
CN111753014B
CN111753014B CN202010596168.9A CN202010596168A CN111753014B CN 111753014 B CN111753014 B CN 111753014B CN 202010596168 A CN202010596168 A CN 202010596168A CN 111753014 B CN111753014 B CN 111753014B
Authority
CN
China
Prior art keywords
address
transaction
user
target system
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010596168.9A
Other languages
Chinese (zh)
Other versions
CN111753014A (en
Inventor
戴喆
邓伟财
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202010596168.9A priority Critical patent/CN111753014B/en
Publication of CN111753014A publication Critical patent/CN111753014A/en
Application granted granted Critical
Publication of CN111753014B publication Critical patent/CN111753014B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates

Abstract

The invention discloses an identity authentication method and device based on a blockchain, wherein the method comprises the following steps: acquiring registration information of a target user registering a target system: a user name, a login password; generating a first address and a second address, wherein the first address is a public key calculated by taking a user name as a private key, and the second address is a public key calculated by taking a splicing result of the user name and a login password as the private key; uploading the user name, the first address and the second address to a target system, executing a first transaction and a second transaction, and recording transaction information to a blockchain network; and carrying out identity authentication on the target user according to transaction information recorded on the blockchain network, wherein the first transaction pays 1 user coin to the first address for a third address, the second transaction pays 1 user coin to the second address for the first address, the third address is the address of the target system, and the third address has user coins with preset user quantity. The invention can realize the decentralization of the user identity authentication.

Description

Identity authentication method and device based on block chain
Technical Field
The invention relates to the technical field of blockchains, in particular to an identity authentication method and device based on blockchains.
Background
This section is intended to provide a background or context to the embodiments of the invention that are recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.
Identity authentication is a process of confirming the identity of an operator in a computer and a computer network system, and determines whether the user has access and use authority to a certain resource according to the identity authentication information such as a user name, a login password and the like input by the user, so that the access strategies of the computer and the network system can be reliably and effectively carried out, an attacker is prevented from impersonating a legal user to obtain the access authority of the resource, and the safety of the system and data is ensured.
The authentication process of the existing identity authentication mode is as follows: (1) a user inputs a user name and a password at a client or a webpage and sends a login request to an application system; (2) the application system sends a user authentication request containing a user name and a password to an authentication center; (3) the authentication center verifies the user name and the password, and returns a verification result to the application system; (4) and the application system returns an authentication result to the client, and if the authentication is successful, the login state is recorded.
Analysis shows that the existing identity authentication mode is a centralized authentication mode, and because only one authentication center exists, all application systems accessed to the authentication center perform identity authentication on users, and the authentication is completed by the authentication center. Once the authentication center goes offline or fails, user identity authentication of all access applications can be affected.
In view of the above problems, no effective solution has been proposed at present.
Disclosure of Invention
The embodiment of the invention provides an identity authentication method based on a blockchain, which is used for solving the technical problem that the user identity authentication of all access applications is affected due to the offline or failure of an authentication center by adopting a centralized identity authentication mode in the prior art, and comprises the following steps: obtaining registration information of a target user registering a target system, wherein the target user is any user registering the target system, and the registration information comprises: a user name, a login password; generating a first address and a second address according to the registration information, wherein the first address is a first public key calculated by taking a user name as a first private key, and the second address is a second public key calculated by taking a splicing result of the user name and a login password as a second private key; uploading a user name, a first address and a second address to a target system, wherein the target system executes a first transaction and a second transaction according to the first address and the second address, records transaction information of the user name, the first transaction and the second transaction into a blockchain network, the first transaction is a transaction of paying 1 user coin to the first address by a third address, the second transaction is a transaction of paying 1 user coin to the second address by the first address, the third address is an address of the target system in the blockchain network, and the third address is provided with user coins with preset user quantity; and authenticating the identity of the target user according to the transaction information recorded on the blockchain network.
The embodiment of the invention also provides an identity authentication device based on a blockchain, which is used for solving the technical problem that the user identity authentication of all access applications is affected due to the offline or failure of an authentication center by adopting a centralized identity authentication mode in the prior art, and comprises the following steps: the registration information acquisition module is used for acquiring registration information of a target user registered in the target system, wherein the target user is any user registered in the target system, and the registration information comprises: a user name, a login password; the registration information processing module is used for generating a first address and a second address according to registration information, wherein the first address is a first public key calculated by taking a user name as a first private key, and the second address is a second public key calculated by taking a splicing result of the user name and a login password as a second private key; the registration information uploading module is used for uploading a user name, a first address and a second address to the target system, wherein the target system executes a first transaction and a second transaction according to the first address and the second address, records transaction information of the user name, the first transaction and the second transaction into the blockchain network, the first transaction is a transaction of paying 1 user coin to the first address by a third address, the second transaction is a transaction of paying 1 user coin to the second address by the first address, the third address is an address of the target system in the blockchain network, and the third address is provided with user coins with preset user quantity; and the user identity authentication module is used for authenticating the identity of the target user according to the transaction information recorded on the blockchain network.
The embodiment of the invention also provides a computer device which is used for solving the technical problem that the user identity authentication of all access applications can be influenced due to the fact that an authentication center is offline or fails in a centralized identity authentication mode in the prior art.
The embodiment of the invention also provides a computer readable storage medium for solving the technical problem that the user identity authentication of all access applications is affected due to the offline or failure of an authentication center by adopting a centralized identity authentication mode in the prior art, wherein the computer readable storage medium stores a computer program for executing the identity authentication method based on the blockchain.
In the embodiment of the invention, after registration information such as a user name and a login password of a target user registration target system is acquired, a first public key calculated by taking the user name as a first private key is taken as a first address, a second public key calculated by taking a spliced result of the user name and the login password as a second private key is taken as a second address, then the user name, the first address and the second address are uploaded to the target system, so that the target system executes a first transaction, 1 user coin of a third address of the target system in a blockchain network is paid to the first address, the target system executes a second transaction, 1 user coin of the first address is paid to the second address, and finally transaction information of the first transaction and the second transaction is recorded in the blockchain network, so that identity authentication of the target user is carried out according to the transaction information recorded on the blockchain network.
Compared with the technical scheme of adopting a centralized identity authentication mode in the prior art, the embodiment of the invention realizes the decentralised user identity authentication based on the blockchain network, and can avoid influencing the user authentication of all access applications due to the offline or failure of the authentication center.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. In the drawings:
FIG. 1 is a schematic diagram of an identity authentication system based on blockchain in an embodiment of the present invention;
FIG. 2 is a flowchart of a blockchain-based authentication method provided in an embodiment of the present invention;
FIG. 3 is a flowchart of an alternative blockchain-based authentication method provided in an embodiment of the present invention;
FIG. 4 is a flowchart of an alternative blockchain-based authentication method provided in an embodiment of the present invention;
FIG. 5 is a flowchart of an alternative blockchain-based authentication method provided in an embodiment of the present invention;
FIG. 6 is a schematic diagram of an identity authentication device based on blockchain according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of an alternative blockchain-based authentication device according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention will be described in further detail with reference to the accompanying drawings. The exemplary embodiments of the present invention and their descriptions herein are for the purpose of explaining the present invention, but are not to be construed as limiting the invention.
In the embodiment of the present invention, an identity authentication system based on a blockchain is provided, and fig. 1 is a schematic diagram of an identity authentication system based on a blockchain provided in the embodiment of the present invention, as shown in fig. 1, where the identity authentication system includes: client 10, system server 20, blockchain network 30.
The client 10 may be any terminal capable of accessing a network, and may be used, but not limited to, sending a registration request, a login request, or a password modification request to the system server 20. The system server 20 may be any server of an application system. The blockchain network 30 includes a plurality of nodes, and the plurality of nodes record authentication information of the user. Alternatively, the system server 20 may be a node in the blockchain network 30, or may communicate with the blockchain network 30 through a blockchain client, independent of the blockchain network 30.
In the implementation, a user can input a user name and a password at a client, the client uses a combination of the user name or the login password as a private key, a corresponding public key is generated by using the private key, and then the public key is used as an address; after receiving the address uploaded by the client, the system server records the identity authentication information of the user into the blockchain network, so that the system server verifies the login request of the user and the like according to the information recorded in the blockchain network. Each system server can be a node in the blockchain network, a block is constructed, encrypted identity authentication information is recorded in the block, and the identity authentication information of each system server added into the blockchain network can be shared.
The embodiment of the invention also provides an identity authentication method based on the blockchain, which can be applied to but not limited to the client 10 shown in fig. 1, wherein the client can be any terminal capable of accessing a network, such as a computer, a notebook computer, a mobile phone and the like.
Fig. 2 is a flowchart of a blockchain-based identity authentication method according to an embodiment of the present invention, as shown in fig. 2, where the method includes the following steps:
s201, acquiring registration information of a target user registration target system, wherein the target user is any user of the registration target system, and the registration information comprises: a user name, a login password;
S202, generating a first address and a second address according to registration information, wherein the first address is a first public key calculated by taking a user name as a first private key, and the second address is a second public key calculated by taking a splicing result of the user name and a login password as a second private key;
s203, uploading a user name, a first address and a second address to a target system, wherein the target system executes a first transaction and a second transaction according to the first address and the second address, records transaction information of the user name, the first transaction and the second transaction into a blockchain network, the first transaction is a transaction of paying 1 user coin to the first address by a third address, the second transaction is a transaction of paying 1 user coin to the second address by the first address, the third address is an address of the target system in the blockchain network, and the third address is provided with user coins with preset user quantity;
s204, according to the transaction information recorded on the blockchain network, the identity of the target user is authenticated.
Note that in the embodiment of the present invention, the user coin is used as the transaction unit, the holding user coin is equal to 1 to indicate that the address is valid, and the holding user coin is 0 to indicate that the address is invalid.
In practice, the user name requirements are of the same length, e.g., cell phone number or employee number, etc. In the embodiment of the invention, the combination of the user name and the password is used as the private key, and the non-repetition of the private key can be ensured because the user names have the same length and are not repeated. Further, a public key is generated by using the private key, and the generated public key is used as a transaction address. In the embodiment of the invention, transaction data recorded in a blockchain recorded by each node of a blockchain network comprises: the transfer-out address, the transfer-in address, the number of the transaction user coins and signature data (the signature data is generated by encrypting the last transaction data by a private key corresponding to the transfer-out address).
Because the blockchain is a distributed database in nature, the system has the characteristics of decentralization, non-falsification, whole trace, traceability, collective maintenance, disclosure transparency and the like. In the embodiment of the invention, a blockchain is introduced, a decentralised unified identity authentication system is established, and the user identity authentication information is stored in the blockchain, and the complete copy of the blockchain is stored and synchronized in each system. The identity authentication of the user of each system is completed by each system by using the authentication information stored in the real-time synchronous blockchain copy in each system without an authentication center, so that the user identity authentication of the system is prevented from being influenced by faults of other systems while the identity authentication information is shared.
For example, when a user selects to register at a client of an application system, registration information such as a user name and a login password is input at the client, the client can calculate 2 addresses according to the registration information, the user name is used as a private key 1, a corresponding public key 1 is calculated by using the private key 1, and the public key 1 is used as the address 1; and taking the splicing result of the user name and the login password as a private key 2, calculating a corresponding public key 2 by using the private key 2, and taking the public key 2 as an address 2. Then uploading the user name, address 1, address 2 and other registration information to a server side of the application system; the system server can search whether the user name exists in the system, if so, the system server returns error reporting information or prompt information for prompting not to register repeatedly; if not, continuously inquiring whether the address 1 exists in the blockchain network, if not, adding 2 transaction records in the blockchain network by the system service end, wherein the address of the system service end (namely the third address) is converted into the address 1 (namely the first address) by the first transaction record, and the transaction amount is 1 user coin; the second transaction record is transferred to address 1, address 2 (i.e., the second address), and the transaction amount is 1 user coin. After the transaction is completed, the address 2 obtains 1 user coin, and the system server records the relevant registration information.
Note that, the number of user coins in the third address corresponding to the system server may be configured in advance according to the number of users that the application system can access. One user corresponds to one user coin.
It can be seen from the foregoing that, in the blockchain-based identity authentication method provided in the embodiment of the present invention, after obtaining registration information such as a user name and a login password of a target user registered in a target system, a first public key calculated by using the user name as a first private key is used as a first address, a second public key calculated by using a concatenation result of the user name and the login password as a second private key is used as a second address, and then the user name, the first address and the second address are uploaded to the target system, so that the target system executes a first transaction, 1 user coin of a third address of the target system in the blockchain network is paid to the first address, the target system executes a second transaction, 1 user coin of the first address is paid to the second address, and finally transaction information of the first transaction and the second transaction is recorded in the blockchain network, so that the target user is authenticated according to the transaction information recorded on the blockchain network. The identity authentication method based on the block chain provided by the embodiment of the invention realizes the decentralised user identity authentication based on the block chain network, and can avoid the influence on the user authentication of all access applications due to the offline or failure of the authentication center.
As shown in fig. 3, in an embodiment, the blockchain-based identity authentication method provided in the embodiment of the present invention may further include the following steps to implement login verification:
s301, acquiring login information of a target user to login to a target system, wherein the login information comprises: a user name, a login password;
s302, generating a second address according to the user name and the login password;
s303, uploading the second address to a target system, wherein the target system queries whether the second address has 1 user coin based on a blockchain network, and returns a first random number to the client when the second address has 1 user coin;
s304, receiving a first random number returned by the target system;
s305, encrypting the first random number by using a second private key to obtain encrypted data;
s306, uploading the encrypted data to a target system, wherein the target system adopts a second public key to decrypt the encrypted data to obtain a second random number, verifies whether the second random number is consistent with the first random number, and returns a login result to the client according to a verification result.
For example, when a user selects to log in at a client of an application system, a user name and a password of the user are input, the client calculates a corresponding private key and a public key according to the user name and the password, and the public key is used as an address. Uploading the address to a system server, and checking the number of the user coins in the address by the system server, wherein the address has 1 user coin, and the address is indicated to be a valid address. The system server returns a random number to the client, the client encrypts the random number by adopting a private key and sends the encrypted random number to the system server, the system server decrypts the random number by adopting a public key, and if the decrypted random number is the same as the returned random number, the login verification of the user at the client is proved to pass.
For reasons such as password leakage, the user may need to modify his login password, and thus may need to add a transaction record to the blockchain network in order to transfer the user currency of the address corresponding to the old password to the address corresponding to the new password, thereby disabling the old address and validating the new address. Thus, in one embodiment, as shown in fig. 4, the blockchain-based identity authentication method provided in the embodiment of the present invention may further include the following steps to implement modification of the login password:
s401, obtaining password modification information of a login password in a target user modification target system, wherein the password modification information comprises: user name, old login password, new login password;
s402, generating a fourth address and a fifth address according to the password modification information, wherein the fourth address is a fourth public key calculated by taking a splicing result of the user name and the old login password as a fourth private key, and the fifth address is a fifth public key calculated by taking a splicing result of the user name and the new login password as a fifth private key;
s403, uploading the fourth address to a target system, wherein the target system queries the last transaction data of the fourth address based on the blockchain network and returns the last transaction data to the client;
S404, executing a third transaction according to the last transaction data of the fourth address, wherein the third transaction is a transaction that the fourth address pays 1 user coin to the fifth address;
and S405, uploading the transaction information of the third transaction to a target system, wherein the target system records the transaction information of the third transaction to a blockchain network.
In specific implementation, the step S405 may be implemented as follows: signing the last transaction data of the fourth address by adopting a fourth private key to obtain signature data; uploading the signature data and the transaction information of the third transaction to a target system, wherein the target system broadcasts the signature data and the transaction information of the third transaction to a blockchain network, each node in the blockchain network verifies the validity of the third transaction based on the signature data, and when the validity verification of the third transaction passes, the transaction information of the third transaction is recorded.
For example, when a user wants to modify his login password in an application system, the user may input password modification information such as a user name, an old password, a new password, etc. through a client of the application system. Splicing the user name and the old password, and calculating a corresponding private key 1 and a public key 1 according to the splicing result, wherein the public key 1 is used as an address 1; and splicing the user name and the new password, and calculating a corresponding private key 2 and a public key 2 according to the splicing result, wherein the public key 2 is used as an address 2. The client uploads the address 1 and the address 2 to a system server; the system server can inquire the last transaction data of the address 1 based on the blockchain network according to the address 1, return to the client, construct a new transaction record according to the last transaction data of the address 1, pay 1 user coin to the address 2 for the address 1 according to the content of the new transaction record, and sign the last transaction data of the address 1 by adopting the private key 1. The client uploads the new transaction record and the signature data to the system server. The system server broadcasts to all nodes of the blockchain network, other nodes of the blockchain network decrypt the signature data, verify the validity of the new transaction record, and record the new transaction record into the blocks of the blockchain respectively under the condition that the validity verification is passed.
In order to avoid the problem of repeated registration, in one embodiment, as shown in fig. 5, the blockchain-based identity authentication method provided in the embodiment of the present invention may further verify whether the user name registered by the target user is registered by:
s501, inquiring whether a user name exists on a blockchain network;
s502, returning a first registration result when the user name exists on the blockchain network, wherein the first registration result is used for representing that the user name is registered.
Further, as shown in fig. 5, in a case that a user name does not exist on the blockchain network, in an embodiment, the blockchain-based identity authentication method provided in the embodiment of the present invention may further include the following steps:
s503, inquiring whether a first address exists on the blockchain network;
s504, inquiring whether a second address exists on the blockchain network under the condition that the first address exists on the blockchain network;
s505, when a second address exists on the blockchain network, returning a second registration result, wherein the second registration result is used for representing that the user name is registered and the login password passes verification;
and S506, returning a third registration result when the second address does not exist on the blockchain network, wherein the third registration result is used for representing that the user name is registered and login password verification is not passed.
After receiving registration information (user name and login password) of a certain user, a system server firstly inquires whether the user name exists in the system, and if so, returns error reporting information or prompt information for prompting not to repeatedly register; then inquiring whether the address 1 exists in the blockchain network, if the address 1 exists in the blockchain network, the registered user exists, inquiring whether the address 2 exists in the blockchain network, if the address 2 exists and the number of the user coins is 1, the registration verification is passed, and the registration information of the user is stored in a system server; if address 2 does not exist, a false return message or a prompt message prompting the user that the password verification is not passed is returned.
Based on the same inventive concept, the embodiment of the invention also provides an identity authentication device based on the blockchain, as in the following embodiment. Because the principle of the device for solving the problem is similar to that of the identity authentication method based on the blockchain, the implementation of the device can refer to the implementation of the identity authentication method based on the blockchain, and the repetition is omitted.
Fig. 6 is a schematic diagram of an identity authentication device based on blockchain according to an embodiment of the present invention, as shown in fig. 6, where the device is: a registration information acquisition module 601, a registration information processing module 602, a registration information uploading module 603, and a user identity authentication module 604.
The registration information obtaining module 601 is configured to obtain registration information of a target user registered in a target system, where the target user is any user registered in the target system, and the registration information includes: a user name, a login password; the registration information processing module 602 is configured to generate a first address and a second address according to registration information, where the first address is a first public key calculated by using a user name as a first private key, and the second address is a second public key calculated by using a concatenation result of the user name and a login password as a second private key; a registration information uploading module 603, configured to upload a user name, a first address, and a second address to a target system, where the target system executes a first transaction and a second transaction according to the first address and the second address, and records the user name, transaction information of the first transaction, and transaction information of the second transaction to a blockchain network, the first transaction being a transaction in which a third address pays 1 user coin to the first address, the second transaction being a transaction in which the first address pays 1 user coin to the second address, the third address being an address of the target system in the blockchain network, the third address having a preset number of user coins; the user identity authentication module 604 is configured to authenticate the identity of the target user according to the transaction information recorded on the blockchain network.
As can be seen from the above, in the blockchain-based identity authentication device provided in the embodiment of the present invention, registration information such as a user name and a login password of a target user registration target system is obtained through the registration information obtaining module 601; the registration information processing module 602 uses the first public key calculated by using the user name as the first private key as a first address and uses the second public key calculated by using the splicing result of the user name and the login password as the second private key as a second address; uploading the user name, the first address and the second address to the target system through the registration information uploading module 603, so that the target system executes a first transaction, 1 user coin of a third address of the target system in the blockchain network is paid to the first address, the target system executes a second transaction, 1 user coin of the first address is paid to the second address, and transaction information of the first transaction and the second transaction is recorded in the blockchain network; the identity of the target user is authenticated by the user identity authentication module 604 according to the transaction information recorded on the blockchain network. The identity authentication device based on the block chain provided by the embodiment of the invention realizes the decentralised user identity authentication based on the block chain network, and can avoid the influence on the user authentication of all access applications due to the offline or failure of the authentication center.
In one embodiment, as shown in fig. 7, the blockchain-based identity authentication device provided in the embodiment of the present invention may further include: the login information obtaining module 605 is configured to obtain login information of a target user logging in a target system, where the login information includes: a user name, a login password; a login information processing module 606, configured to generate a second address according to the user name and the login password; a login information uploading module 607, configured to upload the second address to the target system, where the target system queries whether the second address has 1 user coin based on the blockchain network, and returns the first random number to the client when the second address has 1 user coin; a random number acquisition module 608, configured to receive a first random number returned by the target system; a random number encryption module 609, configured to encrypt the first random number with a second private key to obtain encrypted data; the login verification module 610 is configured to upload the encrypted data to the target system, where the target system decrypts the encrypted data with the second public key to obtain a second random number, verifies whether the second random number is consistent with the first random number, and returns a login result to the client according to the verification result.
In one embodiment, as shown in fig. 7, the blockchain-based identity authentication device provided in the embodiment of the present invention may further include: the password modification information obtaining module 611 is configured to obtain password modification information for modifying a login password in a target system by a target user, where the password modification information includes: user name, old login password, new login password; the password modification information processing module 612 is configured to generate a fourth address and a fifth address according to the password modification information, where the fourth address is a fourth public key calculated by using a concatenation result of the user name and the old login password as a fourth private key, and the fifth address is a fifth public key calculated by using a concatenation result of the user name and the new login password as a fifth private key; the old password information query module 613 is configured to upload the fourth address to the target system, where the target system queries the last transaction data of the fourth address based on the blockchain network, and returns the last transaction data to the client; a password modification module 614, configured to perform a third transaction according to the last transaction data of the fourth address, where the third transaction is a transaction in which the fourth address pays 1 user coin to the fifth address; the new password information uploading module 615 is configured to upload transaction information of the third transaction to the target system, where the target system records the transaction information of the third transaction to the blockchain network.
Optionally, the new cryptographic information uploading module 615 is further configured to sign the last transaction data at the fourth address by using the fourth private key to obtain signature data, and upload the signature data and the transaction information of the third transaction to the target system, where the target system broadcasts the signature data and the transaction information of the third transaction to the blockchain network, each node in the blockchain network verifies the validity of the third transaction based on the signature data, and records the transaction information of the third transaction when the validity verification of the third transaction passes.
In one embodiment, as shown in fig. 7, the blockchain-based identity authentication device provided in the embodiment of the present invention may further include: the registration information verification module 616 is configured to query whether a first address exists on the blockchain network, query whether a second address exists on the blockchain network if the first address exists on the blockchain network, and return a first registration result if the second address exists on the blockchain network, where the first registration result is used to indicate that the user name is registered and the login password passes verification.
Optionally, the registration information verification module 616 is further configured to return a second registration result when the second address does not exist on the blockchain network, where the second registration result is used to indicate that the user name is registered and login password verification is not passed.
Optionally, the registration information verification module 616 is further configured to query whether a user name exists on the blockchain network, and return a third registration result when the user name exists on the blockchain network, where the third registration result is used to characterize that the user name is registered.
Based on the same inventive concept, the embodiment of the invention also provides a computer device, which is used for solving the technical problem that the user identity authentication of all access applications can be influenced due to the offline or failure of an authentication center by adopting a centralized identity authentication mode in the prior art.
Based on the same inventive concept, the embodiment of the invention also provides a computer readable storage medium for solving the technical problem that the user identity authentication of all access applications can be affected due to the offline or failure of an authentication center by adopting a centralized identity authentication mode in the prior art, wherein the computer readable storage medium stores a computer program for executing the blockchain-based identity authentication method.
In summary, the embodiment of the invention provides a blockchain-based identity authentication method, a blockchain-based identity authentication device, a blockchain-based identity authentication computer device and a blockchain-based identity authentication computer readable storage medium, wherein after registration information such as a user name and a login password of a target user is acquired, the user name is used as a first address, a first public key calculated by using the user name as a first private key is used as a second address, a second public key calculated by using a splicing result of the user name and the login password as a second private key is used as a second address, then the user name, the first address and the second address are uploaded to the target system, so that the target system executes a first transaction, 1 user coin of a third address of the target system is paid to the first address, the target system executes a second transaction, 1 user coin of the first address is paid to the second address, and finally transaction information of the first transaction and the second transaction is recorded to a blockchain network, so that identity authentication of the target user can be performed according to transaction information recorded on the blockchain network.
Compared with the technical scheme of adopting a centralized identity authentication mode in the prior art, the embodiment of the invention realizes the decentralised user identity authentication based on the blockchain network, and can avoid influencing the user authentication of all access applications due to the offline or failure of the authentication center.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing description of the embodiments has been provided for the purpose of illustrating the general principles of the invention, and is not meant to limit the scope of the invention, but to limit the invention to the particular embodiments, and any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the invention are intended to be included within the scope of the invention.

Claims (14)

1. An identity authentication method based on a blockchain is characterized by comprising the following steps:
obtaining registration information of a target user for registering a target system, wherein the target user is any user registering the target system, and the registration information comprises: a user name, a login password;
generating a first address and a second address according to the registration information, wherein the first address is a first public key calculated by taking the user name as a first private key, and the second address is a second public key calculated by taking a splicing result of the user name and the login password as a second private key;
uploading the user name, the first address and the second address to the target system, wherein the target system executes a first transaction and a second transaction according to the first address and the second address, records transaction information of the user name, the first transaction and the second transaction into a blockchain network, wherein the first transaction is a transaction of paying 1 user coin to the first address by a third address, the second transaction is a transaction of paying 1 user coin to the second address by the first address, and the third address is an address of the target system in the blockchain network, and the third address has a preset user number of user coins;
According to the transaction information recorded on the blockchain network, carrying out identity authentication on the target user;
the method further comprises the steps of:
obtaining login information of the target user for logging in the target system, wherein the login information comprises: a user name, a login password;
generating the second address according to the user name and the login password;
uploading the second address to the target system, wherein the target system queries whether the second address has 1 user coin based on a blockchain network, and returns a first random number to a client when the second address has 1 user coin;
receiving a first random number returned by the target system;
encrypting the first random number by adopting the second private key to obtain encrypted data;
uploading the encrypted data to the target system, wherein the target system decrypts the encrypted data by adopting the second public key to obtain a second random number, verifies whether the second random number is consistent with the first random number, and returns a login result to the client according to a verification result.
2. The method of claim 1, wherein the method further comprises:
Obtaining password modification information of a login password in the target user modification target system, wherein the password modification information comprises: user name, old login password, new login password;
generating a fourth address and a fifth address according to the password modification information, wherein the fourth address is a fourth public key calculated by taking a splicing result of the user name and the old login password as a fourth private key, and the fifth address is a fifth public key calculated by taking a splicing result of the user name and the new login password as a fifth private key; uploading the fourth address to the target system, wherein the target system queries the last transaction data of the fourth address based on a blockchain network and returns the last transaction data to a client;
executing a third transaction according to the last transaction data of the fourth address, wherein the third transaction is a transaction of paying 1 user coin to the fifth address by the fourth address;
and uploading the transaction information of the third transaction to the target system, wherein the target system records the transaction information of the third transaction to a blockchain network.
3. The method of claim 2, wherein uploading transaction information for the third transaction to the target system comprises:
Signing the last transaction data of the fourth address by adopting the fourth private key to obtain signature data;
uploading the signature data and the transaction information of the third transaction to the target system, wherein the target system broadcasts the signature data and the transaction information of the third transaction to a blockchain network, each node in the blockchain network verifies the validity of the third transaction based on the signature data, and when the validity verification of the third transaction passes, the transaction information of the third transaction is recorded.
4. The method of claim 1, wherein the method further comprises:
querying whether the user name exists on the blockchain network;
and when the user name exists on the blockchain network, returning a first registration result, wherein the first registration result is used for representing that the user name is registered.
5. The method of claim 4, wherein the method further comprises:
querying whether the first address exists on the blockchain network;
querying whether the second address exists on the blockchain network when the first address exists on the blockchain network;
And when the second address exists on the blockchain network, returning a second registration result, wherein the second registration result is used for representing that the user name is registered and login password verification passes.
6. The method of claim 5, wherein the method further comprises:
and returning a third registration result when the second address is not present on the blockchain network, wherein the third registration result is used for representing that the user name is registered and login password verification is not passed.
7. A blockchain-based identity authentication device, comprising:
the registration information acquisition module is used for acquiring registration information of a target user registered in a target system, wherein the target user is any user registered in the target system, and the registration information comprises: a user name, a login password;
the registration information processing module is used for generating a first address and a second address according to the registration information, wherein the first address is a first public key calculated by taking the user name as a first private key, and the second address is a second public key calculated by taking a splicing result of the user name and the login password as a second private key;
A registration information uploading module, configured to upload the user name, the first address, and the second address to the target system, where the target system executes a first transaction and a second transaction according to the first address and the second address, and records the user name, transaction information of the first transaction, and transaction information of the second transaction to a blockchain network, where the first transaction is a transaction in which a third address pays 1 user coin to the first address, the second transaction is a transaction in which the first address pays 1 user coin to the second address, and the third address is an address of the target system in the blockchain network, and where the third address has a preset number of user coins;
the user identity authentication module is used for authenticating the identity of the target user according to the transaction information recorded on the blockchain network;
the apparatus further comprises:
the login information acquisition module is used for acquiring login information of the target user for logging in the target system, wherein the login information comprises the following components: a user name, a login password;
the login information processing module is used for generating the second address according to the user name and the login password;
The login information uploading module is used for uploading the second address to the target system, wherein the target system inquires whether the second address has 1 user coin based on a blockchain network, and when the second address has 1 user coin, a first random number is returned to a client;
the random number acquisition module is used for receiving a first random number returned by the target system;
the random number encryption module is used for encrypting the first random number by adopting the second private key to obtain encrypted data;
and the login verification module is used for uploading the encrypted data to the target system, wherein the target system decrypts the encrypted data by adopting the second public key to obtain a second random number, verifies whether the second random number is consistent with the first random number or not, and returns a login result to the client according to a verification result.
8. The apparatus of claim 7, wherein the apparatus further comprises:
the password modification information acquisition module is used for acquiring password modification information of the login password in the target user modification target system, wherein the password modification information comprises the following components: user name, old login password, new login password;
The password modification information processing module is used for generating a fourth address and a fifth address according to the password modification information, wherein the fourth address is a fourth public key calculated by taking a splicing result of the user name and the old login password as a fourth private key, and the fifth address is a fifth public key calculated by taking a splicing result of the user name and the new login password as a fifth private key;
the old password information inquiry module is used for uploading the fourth address to the target system, wherein the target system inquires the last transaction data of the fourth address based on a blockchain network and returns the last transaction data to the client;
the password modification module is used for executing a third transaction according to the last transaction data of the fourth address, wherein the third transaction is a transaction of paying 1 user coin to the fifth address by the fourth address;
and the new password information uploading module is used for uploading the transaction information of the third transaction to the target system, wherein the target system records the transaction information of the third transaction to a blockchain network.
9. The apparatus of claim 8, wherein the new cryptographic information upload module is further configured to sign last transaction data at the fourth address with the fourth private key to obtain signature data and upload the signature data and transaction information for the third transaction to the target system, wherein the target system broadcasts the signature data and the transaction information for the third transaction to a blockchain network, each node in the blockchain network verifies validity of the third transaction based on the signature data, and records the transaction information for the third transaction if the validity of the third transaction is verified.
10. The apparatus of claim 7, wherein the apparatus further comprises:
and the registration information verification module is used for inquiring whether the user name exists on the blockchain network or not and returning a first registration result when the user name exists on the blockchain network, wherein the first registration result is used for representing that the user name is registered.
11. The apparatus of claim 10, wherein the registration information verification module is further to query whether the first address is present on the blockchain network and, if the first address is present on the blockchain network, to query whether the second address is present on the blockchain network; and when the second address exists on the blockchain network, returning a second registration result, wherein the second registration result is used for representing that the user name is registered and login password verification passes.
12. The apparatus of claim 11, wherein the registration information verification module is further configured to return a third registration result if the second address is not present on the blockchain network, wherein the third registration result is used to characterize that the username is registered and login password verification is not passed.
13. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the blockchain-based identity authentication method of any of claims 1 to 6 when the computer program is executed by the processor.
14. A computer readable storage medium, having stored thereon a computer program which when executed by a processor implements the blockchain-based identity authentication method of any of claims 1 to 6.
CN202010596168.9A 2020-06-28 2020-06-28 Identity authentication method and device based on block chain Active CN111753014B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010596168.9A CN111753014B (en) 2020-06-28 2020-06-28 Identity authentication method and device based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010596168.9A CN111753014B (en) 2020-06-28 2020-06-28 Identity authentication method and device based on block chain

Publications (2)

Publication Number Publication Date
CN111753014A CN111753014A (en) 2020-10-09
CN111753014B true CN111753014B (en) 2023-08-22

Family

ID=72677513

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010596168.9A Active CN111753014B (en) 2020-06-28 2020-06-28 Identity authentication method and device based on block chain

Country Status (1)

Country Link
CN (1) CN111753014B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112507296B (en) * 2020-11-12 2024-04-05 迅鳐成都科技有限公司 User login verification method and system based on blockchain
CN113034139B (en) * 2021-03-15 2023-12-26 中国人民大学 Block chain multi-coin wallet based on living organism biological characteristic authentication and implementation method thereof
CN113393242B (en) * 2021-04-27 2022-11-01 连通(杭州)技术服务有限公司 Method and equipment for safe off-line electronic payment of token model payers
CN113468594B (en) * 2021-06-25 2024-03-19 江苏大学 Identity management method based on block chain
CN114629713A (en) * 2022-03-25 2022-06-14 阿里云计算有限公司 Identity verification method, device and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104320262A (en) * 2014-11-05 2015-01-28 中国科学院合肥物质科学研究院 User public key address binding, searching and verifying method and system based on crypto currency open account book technology
CN106357640A (en) * 2016-09-18 2017-01-25 江苏通付盾科技有限公司 Method, system and server for authenticating identities on basis of block chain networks
CN109104419A (en) * 2018-07-27 2018-12-28 中链科技有限公司 A kind of generation method and system of block chain account
CN109145540A (en) * 2018-08-24 2019-01-04 广州大学 A kind of intelligent terminal identity identifying method and device based on block chain
CN111010381A (en) * 2019-12-06 2020-04-14 趣派(海南)信息科技有限公司 Cross-chain-based identity authentication method and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3396612A1 (en) * 2017-04-24 2018-10-31 BlockSettle AB Method and system for creating a user identity

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104320262A (en) * 2014-11-05 2015-01-28 中国科学院合肥物质科学研究院 User public key address binding, searching and verifying method and system based on crypto currency open account book technology
CN106357640A (en) * 2016-09-18 2017-01-25 江苏通付盾科技有限公司 Method, system and server for authenticating identities on basis of block chain networks
CN109104419A (en) * 2018-07-27 2018-12-28 中链科技有限公司 A kind of generation method and system of block chain account
CN109145540A (en) * 2018-08-24 2019-01-04 广州大学 A kind of intelligent terminal identity identifying method and device based on block chain
CN111010381A (en) * 2019-12-06 2020-04-14 趣派(海南)信息科技有限公司 Cross-chain-based identity authentication method and system

Also Published As

Publication number Publication date
CN111753014A (en) 2020-10-09

Similar Documents

Publication Publication Date Title
AU2021206913B2 (en) Systems and methods for distributed data sharing with asynchronous third-party attestation
CN111753014B (en) Identity authentication method and device based on block chain
US10708060B2 (en) System and method for blockchain-based notification
US11082420B2 (en) Certificate issuing system based on block chain
CN109274652B (en) Identity information verification system, method and device and computer storage medium
CN110535648B (en) Electronic certificate generation and verification and key control method, device, system and medium
AU2017313687A1 (en) Dynamic cryptocurrency aliasing
CN111740966B (en) Data processing method based on block chain network and related equipment
CN110535807B (en) Service authentication method, device and medium
CN106302606B (en) Across the application access method and device of one kind
CN109861996B (en) Block chain-based relationship proving method, device, equipment and storage medium
CN110674531B (en) Residential information management method, device, server and medium based on block chain
CN111651794A (en) Alliance chain-based electronic data management method and device and storage medium
CN106331042B (en) Single sign-on method and device for heterogeneous user system
WO2017050147A1 (en) Information registration and authentication method and device
CN114629713A (en) Identity verification method, device and system
WO2024011863A1 (en) Communication method and apparatus, sim card, electronic device, and terminal device
CN113810426B (en) Access system, method and device of instant messaging service
Du et al. A Blockchain-based Online Transaction System for Physical Products Trading with Fairness, Privacy Preservation, and Auditability
EP3219074A1 (en) Network based identity federation
CN115242471A (en) Information transmission method and device, electronic equipment and computer readable storage medium
CN116961937A (en) Block chain program access method, related equipment and storage medium
JP2022104875A (en) Repudiable credentials
CN117201048A (en) Block chain-based data authorization method, device, equipment and medium
CN116980136A (en) Interface processing method, device, equipment, storage medium and product of intelligent contract

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant