CN112039848B - Web authentication method, system and device based on block chain public key digital signature - Google Patents
Web authentication method, system and device based on block chain public key digital signature Download PDFInfo
- Publication number
- CN112039848B CN112039848B CN202010780033.8A CN202010780033A CN112039848B CN 112039848 B CN112039848 B CN 112039848B CN 202010780033 A CN202010780033 A CN 202010780033A CN 112039848 B CN112039848 B CN 112039848B
- Authority
- CN
- China
- Prior art keywords
- request
- registration
- information
- data
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Abstract
The invention discloses a Web authentication method, a system and a device based on a block chain public key digital signature.A client sends out a registration or a request, the system generates a public and private key pair according to a set asymmetric signature algorithm, generates corresponding payload data from registration or request information, carries out signature based on a private key, generates registration or request data from the public key, the payload data and a signature result, and a service end analyzes the registration or request data to obtain the registration or request information and execute corresponding operation. According to the method and the system, the registration or request information is converted into the payload data, the registration or request data is generated based on the public key and the private key and is sent to the server, and the server associates the authentication information with the registration or request data, so that the server is prevented from processing a tampered request; after receiving the registration or request data, the server performs corresponding operations, thereby avoiding the formation of authentication information without the client. The server side does not manage sensitive information, and leakage risks are reduced.
Description
Technical Field
The invention relates to the technical field of block chains, in particular to a method, a system and a device for Web authentication based on block chain public key digital signature.
Background
Currently, in a Web system, there are 5 main ways to authenticate a user:
HttpBasicAuth: the client provides a user name and a password at a request head, and the server checks whether the password is correct. In this way, the cipher is transmitted in the clear and is easy to leak.
2.OAuth2: and the client finally acquires the Access token from the server according to the protocol, the subsequent request seeds are attached with the Access token, and the server realizes the authentication of the user identity according to the Access token.
CookieSessionaAuth: the client provides effective identification information (such as a username and a password), the server creates a Session object for the visitor, the client stores the Session through the Cookie, subsequent requests are accompanied by Cookie information, and the server matches the Session object to realize the authentication of the user identity.
4.Tokenauth: the client provides effective identification information (such as a user name and a password), the server distributes a token for the client, the token is attached to subsequent requests of the client, and the token is verified by the server to realize the authentication of the user identity.
5.JWTauth: the client provides effective identification information (such as a user name and a password), the server constructs a header and a payload which accord with JWT specifications, signs are carried out on the header and the payload to obtain a token, the token is sent to the client, the token is attached to subsequent requests of the client, the token is verified by the server and is issued by the server and the identity information in the token is analyzed, and the authentication of the user identity is realized.
In the above methods 2 to 5, there are problems as follows: the tokens are all generated by the server side, and the server side can generate the tokens without permission of the client side; centralized management is carried out at a server side, and once leakage occurs, requests of a large number of users can be forged; the token does not change in a period of time, and if the token is intercepted by a third party, the third party can easily forge the request of the client; the token has no relation with the request data, and the server cannot find the token even if the token is tampered in the process of data transmission.
Moreover, with the development of the block chain technology, in some decentralized systems, the identity information of the user is not managed by the central server, but is embodied by the user holding the asymmetric encrypted private key, and the Web authentication mode is not available in the Web system constructed based on the system.
Therefore, designing a secure and widely applicable Web authentication method is a problem to be solved urgently.
Disclosure of Invention
The invention aims to provide a Web authentication method, a system and a device based on a block chain public key digital signature.
In a first aspect, the above object of the present invention is achieved by the following technical solutions:
a Web authentication method based on block chain public key digital signature is characterized in that a client generates a public key and a private key pair in a registration process; or generating registration payload data according to the registration information, performing operation by combining the key to obtain a signature result, and combining the public key, the registration payload data and the signature result into registration request data; in the request response process, request data is generated and sent to the server based on the key.
The invention is further configured to: in the registration process without the registration information, the client generates a public key PK and a private key SK pair by self and stores the public key PK and the private key SK pair.
The invention is further configured to: in the registration process requiring registration information, the client operation comprises the following steps:
s1, self-generating a public key PK and a private key SK pair, and storing;
s2, receiving user registration information and generating registration effective load data;
s3, signing the registered payload data based on the private key SK to obtain a registered signature result;
s4, combining the public key PK, the registration payload data and the registration signature result to obtain registration request data, and sending the registration request data to a server;
and S5, receiving registration result information returned by the server.
The invention is further configured to: the method for sending the read request to the server by the client comprises the following steps:
a1, receiving read service request information and generating first request payload data;
a2, signing the first request payload data based on the private key SK to obtain a first request signature result;
a3, combining the public key PK, the first request payload data and the first request signature result to obtain first read request data, and sending the first read request data to a server;
a4, receiving a first reading request result returned by the server;
and A5, receiving a service execution result of the server.
The invention is further configured to: the method for sending the read or write request to the server by the client comprises the following steps:
b1, acquiring disposable random number information and second read or write service request information to generate second request payload data;
b2, signing the second request payload data based on the private key SK to obtain a second request signature result;
b3, combining the public key PK, the second request payload data and the second request signature result to obtain second read or write request data, and sending the second read or write request data to the server;
b4, receiving a second reading or writing request result returned by the server;
and B5, receiving a service execution result of the server.
The invention is further configured to: the method for acquiring the disposable random number information comprises the following steps:
p1, generating third request payload data requesting the one-time random number;
p2, signing the third request payload data based on the private key SK to obtain a third request signature result;
p3, combining the public key PK, the third request payload data and the third request signature result to obtain third random number request data, and sending the third random number request data to the server;
and P4, receiving a response random number signal sent by the server.
In a second aspect, the above object of the present invention is achieved by the following technical solutions: a Web authentication method based on a block chain public key digital signature is characterized in that a server receives registration request data sent by a client in a registration process, verifies a secret key or the registration request data and sends a verification result to the client; in the request response process, receiving a read service request, a read service request and a random number service request of the client, obtaining service request information and a user Identity (ID), executing service logic according to the service request information, and returning a service execution result to the client.
The invention is further configured to: the method for receiving the registration request data sent by the client in the registration process by the server comprises the following steps:
d1, receiving registration request data sent by a client;
d2, analyzing the registration request data to obtain a public key PK, registration payload data and a registration signature result;
d3, verifying whether the registration signature result is correct or not, if so, entering the next step, and if not, turning to D8;
d4, decrypting the registered effective load data to obtain user registration information;
d5, calculating a user identity ID according to the public key PK;
d6, associating and storing the user registration information and the user identity ID;
d7, sending registration success information to the client, and turning to D9;
d8, sending verification error information to the client;
d9, finishing the registration.
The invention is further configured to: the method for receiving the first read request data sent by the client by the server in the request response process comprises the following steps:
e1, receiving first read request data sent by a client;
e2, analyzing the first read request data to obtain a public key PK, first request payload data and a first request signature result;
e3, verifying whether the first request signature result is correct or not, if so, entering the next step, and if not, turning to E8;
e4, analyzing the first request payload data to obtain first service request information;
e5, calculating the user identity ID according to the public key PK;
e6, executing service logic according to the user identity ID and the first service request information;
e7, sending the service execution result information to the client, and turning to E9;
e8, sending verification error information to the client;
e9, the request is finished.
The invention is further configured to: the server receives second read or write request data sent by the client in the request response process, and the method comprises the following steps:
w1, receiving second read or write request data sent by a client;
w2, analyzing the second read or write request data to obtain a public key PK, second request payload data and a second request signature result;
w3, verifying whether the second request signature result is correct, if so, entering the next step, and if not, turning to W10;
w4, analyzing the second request payload data to obtain disposable random number information and second read or write service request information;
w5, calculating a user identity ID according to the public key PK;
w6, comparing the disposable random number information corresponding to the user body ID stored by the server with the disposable random number information obtained by analysis, if the disposable random number information is the same, entering the next step, and if the disposable random number information is different, turning to W11;
w7, setting the disposable random number information corresponding to the user body ID stored in the server side as failure;
w8, executing service logic according to the user identity ID and the second read or write service request information;
w9, sending service execution result information to the client, and turning to W12;
w10, sending verification error information to the client, and turning to W12;
w11, sending one-time random number verification error information to the client;
w12, the request is finished.
The invention is further configured to: the server receives the third random number request data sent by the client in the request response process, and the method comprises the following steps:
q1, receiving third random number request data sent by the client;
q2, analyzing the third random number request data to obtain a public key PK, third request payload data and a third request signature result;
q3, verifying whether the third request signature result is correct, if so, entering the next step, and if not, turning to Q8;
q4, analyzing the third request payload data to obtain the acquired one-time random number service request information;
q5, calculating the user identity ID according to the public key PK;
q6, generating a disposable random number, associating the disposable random number with the user identity ID and then storing the disposable random number;
q7, sending the disposable random number to the client, and turning to Q9;
q8, sending verification error information to the client;
and Q9, ending the request.
In a third aspect, the above object of the present invention is achieved by the following technical solutions:
a Web authentication system based on block chain public key digital signature comprises an algorithm module, a registration module and a request module, wherein the algorithm module is respectively connected with the registration module and the request module, and is used for serializing user registration information in the registration module and performing registration signature on registration payload data by adopting an asymmetric signature algorithm and a digest algorithm in the registration and request processes; serializing and deserializing a service request in a request module, signing a request payload data, a registration module for performing the method of any one of claims 1-6, and a request module for performing the method of any one of claims 7-11.
In a fourth aspect, the above object of the present invention is achieved by the following technical solutions: a Web authentication apparatus based on blockchain public key digital signature, comprising a memory and a processor, the memory storing a computer program capable of being loaded and executed by the processor for performing the method according to any one of claims 1 to 11.
Compared with the prior art, the invention has the beneficial technical effects that:
1. according to the method and the system, the registration or request information is converted into the payload data, the registration or request data is generated based on the public key and the private key and is sent to the server, and the server associates the authentication information with the registration or request data, so that the server is prevented from processing a tampered request;
2. furthermore, after the registration or request data is received by the server, corresponding operation is performed, so that the possibility that authentication information is formed without a client is avoided;
3. furthermore, the server side does not need to manage sensitive information, and leakage risks are reduced;
4. further, the registration or request data generated by the method cannot be reused, and the possibility that the client request is forged after being intercepted is avoided.
Drawings
FIG. 1 is a flowchart illustrating a registration process according to an embodiment of the present invention;
fig. 2 is a flow chart illustrating a request response process according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings.
Detailed description of the preferred embodiment
The Web authentication system based on the block chain public key digital signature comprises an algorithm module, a registration module and a request module, wherein the algorithm module is respectively connected with the registration module and the request module, and an asymmetric signature algorithm and a digest algorithm are set in the algorithm module and are used for performing corresponding calculation by adopting a set algorithm in the registration or request process; generating a public and private key pair, serializing user registration information in a registration module, and generating effective load data; signing the user registration information or the request information based on the private key to obtain a signature result; serializing and deserializing the service request in the request module, and performing request signature on request payload data; the registration module is used for generating registration data according to the user registration information and finishing registration; the request module is used for generating request data according to the user request and executing corresponding request operation.
Detailed description of the invention
According to the Web authentication method based on the block chain public key digital signature, in a decentralized system, a user does not need to additionally provide information for registration, a client side automatically generates a Public Key (PK) pair and a private key (SK) pair according to an asymmetric signature algorithm set by the system, the Public Key (PK) pair and the private key (SK) pair are stored, and the registration process is completed.
Detailed description of the preferred embodiment
According to the Web authentication method based on the block chain public key digital signature, a system needs a user to additionally provide information for registration, a client generates registration payload data according to registration information, performs operation by combining a secret key to obtain a signature result, combines the public key, the registration payload data and the signature result into registration request data, sends the registration request data to a server, and receives information returned by the server.
Specifically, the method comprises the following steps:
s1, self-generating a Public Key (PK) pair and a private key (SK) pair based on an asymmetric signature algorithm, and storing;
s2, receiving user registration information, serializing the user registration information, and generating registration payload data (register payload), wherein the data adopts any data serialization format agreed with a service end, and the data comprises JSON (Java Server pages), url (Unicode) and XML (extensive Makeup language) formats;
s3, signing the registered effective load data based on a private key (SK), and signing the registered effective load data by adopting a set asymmetric signature algorithm and a set abstract algorithm to obtain a registered signature result (RegisterSig);
s4, splicing and combining the Public Key (PK), the registered payload data and the registered signature result to obtain registration request data, and sending the registration request data to a server;
and S5, receiving registration result information returned by the server.
And the server receives the registration request data sent by the client in the registration process, verifies the key or the registration request data and sends a verification result to the client.
Specifically, the method comprises the following steps:
d1, receiving registration request data sent by a client;
d2, analyzing the registration request data to obtain a public key PK, registration payload data and a registration signature result;
d3, verifying whether the registration signature result is correct or not by adopting an asymmetric signature algorithm and a digest algorithm set by a system, if so, entering the next step, and if not, turning to D8;
d4, deserializing the registered payload data according to an agreed data serialization format to obtain user registration information;
d5, calculating the user identity ID according to the public key PK, wherein the adopted method comprises the following steps: intercepting a substring after HASH is carried out on the public key;
d6, associating and storing the user registration information and the user identity ID;
d7, sending registration success information to the client, and turning to D9;
d8, sending verification error information to the client;
d9, finishing the registration.
Detailed description of the invention
According to the Web authentication method based on the block chain public key digital signature, in the request response process, a client generates request data based on a secret key and sends the request data to a server; the server receives the read service request of the client, obtains service request information and user Identity (ID), executes service logic according to the service request information, and returns a service execution result to the client.
The method for sending the read request to the server by the client comprises the following steps:
a1, receiving and serializing read service request information to generate first request payload data (FirstRequestPayload);
a2, signing the first request payload data by adopting an asymmetric signature algorithm and a digest algorithm set by a system based on a private key SK to obtain a first request signature result (FirstRequestSig);
a3, splicing and combining the public key PK, the first request payload data and the first request signature result to obtain first read request data, and sending the first read request data to a server;
a4, receiving a first reading request result returned by the server;
and A5, receiving a service execution result of the server.
The method comprises the following steps that in the process of responding to the read request, the server receives first read request data sent by the client and carries out corresponding operation, and the method comprises the following steps:
e1, receiving first read request data sent by a client;
e2, analyzing the first read request data to obtain a public key PK, first request payload data and a first request signature result;
e3, verifying whether the first request signature result is correct or not by using an asymmetric signature algorithm and a key extraction algorithm set by the system, if so, entering the next step, and if not, turning to E8;
e4, deserializing the first request payload data according to an agreed data serialization format to obtain first service request information;
e5, calculating the user identity ID according to the public key PK;
e6, executing service logic according to the user identity ID and the first service request information;
e7, sending the service execution result information to the client, and turning to E9;
e8, sending verification error information to the client;
e9, the request is finished.
Detailed description of the preferred embodiment
According to the Web authentication method based on the block chain public key digital signature, in the request response process, a client sends a request one-time random number for a write request or a read request.
The method for acquiring the disposable random number information comprises the following steps:
p1, generating Third Request Payload data (Third Request Payload) requesting a nonce;
p2, signing the Third Request payload data by using an asymmetric signature algorithm and a digest algorithm set by a system based on the private key SK to obtain a Third Request signature result (Third Request Sig);
p3, combining the public key PK, the third request payload data and the third request signature result to obtain third random number request data, and sending the third random number request data to the server;
and P4, receiving a response random number signal sent by the server.
The server receives the random number service request of the client, obtains service request information and user Identity (ID), executes service logic according to the service request information, and returns a service execution result to the client.
Specifically, the method comprises the following steps:
q1, receiving third random number request data sent by the client;
q2, analyzing the third random number request data to obtain a public key PK, third request payload data and a third request signature result;
q3, verifying whether the third request signature result is correct or not by using an asymmetric signature algorithm and a digest algorithm set by the system, if so, entering the next step, and otherwise, turning to Q8;
q4, deserializing the third request payload data according to the agreed data serialization format to obtain the disposable random number service request information;
q5, calculating the user identity ID according to the public key PK;
q6, generating a one-time random number (nonce), associating with the user identity ID and then storing;
q7, sending the disposable random number to the client, and turning to Q9;
q8, sending verification error information to the client;
q9, the request is finished.
Detailed description of the preferred embodiment
According to the Web authentication method based on the block chain public key digital signature, in the request response process, based on a random number, a client side sends a read or write service request, a server side receives the read or write service request of the client side, obtains service request information and a user Identity (ID), executes service logic according to the service request information, and returns a service execution result to the client side.
The client sends a read or write service request to the server, and the method comprises the following steps:
b1, acquiring disposable random number information and second read or write service Request information, combining, and then serializing to generate second Request Payload data (second Request Payload);
b2, based on the private key SK, signing the second Request payload data by using an asymmetric signature algorithm and a digest algorithm set by the system to obtain a second Request signature result (second Request Sig);
b3, splicing and combining the public key PK, the second request payload data and the second request signature result to obtain second read or write request data, and sending the second read or write request data to the server;
b4, receiving a second reading or writing request result returned by the server;
and B5, receiving a service execution result of the server.
The server receives a read or write service request of the client, acquires service request information and a user Identity (ID), executes service logic according to the service request information, and returns a service execution result to the client.
Specifically, the method comprises the following steps:
the server receives second read or write request data sent by the client in the request response process, and the method comprises the following steps:
w1, receiving second read or write request data sent by the client;
w2, analyzing the second read or write request data to obtain a public key PK, second request payload data and a second request signature result;
w3, verifying whether the second request signature result is correct or not by using an asymmetric signature algorithm and a key extraction algorithm set by a system, if so, entering the next step, otherwise, turning to W10;
w4, deserializing the second request payload data according to an agreed data serialization format to obtain disposable random number information and second read or write service request information;
w5, calculating the user identity ID according to the public key PK;
w6, comparing the disposable random number information corresponding to the user body ID stored in the server with the disposable random number information obtained by analysis, if the disposable random number information is the same, entering the next step, and if the disposable random number information is different, turning to W11;
w7, setting the disposable random number information corresponding to the user body ID stored in the server side as failure;
w8, executing service logic according to the user identity ID and the second read or write service request information;
w9, sending service execution result information to the client, and turning to W12;
w10, sending verification error information to the client, and turning to W12;
w11, sending one-time random number verification error information to the client;
w12, the request is finished.
Detailed description of the preferred embodiment
The Web authentication device based on the block chain public key digital signature comprises a memory and a processor, wherein the memory stores a computer program of the Web authentication method based on the block chain public key digital signature, and the computer program can be loaded and executed by the processor.
The embodiments of the present invention are all preferred embodiments of the present invention, and the scope of the present invention is not limited thereby, so: equivalent changes made according to the structure, shape and principle of the invention shall be covered by the protection scope of the invention.
Claims (12)
1. A Web authentication method based on block chain public key digital signature is applied to a client and is characterized in that: in the registration process that a user is required to provide registration information, a client generates a public key and private key pair, registration payload data is generated according to the user registration information, the registration payload data is signed in combination with the private key to obtain a registration signature result, the public key, the registration payload data and the registration signature result are combined into registration request data and sent to a server, and verification registration result information of the server is received; in the request response process, request payload data is generated according to the request service, the request payload data is signed by combining a private key to obtain a request signature result, the public key, the request payload data and the request signature result are generated into the request data to be sent to the server, the request comprises a service reading request, a service reading or writing request and a random number service, and a service execution result of the server is received.
2. The Web authentication method based on the blockchain public key digital signature as claimed in claim 1, wherein: in the registration process requiring registration information, the client work comprises the following steps:
s1, self-generating a public key PK and a private key SK pair and storing;
s2, receiving user registration information and generating registration effective load data;
s3, signing the registered payload data based on the private key SK to obtain a registered signature result;
s4, combining the public key PK, the registration payload data and the registration signature result to obtain registration request data, and sending the registration request data to a server;
and S5, receiving registration result information returned by the server.
3. The Web authentication method based on the blockchain public key digital signature as claimed in claim 1, wherein: the method for sending the read request to the server by the client comprises the following steps:
a1, receiving read service request information and generating first request payload data;
a2, signing the first request payload data based on the private key SK to obtain a first request signature result;
a3, combining the public key PK, the first request payload data and the first request signature result to obtain first read request data, and sending the first read request data to a server;
a4, receiving a first reading request result returned by the server;
and A5, receiving a service execution result of the server.
4. The Web authentication method based on the block chain public key digital signature as claimed in claim 1, wherein: the method for sending the read or write request to the server by the client comprises the following steps:
b1, acquiring disposable random number information and second read or write service request information to generate second request payload data;
b2, signing the second request payload data based on the private key SK to obtain a second request signature result;
b3, combining the public key PK, the second request payload data and the second request signature result to obtain second read or write request data, and sending the second read or write request data to the server;
b4, receiving a second reading or writing request result returned by the server;
and B5, receiving a service execution result of the server.
5. The Web authentication method based on the blockchain public key digital signature as claimed in claim 4, wherein: the method for acquiring the disposable random number information comprises the following steps:
p1, generating third request payload data requesting one-time random number;
p2, signing the third request payload data based on the private key SK to obtain a third request signature result;
p3, combining the public key PK, the third request payload data and the third request signature result to obtain third random number request data, and sending the third random number request data to the server;
and P4, receiving a response random number signal sent by the server.
6. A Web authentication method based on block chain public key digital signature is applied to a server and is characterized in that: in the registration process that a user is required to provide registration information, a server receives registration request data sent by a client, the registration request data comprises a public key, registration payload data and a registration signature result, the registration request data is verified, the verification comprises the steps of analyzing the registration request data and verifying whether the registration signature result is correct or not, and the verification result is sent to the client, the registration signature result is obtained by the client generating the registration payload data according to the user registration information and then signing the registration payload data by combining a private key; in the request response process, request data of a client side are received, the request data comprise a public key, request payload data and a request signature result, the request signature result is obtained by generating the request payload data by the client side according to a service request and then signing the request payload data by combining a private key, the service request comprises a service reading request, a service reading or writing request and a random number service request, service request information and a user Identity (ID) are obtained, service logic is executed according to the service request information, and a service execution result is returned to the client side.
7. The Web authentication method based on the blockchain public key digital signature as recited in claim 6, wherein: the method for receiving the registration request data sent by the client in the registration process by the server comprises the following steps:
d1, receiving registration request data sent by a client;
d2, analyzing the registration request data to obtain a public key PK, registration payload data and a registration signature result;
d3, verifying whether the registration signature result is correct or not, if so, entering the next step, and if not, turning to
D8;
D4, decrypting the registered effective load data to obtain user registration information;
d5, calculating a user identity ID according to the public key PK;
d6, associating and storing the user registration information and the user identity ID;
d7, sending registration success information to the client, and turning to D9;
d8, sending verification error information to the client;
d9, finishing the registration.
8. The Web authentication method based on the blockchain public key digital signature as recited in claim 6, wherein: the method for receiving the first read request data sent by the client by the server in the request response process comprises the following steps:
e1, receiving first read request data sent by a client;
e2, analyzing the first read request data to obtain a public key PK, first request payload data and a first request signature result;
e3, verifying whether the first request signature result is correct or not, if so, entering the next step, and if not, turning to E8;
e4, analyzing the first request payload data to obtain first service request information;
e5, calculating the user identity ID according to the public key PK;
e6, executing service logic according to the user identity ID and the first service request information;
e7, sending the service execution result information to the client, and turning to E9;
e8, sending verification error information to the client;
e9, the request is finished.
9. The Web authentication method based on the blockchain public key digital signature as recited in claim 6, wherein: the server receives second read or write request data sent by the client in the request response process, and the method comprises the following steps:
w1, receiving second read or write request data sent by a client;
w2, analyzing the second read or write request data to obtain a public key PK, second request payload data and a second request signature result;
w3, verifying whether the second request signature result is correct, if so, entering the next step, and if not, turning to W10;
w4, analyzing the second request payload data to obtain disposable random number information and second read or write service request information;
w5, calculating a user identity ID according to the public key PK;
w6, comparing the disposable random number information corresponding to the user body ID stored in the server with the disposable random number information obtained by analysis, if the disposable random number information is the same, entering the next step, and if the disposable random number information is different, turning to W11;
w7, setting the disposable random number information corresponding to the user body ID stored in the server to be invalid;
w8, executing service logic according to the user identity ID and the second read or write service request information;
w9, sending service execution result information to the client, and turning to W12;
w10, sending verification error information to the client, and turning to W12;
w11, sending one-time random number verification error information to the client;
w12, the request is finished.
10. The Web authentication method based on the blockchain public key digital signature as recited in claim 6, wherein: the server receives third random number request data sent by the client in the request response process, and the method comprises the following steps:
q1, receiving third random number request data sent by the client;
q2, analyzing the third random number request data to obtain a public key PK, third request payload data and a third request signature result;
q3, verifying whether the third request signature result is correct, if so, entering the next step, and if not, turning to Q8;
q4, analyzing the third request payload data to obtain the acquired one-time random number service request information;
q5, calculating the user identity ID according to the public key PK;
q6, generating a disposable random number, associating with the user identity ID and then storing;
q7, sending the disposable random number to the client, and turning to Q9;
q8, sending verification error information to the client;
q9, the request is finished.
11. A Web authentication system based on block chain public key digital signature is characterized in that: the system comprises an algorithm module, a registration module and a request module, wherein the algorithm module is respectively connected with the registration module and the request module, and is used for serializing user registration information in the registration module and performing registration signature on registration payload data by adopting an asymmetric signature algorithm and a digest algorithm in the registration and request processes; serializing, deserializing a service request in a request module, signing a request payload data, a registration module for performing a method according to any of claims 1-5, a request module for performing a method according to any of claims 6-10.
12. A Web authentication device based on block chain public key digital signature is characterized in that: comprising a memory and a processor, the memory storing a computer program capable of being loaded and executed by the processor of a method according to any one of claims 1-10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010780033.8A CN112039848B (en) | 2020-08-05 | 2020-08-05 | Web authentication method, system and device based on block chain public key digital signature |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010780033.8A CN112039848B (en) | 2020-08-05 | 2020-08-05 | Web authentication method, system and device based on block chain public key digital signature |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112039848A CN112039848A (en) | 2020-12-04 |
| CN112039848B true CN112039848B (en) | 2022-11-04 |
Family
ID=73582405
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010780033.8A Active CN112039848B (en) | 2020-08-05 | 2020-08-05 | Web authentication method, system and device based on block chain public key digital signature |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112039848B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112242905B (en) * | 2020-12-10 | 2021-03-16 | 飞天诚信科技股份有限公司 | Method and system for realizing data communication based on registration interface of browser |
| CN112968971B (en) * | 2021-03-15 | 2023-08-15 | 北京数字认证股份有限公司 | Method, device, electronic equipment and readable storage medium for establishing session connection |
| CN113268722B (en) * | 2021-05-17 | 2022-04-26 | 时昕昱 | Personal digital identity management system and method |
| CN113556321A (en) * | 2021-06-22 | 2021-10-26 | 杭州安恒信息技术股份有限公司 | Password authentication method, system, electronic device and storage medium |
| CN114257419B (en) * | 2021-11-29 | 2023-06-30 | 广东电网有限责任公司 | Device authentication method, device, computer device and storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108768608A (en) * | 2018-05-25 | 2018-11-06 | 电子科技大学 | The secret protection identity identifying method of thin-client is supported at block chain PKI |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105871867B (en) * | 2016-04-27 | 2018-01-16 | 腾讯科技(深圳)有限公司 | Identity identifying method, system and equipment |
| US10313133B2 (en) * | 2017-06-21 | 2019-06-04 | Visa International Service Association | Secure communications providing forward secrecy |
| CN109309565B (en) * | 2017-07-28 | 2021-08-10 | 中国移动通信有限公司研究院 | Security authentication method and device |
| CN110233850B (en) * | 2019-06-20 | 2021-08-31 | 浪潮卓数大数据产业发展有限公司 | Registration method, application server, user side and system based on alliance chain |
| CN110401663B (en) * | 2019-07-30 | 2021-08-31 | 飞天诚信科技股份有限公司 | Method and system for quickly registering authenticator |
-
2020
- 2020-08-05 CN CN202010780033.8A patent/CN112039848B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108768608A (en) * | 2018-05-25 | 2018-11-06 | 电子科技大学 | The secret protection identity identifying method of thin-client is supported at block chain PKI |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112039848A (en) | 2020-12-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112039848B (en) | Web authentication method, system and device based on block chain public key digital signature | |
| WO2021017128A1 (en) | Login token generation method and apparatus, login token verification method and apparatus, and server | |
| CN101114237B (en) | Method and apparatus for converting authentication-tokens to facilitate interactions between applications | |
| US8555069B2 (en) | Fast-reconnection of negotiable authentication network clients | |
| US7770207B2 (en) | System, apparatus, program, and method for authentication | |
| US11017122B2 (en) | Method and server for authenticating and verifying file | |
| EP2442528A1 (en) | Security model for industrial devices | |
| CN101479987A (en) | Biometric credential verification framework | |
| WO2014049749A1 (en) | Biometric reference information registration system, device, and program | |
| US11569991B1 (en) | Biometric authenticated biometric enrollment | |
| JP7309261B2 (en) | Authentication method for biometric payment device, authentication device for biometric payment device, computer device, and computer program | |
| US20200374138A1 (en) | Authentication system and computer readable medium | |
| CN109981680B (en) | Access control implementation method and device, computer equipment and storage medium | |
| US10469264B2 (en) | Method and server for authenticating and verifying file | |
| US11522849B2 (en) | Authentication system and computer readable medium | |
| JP2003044436A (en) | Authentication processing method, information processor, and computer program | |
| US11503012B1 (en) | Client authentication using a client certificate-based identity provider | |
| JP2000059353A (en) | Data storage system, data storage method and its program recording medium | |
| CN117561508A (en) | Cross-session issuance of verifiable credentials | |
| CN108292997B (en) | Authentication control system and method, server device, client device, authentication method, and recording medium | |
| KR20200016506A (en) | Method for Establishing Anonymous Digital Identity | |
| CN116975810A (en) | Identity verification method, device, electronic equipment and computer readable storage medium | |
| CN114257419B (en) | Device authentication method, device, computer device and storage medium | |
| CN115333736A (en) | Data transmission method, equipment and system | |
| CN111489211A (en) | Billing processing method, billing processing device and billing processing medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |