CN111934882B - Identity authentication method and device based on block chain, electronic equipment and storage medium - Google Patents

Identity authentication method and device based on block chain, electronic equipment and storage medium Download PDF

Info

Publication number
CN111934882B
CN111934882B CN202010684708.9A CN202010684708A CN111934882B CN 111934882 B CN111934882 B CN 111934882B CN 202010684708 A CN202010684708 A CN 202010684708A CN 111934882 B CN111934882 B CN 111934882B
Authority
CN
China
Prior art keywords
data
identity
block chain
random number
block
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010684708.9A
Other languages
Chinese (zh)
Other versions
CN111934882A (en
Inventor
王海山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An International Smart City Technology Co Ltd
Original Assignee
Ping An International Smart City Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An International Smart City Technology Co Ltd filed Critical Ping An International Smart City Technology Co Ltd
Priority to CN202010684708.9A priority Critical patent/CN111934882B/en
Publication of CN111934882A publication Critical patent/CN111934882A/en
Application granted granted Critical
Publication of CN111934882B publication Critical patent/CN111934882B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • G06F16/2471Distributed queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • General Health & Medical Sciences (AREA)
  • Fuzzy Systems (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Computational Linguistics (AREA)
  • Power Engineering (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a block chain technology, and discloses an identity authentication method based on a block chain, which comprises the following steps: receiving a data request sent by a client, and judging the data request; when the data request is judged to be an identity application request, acquiring encrypted identity data and decrypting the encrypted identity data to obtain identity data; carrying out identity application operation on the identity data by utilizing a pre-issued public block chain and a pre-issued private block chain, and sending an application result to the client; when the data request is judged to be an identity login authentication request, acquiring encrypted identity data to be authenticated and decrypting the encrypted identity data to obtain identity data to be authenticated; and performing identity authentication on the identity data to be authenticated by using the private block chain, and returning an authentication result to the client. The invention also provides an identity authentication device based on the block chain, electronic equipment and a computer readable storage medium. The invention can improve the safety of identity authentication.

Description

Identity authentication method and device based on block chain, electronic equipment and storage medium
Technical Field
The present invention relates to the field of block chain technologies, and in particular, to an identity authentication method and apparatus based on a block chain, an electronic device, and a computer-readable storage medium.
Background
With the popularization of networks and the promotion of 5G technologies, society has comprehensively entered the network era, and the internet has great advantages in the aspects of timeliness and cross-regional property. In the use of the internet, users often need to register identities and can use various network platforms after login of identity authentication, and a large number of network security events include the fact that identity information of the users is stolen.
The current general identity authentication method is to store the identity information in a database, and when the database is attacked, the identity information of the user is easily falsified by mistake, which may result in that the originally correct identity information of the user cannot be judged as a legal user, and in addition, when a transmission channel through which the client sends data to the server receives the attack, the identity information of the user may be illegally stolen.
Disclosure of Invention
The invention provides an identity authentication method and device based on a block chain, electronic equipment and a computer readable storage medium, and mainly aims to provide a safer identity authentication method.
In order to achieve the above object, an identity authentication method based on a block chain provided by the present invention includes:
receiving a data request sent by a client, and judging the data request;
when the data request is judged to be an identity application request, acquiring encrypted identity data in the identity application request, and decrypting the encrypted identity data by using a preset data decryption method to obtain identity data;
carrying out identity application operation on the identity data by using a public block chain and a private block chain which are issued in advance, and sending an application result to the client;
when the data request is judged to be an identity login authentication request, acquiring encrypted identity data to be authenticated in the identity login authentication request, and decrypting the encrypted identity data to be authenticated by using the data decryption method to obtain the identity data to be authenticated;
and performing identity authentication on the identity data to be authenticated by using the private block chain, and returning an authentication result to the client.
Optionally, the performing, by using a public block chain and a private block chain issued in advance, an identity application operation on the identity data includes:
sequentially judging the format of the data in the identity data;
when the format judgment result is valid, verifying the uniqueness of the first random number in the identity data by using the query method of the public block chain;
when the first random number has uniqueness, generating a block in the private block chain, obtaining a second random number according to the block, and storing a user name and a password in the identity data into the block;
storing the second random number into a block corresponding to the first random number in the public block chain;
and synchronizing the block data in the public block chain to the client.
Optionally, the synchronizing the tile data in the public tile chain to the client includes:
acquiring all block data in the public block chain;
generating data updating information according to the block data;
and sending the data updating information to a client.
Optionally, the decrypting the encrypted to-be-authenticated identity data by using the data decryption method to obtain to-be-authenticated identity data includes:
decrypting the encrypted identity data to be authenticated by using the data decryption method to obtain a first random number, a user name and a password;
inquiring whether a block corresponding to the first random number exists in the public block chain;
when the query result is present, acquiring data stored in the block to obtain a second random number;
and collecting the second random number, the user name and the password to obtain identity data to be authenticated.
Optionally, the performing identity authentication on the identity data to be authenticated by using the private block chain includes:
respectively judging the format of the second random number and the password in the identity data to be authenticated;
when the format judgment result is valid, searching a block corresponding to the second random number by using the query method of the private block chain, and acquiring content data in the block to obtain standard identity data, wherein the standard identity data comprises a user name and a password;
and judging whether the authentication is successful or failed according to the comparison result of the data in the identity data to be authenticated and the data in the standard identity data.
Optionally, the verifying the uniqueness of the first random number in the identity data by using the query method of the public blockchain includes:
checking whether a block corresponding to the first random number exists in the blocks of the public block chain by using a query method in the block chain;
if no corresponding block exists, determining that the first random number has uniqueness;
and if the corresponding block exists, judging that the first random number does not have uniqueness.
Optionally, before decrypting the encrypted identity data by using a preset data decryption method, the method further includes:
acquiring a data encryption method of a client;
and generating a corresponding data decryption method according to the data encryption method.
In order to solve the above problem, the present invention further provides an identity authentication apparatus based on a block chain, including:
the request receiving module is used for receiving a data request sent by a client and judging the data request;
the identity data acquisition module is used for acquiring encrypted identity data in the identity application request when the data request is judged to be the identity application request, and decrypting the encrypted identity data by using a preset data decryption method to obtain the identity data;
the identity application module is used for carrying out identity application operation on the identity data by utilizing a public block chain and a private block chain which are issued in advance and sending an application result to the client;
the identity data to be authenticated acquiring module is used for acquiring encrypted identity data to be authenticated in the identity login authentication request when the data request is judged to be the identity login authentication request, and decrypting the encrypted identity data to be authenticated by using the data decryption method to obtain the identity data to be authenticated;
and the identity authentication module is used for performing identity authentication on the identity data to be authenticated by using the private block chain and returning an authentication result to the client.
In order to solve the above problem, the present invention also provides an electronic device, including:
a memory storing at least one instruction; and
a processor executing instructions stored in the memory to implement any one of the above block chain based identity authentication methods.
In order to solve the above problem, the present invention further provides a computer-readable storage medium, which includes a storage data area and a storage program area, wherein the storage data area stores data, and the storage program area stores a computer program, and the computer program is executed by a processor to implement the identity authentication method based on a blockchain in any one of the above.
When an identity application request sent by a client is received, acquiring encrypted identity data in the identity application request, decrypting the encrypted identity data by using a preset data decryption method to obtain identity data, encrypting transmitted data and increasing the destructiveness prevention of data transmission; the public block chain and the private block chain which are issued in advance are used for carrying out identity application operation on the identity data, an application result is sent to the client, the block chain has tamper resistance, the identity data is stored by using the block chain, and the safety of user data is improved; receiving an identity login authentication request sent by a client, acquiring encrypted identity data to be authenticated in the identity login authentication request, decrypting the encrypted identity data to be authenticated by using the data decryption method to obtain the identity data to be authenticated, and preventing the identity information of a user from being leaked through encrypted data transmission; and the private block chain is utilized to carry out identity authentication on the identity data to be authenticated, an authentication result is returned to the client, and the block chain is used for verification, so that the leakage of identity information is reduced, and the security of identity authentication is improved. Therefore, the identity authentication method, the identity authentication device and the computer readable storage medium based on the block chain can achieve the purpose of improving the safety of the identity authentication process.
Drawings
Fig. 1 is a schematic flowchart of an identity authentication method based on a block chain according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of an identity application method according to an embodiment of the present invention;
fig. 3 is a block diagram of an identity authentication apparatus according to an embodiment of the present invention;
fig. 4 is a schematic diagram of an internal structure of an electronic device implementing a block chain-based identity authentication method according to an embodiment of the present invention;
the implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The execution subject of the identity authentication method based on the block chain provided by the embodiment of the present application includes, but is not limited to, at least one of electronic devices, such as a server and a terminal, which can be configured to execute the method provided by the embodiment of the present application. In other words, the identity authentication method based on the blockchain may be performed by software or hardware installed in the terminal device or the server device, and the software may be a blockchain platform. The server includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like.
Fig. 1 is a schematic flow chart of an identity authentication method based on a block chain according to an embodiment of the present invention. In this embodiment, the identity authentication method based on a block chain includes:
and S1, receiving the data request sent by the client, and judging the data request.
Preferably, the data request is a request sent by the client to the server for exchanging data with the server. The data request in the embodiment of the invention can be an identity application request or an identity login authentication request. The identity request is a request of a client for applying for identity sent by a server, and comprises encrypted identity data; the identity application request is a login request sent by a client to a server, and comprises encrypted identity data to be authenticated.
In detail, the embodiment of the present invention receives a data request from a client, and determines whether the data request is an identity application request or an identity login authentication request.
S2, when the data request is judged to be the identity application request, obtaining the encrypted identity data in the identity application request, and decrypting the encrypted identity data by using a preset data decryption method to obtain the identity data.
Preferably, the encrypted identification data includes the encrypted first random number, the user name and the password.
The embodiment of the invention decrypts the encrypted identity data by using a preset data decryption method to obtain the identity data, wherein the identity data comprises a first random number, a user name and a password.
Further, the first random number is a random number included in one block in the public block chain.
Further, the data decryption method is generated by: acquiring a data encryption method of a client; and generating a corresponding data decryption method according to the data encryption method.
The data encryption method and the corresponding data decryption method are a set of cryptographic algorithms, and currently published cryptographic algorithms such as MD5 algorithm, Hash algorithm, RSA algorithm, DES algorithm, and the like can be used.
And S3, carrying out identity application operation on the identity data by using the pre-issued public block chain and private block chain, and sending an application result to the client.
The Blockchain (Blockchain) is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. The block chain, which is essentially a decentralized database, is a string of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, which is used for verifying the validity (anti-counterfeiting) of the information and generating a next block. The blockchain may include a blockchain underlying platform, a platform product services layer, and an application services layer. The types of the block chains comprise a public block chain, a united block chain and a private block chain.
Further, the block chain comprises a plurality of blocks, each block can store a large amount of data content, and each block comprises a random number. Wherein the random number is a field of data within a block in the block chain, the calculation parameters for proving workload are recorded, and the random number of each block in the block chain is unique.
In the embodiment of the invention, the public block chain is a block chain which can be accessed and operated by both a server side and a client side and can obtain effective confirmation of the block chain; the private blockchain is a blockchain for which the server side exclusively shares the operation authority of the blockchain. The public block chain and the private block chain comprise a plurality of methods, and the block chains can be queried, added, modified, deleted and the like by using the methods.
In detail, referring to fig. 2, the performing an identity application operation on the identity data by using a pre-published public block chain and a pre-published private block chain includes:
s30, sequentially carrying out format judgment on the data in the identity data, and executing S31 and returning application failure information when the format judgment result is invalid;
if the format judgment result is valid, executing S32, verifying the uniqueness of the first random number in the identity data by using the query method of the public block chain, and if the first random number does not have the uniqueness, executing S31 and returning information of application failure;
when the first random number has uniqueness, executing S33, generating a block in the private block chain, obtaining a second random number according to the block, and storing the user name and the password in the identity data into the block;
s34, storing the second random number into a block corresponding to the first random number in the public block chain;
and S35, returning the information of successful application, and synchronizing the block data in the public block chain to the client.
The format judgment refers to comparing the format of the identity data with a preset format, and checking whether the format of the identity data is the same as the preset format, if the password only consists of numbers and letters, if punctuation marks are contained in the password, the password is in an invalid format.
In the embodiment of the present invention, a query method in a block chain is used to check whether a block corresponding to the first random number exists in the blocks of the public block chain, and if no corresponding block exists, it is determined that the first random number has uniqueness, and if a corresponding block exists, it is determined that the first random number does not have uniqueness, and the user exists.
Further, the synchronizing the tile data in the public tile chain to the client includes:
acquiring all block data in the public block chain;
generating data updating information according to the block data;
and sending the data updating information to a client.
The data updating information comprises data version information and updated block data.
Further, after the identity application operation is completed, the embodiment of the present invention sends the application result to the client, where the application result includes application success and application failure.
S4, when the data request is judged to be an identity login authentication request, acquiring encrypted identity data to be authenticated in the identity login authentication request, and decrypting the encrypted identity data to be authenticated by using the data decryption method to obtain the identity data to be authenticated;
preferably, the encrypted identity data to be authenticated comprises an encrypted first random number, a user name and a password.
In detail, the decrypting the encrypted to-be-authenticated identity data by using the data decryption method to obtain to-be-authenticated identity data includes:
decrypting the encrypted identity data to be authenticated by using the data decryption method to obtain a first random number, a user name and a password;
inquiring whether a block corresponding to the first random number exists in the public block chain;
when the query result is present, acquiring data stored in the block to obtain a second random number;
and collecting the second random number, the user name and the password to obtain identity data to be authenticated.
Further, the second random number is a random number included in one block in the private block chain.
S5, using the private block chain to carry out identity authentication on the identity data to be authenticated, and returning an authentication result to the client.
In detail, the performing identity authentication on the identity data to be authenticated by using the private block chain includes:
respectively carrying out format judgment on the second random number and the password in the identity data to be authenticated, and returning authentication failure when the format judgment result is invalid;
when the format judgment result is valid, searching a block corresponding to the second random number by using the query method of the private block chain, and acquiring content data in the block to obtain standard identity data, wherein the standard identity data comprises a user name and a password;
and judging whether the authentication is successful or failed according to the comparison result of the data in the identity data to be authenticated and the data in the standard identity data.
If the comparison result is that the two are consistent, the authentication is successful; and if the comparison result shows that the two are inconsistent, the authentication is failed.
Further, after the identity authentication operation is completed, the embodiment of the present invention sends an authentication result to the client, where the authentication result includes authentication success and authentication failure.
The embodiment of the invention receives the encrypted identity data in the identity application request when receiving the identity application request sent by the client, decrypts the encrypted identity data by using a preset data decryption method to obtain the identity data, encrypts the transmitted data and increases the destructiveness prevention of data transmission; the public block chain and the private block chain which are issued in advance are used for carrying out identity application operation on the identity data, an application result is sent to the client, the block chain has tamper resistance, the identity data is stored by using the block chain, and the safety of user data is improved; receiving an identity login authentication request sent by a client, acquiring encrypted identity data to be authenticated in the identity login authentication request, decrypting the encrypted identity data to be authenticated by using the data decryption method to obtain the identity data to be authenticated, and preventing the identity information of a user from being leaked through encrypted data transmission; and the private block chain is utilized to carry out identity authentication on the identity data to be authenticated, an authentication result is returned to the client, and the block chain is used for verification, so that the leakage of identity information is reduced, and the security of identity authentication is improved. Therefore, the identity authentication method, the identity authentication device and the computer readable storage medium based on the block chain can achieve the purpose of improving the safety of the identity authentication process.
Fig. 3 is a functional block diagram of the identity authentication apparatus based on the block chain according to the present invention.
The identity authentication device 100 based on the block chain according to the present invention may be installed in an electronic device. According to the implemented functions, the identity authentication device based on the blockchain may include a request receiving module 101, an identity data acquiring module 102, an identity applying module 103, an identity data acquiring module 104 to be authenticated, and an identity authentication module 105. A module according to the present invention, which may also be referred to as a unit, refers to a series of computer program segments that can be executed by a processor of an electronic device and that can perform a fixed function, and that are stored in a memory of the electronic device.
In the present embodiment, the functions regarding the respective modules/units are as follows:
the request receiving module 101 is configured to receive a data request sent by a client, and determine the data request;
the identity data obtaining module 102 is configured to, when it is determined that the data request is an identity application request, obtain encrypted identity data in the identity application request, and decrypt the encrypted identity data by using a preset data decryption method to obtain identity data;
the identity application module 103 is configured to perform an identity application operation on the identity data by using a public block chain and a private block chain which are issued in advance, and send an application result to the client;
the to-be-authenticated identity data obtaining module 104 is configured to, when it is determined that the data request is an identity login authentication request, obtain encrypted to-be-authenticated identity data in the identity login authentication request, and decrypt the encrypted to-be-authenticated identity data by using the data decryption method to obtain to-be-authenticated identity data;
the identity authentication module 105 is configured to perform identity authentication on the identity data to be authenticated by using the private block chain, and return an authentication result to the client.
In detail, the specific implementation steps of each module of the identity authentication device based on the block chain are as follows:
the request receiving module 101 receives a data request sent by a client, and determines the data request.
Preferably, the data request is a request sent by the client to the server for exchanging data with the server. The data request in the embodiment of the invention can be an identity application request or an identity login authentication request. The identity request is a request of a client for applying for identity sent by a server, and comprises encrypted identity data; the identity application request is a login request sent by a client to a server, and comprises encrypted identity data to be authenticated.
In detail, the embodiment of the present invention receives a data request from a client, and determines whether the data request is an identity application request or an identity login authentication request.
When the data request is determined to be an identity application request, the identity data obtaining module 102 obtains encrypted identity data in the identity application request, and decrypts the encrypted identity data by using a preset data decryption method to obtain the identity data.
Preferably, the encrypted identification data includes the encrypted first random number, the user name and the password.
The embodiment of the invention decrypts the encrypted identity data by using a preset data decryption method to obtain the identity data, wherein the identity data comprises a first random number, a user name and a password.
Further, the first random number is a random number included in one block in the public block chain.
Further, the data decryption method is generated by: acquiring a data encryption method of a client; and generating a corresponding data decryption method according to the data encryption method.
The data encryption method and the corresponding data decryption method are a set of cryptographic algorithms, and currently published cryptographic algorithms such as MD5 algorithm, Hash algorithm, RSA algorithm, DES algorithm, and the like can be used.
The identity application module 103 performs identity application operation on the identity data by using a public block chain and a private block chain which are issued in advance, and sends an application result to the client.
The Blockchain (Blockchain) is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. The block chain, which is essentially a decentralized database, is a string of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, which is used for verifying the validity (anti-counterfeiting) of the information and generating a next block. The blockchain may include a blockchain underlying platform, a platform product services layer, and an application services layer. The types of the block chains comprise a public block chain, a united block chain and a private block chain.
Further, the block chain comprises a plurality of blocks, each block can store a large amount of data content, and each block comprises a random number. Wherein the random number is a field of data within a block in the block chain, the calculation parameters for proving workload are recorded, and the random number of each block in the block chain is unique.
In the embodiment of the invention, the public block chain is a block chain which can be accessed and operated by both a server side and a client side and can obtain effective confirmation of the block chain; the private blockchain is a blockchain for which the server side exclusively shares the operation authority of the blockchain. The public block chain and the private block chain comprise a plurality of methods, and the block chains can be queried, added, modified, deleted and the like by using the methods.
In detail, when the identity data is subjected to the identity application operation by using the pre-issued public block chain and the pre-issued private block chain, the identity application module 103 performs the following operations:
sequentially carrying out format judgment on the data in the identity data, and returning information of application failure when the format judgment result is invalid;
when the format judgment result is valid, verifying the uniqueness of the first random number in the identity data by using the query method of the public block chain, and returning information of application failure when the first random number does not have the uniqueness;
when the first random number has uniqueness, generating a block in the private block chain, obtaining a second random number according to the block, and storing a user name and a password in the identity data into the block;
storing the second random number into a block corresponding to the first random number in the public block chain;
and returning the information of successful application, and synchronizing the block data in the public block chain to the client.
The format judgment refers to comparing the format of the identity data with a preset format, and checking whether the format of the identity data is the same as the preset format, if the password only consists of numbers and letters, if punctuation marks are contained in the password, the password is in an invalid format.
In the embodiment of the present invention, a query method in a block chain is used to check whether a block corresponding to the first random number exists in the blocks of the public block chain, and if no corresponding block exists, it is determined that the first random number has uniqueness, and if a corresponding block exists, it is determined that the first random number does not have uniqueness, and the user exists.
Further, the synchronizing the tile data in the public tile chain to the client includes:
acquiring all block data in the public block chain;
generating data updating information according to the block data;
and sending the data updating information to a client.
The data updating information comprises data version information and updated block data.
Further, after the identity application operation is completed, the embodiment of the present invention sends the application result to the client, where the application result includes application success and application failure.
When the data request is judged to be an identity login authentication request, the to-be-authenticated identity data acquisition module 104 acquires encrypted to-be-authenticated identity data in the identity login authentication request, and decrypts the encrypted to-be-authenticated identity data by using the data decryption method to obtain to-be-authenticated identity data;
preferably, the encrypted identity data to be authenticated comprises an encrypted first random number, a user name and a password.
In detail, when the encrypted to-be-authenticated identity data is decrypted by using the data decryption method to obtain to-be-authenticated identity data, the to-be-authenticated identity data obtaining module 104 executes the following operations:
decrypting the encrypted identity data to be authenticated by using the data decryption method to obtain a first random number, a user name and a password;
inquiring whether a block corresponding to the first random number exists in the public block chain;
when the query result is present, acquiring data stored in the block to obtain a second random number;
and collecting the second random number, the user name and the password to obtain identity data to be authenticated.
Further, the second random number is a random number included in one block in the private block chain.
The identity authentication module 105 performs identity authentication on the identity data to be authenticated by using the private block chain, and returns an authentication result to the client.
In detail, when the private block chain is used to perform identity authentication on the identity data to be authenticated, the identity authentication module 105 performs the following operations:
respectively carrying out format judgment on the second random number and the password in the identity data to be authenticated, and returning authentication failure when the format judgment result is invalid;
when the format judgment result is valid, searching a block corresponding to the second random number by using the query method of the private block chain, and acquiring content data in the block to obtain standard identity data, wherein the standard identity data comprises a user name and a password;
and judging whether the authentication is successful or failed according to the comparison result of the data in the identity data to be authenticated and the data in the standard identity data.
If the comparison result is that the two are consistent, the authentication is successful; and if the comparison result shows that the two are inconsistent, the authentication is failed.
Further, after the identity authentication operation is completed, the embodiment of the present invention sends an authentication result to the client, where the authentication result includes authentication success and authentication failure.
Fig. 4 is a schematic structural diagram of an electronic device implementing the identity authentication method based on the blockchain according to the present invention.
The electronic device 1 may comprise a processor 10, a memory 11 and a bus, and may further comprise a computer program, such as a blockchain based identity authentication program 12, stored in the memory 11 and executable on the processor 10.
The memory 11 includes at least one type of readable storage medium, which includes flash memory, removable hard disk, multimedia card, card-type memory (e.g., SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device 1, e.g. a removable hard disk of the electronic device 1. The memory 11 may also be an external storage device of the electronic device 1 in other embodiments, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the electronic device 1. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device 1. The memory 11 may be used not only to store application software installed in the electronic device 1 and various types of data, such as code of the block chain based authentication program 12, but also to temporarily store data that has been output or is to be output.
The processor 10 may be composed of an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same or different functions, including one or more Central Processing Units (CPUs), microprocessors, digital Processing chips, graphics processors, and combinations of various control chips. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects various components of the electronic device by using various interfaces and lines, and executes various functions and processes data of the electronic device 1 by running or executing programs or modules (for example, executing an identity authentication program based on a block chain, etc.) stored in the memory 11 and calling data stored in the memory 11.
The bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. The bus is arranged to enable connection communication between the memory 11 and at least one processor 10 or the like.
Fig. 4 only shows an electronic device with components, and it will be understood by those skilled in the art that the structure shown in fig. 4 does not constitute a limitation of the electronic device 1, and may comprise fewer or more components than those shown, or some components may be combined, or a different arrangement of components.
For example, although not shown, the electronic device 1 may further include a power supply (such as a battery) for supplying power to each component, and preferably, the power supply may be logically connected to the at least one processor 10 through a power management device, so as to implement functions of charge management, discharge management, power consumption management, and the like through the power management device. The power supply may also include any component of one or more dc or ac power sources, recharging devices, power failure detection circuitry, power converters or inverters, power status indicators, and the like. The electronic device 1 may further include various sensors, a bluetooth module, a Wi-Fi module, and the like, which are not described herein again.
Further, the electronic device 1 may further include a network interface, and optionally, the network interface may include a wired interface and/or a wireless interface (such as a WI-FI interface, a bluetooth interface, etc.), which are generally used for establishing a communication connection between the electronic device 1 and other electronic devices.
Optionally, the electronic device 1 may further comprise a user interface, which may be a Display (Display), an input unit (such as a Keyboard), and optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the electronic device 1 and for displaying a visualized user interface, among other things.
It is to be understood that the described embodiments are for purposes of illustration only and that the scope of the appended claims is not limited to such structures.
The block chain based identity authentication program 12 stored in the memory 11 of the electronic device 1 is a combination of instructions that, when executed in the processor 10, may implement:
based on a routing protocol of a data processing pipeline, carrying out data acquisition on the push logs through different cluster heads of a wireless sensing network to obtain an original push data set;
acquiring a target data set with a state identifier as a preset identifier from the original push data set;
acquiring cluster data corresponding to different original pushed data in the original pushed data set;
calculating group trust values of the different target data according to the cluster data;
acquiring original push data with a group trust value lower than a trust threshold value in the cluster data and collecting the original push data with the target data set to obtain an initial push data set;
performing feature extraction on the initial push data set to obtain a feature set, and performing deduplication processing on the initial push data set according to the feature set to obtain a data set to be pushed;
configuring a transmission file of the non-duplicated data set, transmitting the non-duplicated data set to an identity authentication engine based on a block chain according to the transmission file, and pushing data contained in the non-duplicated data set by using the identity authentication engine based on the block chain.
Further, the integrated modules/units of the electronic device 1, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. The computer-readable medium may include: any entity or device capable of carrying said computer program code, recording medium, U-disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM).
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method can be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any accompanying claims should not be construed as limiting the claim concerned.
Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the system claims may also be implemented by one unit or means in software or hardware. The terms second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.

Claims (9)

1. An identity authentication method based on a block chain, the method comprising:
receiving a data request sent by a client, and judging the data request;
when the data request is judged to be an identity application request, acquiring encrypted identity data in the identity application request, and decrypting the encrypted identity data by using a preset data decryption method to obtain identity data;
the method for carrying out identity application operation on the identity data by utilizing the pre-published public block chain and the pre-published private block chain and sending an application result to the client comprises the following steps: sequentially judging the format of the data in the identity data; when the format judgment result is valid, verifying the uniqueness of the first random number in the identity data by using the query method of the public block chain; when the first random number has uniqueness, generating a block in the private block chain, obtaining a second random number according to the block, and storing a user name and a password in the identity data into the block; storing the second random number into a block corresponding to the first random number in the public block chain; synchronizing the block data in the public block chain to a client;
when the data request is judged to be an identity login authentication request, acquiring encrypted identity data to be authenticated in the identity login authentication request, and decrypting the encrypted identity data to be authenticated by using the data decryption method to obtain the identity data to be authenticated;
and performing identity authentication on the identity data to be authenticated by using the private block chain, and returning an authentication result to the client.
2. The blockchain-based identity authentication method of claim 1, wherein the synchronizing the blockchain block data in the public blockchain to the client comprises:
acquiring all block data in the public block chain;
generating data updating information according to the block data;
and sending the data updating information to a client.
3. The identity authentication method based on the blockchain according to claim 1, wherein the decrypting the encrypted to-be-authenticated identity data by using the data decryption method to obtain to-be-authenticated identity data includes:
decrypting the encrypted identity data to be authenticated by using the data decryption method to obtain a first random number, a user name and a password;
inquiring whether a block corresponding to the first random number exists in the public block chain;
when the query result is present, acquiring data stored in the block to obtain a second random number;
and collecting the second random number, the user name and the password to obtain identity data to be authenticated.
4. The identity authentication method based on the block chain as claimed in claim 3, wherein the identity authentication of the identity data to be authenticated by using the private block chain comprises:
respectively judging the format of the second random number and the password in the identity data to be authenticated;
when the format judgment result is valid, searching a block corresponding to the second random number by using the query method of the private block chain, and acquiring content data in the block to obtain standard identity data, wherein the standard identity data comprises a user name and a password;
and judging whether the authentication is successful or failed according to the comparison result of the data in the identity data to be authenticated and the data in the standard identity data.
5. The blockchain-based identity authentication method of claim 1, wherein the verifying the uniqueness of the first random number in the identity data by using the public blockchain query method comprises:
checking whether a block corresponding to the first random number exists in the blocks of the public block chain by using a query method in the block chain;
if no corresponding block exists, determining that the first random number has uniqueness;
and if the corresponding block exists, judging that the first random number does not have uniqueness.
6. The blockchain-based identity authentication method of claim 1, wherein before decrypting the encrypted identity data using a preset data decryption method, the method further comprises:
acquiring a data encryption method of a client;
and generating a corresponding data decryption method according to the data encryption method.
7. An identity authentication apparatus based on a blockchain, the apparatus comprising:
the request receiving module is used for receiving a data request sent by a client and judging the data request;
the identity data acquisition module is used for acquiring encrypted identity data in the identity application request when the data request is judged to be the identity application request, and decrypting the encrypted identity data by using a preset data decryption method to obtain identity data;
the identity application module is used for carrying out identity application operation on the identity data by utilizing a public block chain and a private block chain which are issued in advance, and sending an application result to the client, and comprises: sequentially judging the format of the data in the identity data; when the format judgment result is valid, verifying the uniqueness of the first random number in the identity data by using the query method of the public block chain; when the first random number has uniqueness, generating a block in the private block chain, obtaining a second random number according to the block, and storing a user name and a password in the identity data into the block; storing the second random number into a block corresponding to the first random number in the public block chain; synchronizing the block data in the public block chain to a client;
the identity data to be authenticated acquiring module is used for acquiring encrypted identity data to be authenticated in the identity login authentication request when the data request is judged to be the identity login authentication request, and decrypting the encrypted identity data to be authenticated by using the data decryption method to obtain the identity data to be authenticated;
and the identity authentication module is used for performing identity authentication on the identity data to be authenticated by using the private block chain and returning an authentication result to the client.
8. An electronic device, characterized in that the electronic device comprises:
a memory storing at least one instruction; and
a processor executing instructions stored in the memory to perform the blockchain-based identity authentication method of any of claims 1 to 6.
9. A computer-readable storage medium comprising a data storage area and a program storage area, the data storage area storing data, the program storage area storing a computer program, wherein the computer program, when executed by a processor, implements the blockchain-based identity authentication method according to any one of claims 1 to 6.
CN202010684708.9A 2020-07-16 2020-07-16 Identity authentication method and device based on block chain, electronic equipment and storage medium Active CN111934882B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010684708.9A CN111934882B (en) 2020-07-16 2020-07-16 Identity authentication method and device based on block chain, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010684708.9A CN111934882B (en) 2020-07-16 2020-07-16 Identity authentication method and device based on block chain, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN111934882A CN111934882A (en) 2020-11-13
CN111934882B true CN111934882B (en) 2022-05-20

Family

ID=73312874

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010684708.9A Active CN111934882B (en) 2020-07-16 2020-07-16 Identity authentication method and device based on block chain, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111934882B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113591070A (en) * 2021-08-10 2021-11-02 湖北天天数链技术有限公司 Digital identity management method, platform, device, electronic equipment and storage medium
CN114978529A (en) * 2022-05-10 2022-08-30 平安国际智慧城市科技股份有限公司 Block chain-based identity verification method and related equipment

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109685531A (en) * 2018-12-28 2019-04-26 浙江省公众信息产业有限公司 Product quality certification method and system based on block chain technology

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10708070B2 (en) * 2017-05-24 2020-07-07 Nxm Labs Canada Inc. System and method for utilizing connected devices to enable secure and anonymous electronic interaction in a decentralized manner
CN109088866B (en) * 2018-08-02 2021-02-19 北京百悟科技有限公司 Multi-cloud platform unified identity authentication method and device based on alliance chain
CN109862041B (en) * 2019-03-27 2021-06-15 深圳市网心科技有限公司 Digital identity authentication method, equipment, device, system and storage medium

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109685531A (en) * 2018-12-28 2019-04-26 浙江省公众信息产业有限公司 Product quality certification method and system based on block chain technology

Also Published As

Publication number Publication date
CN111934882A (en) 2020-11-13

Similar Documents

Publication Publication Date Title
CN108900464B (en) Electronic device, block chain-based data processing method, and computer storage medium
CN109862041B (en) Digital identity authentication method, equipment, device, system and storage medium
US9148415B2 (en) Method and system for accessing e-book data
CN101473335B (en) Information processing terminal, safety equipment, method used in the information processing terminal
CN108449315B (en) Request validity verifying device, method and computer readable storage medium
CN112671720B (en) Token construction method, device and equipment for cloud platform resource access control
SE535797C2 (en) Optimized privacy verification procedures
CN116980230B (en) Information security protection method and device
CN108777675B (en) Electronic device, block chain-based identity authentication method, and computer storage medium
CN112104627B (en) Block chain-based data transmission method and device, electronic equipment and storage medium
CN111695097A (en) Login checking method and device and computer readable storage medium
CN113055380B (en) Message processing method and device, electronic equipment and medium
CN114389889B (en) File full life cycle management method and device based on block chain technology
CN111666564B (en) Application program safe starting method and device, computer equipment and storage medium
CN112560067A (en) Access method, device and equipment based on token authority verification and storage medium
CN103326856B (en) Cloud based on two-way digital signature stores data responsibility confirmation structure and method
CN111934882B (en) Identity authentication method and device based on block chain, electronic equipment and storage medium
CN113420049B (en) Data circulation method, device, electronic equipment and storage medium
CN115270193B (en) Data file secure sharing method and device based on block chain and collaborative synchronization
CN113704781A (en) File secure transmission method and device, electronic equipment and computer storage medium
CN114884697A (en) Data encryption and decryption method based on state cryptographic algorithm and related equipment
CN113127915A (en) Data encryption desensitization method and device, electronic equipment and storage medium
CN113822675A (en) Block chain based message processing method, device, equipment and storage medium
CN115694949A (en) Private data sharing method and system based on block chain
CN112311779A (en) Data access control method and device applied to block chain system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant