CN111914270A - Programmable authentication service method and system based on block chain technology - Google Patents

Programmable authentication service method and system based on block chain technology Download PDF

Info

Publication number
CN111914270A
CN111914270A CN202010651261.5A CN202010651261A CN111914270A CN 111914270 A CN111914270 A CN 111914270A CN 202010651261 A CN202010651261 A CN 202010651261A CN 111914270 A CN111914270 A CN 111914270A
Authority
CN
China
Prior art keywords
authentication
block chain
user
information
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010651261.5A
Other languages
Chinese (zh)
Inventor
徐信来
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangxi Jiayi Big Data Technology Co ltd
Original Assignee
Guangxi Jiayi Big Data Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangxi Jiayi Big Data Technology Co ltd filed Critical Guangxi Jiayi Big Data Technology Co ltd
Priority to CN202010651261.5A priority Critical patent/CN111914270A/en
Publication of CN111914270A publication Critical patent/CN111914270A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Power Engineering (AREA)
  • Algebra (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

A programmable authentication service method and system based on block chain technology, a client terminal includes: intelligent hardware; the client data communication interface is used for communicating with the block chain authentication service platform; the following program modules run on the intelligent hardware: the password manager is used for generating a private key, a public key and a user authentication address which are required by authentication; a two-dimensional code analyzer; the algorithm updater is used for updating and synchronizing the authentication algorithm; the block chain authentication service platform comprises: the server-side data communication interface is used for communicating with the client terminal and the big data analysis platform; the authentication analysis engine is used for analyzing the user data sent by the authentication client terminal, and the authenticated user data can be stored in the block chain authentication encrypted data layer; a two-dimensional code generator; the algorithm expansion unit is used for updating and expanding the authentication object, the authentication condition, the authentication and the encryption algorithm; and the block chain authentication encrypted data layer is used for encrypting and verifying the authenticated user data and storing the user data into the block chain.

Description

Programmable authentication service method and system based on block chain technology
Technical Field
The invention relates to an identity authentication technology, in particular to a programmable authentication service method and a system based on a block chain technology.
Background
Although the centralized authentication system based on the traditional internet is not limited by time and regions and is simple and convenient, things are always continuously developed forward, and with the personalized requirements of people on network data security, execution efficiency, convenience and authentication services, the problems of the traditional authentication system become more and more obvious, and mainly include the following aspects:
1) security of the network is problematic
The traditional internet authentication system is a centralized server-based system, and inevitably has a data security problem, which mainly includes two aspects:
a. security attack on a network
Due to the centralized server, the network is vulnerable to various network attacks by hackers, such as DDOS network attack (for the centralized network architecture, there is no solution to the problem that is well solved so far).
b. User's personal data security
Centralized authentication systems generally require a user to provide relatively complete and sensitive personal information, such as an identification card, a mobile phone number, a personal home address, and the like, which may be illegally used by hackers or the staff of the authentication system to infringe the data and privacy of the user.
2) Low efficiency
The centralized authentication system needs centralized authentication, the load of a central node is high, and all verification work is finished by the central node. Many times, the efficiency is less efficient.
3) Lack of extensibility
The traditional authentication system has poor expandability, such as changing photos of identity verification personnel, or adding authentication projects, such as adding grain contract data of farmers in a farmer identity authentication system, and the like, which are difficult to realize or impossible to realize.
4) Information tracking of whole flow is difficult to achieve
In the traditional authentication system, only limited authentication information with a fixed format is recorded, so that the query and the source tracing of the whole process of the authentication information are difficult to achieve, and the specific process control and optimization cannot be optimized.
Disclosure of Invention
The present invention has been made in view of the above problems, and it is an object of the present invention to provide a programmable authentication service method based on a block chain technique and an apparatus for use in the method, which solve the above problems or partially solve the above problems.
The specific technical scheme of the invention is as follows:
a programmable authentication service system based on a block chain technology is characterized by comprising a client terminal, a block chain authentication service platform and a big data analysis platform;
wherein, the client terminal includes:
an intelligent hardware;
a client data communication interface for communicating with the block chain authentication service platform data;
and the following program modules running on the intelligent hardware:
the password manager is used for generating a private key, a public key and a user authentication address which are required by authentication;
the two-dimensional code analyzer is used for analyzing the two-dimensional code;
the algorithm updater is used for updating and synchronizing the authentication algorithm;
the block chain authentication service platform comprises:
the server-side data communication interface is used for communicating with the client terminal and the big data analysis platform;
the authentication analysis engine is used for analyzing user data sent by an authentication client terminal, and the authenticated user data can be stored in the block chain authentication encryption data layer, wherein the user data comprises user identity information and authentication information;
the two-dimensional code generator is used for generating a two-dimensional code according to the authentication result information;
the algorithm expansion unit is used for updating and expanding the authentication object, the authentication condition, the authentication and the encryption algorithm;
the block chain authentication encryption data layer is used for encrypting and verifying the authenticated user data and storing the user data into the block chain; in combination with actual needs, the system classifies authentication objects into the following 3 types:
1) identity authentication
For example, farm identity authentication, farmer identity authentication, etc. in the numerical farm;
2) physical property authentication
For example, raw material authentication, liquor traceability authentication, and the like in a numerical farm;
3) procedural authentication
Such as production certification, planting certification, transaction certification, etc. in the value farm.
The system can select authentication conditions;
according to various authentication types, various authentication conditions can be defined and selected;
such as: for the user identity authentication, the face recognition and the user identity card of the user can be used as authentication conditions.
Wherein, big data analysis platform includes:
a data storage for storing user data;
and the big data analysis engine is used for mining and analyzing the stored user data and providing the update support for the block chain authentication service platform data and the authentication and encryption algorithm.
Further, the client terminal further comprises a picture generator, the picture generator is used for generating picture information and storing the picture information according to a certain format, pixels and size, and correspondingly, the block chain authentication service platform is matched with a face recognition engine which is used for carrying out face recognition authentication on the picture information.
Further, the algorithm expansion unit includes:
an encryption algorithm selector for providing an encryption algorithm according to the requirements of user and system security;
the identity information configurator is used for configuring relevant verification information required by identity authentication according to the needs of the system;
the authentication rule definer is used for self-defining the authentication rule;
and the authentication process controller is used for controlling and managing the authentication process.
A programmable authentication service method based on block chain technology comprises the following steps:
q1, the client terminal generates the information needed by authentication, including private key, public key and user authentication address;
q2, the block chain authentication service platform obtains user data through intelligent hardware, the user data comprises user identity information and authentication information, the user identity information and the authentication information passing the authentication can be written into the block chain in an encrypted form, wherein the user identity information and the authentication information can be modified according to requirements;
q3, big data analysis platform stores and mines and analyzes user data and provides block chain authentication service platform data and update support for authentication and encryption algorithms.
Further, the implementation process of the client terminal is as follows:
s1, installing a cryptographically secure pseudo-random number generator on intelligent hardware;
s2, randomly generating a 32-bit private key through a source seed with enough entropy value;
s3, storing the private key on the intelligent hardware, wherein the private key cannot be spread on the network, and a user can lead the private key into a storage device which is not connected to the network;
s4, generating a public key by the private key through an asymmetric encryption algorithm;
s5, the public key is sent to a block chain authentication service platform;
s6, generating a user authentication address by the public key through a Hash algorithm;
s7, writing the user authentication address into a block chain authentication encryption data layer;
and S8, storing the user authentication address and data generated in the user authentication to a big data analysis platform.
Further, the block chain authentication service platform is implemented as follows:
t1, the user uploads the authenticated user identity information to a block chain authentication service platform through intelligent hardware;
t2, when the user identity information needs to be changed, the change information can be uploaded to a block chain authentication service platform through intelligent hardware, and the change information is confirmed by the platform;
the block chain authentication service platform writes the user identity information and the timestamp information into the block chain through a hash algorithm, namely the user identity information written into the block chain is hash (user identity information) + timestamp;
t4, the user who completes the identity submission and confirmation can submit various authentication information, and the authentication is realized by the following process:
1) a user determines a Hash encryption algorithm, and generates a message abstract from the plain text;
2) the user encrypts the message digest by using a private key, so that a digital signature of the plaintext is generated;
3) the user encrypts the plaintext, the message digest and the digital signature by a symmetric encryption algorithm;
4) the user sends the information encrypted in the step 3) to a block chain authentication service platform;
5) decrypting by the block chain authentication service platform to obtain a plaintext, a message digest and a digital signature;
6) the block chain authentication service platform calculates a message digest through the public key of the user and the same encryption algorithm, then compares the message digests sent by the user, if the message digests are consistent, the contents of the messages are sent by the user himself and are not tampered, otherwise, the authentication fails;
t5, when the user authentication information needs to be changed, the change information can be uploaded to a block chain authentication service platform through intelligent hardware, and the service platform confirms the change information;
t6, the service platform writes the authentication information and the timestamp information into the block chain through a hash algorithm, that is, writes the authentication information of the block chain as hash (authentication information) + timestamp;
t7, according to the actual service condition, the block chain authentication service platform needs to update or add a new authentication and encryption algorithm, and under the condition, the algorithm is synchronized to the block chain authentication service platform through an algorithm expansion unit;
t8. the service platform writes the algorithm expansion content and the timestamp information into the block chain through a hash algorithm, that is, the algorithm expansion content written into the block chain is hash (algorithm expansion content) + timestamp;
t9. all the user identity information and authentication information agreed by the user himself are stored in the big data analysis platform as the raw data of big data analysis.
Further, the implementation flow of the algorithm expansion unit is as follows:
p1. the encryption algorithm selector may select the encryption algorithm and then synchronize to the password manager;
p2, writing the encryption algorithm ID and the time stamp selected by the encryption algorithm selector into the block chain;
p3, the identity information configurator can configure relevant verification information during identity authentication and then synchronize to identity information management;
p4, the identity information configurator writes the configured verification information and the configured time stamp into the block chain;
p5. the authentication rule definer can select the encryption algorithm and parameters required by various authentications in the authentication process;
p6, the authentication rule definer writes the defined authentication rule ID and the timestamp into the block chain;
p7, the authentication process controller can control the authentication process and select an authentication mechanism and information required by authentication according to actual requirements;
p8, the authentication flow controller writes the defined authentication flow ID and the timestamp into the block chain;
and P9, storing the authentication information authorized by the user to the big data analysis platform, and tracking the whole process of optimizing the authentication by the big data analysis engine.
According to the technical scheme, the programmable authentication service system is constructed on the block chain, all data records are required to be real and credible and are not tampered, and the source tracing can be realized to obtain the whole authentication process data. The characteristics of trust and center removal of the block chain technology can provide a more efficient authentication process, reduce the dependence on a center server, ensure a more reliable system and further protect the data security of a user. The block chain authentication service platform has good expansibility, can set an authentication object, select an authentication condition and introduce a related authentication and encryption algorithm, and is a programmable authentication service platform. And finally, all user data (including picture information) and intermediate process data are stored in a big data analysis platform, so that the user data are conveniently stored, mined and analyzed, and the authentication process is optimized.
For the true trustworthiness of the data, it cannot be tampered with. The system adopts the authentication encryption technology of the block chain to write the authenticated user data into the block chain. Meanwhile, in order to ensure data security, the system adopts an ECC (elliptic curve cryptography algorithm) asymmetric cryptography algorithm and a Sha256 Hash cryptography algorithm. In order to trace the source and obtain the whole authentication process data, the 32-bit user authentication address and the time stamp information on the block chain authentication service platform are completely stored in the block chain. In order to achieve the characteristics of trust and center removal, the system adopts a block chain technology, and all nodes on a distributed network participate in data authentication, so that the load of a centralized server and the risk of network attack can be reduced, and particularly the traditional DDOS network attack can be well dealt with. In the aspect of protecting the security of user data, the platform can be used for network attack, and because the platform is stored in a blockchain or a big data analysis platform and is encrypted, and a plurality of sensitive information (such as private keys, passwords and personal data) of users are stored in local intelligent hardware of the users, the security of personal data can be ensured to the maximum extent.
The system adopts a face recognition technology, and can upload and collect face information through intelligent hardware, such as a smart phone, and confirm whether the operation is the operation of the user. The system can customize and introduce the related authentication and encryption algorithm, and more practically, the authentication and encryption algorithm can be introduced into the block chain authentication service platform according to the requirement, so that various customized authentication and encryption algorithms can be automatically loaded and updated by intelligent hardware, and the system is convenient for users to use. The present system widely adopts a two-dimensional code recognition technology in consideration of user convenience and feasibility of operation. The two-dimensional code generator is embedded in the block chain authentication service platform, and meanwhile, data of the two-dimensional code can be scanned and analyzed at the client terminal, so that a complicated input process of a user can be avoided. Due to the data storage limitation of the block chain authentication service platform and the fact that each node can quickly synchronize data, user data, particularly picture information, can be stored in the big data analysis platform, meanwhile, a key path for optimizing an authentication process can be found through big data analysis, and finally the execution efficiency of the whole system is optimized.
Drawings
The present application will be described in further detail below with reference to the accompanying drawings by way of specific embodiments.
FIG. 1 is a system framework diagram of the present invention;
FIG. 2 is a schematic flow chart of a client terminal of the present invention;
FIG. 3 is a flow chart of the blockchain authentication service platform according to the present invention;
fig. 4 is a flow diagram of the algorithm expansion unit of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present embodiments more clear, the technical solutions in the present embodiments will be described clearly and completely below with reference to the accompanying drawings in the present embodiments, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present application.
Examples
The first step of the present invention is to generate information required for authentication, including a private key, a public key, and a user authentication address, at a client terminal.
The 256-bit private key is randomly generated by a pseudo random number generator (CSPRNG) and is stored within the user's smart hardware and is not propagated through the network.
The public key can be generated through the asymmetric encryption algorithm, the asymmetric encryption algorithm can be dynamically selected through the encryption algorithm selector, so that the safety of the system can be improved, and the public key can be sent to the block chain authentication service platform when the data generated by the private key needs to be decoded.
The user authentication address can be generated by hashing the public key, and the hash encryption algorithm can be dynamically selected by the encryption algorithm selector, so that the safety of the system can be improved. The user authentication address can be externally disclosed and used for receiving various information, so that the user authentication address can be stored on the block chain authentication service platform and the big data analysis platform.
The second step is the authentication of user data, and the user submits the user data to a block chain authentication service platform through intelligent hardware, wherein the user data can be divided into two types:
1) user identity information
The identity of the user and the personal photo information of the user.
2) Authentication information
The method comprises the authentication of various materials of the user, such as digital signature of a contract, the proof of the generation of the raw grain of a farmer and the like.
Meanwhile, the user identity information and the authentication information can be modified according to needs, the modified information can be submitted to a block chain authentication service platform, and the platform can confirm the effectiveness of modification according to the public key of the user and the information such as the picture information uploaded by the user.
Meanwhile, the authenticated user identity information and the authenticated information can be written into the block chain in an encrypted form, so that the validity and the tamper resistance of the data can be ensured, and the personal privacy data of the user can be protected.
Due to the limitation of the data storage capacity of the block chain, user data, especially original data such as picture information and the like, can be stored in the big data analysis platform, and the block chain only keeps the integral hash value of the data and the timestamp information generated by the data.
The invention fully considers the personalized customization of the authentication information, the flexibility of the authentication process and the authentication rule.
In order to realize the authentication expandability, the system is specially designed with an algorithm expansion unit which is embedded in a block chain authentication service platform and comprises the following four program modules.
1) Encryption algorithm selector
Encryption algorithms may be provided as needed for user and system security.
2) Identity information configurator
Relevant verification information required by identity authentication can be configured according to the actual situation and practical needs of the system, for example, a farmer needs to generate a farmer-dedicated farmer identity card, the identity card information of the farmer can be required, and the farmer contracts with the land of the farm, and the information can generate the verification information of the identity authentication through the identity information configurator under the condition that a code is not changed.
3) Authentication rule definer
Various authentication rules may be customized by the authentication rule definer, such as the times at which the rules begin and end may be defined.
4) Authentication process controller
The authentication process can be controlled and managed by the authentication process controller.
All the authentication rules changed or newly defined by the algorithm extension unit are automatically synchronized to the intelligent hardware by the block chain authentication service platform. User data and feedback information of the user before and after updating of the algorithm expansion unit are stored in the big data analysis platform, and the user data are counted and an authentication optimization scheme is provided through big data analysis.
Meanwhile, in order to facilitate the operation of a user and the inquiry and tracing of authentication information, the system searches and obtains related information in a two-dimensional code scanning mode, and the information of the two-dimensional code has the following contents.
1) User authentication address
The 16-bit user authentication address can be sent to other users in a two-dimensional code form and used for transmitting and confirming various authentication information of other users.
2) Authenticating submission information
After the user submits the authentication information, the authentication submission time and the authentication content information of the user can be obtained from the block chain authentication service platform.
3) Authentication result information
When the authentication result information is sent to the user from the block chain authentication service platform, the user can obtain the authentication result information, and the authentication result information is also sent to the user through the two-dimensional code.
And the third step is that the big data analysis platform stores the user data, mines and analyzes the user data, and provides the block chain authentication service platform data and the updating support of the authentication and encryption algorithm.
As shown in fig. 1, the present invention provides a distributed programmable authentication service method based on a block chain technology and a related device, and the system implementation includes the following contents:
1. client terminal
Including the intelligent hardware required by the client terminal to authenticate the user (e.g., smart phones, PCs and handheld devices IDATA50, IDAT95, etc.).
Various types of program modules that run on the intelligent hardware include:
1) password manager
The private key, the public key and the user authentication address are produced through a cryptography technology, and particularly, the private key is stored on an intelligent hardware local, so that the safety of the user private key can be ensured.
2) Picture generator
The picture generator generates various kinds of picture information, such as a self-portrait picture, and the like, and stores the information according to a certain format, pixels and size.
3) Two-dimensional code analyzer
And analyzing the two-dimensional code generated by the block chain authentication service platform.
4) Algorithm updater
And receiving the updating of the authentication algorithm of the block chain authentication service platform and synchronizing various authentication algorithms of the block chain authentication service platform.
5) Client data communication interface
And various data generated by the client terminal are sent to the server data communication interface through the client data communication interface.
2. Block chain authentication service platform
The server-side data communication interface realizes data communication with the client terminal and the big data analysis platform;
the block chain authentication service platform also has the following program modules:
1) authentication analysis engine
The authentication analysis engine analyzes the user data transmitted by the authentication client terminal, and the user data passing the authentication is stored in the underlying block chain authentication encryption data layer.
2) Face recognition engine
The authentication of the system is combined with face authentication besides cryptographic authentication, and a user can upload picture information to perform face recognition authentication.
3) Two-dimensional code generator
And generating a corresponding two-dimensional code according to the authentication result information, so that the result is convenient to query.
4) Algorithm extension unit
The system supports the updating and the expansion of an authentication object, an authentication condition and an authentication and encryption algorithm, and can realize programmable authentication.
5) Block chain authenticated encrypted data layer
And the block chain authentication encryption data layer encrypts and verifies the authenticated user data, and then stores the user data into the block chain to ensure the safety of the data and prevent the data from being tampered.
3. Big data analysis platform
The data storage device is responsible for storing various user data;
then, mining and analyzing the big data through a big data analysis engine;
and the block chain authentication service platform is provided with updating support of various data and authentication and encryption algorithms.
As shown in fig. 2, the implementation flow of the client terminal is as follows:
s1, installing a cryptology safe pseudo-random number generator (CSPRNG) on intelligent hardware;
s2, randomly generating a 32-bit private key through a source seed with enough entropy value;
s3, the private key is stored in the intelligent hardware, the private key cannot be spread on the network, and a user can lead the private key into a storage device which is not connected to the network, such as a U disk, and the storage device is similar to a cold wallet;
s4, generating a public key by the private key through an asymmetric encryption algorithm (such as RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm) and the like);
s5, the public key is sent to a block chain authentication service platform;
s6, generating a user authentication address by the public key through a Hash algorithm ((HMAC), MD2, MD4, MD5 and SHA);
s7, writing the user authentication address into a block chain authentication encryption data layer;
and S8, storing the user authentication address and data generated in the user authentication to a big data analysis platform.
As shown in fig. 3, the block chain authentication service platform is implemented as follows:
t1, a user uploads authenticated user identity information (such as identity card information, personal photos and the like) to a block chain authentication service platform through intelligent hardware (a mobile phone, a notebook computer and a PC);
t2, when the user identity information needs to be changed, the change information can be uploaded to a block chain authentication service platform through intelligent hardware, and the change information is confirmed by the platform;
the block chain authentication service platform writes the user identity information and the timestamp information into the block chain through a hash algorithm, namely the user identity information written into the block chain is hash (user identity information) + timestamp;
t4, the user who completes the identity submission and confirmation can submit various authentication information, and the authentication is realized by the following process:
1) a user determines a hash encryption algorithm (such as sha, MD5, HMAC and the like) and generates a message digest from a plaintext;
2) the user encrypts the message digest by using a private key (such as an asymmetric encryption algorithm such as RSA, EEC, Elgamal, etc.), so as to generate a digital signature of the plaintext;
3) the user encrypts the plaintext, the message digest and the digital signature by a symmetric encryption algorithm (for example: encryption algorithms such as DES, 3DES, and TDEA);
4) the user sends the information encrypted in the step 3) to a block chain authentication service platform;
5) decrypting by the block chain authentication service platform to obtain a plaintext, a message digest and a digital signature;
6) the block chain authentication service platform calculates a message digest through the public key of the user and the same encryption algorithm, then compares the message digests sent by the user, if the message digests are consistent, the contents of the messages are sent by the user himself and are not tampered, otherwise, the authentication fails;
t5, when the user authentication information needs to be changed, the change information can be uploaded to a block chain authentication service platform through intelligent hardware, and the service platform confirms the change information;
t6, the service platform writes the authentication information and the timestamp information into the block chain through a hash algorithm, that is, writes the authentication information of the block chain as hash (authentication information) + timestamp;
t7, according to the actual service condition, the block chain authentication service platform needs to update or add a new authentication and encryption algorithm, and under the condition, the algorithm is synchronized to the block chain authentication service platform through an algorithm expansion unit;
t8. the service platform writes the algorithm expansion content and the timestamp information into the block chain through a hash algorithm, that is, the algorithm expansion content written into the block chain is hash (algorithm expansion content) + timestamp;
t9. all the user identity information and authentication information agreed by the user himself are stored in the big data analysis platform as the raw data of big data analysis.
As shown in fig. 4, the implementation flow of the algorithm expansion unit is as follows:
p1. the encryption algorithm selector may select the encryption algorithm and then synchronize to the password manager;
p2, writing the encryption algorithm ID and the time stamp selected by the encryption algorithm selector into the block chain;
p3, the identity information configurator can configure relevant verification information during identity authentication, such as identity card information and face recognition information, and then synchronize to identity information management;
p4, the identity information configurator writes the configured verification information and the configured time stamp into the block chain;
p5. the authentication rule definer can select the encryption algorithm and parameters required by various authentications in the authentication process;
p6, the authentication rule definer writes the defined authentication rule ID and the timestamp into the block chain;
p7, the authentication process controller can control the authentication process and select an authentication mechanism and information required by authentication according to actual requirements;
p8, the authentication flow controller writes the defined authentication flow ID and the timestamp into the block chain;
and P9, storing the authentication information authorized by the user to the big data analysis platform, and tracking the whole process of optimizing the authentication by the big data analysis engine.
The present invention has been described in terms of specific examples, which are provided to aid understanding of the invention and are not intended to be limiting. For a person skilled in the art to which the invention pertains, several simple deductions, modifications or substitutions may be made according to the idea of the invention.

Claims (7)

1. A programmable authentication service system based on a block chain technology is characterized by comprising a client terminal, a block chain authentication service platform and a big data analysis platform;
wherein, the client terminal includes:
an intelligent hardware;
a client data communication interface for communicating with the block chain authentication service platform data;
and the following program modules running on the intelligent hardware:
the password manager is used for generating a private key, a public key and a user authentication address which are required by authentication;
the two-dimensional code analyzer is used for analyzing the two-dimensional code;
the algorithm updater is used for updating and synchronizing the authentication algorithm;
the block chain authentication service platform comprises:
the server-side data communication interface is used for communicating with the client terminal and the big data analysis platform;
the authentication analysis engine is used for analyzing user data sent by an authentication client terminal, and the authenticated user data can be stored in the block chain authentication encryption data layer, wherein the user data comprises user identity information and authentication information;
the two-dimensional code generator is used for generating a two-dimensional code according to the authentication result information;
the algorithm expansion unit is used for updating and expanding the authentication object, the authentication condition, the authentication and the encryption algorithm;
the block chain authentication encryption data layer is used for encrypting and verifying the authenticated user data and storing the user data into the block chain;
wherein, big data analysis platform includes:
a data storage for storing user data;
and the big data analysis engine is used for mining and analyzing the stored user data and providing the update support for the block chain authentication service platform data and the authentication and encryption algorithm.
2. The programmable authentication service system based on blockchain technology of claim 1, wherein the client terminal further comprises a picture generator for generating picture information and storing the picture information according to a certain format, pixels and size, and the blockchain authentication service platform is correspondingly matched with a face recognition engine for performing face recognition authentication on the picture information.
3. The programmable certification service system based on the blockchain technique according to claim 1, wherein the algorithm expanding unit includes:
an encryption algorithm selector for providing an encryption algorithm according to the requirements of user and system security;
the identity information configurator is used for configuring relevant verification information required by identity authentication according to the needs of the system;
the authentication rule definer is used for self-defining the authentication rule;
and the authentication process controller is used for controlling and managing the authentication process.
4. A programmable authentication service method based on the blockchain technology, based on the programmable authentication service system based on the blockchain technology of claim 3, comprising the steps of:
q1, the client terminal generates the information needed by authentication, including private key, public key and user authentication address;
q2, the block chain authentication service platform obtains user data through intelligent hardware, the user data comprises user identity information and authentication information, the user identity information and the authentication information passing the authentication can be written into the block chain in an encrypted form, wherein the user identity information and the authentication information can be modified according to requirements;
q3, big data analysis platform stores and mines and analyzes user data and provides block chain authentication service platform data and update support for authentication and encryption algorithms.
5. The programmable block chain technology-based authentication service method according to claim 4, wherein the client terminal is implemented as follows:
s1, installing a cryptographically secure pseudo-random number generator on intelligent hardware;
s2, randomly generating a 32-bit private key through a source seed with enough entropy value;
s3, storing the private key on the intelligent hardware, wherein the private key cannot be spread on the network, and a user can lead the private key into a storage device which is not connected to the network;
s4, generating a public key by the private key through an asymmetric encryption algorithm;
s5, the public key is sent to a block chain authentication service platform;
s6, generating a user authentication address by the public key through a Hash algorithm;
s7, writing the user authentication address into a block chain authentication encryption data layer;
and S8, storing the user authentication address and data generated in the user authentication to a big data analysis platform.
6. The programmable service method of claim 4, wherein the implementation procedure of the blockchain certification service platform is as follows:
t1, the user uploads the authenticated user identity information to a block chain authentication service platform through intelligent hardware;
t2, when the user identity information needs to be changed, the change information can be uploaded to a block chain authentication service platform through intelligent hardware, and the change information is confirmed by the platform;
the block chain authentication service platform writes the user identity information and the timestamp information into the block chain through a hash algorithm, namely the user identity information written into the block chain is hash (user identity information) + timestamp;
t4, the user who completes the identity submission and confirmation can submit various authentication information, and the authentication is realized by the following process:
1) a user determines a Hash encryption algorithm, and generates a message abstract from the plain text;
2) the user encrypts the message digest by using a private key, so that a digital signature of the plaintext is generated;
3) the user encrypts the plaintext, the message digest and the digital signature by a symmetric encryption algorithm;
4) the user sends the information encrypted in the step 3) to a block chain authentication service platform;
5) decrypting by the block chain authentication service platform to obtain a plaintext, a message digest and a digital signature;
6) the block chain authentication service platform calculates a message digest through the public key of the user and the same encryption algorithm, then compares the message digests sent by the user, if the message digests are consistent, the contents of the messages are sent by the user himself and are not tampered, otherwise, the authentication fails;
t5, when the user authentication information needs to be changed, the change information can be uploaded to a block chain authentication service platform through intelligent hardware, and the service platform confirms the change information;
t6, the service platform writes the authentication information and the timestamp information into the block chain through a hash algorithm, that is, writes the authentication information of the block chain as hash (authentication information) + timestamp;
t7, according to the actual service condition, the block chain authentication service platform needs to update or add a new authentication and encryption algorithm, and under the condition, the algorithm is synchronized to the block chain authentication service platform through an algorithm expansion unit;
t8. the service platform writes the algorithm expansion content and the timestamp information into the block chain through a hash algorithm, that is, the algorithm expansion content written into the block chain is hash (algorithm expansion content) + timestamp;
t9. all the user identity information and authentication information agreed by the user himself are stored in the big data analysis platform as the raw data of big data analysis.
7. The programmable service method of claim 4, wherein the algorithm expansion unit is implemented as follows:
p1. the encryption algorithm selector may select the encryption algorithm and then synchronize to the password manager;
p2, writing the encryption algorithm ID and the time stamp selected by the encryption algorithm selector into the block chain;
p3, the identity information configurator can configure relevant verification information during identity authentication and then synchronize to identity information management;
p4, the identity information configurator writes the configured verification information and the configured time stamp into the block chain;
p5. the authentication rule definer can select the encryption algorithm and parameters required by various authentications in the authentication process;
p6, the authentication rule definer writes the defined authentication rule ID and the timestamp into the block chain;
p7, the authentication process controller can control the authentication process and select an authentication mechanism and information required by authentication according to actual requirements;
p8, the authentication flow controller writes the defined authentication flow ID and the timestamp into the block chain;
and P9, storing the authentication information authorized by the user to the big data analysis platform, and tracking the whole process of optimizing the authentication by the big data analysis engine.
CN202010651261.5A 2020-07-08 2020-07-08 Programmable authentication service method and system based on block chain technology Pending CN111914270A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010651261.5A CN111914270A (en) 2020-07-08 2020-07-08 Programmable authentication service method and system based on block chain technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010651261.5A CN111914270A (en) 2020-07-08 2020-07-08 Programmable authentication service method and system based on block chain technology

Publications (1)

Publication Number Publication Date
CN111914270A true CN111914270A (en) 2020-11-10

Family

ID=73226624

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010651261.5A Pending CN111914270A (en) 2020-07-08 2020-07-08 Programmable authentication service method and system based on block chain technology

Country Status (1)

Country Link
CN (1) CN111914270A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113553605A (en) * 2021-06-25 2021-10-26 北京八分量信息科技有限公司 De-centering authentication system based on block chain
WO2022215517A1 (en) * 2021-04-06 2022-10-13 株式会社デンソー Data management system, data management method, and data management program

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107154852A (en) * 2017-04-18 2017-09-12 杭州趣链科技有限公司 A kind of mobile terminal auth method applied towards block chain
CN107292181A (en) * 2017-06-20 2017-10-24 无锡井通网络科技有限公司 Database Systems based on block chain and the application method using the system
CN107749847A (en) * 2017-10-23 2018-03-02 济南浪潮高新科技投资发展有限公司 A kind of method of block chain quadrature digital up-converter
WO2018046009A1 (en) * 2016-09-12 2018-03-15 上海鼎利信息科技有限公司 Block chain identity system
KR101829721B1 (en) * 2016-11-03 2018-03-29 주식회사 코인플러그 Method for certifying a user by using mobile id through blockchain, and terminal and server using the same
CN108259169A (en) * 2018-01-09 2018-07-06 北京大学深圳研究生院 A kind of file security sharing method and system based on block chain cloud storage
US10121025B1 (en) * 2018-02-22 2018-11-06 Capital One Services, Llc Content validation using blockchain
WO2019052286A1 (en) * 2017-09-12 2019-03-21 广州广电运通金融电子股份有限公司 User identity verification method, apparatus and system based on blockchain
CN109889479A (en) * 2018-12-21 2019-06-14 中链科技有限公司 User identity based on block chain deposits card, verification method and device and verification system
CN110138733A (en) * 2019-04-03 2019-08-16 华南理工大学 Object storage system based on block chain is credible to deposit card and access right control method
CN110771120A (en) * 2019-02-28 2020-02-07 阿里巴巴集团控股有限公司 System and method for blockchain based authentication
WO2020061923A1 (en) * 2018-09-27 2020-04-02 区链通网络有限公司 Blockchain-based account management system and management method, and storage medium
CN111368324A (en) * 2018-12-25 2020-07-03 北京思源政通科技集团有限公司 Credible electronic license platform system based on block chain and authentication method thereof

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018046009A1 (en) * 2016-09-12 2018-03-15 上海鼎利信息科技有限公司 Block chain identity system
KR101829721B1 (en) * 2016-11-03 2018-03-29 주식회사 코인플러그 Method for certifying a user by using mobile id through blockchain, and terminal and server using the same
CN107154852A (en) * 2017-04-18 2017-09-12 杭州趣链科技有限公司 A kind of mobile terminal auth method applied towards block chain
CN107292181A (en) * 2017-06-20 2017-10-24 无锡井通网络科技有限公司 Database Systems based on block chain and the application method using the system
WO2019052286A1 (en) * 2017-09-12 2019-03-21 广州广电运通金融电子股份有限公司 User identity verification method, apparatus and system based on blockchain
CN107749847A (en) * 2017-10-23 2018-03-02 济南浪潮高新科技投资发展有限公司 A kind of method of block chain quadrature digital up-converter
CN108259169A (en) * 2018-01-09 2018-07-06 北京大学深圳研究生院 A kind of file security sharing method and system based on block chain cloud storage
US10121025B1 (en) * 2018-02-22 2018-11-06 Capital One Services, Llc Content validation using blockchain
WO2020061923A1 (en) * 2018-09-27 2020-04-02 区链通网络有限公司 Blockchain-based account management system and management method, and storage medium
CN109889479A (en) * 2018-12-21 2019-06-14 中链科技有限公司 User identity based on block chain deposits card, verification method and device and verification system
CN111368324A (en) * 2018-12-25 2020-07-03 北京思源政通科技集团有限公司 Credible electronic license platform system based on block chain and authentication method thereof
CN110771120A (en) * 2019-02-28 2020-02-07 阿里巴巴集团控股有限公司 System and method for blockchain based authentication
CN110138733A (en) * 2019-04-03 2019-08-16 华南理工大学 Object storage system based on block chain is credible to deposit card and access right control method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
AHMAD SGHAIER OMAR: "Identity Management in IoT Networks Using Blockchain and Smart Contracts", 《2018 IEEE INTERNATIONAL CONFERENCE ON INTERNET OF THINGS (ITHINGS) AND IEEE GREEN COMPUTING AND COMMUNICATIONS (GREENCOM) AND IEEE CYBER, PHYSICAL AND SOCIAL COMPUTING (CPSCOM) AND IEEE SMART DATA (SMARTDATA)》 *
王乃洲等: "2023-06-25 10:14:03 曾娜 基于区块链技术的身份认证与存储方法研究", 《现代信息科技》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022215517A1 (en) * 2021-04-06 2022-10-13 株式会社デンソー Data management system, data management method, and data management program
CN113553605A (en) * 2021-06-25 2021-10-26 北京八分量信息科技有限公司 De-centering authentication system based on block chain

Similar Documents

Publication Publication Date Title
EP4120114A1 (en) Data processing method and apparatus, smart device and storage medium
KR102467596B1 (en) Blockchain implementation method and system
CN110417750B (en) Block chain technology-based file reading and storing method, terminal device and storage medium
US11626996B2 (en) Distributed system web of trust provisioning
US7571489B2 (en) One time passcode system
KR100827650B1 (en) Methods for authenticating potential members invited to join a group
WO2019127278A1 (en) Safe access blockchain method, apparatus, system, storage medium, and electronic device
TW202036351A (en) Field-programmable gate array based trusted execution environment for use in a blockchain network
US8953805B2 (en) Authentication information generating system, authentication information generating method, client apparatus, and authentication information generating program for implementing the method
KR20170057549A (en) Large simultaneous digital signature service system based on hash function and method thereof
US8806206B2 (en) Cooperation method and system of hardware secure units, and application device
CN110445840B (en) File storage and reading method based on block chain technology
US10887110B2 (en) Method for digital signing with multiple devices operating multiparty computation with a split key
US20120290833A1 (en) Certificate Blobs for Single Sign On
US20190044922A1 (en) Symmetric key identity systems and methods
Sun et al. Research on logistics information blockchain data query algorithm based on searchable encryption
CN112422287B (en) Multi-level role authority control method and device based on cryptography
CN114244508B (en) Data encryption method, device, equipment and storage medium
EP4096147A1 (en) Secure enclave implementation of proxied cryptographic keys
JP2017112604A (en) Method for improving encryption/decryption speed by complexly applying symmetric key encryption and asymmetric key double encryption
CN113411187A (en) Identity authentication method and system, storage medium and processor
CN111914270A (en) Programmable authentication service method and system based on block chain technology
KR102403303B1 (en) System for providing user authentication based ransomware encryption blocking service
CN115664852B (en) Data management method and system based on block chain technology
Shah et al. Third party public auditing scheme for security in cloud storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination