CN111949953B - Identity authentication method, system and device based on block chain and computer equipment - Google Patents

Identity authentication method, system and device based on block chain and computer equipment Download PDF

Info

Publication number
CN111949953B
CN111949953B CN202010577112.9A CN202010577112A CN111949953B CN 111949953 B CN111949953 B CN 111949953B CN 202010577112 A CN202010577112 A CN 202010577112A CN 111949953 B CN111949953 B CN 111949953B
Authority
CN
China
Prior art keywords
data
user terminal
authentication
key data
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010577112.9A
Other languages
Chinese (zh)
Other versions
CN111949953A (en
Inventor
吴良顺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhuo Erzhi Lian Wuhan Research Institute Co Ltd
Original Assignee
Zhuo Erzhi Lian Wuhan Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhuo Erzhi Lian Wuhan Research Institute Co Ltd filed Critical Zhuo Erzhi Lian Wuhan Research Institute Co Ltd
Priority to CN202010577112.9A priority Critical patent/CN111949953B/en
Publication of CN111949953A publication Critical patent/CN111949953A/en
Application granted granted Critical
Publication of CN111949953B publication Critical patent/CN111949953B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/107License processing; Key processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/107License processing; Key processing
    • G06F21/1078Logging; Metering
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2151Time stamp

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The application relates to an identity authentication method, system, device, computer equipment and storage medium based on a block chain. The method comprises the following steps: the method comprises the steps of receiving a login request sent by a user terminal, wherein the login request carries private key signature data, responding to the login request, obtaining public key data, obtaining equipment identification data of the user terminal when verification of the private key signature data is completed according to the public key data, generating secret key data according to the equipment identification data, sending the secret key data to the user terminal, receiving authentication data submitted by the user terminal aiming at the secret key data, and judging that identity authentication is passed when the authentication data submitted by the user terminal passes the verification. According to the scheme, the centralization is carried out in a block chain mode, and authentication failure caused by down of a central node is avoided; by introducing a double authentication mechanism of equipment authentication and key data based on equipment identification data and private key authentication, behaviors such as repudiation signature and the like can be avoided, the identity authentication accuracy is improved, and the data security is guaranteed.

Description

Identity authentication method, system and device based on block chain and computer equipment
Technical Field
The present application relates to the field of blockchain data technologies, and in particular, to a method, a system, an apparatus, a computer device, and a storage medium for identity authentication based on a blockchain.
Background
With the popularization of mobile internet, more and more users can not leave the internet in daily activities. The basis of activities on the internet is digital identity, which is an identity of a user in network virtual life and can correspond to an identity card in actual life. In the block chain, the authentication of the user identity is important to ensure the authenticity and reliability of the user identity, only a series of transactions, activities and the like which are subsequently generated by the user are effective to ensure the user identity, and the integrity and the privacy of data can be ensured.
However, in the existing identity authentication schemes, for example, centralized identity authentication depends on the stability of a single system, once data leakage occurs in a down state or a centralized mechanism, an information security event is easily caused, and the existing authentication generally adopts a short message verification code or an event-based authentication (handwriting or face recognition) mode.
In the authentication mode, the short message verification code is easy to intercept or forge, and the accuracy based on event authentication cannot be effectively guaranteed, so that the authentication accuracy cannot be fully guaranteed in the conventional identity authentication scheme, and the user information safety and even the economic safety are easily threatened.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a block chain-based identity authentication method, system, apparatus, computer device, and storage medium, which can improve authentication accuracy and ensure user identity.
An identity authentication method based on a block chain comprises the following steps:
receiving a login request sent by a user terminal, wherein the login request carries private key signature data;
responding to the login request, and acquiring public key data;
when the verification of the private key signature data is completed according to the public key data, acquiring equipment identification data of the user terminal and generating secret key data according to the equipment identification data;
sending the key data to the user terminal;
receiving authentication data submitted by a user terminal aiming at the key data;
when the authentication data submitted by the user terminal passes the verification, the identity authentication is judged to pass;
the verification of the authentication data submitted by the user terminal comprises the following steps: and obtaining a current timestamp, carrying out Hash operation according to the current timestamp and the key data to obtain authentication data, and judging that the identity authentication of the user terminal passes the verification if the authentication data is consistent with the authentication data submitted by the user terminal.
In one embodiment, before receiving the login request sent by the user terminal, the method further includes:
and receiving public key data, equipment identification data and user-defined key data which are broadcast by the authority node and correspond to the user terminal, wherein the public key data are generated after the authority node completes real-name authentication of the user.
In one embodiment, the private key signature data is derived based on custom key data;
verifying the private key signature data according to the public key data comprises:
decrypting the private key signature data by using the public key data to obtain decrypted data;
and if the decrypted data is consistent with the user-defined key data, judging that the private key signature data passes verification.
An identity authentication system based on a blockchain, the system comprising: the system comprises an authoritative node, a user terminal and a plurality of block chain nodes;
the user terminal sends a registration request to the authority node, the authority node responds to the registration request, sends a real-name authentication message to the user terminal, receives identity authentication data submitted by the user terminal, and generates public key data and private key data when the real-name authentication of the identity authentication data is completed; sending the private key data to a user terminal, and broadcasting the public key data, the equipment identification data in the identity authentication data and the user-defined key data to each block chain node;
the method comprises the steps that a user terminal receives private key data, writes the private key data into a preset eSIM card, reads the private key data stored in the preset eSIM card when a login instruction which is initiated by a user and carries user-defined key data is received, generates private key signature data according to the private key data and the user-defined key data, generates a login request according to the private key signature data, and sends the login request carrying the private key signature data to any block chain node;
the block chain node receives the private key signature data and acquires public key data; when the verification of the private key signature data is completed according to the public key data, acquiring equipment identification data of the user terminal and generating secret key data according to the equipment identification data; sending the key data to the user terminal; receiving authentication data submitted by a user terminal aiming at the key data; and when the authentication data submitted by the user terminal passes the verification, judging that the identity authentication passes.
In one embodiment, the block chain node is further configured to decrypt the private key signature data by using the public key data to obtain decrypted data, and if the decrypted data is consistent with the custom key data, it is determined that the private key signature data passes verification; and acquiring a current timestamp, performing hash operation according to the current timestamp and the key data to obtain authentication data, and judging that the authentication data submitted by the user terminal passes verification if the authentication data is consistent with the authentication data submitted by the user terminal.
In one embodiment, the authority node is further configured to encrypt the user-defined key data according to the private key data, and send the encrypted user-defined key data to each blockchain node.
An identity authentication device based on a blockchain, the device comprising:
the login request receiving module is used for receiving a login request sent by a user terminal, and the login request carries private key signature data;
the public key data acquisition module is used for responding to the login request and acquiring public key data;
the first identity authentication module is used for acquiring equipment identification data of the user terminal and generating secret key data according to the equipment identification data when the verification of the private key signature data is completed according to the public key data;
the key data acquisition module is used for sending the key data to the user terminal;
the authentication data acquisition module is used for receiving authentication data submitted by the user terminal aiming at the key data;
the second identity authentication module is used for judging that the identity authentication is passed when the authentication data submitted by the user terminal passes the authentication, wherein the authentication of the authentication data submitted by the user terminal comprises the following steps: and obtaining a current timestamp, carrying out Hash operation according to the current timestamp and the key data to obtain authentication data, and judging that the identity authentication of the user terminal passes the verification if the authentication data is consistent with the authentication data submitted by the user terminal.
A computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
receiving a login request sent by a user terminal, wherein the login request carries private key signature data;
responding to the login request, and acquiring public key data;
when the verification of the private key signature data is completed according to the public key data, acquiring equipment identification data of the user terminal and generating secret key data according to the equipment identification data;
sending the key data to the user terminal;
receiving authentication data submitted by a user terminal aiming at the key data;
when the authentication data submitted by the user terminal passes the verification, the identity authentication is judged to pass;
the verification of the authentication data submitted by the user terminal comprises the following steps: and obtaining a current timestamp, carrying out Hash operation according to the current timestamp and the key data to obtain authentication data, and judging that the identity authentication of the user terminal passes the verification if the authentication data is consistent with the authentication data submitted by the user terminal.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of:
receiving a login request sent by a user terminal, wherein the login request carries private key signature data;
responding to the login request, and acquiring public key data;
when the verification of the private key signature data is completed according to the public key data, acquiring equipment identification data of the user terminal and generating secret key data according to the equipment identification data;
sending the key data to the user terminal;
receiving authentication data submitted by a user terminal aiming at the key data;
when the authentication data submitted by the user terminal passes the verification, the identity authentication is judged to pass;
the verification of the authentication data submitted by the user terminal comprises the following steps: and obtaining a current timestamp, carrying out Hash operation according to the current timestamp and the key data to obtain authentication data, and judging that the identity authentication of the user terminal passes the verification if the authentication data is consistent with the authentication data submitted by the user terminal.
According to the identity authentication method, the identity authentication device, the computer equipment and the storage medium based on the block chain, firstly, a centralization effect is achieved by adding the block chain, and authentication failure caused by down of a central node is avoided; secondly, by introducing dual equipment authentication of equipment identification data authentication and private key authentication, behaviors such as repudiation signatures can be avoided, the phenomenon that a verification code is intercepted or forged by adopting short message verification code authentication is avoided, and the risk that private key signatures are forged due to loss or replacement of an eSIM card is avoided; besides the introduction of dual equipment authentication, the identity authentication based on the timestamp and the key data is added, so that the rigor of the identity authentication is enhanced, the accuracy of the identity authentication is improved, and the data security is guaranteed.
Drawings
FIG. 1 is a diagram of an embodiment of an application environment of a blockchain-based identity authentication method;
FIG. 2 is a flowchart illustrating a method for identity authentication based on blockchains in an embodiment;
FIG. 3 is a flowchart illustrating a method for identity authentication based on blockchains in another embodiment;
FIG. 4 is a system architecture diagram of a blockchain-based identity authentication system in one embodiment;
FIG. 5 is a block diagram of an embodiment of an apparatus for identity authentication based on blockchains;
FIG. 6 is a block diagram of an identity authentication device based on a blockchain in another embodiment;
FIG. 7 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The identity authentication method based on the block chain can be applied to the application environment shown in fig. 1. Wherein the user terminal 102 communicates with the block chain node 104 via the network. When a user initiates a login request of an application program through a user terminal 102, a service provider of the application program forwards the login request to any block chain node through the user terminal 102, the block chain node 104 receives the login request sent by the user terminal, and the login request carries private key signature data; and responding to the login request, acquiring public key data, acquiring equipment identification data of the user terminal when the verification of the private key signature data is completed according to the public key data, generating key data according to the equipment identification data, sending the key data to the user terminal, receiving authentication data submitted by the user terminal aiming at the key data, and judging that the identity authentication is passed when the authentication data submitted by the user terminal passes the verification. The user terminal 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices, and the block link point 104 may also be, but not limited to, a personal computer, a notebook computer, and the like, and may also be implemented by an independent server or a server cluster formed by a plurality of servers.
In one embodiment, as shown in fig. 2, an identity authentication method based on a blockchain is provided, which is described by taking the application of the method to a blockchain node in fig. 1 as an example, and includes the following steps:
step 202, receiving a login request sent by a user terminal, wherein the login request carries private key signature data.
In practical application, the login request may be received by clicking a "login" button when a client wants to log in a certain application program in a user terminal, inputting a custom key, and the application program in the user terminal automatically reads private key data stored in an eSIM card, then performs digital signature according to the private key data to obtain private key signature data SK (K), and generates a login request carrying a private key signature, where SK is a private key and K is a custom key. Then, the service provider of the application program forwards the login request carrying the private key signature data SK (K) to any node in the block chain through the user terminal. The block chain link point receiving the login request is responsible for the identity authentication of the login. In this embodiment, the blockchain may be a federation chain, and the blockchain node may be a federation chain node.
In one embodiment, as shown in fig. 3, before the step 202 receives the login request sent by the user terminal, the method further includes:
step 200, receiving public key data, device identification data and user-defined key data corresponding to the user terminal and broadcasted by the authority node, wherein the public key data is generated after the authority node completes real-name authentication of the user.
In specific implementation, the user registration needs to be completed before the user logs in. Specifically, the block chain still takes the federation chain as an example, and the user registration may be that when a user initiates a registration request through a user terminal, an authority node in the federation chain receives the registration request, performs real-name authentication on the user, and generates a public-private key pair including private key data and public key data. Then, the authority node sends the private key data to the user terminal, the public key data is broadcasted to all the block link points for synchronization (distributed storage in a alliance chain), the user terminal receives the private key data, and the private key data is automatically written into the local through preset software, namely, the private key data is written into an eSIM card. The authoritative node then broadcasts the device identification data (which may be a device serial number) of the user terminal initiating the user registration to the blockchain node. The user inputs the custom key data (i.e. the key data customized by the user, which may be simple and easy-to-remember key data, i.e. a simple key), and the authoritative node broadcasts the custom key data to the blockchain nodes. And the alliance node receives the public key data, the equipment identification data and the user-defined key data which are broadcasted by the authority node and correspond to the user terminal. In this embodiment, the device identification data may include, but is not limited to, an IMEI (International Mobile Equipment Identity), i.e., a device serial number, a MAC Address (Media Access Control or physical Address), an IP Address (Internet Protocol Address), and the like.
And step 204, responding to the login request and acquiring public key data.
After receiving the login request, the first re-equipment authentication and the user-defined key authentication are required. Specifically, public key data corresponding to the private key data SK may be acquired for verification.
And step 206, when the verification of the private key signature data is completed according to the public key data, acquiring the equipment identification data of the user terminal and generating the secret key data according to the equipment identification data.
After the public key data is obtained, the public key data can be used for verifying the private key signature data, specifically, the public key data is used for decrypting the private key signature data to obtain decrypted data, whether the decrypted data is a user-defined key K is verified, namely, whether PK (SK (K)) is equal to K is verified, and if the obtained decrypted data is the user-defined key K, the verification is considered to be passed, namely, the first reset authentication and the user-defined key authentication are passed. After the first re-equipment authentication and the user-defined key authentication pass, acquiring the equipment identification data (equipment serial number) of the user terminal, and further generating the key data according to the equipment identification data, wherein it is noted that the key data is bound with the equipment serial number, and if the user changes the user terminal, the key data needs to be generated again.
Step 208, the key data is sent to the user terminal.
After the key data is generated, the key data is transmitted to the user terminal. In specific implementation, the two-dimensional code can be generated according to the key data, the two-dimensional code is sent to the user terminal, the user terminal obtains the key data by scanning the two-dimensional code image, and the key data is stored in the terminal. It is understood that, in other embodiments, the manner of sending the key data is not limited to the manner of two-dimensional code, and other manners such as generating barcode may also be used, which may be determined according to actual situations, and is not limited herein.
Step 210, receiving authentication data submitted by the user terminal for the key data.
In this embodiment, the authentication data is password data. After the user obtains the key data, the user terminal performs hash operation through the key data and the current timestamp to obtain password data, and then sends the password data to the blockchain node. Specifically, the validity period of the password data may be set to 30 seconds, the user terminal needs to send the password data to the blockchain node within the validity period, and the life cycle of the timestamp may also be set to 30 seconds. It is to be understood that the authentication data may also be face image data, voice data, identification number data, and the like of the user. The validity period of the password data and the life cycle of the timestamp may also be 10 seconds, 15 seconds, 20 seconds, etc., which may be determined according to actual situations and is not limited herein.
And step 212, when the authentication data submitted by the user terminal passes the verification, judging that the identity authentication passes.
And after receiving the password data submitted by the user terminal, performing second equipment authentication on the user terminal according to the password data. Specifically, the verification process may be to obtain a current timestamp, perform hash operation according to the current timestamp and key data to obtain authentication data (password), and determine that the identity authentication of the user terminal passes the verification if the authentication data is consistent with authentication data (password data) submitted by the user terminal. Furthermore, after the block chain link points finish identity authentication, the authentication results can be identified together in the block chain for storing the certificate so as to ensure the data consistency of the participants in the block chain and maintain the block chain network together.
In the identity authentication method based on the block chain, firstly, a decentralized effect is achieved by adding the block chain, and authentication failure caused by down of a central node is avoided; secondly, by introducing dual equipment authentication of equipment identification data authentication and private key authentication, behaviors such as repudiation signatures can be avoided, the phenomenon that a verification code is intercepted or forged by adopting short message verification code authentication is avoided, and the risk that private key signatures are forged due to loss or replacement of an eSIM card is avoided; besides the introduction of dual equipment authentication, the identity authentication based on the timestamp and the key data is added, so that the rigor of the identity authentication is enhanced, the accuracy of the identity authentication is improved, and the data security is guaranteed.
In one embodiment, as shown in fig. 4, there is provided a blockchain-based identity authentication system, including: an authoritative node 402, a user terminal 404, and a plurality of blockchain nodes 406;
in this embodiment, the block chain takes a federation chain as an example, the authority node 402 may be a federation chain authority node, and the block link node 406 may be a federation chain node. Specifically, the user terminal 404 sends a registration request to the authoritative node 402 in the alliance chain, the authoritative node 402 responds to the registration request, sends a real-name authentication message to the user terminal 404, receives identity authentication data submitted by the user terminal 404, and generates public key data and private key data when the real-name authentication of the identity authentication data is completed; sending the private key data to the user terminal 404, and broadcasting the public key data, the device identification data in the identity authentication data, and the user-defined key data to each block link point 406;
the user terminal 404 receives the private key data, writes the private key data into the preset eSIM card, and when receiving a login instruction which is initiated by a user and carries custom key data, reads the private key data stored in the preset eSIM card, generates private key signature data according to the private key data and the custom key data, generates a login request according to the private key signature data, and sends the login request to the block chain node 406;
the block chain node 406 receives the private key signature data and acquires public key data; when the verification of the private key signature data is completed according to the public key data, acquiring device identification data of the user terminal 404 and generating secret key data according to the device identification data; sending the key data to the user terminal 404; receiving authentication data submitted by the user terminal 404 for the key data; when the authentication data submitted by the user terminal 404 passes the verification, the identity authentication is determined to pass.
In practical application, the user-defined key data is input by a user in a user registration stage. The authentication data submitted by the user may include a user name, an identification number, a mobile phone number, equipment identification data, and the like. The device identification data includes, but is not limited to, a device serial number, a Mac address, an IP address, and the like. When the user successfully completes the real-name authentication registration and wants to log in a certain application program at the user terminal 404, the user-defined key data is input, the application program at the user terminal 404 automatically reads the private key data stored in the eSIM card for digital signature to obtain private key signature data SK (K), wherein SK is the private key, and K is the user-defined key. The facilitator of the application forwards the private key signature data to any blockchain node 406 via the user terminal 404.
After the authority node 402 completes real-name authentication of the user, a public and private key pair is generated, private key data is sent to the user terminal 404, public key data is broadcasted to each block link point 406 for synchronization, and the user terminal 404 automatically writes the private key data into an eSIM card through preset software for local storage.
In addition, the key data generated by the blockchain node 406 according to the device identification data is bound to the device identification data, and when the user changes the device, the key data needs to be generated again. The manner of sending the key data may be to generate a two-dimensional code according to the key data, send the two-dimensional code to the user terminal 404, and the user terminal 404 obtains the key data by scanning the two-dimensional code image and stores the key data in the terminal. It is understood that, in other embodiments, the manner of sending the key data is not limited to the manner of two-dimensional code, and other manners such as generating barcode may also be used, which may be determined according to actual situations, and is not limited herein.
The authentication data submitted by the user terminal 404 for the key data may be password data, specifically, the validity period of the password data may be set to 30 seconds, and the user terminal 404 needs to send the password data to the block link node 406 within the validity period. It is to be understood that the authentication data may also be face image data, voice data, identification number data, and the like of the user. The validity period of the password data may be 10 seconds, 15 seconds, or the like, which may be determined according to actual circumstances.
In one embodiment, the blockchain node 406 is further configured to decrypt the private key signature data by using the public key data to obtain decrypted data, and if the decrypted data is consistent with the custom key data, it is determined that the private key signature data passes verification; and obtaining the current timestamp, performing hash operation according to the current timestamp and the key data to obtain authentication data, and if the authentication data is consistent with the authentication data submitted by the user terminal 404, determining that the submitted authentication data of the user terminal 404 passes verification.
In specific implementation, the authentication of the private key data is to perform decryption verification by using the public key data, specifically, it may be verified whether PK (sk (K)) is equal to K, and if the decrypted data is the custom key data K, the verification is passed, that is, it is considered that the first re-equipment authentication and the custom key authentication are passed. The user terminal 404 receives the key data, performs hash operation through the key data and the current timestamp to obtain password data (authentication data), submits the password data to the block chain node 406 in the validity period, the block chain node 406 obtains the current timestamp for the verification of the password data, performs hash operation according to the current timestamp and the key data to obtain password data, compares whether the password data are consistent, and if the obtained password data are consistent with the password data submitted by the user terminal 404, determines that the submitted password data of the user terminal 404 pass the verification, and determines that the identity authentication passes. Further, a message of successful authentication may be broadcast in the federation chain to inform other nodes that authentication has been completed. Furthermore, the block link point 406 responsible for authentication will get the service fee of the application provider (third party APP), which is essentially the traffic fee; but the user also has constraint, and once the user thinks that the information leakage dispute appears, the user can apply for alliance chain community arbitration.
In one embodiment, the authority node 402 is further configured to encrypt the custom key data according to the private key data, and send the encrypted custom key data to each of the chunk chain nodes 406.
In this embodiment, the user-defined key data sent by the authority node 402 to the block chain node 406 is transmitted after being encrypted by the private key data stored in the eSIM card, so that the possibility of stealing the user-defined key data is greatly reduced, and the security of the data is improved.
It should be understood that although the various steps in the flow charts of fig. 2-3 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-3 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed in turn or alternately with other steps or at least some of the other steps.
In one embodiment, as shown in fig. 5, there is provided an identity authentication apparatus based on a blockchain, including: a login request receiving module 510, a public key data obtaining module 520, a first identity authentication module 530, a key data obtaining module 540, an authentication data obtaining module 550, and a second identity authentication module 560, wherein:
the login request receiving module 510 is configured to receive a login request sent by a user terminal, where the login request carries private key signature data.
A public key data obtaining module 520, configured to respond to the login request and obtain public key data.
The first identity authentication module 530 is configured to, when the verification of the private key signature data is completed according to the public key data, obtain device identification data of the user terminal, and generate key data according to the device identification data.
And a key data obtaining module 540, configured to send the key data to the user terminal.
And an authentication data obtaining module 550, configured to receive authentication data submitted by the user terminal for the key data.
The second identity authentication module 560 is configured to determine that the identity authentication passes when the authentication data submitted by the user terminal passes the authentication, where the authentication of the authentication data submitted by the user terminal includes: and obtaining a current timestamp, carrying out Hash operation according to the current timestamp and the key data to obtain authentication data, and judging that the identity authentication of the user terminal passes the verification if the authentication data is consistent with the authentication data submitted by the user terminal.
As shown in fig. 6, in one embodiment, the apparatus further includes a data receiving module 570, configured to receive public key data, device identification data, and custom key data corresponding to the user terminal and broadcast by the authority node, where the public key data is generated after the authority node completes real-name authentication of the user.
In one embodiment, the first identity authentication module 530 is further configured to decrypt the private key signature data by using the public key data to obtain decrypted data, and if the decrypted data is consistent with the user-defined key data, it is determined that the private key signature data passes the verification.
For specific limitations of the identity authentication apparatus based on the blockchain, reference may be made to the above limitations of the identity authentication method based on the blockchain, and details are not described here. The modules in the block chain-based identity authentication device may be implemented in whole or in part by software, hardware, and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 7. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing public key data, private key data, device identification data, user-defined key data and the like. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a blockchain-based identity authentication method.
Those skilled in the art will appreciate that the architecture shown in fig. 7 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the following steps when executing the computer program: the method comprises the steps of receiving a login request sent by a user terminal, wherein the login request carries private key signature data, responding to the login request, obtaining public key data, obtaining equipment identification data of the user terminal when verification of the private key signature data is completed according to the public key data, generating secret key data according to the equipment identification data, sending the secret key data to the user terminal, receiving authentication data submitted by the user terminal aiming at the secret key data, and judging that identity authentication is passed when the authentication data submitted by the user terminal passes the verification.
In one embodiment, the processor, when executing the computer program, further performs the steps of: and receiving public key data, equipment identification data and user-defined key data which are broadcast by the authority node and correspond to the user terminal, wherein the public key data are generated after the authority node completes real-name authentication of the user.
In one embodiment, the processor, when executing the computer program, further performs the steps of: and decrypting the private key signature data by using the public key data to obtain decrypted data, and if the decrypted data is consistent with the user-defined key data, judging that the private key signature data passes verification.
In one embodiment, the processor, when executing the computer program, further performs the steps of: and obtaining a current timestamp, carrying out Hash operation according to the current timestamp and the key data to obtain authentication data, and judging that the identity authentication of the user terminal passes the verification if the authentication data is consistent with the authentication data submitted by the user terminal.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of: the method comprises the steps of receiving a login request sent by a user terminal, wherein the login request carries private key signature data, responding to the login request, obtaining public key data, obtaining equipment identification data of the user terminal when verification of the private key signature data is completed according to the public key data, generating secret key data according to the equipment identification data, sending the secret key data to the user terminal, receiving authentication data submitted by the user terminal aiming at the secret key data, and judging that identity authentication is passed when the authentication data submitted by the user terminal passes the verification.
In one embodiment, the computer program when executed by the processor further performs the steps of: and receiving public key data, equipment identification data and user-defined key data which are broadcast by the authority node and correspond to the user terminal, wherein the public key data are generated after the authority node completes real-name authentication of the user.
In one embodiment, the computer program when executed by the processor further performs the steps of: and decrypting the private key signature data by using the public key data to obtain decrypted data, and if the decrypted data is consistent with the user-defined key data, judging that the private key signature data passes verification.
In one embodiment, the computer program when executed by the processor further performs the steps of: and obtaining a current timestamp, carrying out Hash operation according to the current timestamp and the key data to obtain authentication data, and judging that the identity authentication of the user terminal passes the verification if the authentication data is consistent with the authentication data submitted by the user terminal.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. An identity authentication method based on a block chain, the method comprising:
receiving a login request sent by a user terminal, wherein the login request carries private key signature data;
responding to the login request, and acquiring public key data;
when the verification of the private key signature data is completed according to the public key data, acquiring equipment identification data of the user terminal, and generating key data according to the equipment identification data, wherein the key data is bound with the equipment identification data;
sending the key data to the user terminal;
receiving authentication data submitted by the user terminal aiming at the key data;
when the authentication data submitted by the user terminal passes the verification, judging that the identity authentication passes;
wherein verifying the authentication data submitted by the user terminal comprises: acquiring a current timestamp, performing hash operation according to the current timestamp and the key data to obtain authentication data, and if the authentication data is consistent with the authentication data submitted by the user terminal, judging that the identity authentication of the user terminal passes verification;
the private key signature data is generated based on private key data and user-defined key data input by a user, and the authentication data comprises password data;
sending the key data to the user terminal comprises: and generating a two-dimensional code according to the key data, and sending the two-dimensional code to the user terminal.
2. The method of claim 1, wherein before receiving the login request sent by the user terminal, the method further comprises:
and receiving public key data, equipment identification data and user-defined key data which are broadcast by an authority node and correspond to the user terminal, wherein the public key data are generated after the authority node completes real-name authentication of the user.
3. The method of claim 2, wherein verifying the private key signature data from the public key data comprises:
decrypting the private key signature by using the public key data to obtain decrypted data;
and if the decrypted data is consistent with the user-defined key data, judging that the private key signature data passes verification.
4. A blockchain-based identity authentication system, the system comprising: the system comprises an authoritative node, a user terminal and a plurality of block chain nodes;
the user terminal sends a registration request to the authority node, the authority node responds to the registration request, sends a real-name authentication message to the user terminal, receives identity authentication data submitted by the user terminal, and generates public key data and private key data when the real-name authentication of the identity authentication data is completed; sending the private key data to the user terminal, and broadcasting the public key data, the equipment identification data in the identity authentication data and the user-defined key data to each block chain node;
the user terminal receives the private key data, writes the private key data into a preset eSIM card, reads the private key data stored in the preset eSIM card when a login instruction which is initiated by a user and carries the user-defined key data is received, generates private key signature data according to the private key data and the user-defined key data, generates a login request according to the private key signature data, and forwards the login request to a block chain node;
the block chain link point receives the private key signature data to obtain public key data; when the verification of the private key signature data is completed according to the public key data, acquiring equipment identification data of the user terminal and generating secret key data according to the equipment identification data; sending the key data to the user terminal; receiving authentication data submitted by the user terminal aiming at the key data; when the authentication data submitted by the user terminal passes the verification, the identity authentication is judged to pass, and the authentication data comprises password data;
the sending the key data to the user terminal comprises: generating a two-dimensional code according to the key data, and sending the two-dimensional code to the user terminal;
wherein the key data is bound to the device identification data.
5. The system according to claim 4, wherein the blockchain node is further configured to decrypt the private key signature using the public key data to obtain decrypted data, and if the decrypted data is consistent with the custom key data, determine that the private key signature data passes verification; and acquiring a current timestamp, performing hash operation according to the current timestamp and the key data to obtain authentication data, and if the authentication data is consistent with the authentication data submitted by the user terminal, judging that the submitted authentication data of the user terminal passes verification.
6. The system according to claim 4, wherein the authority node is further configured to encrypt the custom key data according to the private key data, and send the encrypted custom key data to each blockchain node.
7. An apparatus for identity authentication based on a blockchain, the apparatus comprising:
the login request receiving module is used for receiving a login request sent by a user terminal, wherein the login request carries private key signature data, and the private key signature data is generated based on the private key data and user-defined key data input by a user;
the public key data acquisition module is used for responding to the login request and acquiring public key data;
the first identity authentication module is used for acquiring equipment identification data of the user terminal and generating key data according to the equipment identification data when the verification of the private key signature data is completed according to the public key data, and the key data is bound with the equipment identification data;
a key data obtaining module, configured to send the key data to the user terminal, where sending the key data to the user terminal includes: generating a two-dimensional code according to the key data, and sending the two-dimensional code to the user terminal;
an authentication data acquisition module, configured to receive authentication data submitted by the user terminal for the key data, where the authentication data includes password data;
a second identity authentication module, configured to determine that identity authentication passes when authentication data submitted by the user terminal passes authentication, where verifying the authentication data submitted by the user terminal includes: and obtaining a current timestamp, carrying out Hash operation according to the current timestamp and the key data to obtain authentication data, and judging that the identity authentication of the user terminal passes the verification if the authentication data is consistent with the authentication data submitted by the user terminal.
8. The apparatus according to claim 7, further comprising a data receiving module, configured to receive public key data, device identification data, and custom key data corresponding to the user terminal and broadcast by an authority node, where the public key data is generated after the authority node completes real-name authentication of a user.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor realizes the steps of the method of any one of claims 1 to 3 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 3.
CN202010577112.9A 2020-06-23 2020-06-23 Identity authentication method, system and device based on block chain and computer equipment Active CN111949953B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010577112.9A CN111949953B (en) 2020-06-23 2020-06-23 Identity authentication method, system and device based on block chain and computer equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010577112.9A CN111949953B (en) 2020-06-23 2020-06-23 Identity authentication method, system and device based on block chain and computer equipment

Publications (2)

Publication Number Publication Date
CN111949953A CN111949953A (en) 2020-11-17
CN111949953B true CN111949953B (en) 2021-10-22

Family

ID=73337169

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010577112.9A Active CN111949953B (en) 2020-06-23 2020-06-23 Identity authentication method, system and device based on block chain and computer equipment

Country Status (1)

Country Link
CN (1) CN111949953B (en)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112328997A (en) * 2020-11-26 2021-02-05 安徽继远软件有限公司 Credible identity recognition method and system based on block chain
CN112818323A (en) * 2020-12-29 2021-05-18 山西特信环宇信息技术有限公司 Cone block chain identity authentication system
CN114697061B (en) * 2020-12-29 2023-05-09 中国移动通信有限公司研究院 Access control method, device, network side equipment, terminal and blockchain node
CN112822687B (en) * 2020-12-31 2023-03-24 山西特信环宇信息技术有限公司 Cone block chain mobile terminal authentication method
CN112866242B (en) * 2021-01-15 2023-03-14 迅鳐成都科技有限公司 Block chain-based digital identity authentication method, equipment and storage medium
CN113221189B (en) * 2021-04-29 2022-05-03 华中科技大学 Identity authentication system, authentication method, medium and terminal based on block chain
CN113487321A (en) * 2021-07-06 2021-10-08 域世安(北京)科技有限公司 Identity identification and verification method and system based on block chain wallet
CN113660089B (en) * 2021-07-14 2024-02-06 方欣科技有限公司 Tax payment user identity authentication method and device based on blockchain
CN113591057B (en) * 2021-08-05 2024-05-14 国民认证科技(北京)有限公司 Biological characteristic off-line identity recognition method and system
CN113722753B (en) * 2021-08-25 2024-05-10 银清科技有限公司 Private data processing method, device and system based on blockchain
CN113709725B (en) * 2021-08-25 2023-03-24 中国联合网络通信集团有限公司 Number portability method, operator node and computer readable medium
CN113821789B (en) * 2021-09-26 2023-06-23 北京邮电大学 User key generation method, device, equipment and medium based on blockchain
CN113872986B (en) * 2021-10-15 2023-10-24 南方电网数字电网科技(广东)有限公司 Power distribution terminal authentication method and device and computer equipment
CN113886781B (en) * 2021-10-15 2023-01-24 中国联合网络通信集团有限公司 Multi-authentication encryption method, system, electronic device and medium based on block chain
CN114285662B (en) * 2021-12-28 2023-11-10 北京天融信网络安全技术有限公司 Authentication method, authentication device, authentication equipment and storage medium
CN114884702A (en) * 2022-04-19 2022-08-09 海南大学 Identity registration method, identity authentication method and identity management system
CN115002208A (en) * 2022-05-27 2022-09-02 琢创网络科技(上海)有限公司 High-reliability multi-layer digital delivery method
CN115001707B (en) * 2022-05-27 2023-06-27 珠海复旦创新研究院 Device authentication method based on block chain and related device
CN115037483B (en) * 2022-06-20 2024-04-09 中国联合网络通信集团有限公司 Authentication method and device based on biological characteristics in blockchain
CN114900300B (en) * 2022-06-20 2024-07-30 中国联合网络通信集团有限公司 Cloud service temporary login key authentication method, device, equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105827656A (en) * 2016-05-30 2016-08-03 宇龙计算机通信科技(深圳)有限公司 Identity authentication method based on NFC payment and device
CN107196966A (en) * 2017-07-05 2017-09-22 北京信任度科技有限公司 The identity identifying method and system of multi-party trust based on block chain
CN107579817A (en) * 2017-09-12 2018-01-12 广州广电运通金融电子股份有限公司 User ID authentication method, apparatus and system based on block chain
CN109067721A (en) * 2018-07-24 2018-12-21 中国联合网络通信集团有限公司 Block chain real name identification method, device, equipment and storage medium
CN109145543A (en) * 2018-09-03 2019-01-04 湖北文理学院 A kind of identity identifying method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8762742B2 (en) * 2011-05-16 2014-06-24 Broadcom Corporation Security architecture for using host memory in the design of a secure element
US20180191503A1 (en) * 2015-07-14 2018-07-05 Fmr Llc Asynchronous Crypto Asset Transfer and Social Aggregating, Fractionally Efficient Transfer Guidance, Conditional Triggered Transaction, Datastructures, Apparatuses, Methods and Systems
CN110519062B (en) * 2019-09-19 2021-10-29 腾讯科技(深圳)有限公司 Identity authentication method, authentication system and storage medium based on block chain
CN111275419B (en) * 2020-01-17 2023-04-11 上海简苏网络科技有限公司 Block chain wallet signature right confirming method, device and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105827656A (en) * 2016-05-30 2016-08-03 宇龙计算机通信科技(深圳)有限公司 Identity authentication method based on NFC payment and device
CN107196966A (en) * 2017-07-05 2017-09-22 北京信任度科技有限公司 The identity identifying method and system of multi-party trust based on block chain
CN107579817A (en) * 2017-09-12 2018-01-12 广州广电运通金融电子股份有限公司 User ID authentication method, apparatus and system based on block chain
CN109067721A (en) * 2018-07-24 2018-12-21 中国联合网络通信集团有限公司 Block chain real name identification method, device, equipment and storage medium
CN109145543A (en) * 2018-09-03 2019-01-04 湖北文理学院 A kind of identity identifying method

Also Published As

Publication number Publication date
CN111949953A (en) 2020-11-17

Similar Documents

Publication Publication Date Title
CN111949953B (en) Identity authentication method, system and device based on block chain and computer equipment
CN109359691B (en) Identity verification method and system based on block chain
CN111130770B (en) Information certification method and system based on blockchain, user terminal, electronic equipment and storage medium
CN110086608A (en) User authen method, device, computer equipment and computer readable storage medium
TW201706900A (en) Method and device for authentication using dynamic passwords
CN111107073B (en) Application automatic login method and device, computer equipment and storage medium
CN112559993B (en) Identity authentication method, device and system and electronic equipment
CN111010367A (en) Data storage method and device, computer equipment and storage medium
CN109347813B (en) Internet of things equipment login method and system, computer equipment and storage medium
CN111130798B (en) Request authentication method and related equipment
CN110225017B (en) Identity authentication method, equipment and storage medium based on alliance block chain
CN114143108A (en) Session encryption method, device, equipment and storage medium
CN115473655B (en) Terminal authentication method, device and storage medium for access network
CN111461720A (en) Identity verification method and device based on block chain, storage medium and electronic equipment
CN114218598B (en) Service processing method, device, equipment and storage medium
CN110138558B (en) Transmission method and device of session key and computer-readable storage medium
WO2022265945A1 (en) Methods, mediums, and systems for verifying devices in an encrypted messaging system
CN112836206A (en) Login method, device, storage medium and computer equipment
CN111132149B (en) Registration method of 5G user terminal, user terminal equipment and medium
CN110048842B (en) Session key processing method, device and computer readable storage medium
CN107204959B (en) Verification method, device and system of verification code
CN113094675B (en) User authentication method and device based on distributed model training
CN111698299B (en) Session object replication method, device, distributed micro-service architecture and medium
CN111311412B (en) Decentralized transaction confirmation method and device and server
CN110049067B (en) Transmission method and device of session key and computer-readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant