CN112104631B - Identity verification method and device based on block chain network - Google Patents
Identity verification method and device based on block chain network Download PDFInfo
- Publication number
- CN112104631B CN112104631B CN202010928821.7A CN202010928821A CN112104631B CN 112104631 B CN112104631 B CN 112104631B CN 202010928821 A CN202010928821 A CN 202010928821A CN 112104631 B CN112104631 B CN 112104631B
- Authority
- CN
- China
- Prior art keywords
- result information
- monitoring terminal
- wearer
- authentication
- authentication result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Abstract
The invention discloses an identity authentication method and device based on a block chain network. The method comprises the following steps: acquiring first identity verification result information broadcast by a second monitoring terminal in a block chain network, wherein the first identity verification result information is verification result information generated by the second monitoring terminal through identity verification based on wearer information sent by a first monitoring terminal; acquiring second identity authentication result information sent by each third monitoring terminal, wherein the second identity authentication result information is authentication result information generated by the third monitoring terminal based on first identity authentication result information broadcast by the second monitoring terminal in the blockchain network; and generating the wearer identity authentication result information of the first monitoring terminal according to the first identity authentication result information and the plurality of second identity authentication result information. The method can verify the identity of the wearer of the current first monitoring terminal, and improves user experience.
Description
Technical Field
The invention relates to the technical field of communication, in particular to an identity authentication method and device based on a block chain network.
Background
Currently, a monitoring terminal (e.g., an epidemic prevention watch) for epidemic prevention monitoring generally has functions of temperature measurement, trajectory tracking, high-temperature reminding and the like, so that many people record epidemic prevention data (e.g., body temperature monitoring data and position monitoring data) by using the monitoring terminal, so that the people can pass through various areas smoothly based on the recorded epidemic prevention data when going out. However, currently, there is no method for determining whether a monitoring terminal wearer is the monitoring object of the monitoring terminal, so that a user cannot obtain convenience through the monitoring terminal, the user experience is poor, and monitoring management is not facilitated.
Disclosure of Invention
Therefore, the invention provides an identity authentication method and device based on a block chain network, and aims to solve the problem of poor user experience caused by difficulty in authenticating the identity of the current monitoring terminal wearer in the prior art.
In order to achieve the above object, a first aspect of the present invention provides an identity authentication method based on a blockchain network, configured to authenticate an identity of a monitoring terminal wearer, where the blockchain network includes a first monitoring terminal, a second monitoring terminal, and multiple third monitoring terminals, and the first monitoring terminal is a monitoring terminal for the identity of the wearer to be authenticated; the method comprises the following steps:
acquiring first identity verification result information broadcasted by the second monitoring terminal in the block chain network, wherein the first identity verification result information is verification result information generated by the second monitoring terminal through identity verification based on the wearer information sent by the first monitoring terminal;
acquiring second authentication result information sent by each third monitoring terminal, wherein the second authentication result information is authentication result information generated by the third monitoring terminal based on first authentication result information broadcast by the second monitoring terminal in the blockchain network;
and generating the wearer identity authentication result information of the first monitoring terminal according to the first identity authentication result information and the plurality of second identity authentication result information.
Preferably, the step of generating the wearer authentication result information of the first monitoring terminal according to the first authentication result information and the second authentication result information includes:
extracting an authentication result from the first authentication result information and the plurality of second authentication result information; the identity authentication result comprises an authentication success result or an authentication failure result;
if the number of the successful verification results is larger than or equal to a first threshold value, judging that the identity verification of the wearer of the first monitoring terminal is successful, and generating verification success judgment information;
if the number of the verification failure results is larger than a second threshold value, judging that the identity verification of the wearer of the first monitoring terminal fails, and generating verification failure judgment information;
and generating the wearer identity authentication result information based on the judgment authentication success information or the judgment authentication failure information.
Preferably, the first threshold is a product of a sum of the numbers of the second monitoring terminals and the third monitoring terminals in the block chain network and a first preset value; the second threshold is the product of the sum of the numbers of the second monitoring terminals and the third monitoring terminals in the block chain network and a second preset value; the sum of the first preset value and the second preset value is 1; the first threshold is greater than the second threshold.
Preferably, the method further comprises:
receiving third identity verification result information; the third identity verification result information is verification result information which is generated and signed by the monitoring area management terminal based on the wearer information sent by the first monitoring terminal, and the monitoring areas are areas where the first monitoring terminal, the second monitoring terminal and the third monitoring terminal are located;
and after the signature of the third identity verification result information is verified, taking the third identity verification result information as the wearer identity verification result information of the first monitoring terminal.
Preferably, before the generating the authentication result information of the wearer of the first monitoring terminal, the first authentication result information and the plurality of second authentication result information further include:
verifying whether the signature of the first authentication result information and the signature of the second authentication result information are correct or not; and after the signature of the first authentication result information and the signature of the second authentication result information are verified to be correct, executing the step of generating the wearer authentication result of the first monitoring terminal according to the first authentication result information and the plurality of second authentication result information.
Preferably, after generating the wearer authentication result information of the first monitoring terminal according to the first authentication result information and the plurality of second authentication result information, the method further includes:
signing the wearer identity verification result information;
and storing the signed wearer identity verification result information into an account book of the block chain network.
The second aspect of the present invention further provides an identity authentication device based on a blockchain network, which is applied to an identity authentication server, wherein the blockchain network includes a first monitoring terminal, a second monitoring terminal and a plurality of third monitoring terminals, and the first monitoring terminal is a monitoring terminal for the identity of a wearer to be authenticated; the device comprises:
a first obtaining module, configured to obtain first authentication result information that is broadcast by the second monitoring terminal in the blockchain network, where the first authentication result information is authentication result information generated by the second monitoring terminal performing authentication based on the wearer information sent by the first monitoring terminal;
a second obtaining module, configured to obtain second authentication result information sent by each third monitoring terminal, where the second authentication result information is authentication result information generated by the third monitoring terminal based on first authentication result information broadcast by the second monitoring terminal in the blockchain network;
and the first generating module is used for generating the wearer identity authentication result information of the first monitoring terminal according to the first identity authentication result information and the plurality of second identity authentication result information.
Preferably, the above apparatus further comprises:
the extraction module is used for extracting an authentication result from the first authentication result information and the plurality of second authentication result information; the identity authentication result comprises an authentication success result or an authentication failure result;
the first decision module is used for judging that the identity authentication of the wearer of the first monitoring terminal is successful and generating authentication success judging information if the number of the authentication success results is greater than or equal to a first threshold value;
the first decision module is further configured to determine that the authentication of the wearer of the first monitoring terminal fails if the number of the authentication failure results exceeds a second threshold, and generate authentication failure determination information;
the first generating module is configured to generate the wearer identity authentication result information based on the determination authentication success information or the determination authentication failure information.
Preferably, the above apparatus further comprises:
the first receiving module is used for receiving third identity authentication result information; the third authentication result information is authentication result information which is generated and signed by the monitoring area management terminal based on the information of the wearer sent by the first monitoring terminal, and the monitoring areas are areas where the first monitoring terminal, the second monitoring terminal and the third monitoring terminal are located;
and the first execution module is used for taking the third authentication result information as the wearer authentication result information of the first monitoring terminal after the signature of the third authentication result information is verified to pass.
Preferably, the above apparatus further comprises:
the first signature module is used for signing the wearer identity verification result information after the first generation module generates the wearer identity verification result information of the first monitoring terminal according to the first identity verification result information and the plurality of second identity verification result information;
and the second execution module stores the signed wearer identity verification result information into an account book of the block chain network.
The invention has the following advantages:
the invention provides an identity verification method and device based on a block chain network, wherein the block chain network comprises a first monitoring terminal, a second monitoring terminal and a plurality of third monitoring terminals, the first monitoring terminal is a monitoring terminal of the identity of a wearer to be verified, first identity verification result information broadcasted by the second monitoring terminal in the block chain network is obtained, and the first identity verification result information is verification result information generated by the second monitoring terminal based on the wearer information sent by the first monitoring terminal; then, second identity authentication result information sent by each third monitoring terminal is obtained, wherein the second identity authentication result information is authentication result information generated by the third monitoring terminal based on first identity authentication result information broadcast by the second monitoring terminal in the blockchain network; finally, the authentication result information of the wearer of the first monitoring terminal is generated according to the first authentication result information and the plurality of second authentication result information, so that the authentication of the wearer of the current first monitoring terminal is realized, the user experience is improved, and the epidemic prevention monitoring management is facilitated.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention.
Fig. 1 is a flowchart of an identity authentication method based on a blockchain network according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for generating information of a wearer authentication result according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an identity authentication apparatus based on a blockchain network according to an embodiment of the present invention.
In the drawings:
31: the first obtaining module 32: second acquisition module
33: a first generation module
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the preferred embodiment of the invention, are given by way of illustration and explanation only, not limitation.
Currently, a monitoring terminal (e.g., an epidemic prevention watch) used for epidemic prevention monitoring generally has functions of temperature measurement, trajectory tracking, high-temperature reminding and the like, so that many people record epidemic prevention data (e.g., body temperature monitoring data and position monitoring data) by using the monitoring terminal, so that people can smoothly pass through various areas based on the recorded epidemic prevention data when going out. However, currently, there is no method for determining whether a monitoring terminal wearer is the monitoring object of the monitoring terminal, so that a user cannot obtain convenience through the monitoring terminal, the user experience is poor, and monitoring management is not facilitated.
In order to solve the above problem, an embodiment of the present invention provides an identity authentication method based on a blockchain network, which is used for verifying an identity of a monitoring terminal (e.g., an anti-epidemic watch) wearer and is applied to an identity authentication server. The block chain network comprises an identity authentication server, a first monitoring terminal, a second monitoring terminal and a plurality of third monitoring terminals, wherein the first monitoring terminal is a monitoring terminal for the identity of a wearer to be authenticated. As shown in fig. 1, the method comprises the steps of:
step S101, first identity verification result information broadcasted by the second monitoring terminal in the blockchain network is obtained.
The first authentication result information is authentication result information generated by the second monitoring terminal through authentication based on the wearer information sent by the first monitoring terminal. The first authentication result information includes an authentication result, a confirmer information and a wearer information of the first monitoring terminal. The wearer information includes a first terminal identifier of the first monitoring terminal and a first wearer identifier, for example, the first wearer identifier may be a name of a wearer of the first monitoring terminal. The confirmer information comprises a second terminal identification of the second monitoring terminal and a second wearer identification, for example, the second wearer identification may be a second monitoring terminal wearer name.
It should be noted that the monitoring terminal is used for monitoring group health (such as body temperature, etc.), and the people wearing the monitoring terminal are people who need to perform health monitoring, for example: students, community residents, unit employees, and other people living or moving in groups. In order to facilitate monitoring management, a wearer of the monitoring terminal needs to perform identity verification at regular time (for example, every day), if the wearer of the monitoring terminal does not perform identity verification after 24 days, a background reports an exception, and reminds the wearer of the monitoring terminal to perform identity verification, meanwhile reminds managers in monitoring areas such as schools, communities, units and the like to pay attention to the wearer of the monitoring terminal, and considers that health and epidemic prevention data collected by the monitoring terminal on the current day are invalid and unreliable, and the health days of the wearer of the monitoring terminal start to be counted from the day when the health data collected after the next identity verification is normal. If the wearer does not actively carry out identity verification, the health data of the wearer is cleared, and the wearer is influenced to smoothly enter and exit monitoring areas such as regions, communities, schools or units. Epidemic prevention and health data monitored by the monitoring terminal can be networked nationwide, can be traced and inquired, and can be used as epidemic prevention and health evidence and basis for areas, communities, schools, units and the like where the wearer goes in and out.
Therefore, in the embodiment of the present invention, when the wearer of the first monitoring terminal needs to perform authentication, the wearer of the first monitoring terminal may first perform authentication through the wearer of the second monitoring terminal, and the second monitoring terminal may be a monitoring terminal closest to the first monitoring terminal or a designated monitoring terminal. Specifically, the first monitoring terminal and the second monitoring terminal firstly start Bluetooth and carry out Bluetooth pairing; after the first monitoring terminal and the second monitoring terminal establish Bluetooth signal connection, the first monitoring terminal sends the information of a wearer (such as a facial image of the wearer, the name of the wearer, a terminal identification and the like) of the first monitoring terminal to the second monitoring terminal, and the second monitoring terminal receives the information of the wearer of the first monitoring terminal.
In order to save network resources, when the second monitoring terminal confirms that the wearer of the first monitoring terminal is not the first monitoring terminal monitoring object based on the wearer information of the first monitoring terminal, for example, when the wearer of the second monitoring terminal confirms that the wearer information of the first monitoring terminal is not matched with the wearer of the first monitoring terminal or the wearer of the second monitoring terminal confirms that the wearer of the first monitoring terminal is not the first monitoring terminal monitoring object, the second monitoring terminal may not broadcast the first authentication information for the wearer of the first monitoring terminal to the blockchain network, and the authentication server fails to acquire the first authentication information for the wearer of the first monitoring terminal sent by the second monitoring terminal, and considers that the authentication of the wearer of the first monitoring terminal is not passed or not performed, or the second monitoring terminal may broadcast information for the authentication of the wearer of the first monitoring terminal to the blockchain network. After the second monitoring terminal confirms that the wearer of the first monitoring terminal is the monitored object of the first monitoring terminal based on the wearer information, first identity verification result information is generated and broadcasted to the blockchain network, and the identity verification result contained in the first identity verification result information is a verification success result.
And step S102, second identity authentication result information of each third monitoring terminal is obtained.
The second authentication result information is generated by the third monitoring terminal based on the first authentication result information broadcast by the second monitoring terminal in the blockchain network. Specifically, the third monitoring terminal acquires first authentication result information broadcast by the second monitoring terminal in the blockchain network from the blockchain network, verifies the signature of the first authentication result information, and generates an authentication result based on the information of a confirmer or a wearer contained in the first authentication result information; the identity authentication result is an authentication success result or an authentication failure result. For example, the third monitoring terminal determines, based on the information of the confirmer, that the second monitoring terminal is a trusted monitoring terminal preset by the terminal, or the third monitoring terminal determines, based on the information of the wearer, that the first monitoring terminal is a trusted monitoring terminal preset by the terminal, or the third monitoring terminal determines, based on the information of the wearer, that the wearer of the first monitoring terminal is the wearer of the first monitoring terminal, or the third monitoring terminal determines, based on the information of the wearer, that the information of the wearer of the first monitoring terminal is the same as the information of the wearer, that the authentication result generated by the third monitoring terminal is a verification passing result, or else, that the authentication failing result is a verification result. And the third monitoring terminal generates second identity verification result information based on the identity verification result.
In one embodiment, in order to avoid the illegal monitoring terminal node from falsifying as a legal second monitoring terminal and a legal third monitoring terminal, the authentication server verifies whether the signature of the first authentication result information and the signature of the second authentication result information are correct after acquiring the first authentication result information and the second authentication result information. For example, the identity verification server verifies whether the signature of the first identity verification result information is the private key signature of the second monitoring terminal based on a pre-stored public key of the second monitoring terminal or a public key of the second monitoring terminal obtained based on the inquiry block chain network book, and if the signature of the first identity verification result information is verified to be the private key signature of the second monitoring terminal, the signature of the first identity verification result information is verified to be correct; similarly, the identity verification server verifies whether the signature of the second identity verification result information is the private key signature of the third monitoring terminal based on a pre-stored public key of the third monitoring terminal or a public key of the third monitoring terminal obtained by inquiring the block chain network account book, and if the signature of the second identity verification result information is verified to be the private key signature of the third monitoring terminal, the signature of the second identity verification result information is verified to be correct. The authentication server performs step S103 after verifying that the signature of the first authentication result information and the signature of the second authentication result information are correct.
And step S103, generating the wearer identity authentication result information of the first monitoring terminal according to the first identity authentication result information and the plurality of second identity authentication result information.
An embodiment of the present invention provides a method for generating wearer authentication result information, and as shown in fig. 2, a method for generating wearer authentication result information of a first monitoring terminal by an authentication server according to first authentication result information and second authentication result information includes the following steps:
in step S201, the authentication server extracts an authentication result from the first authentication result information and the plurality of second authentication result information.
Wherein, the identity authentication result comprises an authentication success result or an authentication failure result.
After the identity authentication server extracts the identity authentication results from the first identity authentication result information and the second identity authentication result information, counting the number of the authentication success results and the authentication failure results in the identity authentication results, and judging whether the number of the authentication success results is greater than or equal to a first threshold value or whether the number of the authentication failure results is greater than a second threshold value. The first threshold value is the product of the sum of the number of the second monitoring terminals and the number of the third monitoring terminals in the block chain network and a first preset value; the second threshold is the product of the sum of the number of the second monitoring terminals and the third monitoring terminals in the block chain network and a second preset value. The first preset value and the second preset value are preset percentages of the authentication server. The sum of the first preset value and the second preset value is 1, and the first threshold value is larger than the second threshold value. For example, the first preset value may be 60% and the second preset value may be 40%.
Step S202, if the number of the successful verification results is larger than or equal to the first threshold, the authentication server judges that the authentication of the wearer of the first monitoring terminal is successful, and generates information for judging that the authentication is successful.
Step S203, if the number of the verification failure results is greater than the second threshold, the authentication server determines that the authentication of the wearer of the first monitoring terminal fails, and generates authentication failure determination information.
And step S204, the authentication server generates the wearer authentication result information of the first monitoring terminal based on the authentication success judging information or the authentication failure judging information.
The wearer identity authentication result information comprises information for judging successful authentication or information for judging failed authentication; the wearer authentication result information further includes wearer information.
In one embodiment, in order to prevent an illegal node from falsifying as an authentication server and causing the benefit of other nodes in a blockchain to be damaged, the authentication server signs the wearer authentication result information after generating the wearer authentication result information, for example, signs the wearer authentication result information by using a private key of the authentication server, and stores the signed wearer authentication result information into an account book of the blockchain network, so that all nodes in the blockchain network can query the wearer authentication result information.
It should be noted that, if the second monitoring terminal cannot help the first monitoring terminal to perform the authentication, or the wearer authentication result information generated by the authentication server includes the authentication failure determination information, the first monitoring terminal may continue to repeat the above steps through other monitoring terminals until the authentication passes. When the number of times that the first monitoring terminal wearer does not pass the continuous authentication reaches the number threshold, the authentication server may determine that the first monitoring terminal wearer is indeed not the monitored object, and determine that the first monitoring terminal wearer fails in authentication.
In some embodiments, the first monitoring terminal may further establish a signal connection, for example, a bluetooth signal connection, with the monitoring area management terminal, and after establishing the signal connection, send the wearer identity information to the monitoring area management terminal, so that the monitoring area management terminal performs identity verification on the wearer of the first monitoring terminal based on the wearer identity information. The monitoring area is an area where the first monitoring terminal, the second monitoring terminal and the third monitoring terminal are located, and the monitoring area management terminal is a management terminal of the area, such as a community management terminal, an enterprise management terminal or a school management terminal.
In some implementation scenarios, the existence of the monitoring area management terminal may prevent the first monitoring terminal from being unable to perform authentication through the second monitoring terminal in the case of campus cold violence or cold violence in a workplace.
In one embodiment, the authentication server receives the third authentication result information. And the third authentication result information is authentication result information which is generated and signed by the monitoring area management terminal based on the wearer information sent by the first monitoring terminal. It should be noted that, since the monitoring area management terminal may be regarded as an authoritative terminal of the monitoring area, after the authentication server verifies that the signature of the third authentication result information passes, the third authentication result information may be directly used as the wearer authentication result information of the first monitoring terminal. And the authentication server signs the wearer authentication result information after taking the third authentication result information as the wearer authentication result information of the first monitoring terminal, for example, signs the wearer authentication result information by using a private key of the authentication server, and stores the signed wearer authentication result information into an account book of the blockchain network, so that all nodes in the blockchain network can query the wearer authentication result information.
In some application scenarios, when a monitor needs to know the body temperature state of a monitoring terminal wearer or the monitoring terminal high-temperature alarm phenomenon exists, the monitor can inquire a block chain account book to confirm the authenticity of the wearer identity, so that the authenticity of monitoring data is determined, and the phenomenon that the monitoring data is unreliable due to the fact that the wearer is not the monitoring object himself and the monitoring data is forged is effectively prevented.
The embodiment of the invention provides an identity verification method based on a block chain network, wherein the block chain network comprises a first monitoring terminal, a second monitoring terminal and a plurality of third monitoring terminals, the first monitoring terminal is a monitoring terminal of the identity of a wearer to be verified, first identity verification result information broadcasted by the second monitoring terminal in the block chain network is obtained, and the first identity verification result information is verification result information generated by the second monitoring terminal based on the wearer information sent by the first monitoring terminal; then, second authentication result information sent by each third monitoring terminal is obtained, wherein the second authentication result information is authentication result information generated by the third monitoring terminals based on the first authentication result information broadcast by the second monitoring terminals in the blockchain network; and finally, generating the wearer identity authentication result information of the first monitoring terminal according to the first identity authentication result information and the plurality of second identity authentication result information. Therefore, the identity verification of the current wearer of the first monitoring terminal is realized, the user experience is improved, and the epidemic prevention monitoring management is facilitated.
The embodiment also provides an identity authentication device based on the blockchain network, which is applied to an identity authentication server. The block chain network comprises a first monitoring terminal, a second monitoring terminal and a plurality of third monitoring terminals, wherein the first monitoring terminal is a monitoring terminal for the identity of a wearer to be verified. As shown in fig. 3, the apparatus includes: a first obtaining module 31, a second obtaining module 32 and a first generating module 33.
The first obtaining module 31 is configured to obtain first identity verification result information broadcast by the second monitoring terminal in the blockchain network. The first authentication result information is authentication result information generated by the second monitoring terminal performing authentication based on the wearer information sent by the first monitoring terminal. The first authentication result information includes an authentication result, a confirmer information, and the wearer information of the first monitoring terminal. The wearer information includes a first terminal identifier of the first monitoring terminal and a first wearer identifier, for example, the first wearer identifier may be a name of a wearer of the first monitoring terminal. The confirmer information comprises a second terminal identification of the second monitoring terminal and a second wearer identification, for example, the second wearer identification may be a second monitoring terminal wearer name.
The second obtaining module 32 is configured to obtain second authentication result information sent by each third monitoring terminal. The second authentication result information is generated by the third monitoring terminal based on the first authentication result information broadcast by the second monitoring terminal in the blockchain network.
In one embodiment, the identity authentication apparatus based on a blockchain network further includes: and a signature verification module. In order to avoid the illegal monitoring terminal node from masquerading as a legal second monitoring terminal and a legal third monitoring terminal, the signature verification module verifies whether the signature of the first authentication result information and the signature of the second authentication result information are correct after the first obtaining module 31 obtains the first authentication result information and the second obtaining module 32 obtains the second authentication result information. For example, the signature verification module verifies whether the signature of the first identity verification result information is the private key signature of the second monitoring terminal based on a pre-stored public key of the second monitoring terminal or a public key of the second monitoring terminal obtained based on the query blockchain network book, and if the signature of the first identity verification result information is verified to be the private key signature of the second monitoring terminal, the signature verification module verifies that the signature of the first identity verification result information is correct; similarly, the signature verification module verifies whether the signature of the second authentication result information is the private key signature of the third monitoring terminal based on a pre-stored public key of the third monitoring terminal or a public key of the third monitoring terminal obtained by querying the blockchain network book, and if the signature verification module verifies that the signature of the second authentication result information is the private key signature of the third monitoring terminal, the signature verification module verifies that the signature of the second authentication result information is correct.
The first generating module 33 is configured to generate the authentication result information of the wearer of the first monitoring terminal according to the first authentication result information and the plurality of pieces of second authentication result information.
In one embodiment, the identity authentication apparatus based on a blockchain network further includes: the device comprises an extraction module, a statistic module, a judgment module and a first decision module. The extraction module is used for extracting an identity authentication result from the first identity authentication result information and the plurality of second identity authentication result information, wherein the identity authentication result comprises a successful authentication result or a failed authentication result. The statistical module counts the number of successful verification results and failed verification results in the identity verification results, and the judging module judges whether the number of successful verification results is greater than or equal to a first threshold or whether the number of failed verification results is greater than a second threshold. The judging module judges that the number of the successful verification results is greater than or equal to a first threshold value, the first decision module judges that the identity verification of the wearer of the first monitoring terminal is successful, and verification success judging information is generated; and if the judging module judges that the number of the verification failure results exceeds the second threshold value, the first decision module judges that the identity verification of the wearer of the first monitoring terminal fails and generates verification failure judging information. The first generation module 33 generates wearer authentication result information based on the determination authentication success information or the determination authentication failure information.
In one embodiment, the apparatus further comprises: a first signature module and a second execution module. In order to prevent the illegal node from impersonating the authentication server to cause the damage of benefits of other nodes in the block chain, the first signature module signs the wearer authentication result information after the first generation module 33 generates the wearer authentication result information of the first monitoring terminal according to the first authentication result information and the plurality of second authentication result information, and then the second execution module stores the signed wearer authentication result information into the account book of the block chain network.
It should be noted that, if the second monitoring terminal cannot help the first monitoring terminal to perform the authentication, or the wearer authentication result information generated by the authentication server includes the authentication failure determination information, the first monitoring terminal may continue to repeat the above steps through other monitoring terminals until the authentication passes. When the number of times that the first monitoring terminal wearer does not pass the continuous authentication reaches the number threshold, the authentication server may determine that the first monitoring terminal wearer is indeed not the monitored object, and determine that the first monitoring terminal wearer fails in authentication.
In some embodiments, the first monitoring terminal may further establish a signal connection, for example, a bluetooth signal connection, with the monitoring area management terminal, and after the signal connection is established, send the wearer identity information to the monitoring area management terminal, so that the monitoring area management terminal performs identity verification on the wearer of the first monitoring terminal based on the wearer identity information. The monitoring area is an area where the first monitoring terminal, the second monitoring terminal and the third monitoring terminal are located, and the monitoring area management terminal is a management terminal of the area, such as a community management terminal, an enterprise management terminal or a school management terminal.
In one embodiment, the identity authentication apparatus based on a blockchain network further includes: the device comprises a first receiving module and a first executing module. The first receiving module is used for receiving third identity authentication result information. The third authentication result information is authentication result information generated and signed by the monitoring area management terminal performing authentication based on the wearer information sent by the first monitoring terminal. And the signature verification module verifies whether the signature of the third identity verification result information passes. The first execution module is used for taking the third identity verification result information as the wearer identity verification result information of the first monitoring terminal after the signature verification module verifies that the signature of the third identity verification result information passes. The first signing module signs the wearer identity verification result information after the first execution module takes the third identity verification result information as the wearer identity verification result information of the first monitoring terminal, and then the second execution module stores the signed wearer identity verification result information into an account book of the block chain network.
The working modes of each module in the identity authentication device based on the blockchain network applied to the identity authentication server correspond to each step in the identity authentication method based on the blockchain network applied to the identity authentication server, and therefore, for the detailed working modes of each module in the identity authentication device based on the blockchain network applied to the identity authentication server, reference can be made to the identity authentication method based on the blockchain network applied to the identity authentication server provided by this embodiment.
The identity verification method based on the block chain network provided by the embodiment of the invention comprises the steps that the block chain network comprises a first monitoring terminal, a second monitoring terminal and a plurality of third monitoring terminals, wherein the first monitoring terminal is a monitoring terminal of the identity of a wearer to be verified, a first acquisition module acquires first identity verification result information broadcasted by the second monitoring terminal in the block chain network, and the first identity verification result information is verification result information generated by the second monitoring terminal through identity verification based on the wearer information sent by the first monitoring terminal; the second obtaining module obtains second authentication result information sent by each third monitoring terminal, wherein the second authentication result information is authentication result information generated by the third monitoring terminals based on first authentication result information broadcast by the second monitoring terminals in the block chain network; the first generating module generates the wearer identity verification result information of the first monitoring terminal according to the first identity verification result information and the plurality of second identity verification result information, verifies the identity of the wearer of the current first monitoring terminal, and improves user experience.
It will be understood that the above embodiments are merely exemplary embodiments taken to illustrate the principles of the present invention, which is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and substance of the invention, and these modifications and improvements are also considered to be within the scope of the invention.
Claims (10)
1. An identity authentication method based on a block chain network is used for authenticating the identity of a monitoring terminal wearer and is characterized in that the block chain network comprises a first monitoring terminal, a second monitoring terminal and a plurality of third monitoring terminals, wherein the first monitoring terminal is a monitoring terminal of the identity of the wearer to be authenticated; the method comprises the following steps:
acquiring first identity verification result information broadcasted by the second monitoring terminal in the block chain network, wherein the first identity verification result information is verification result information generated by the second monitoring terminal through identity verification based on the wearer information sent by the first monitoring terminal; the first identity verification result information comprises affirmator information and wearer information of the first monitoring terminal; the wearer information comprises a first terminal identification and a first wearer identification of the first monitoring terminal; the confirmer information comprises a second terminal identification and a second wearer identification of the second monitoring terminal;
acquiring second authentication result information sent by each third monitoring terminal, wherein the second authentication result information is authentication result information generated by the third monitoring terminal based on the information of a confirmer or a wearer contained in the first authentication result information broadcast by the second monitoring terminal in the blockchain network;
and generating the wearer identity authentication result information of the first monitoring terminal according to the first identity authentication result information and the plurality of second identity authentication result information.
2. The method according to claim 1, wherein the step of generating the wearer authentication result information of the first monitoring terminal according to the first authentication result information and the second authentication result information comprises:
extracting an authentication result from the first authentication result information and the plurality of second authentication result information; the identity authentication result comprises an authentication success result or an authentication failure result;
if the number of the successful verification results is larger than or equal to a first threshold value, judging that the identity verification of the wearer of the first monitoring terminal is successful, and generating verification success judgment information;
if the number of the verification failure results is larger than a second threshold value, judging that the identity verification of the wearer of the first monitoring terminal fails, and generating verification failure judgment information;
and generating the wearer identity authentication result information based on the judgment authentication success information or the judgment authentication failure information.
3. The method according to claim 2, wherein the first threshold is a product of a sum of the numbers of the second monitor terminals and the third monitor terminals in the blockchain network and a first preset value; the second threshold is the product of the sum of the number of the second monitoring terminals and the third monitoring terminals in the block chain network and a second preset value; the sum of the first preset value and the second preset value is 1; the first threshold is greater than the second threshold.
4. The method of claim 1, further comprising:
receiving third identity verification result information; the third identity verification result information is verification result information which is generated and signed by the monitoring area management terminal based on the wearer information sent by the first monitoring terminal, and the monitoring areas are areas where the first monitoring terminal, the second monitoring terminal and the third monitoring terminal are located;
and after the signature of the third identity verification result information is verified, taking the third identity verification result information as the wearer identity verification result information of the first monitoring terminal.
5. The method according to claim 1, before generating the wearer authentication result information of the first monitoring terminal according to the first authentication result information and the plurality of second authentication result information, further comprising:
verifying whether the signature of the first authentication result information and the signature of the second authentication result information are correct or not; and after the signature of the first authentication result information and the signature of the second authentication result information are verified to be correct, executing the step of generating the wearer authentication result of the first monitoring terminal according to the first authentication result information and the plurality of second authentication result information.
6. The method according to claim 1, wherein after generating the wearer authentication result information of the first monitoring terminal according to the first authentication result information and the plurality of second authentication result information, the method further comprises:
signing the wearer identity verification result information;
and storing the signed wearer identity verification result information into an account book of the block chain network.
7. An identity authentication device based on a block chain network is applied to an identity authentication server and is characterized in that the block chain network comprises a first monitoring terminal, a second monitoring terminal and a plurality of third monitoring terminals, wherein the first monitoring terminal is a monitoring terminal for the identity of a wearer to be authenticated; the device comprises:
a first obtaining module, configured to obtain first authentication result information that is broadcast by the second monitoring terminal in the blockchain network, where the first authentication result information is authentication result information generated by the second monitoring terminal performing authentication based on the wearer information sent by the first monitoring terminal; the first identity verification result information comprises affirmator information and wearer information of the first monitoring terminal; the wearer information comprises a first terminal identification and a first wearer identification of the first monitoring terminal; the confirmer information comprises a second terminal identification and a second wearer identification of the second monitoring terminal;
a second obtaining module, configured to obtain second authentication result information sent by each third monitoring terminal, where the second authentication result information is authentication result information generated by the third monitoring terminal based on the information of a confirmer or a wearer included in the first authentication result information broadcast by the second monitoring terminal in the blockchain network;
and the first generating module is used for generating the wearer identity authentication result information of the first monitoring terminal according to the first identity authentication result information and the plurality of second identity authentication result information.
8. The apparatus of claim 7, further comprising:
the extraction module is used for extracting an authentication result from the first authentication result information and the plurality of second authentication result information; the identity authentication result comprises an authentication success result or an authentication failure result;
the first decision module is used for judging that the identity authentication of the wearer of the first monitoring terminal is successful and generating authentication success judging information if the number of the authentication success results is greater than or equal to a first threshold value;
the first decision module is further configured to determine that the authentication of the wearer of the first monitoring terminal fails if the number of the authentication failure results exceeds a second threshold, and generate authentication failure determination information;
the first generating module is configured to generate the wearer identity authentication result information based on the determination authentication success information or the determination authentication failure information.
9. The apparatus of claim 7, further comprising:
the first receiving module is used for receiving third identity authentication result information; the third identity verification result information is verification result information which is generated and signed by the monitoring area management terminal based on the wearer information sent by the first monitoring terminal, and the monitoring areas are areas where the first monitoring terminal, the second monitoring terminal and the third monitoring terminal are located;
and the first execution module is used for taking the third authentication result information as the wearer authentication result information of the first monitoring terminal after the signature of the third authentication result information is verified to pass.
10. The apparatus of claim 7, further comprising:
the first signature module is used for signing the wearer identity verification result information after the first generation module generates the wearer identity verification result information of the first monitoring terminal according to the first identity verification result information and the plurality of second identity verification result information;
and the second execution module stores the signed wearer identity verification result information into an account book of the block chain network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010928821.7A CN112104631B (en) | 2020-09-07 | 2020-09-07 | Identity verification method and device based on block chain network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010928821.7A CN112104631B (en) | 2020-09-07 | 2020-09-07 | Identity verification method and device based on block chain network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112104631A CN112104631A (en) | 2020-12-18 |
| CN112104631B true CN112104631B (en) | 2023-01-31 |
Family
ID=73758523
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010928821.7A Active CN112104631B (en) | 2020-09-07 | 2020-09-07 | Identity verification method and device based on block chain network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112104631B (en) |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10135835B1 (en) * | 2018-03-19 | 2018-11-20 | Cyberark Software Ltd. | Passwordless and decentralized identity verification |
| CN108876374B (en) * | 2018-06-29 | 2020-10-16 | 全链通有限公司 | Block chain network identity document authentication method and system |
| CN109359691B (en) * | 2018-10-24 | 2020-11-06 | 全链通有限公司 | Identity verification method and system based on block chain |
| CN111460335A (en) * | 2020-02-28 | 2020-07-28 | 山东爱城市网信息技术有限公司 | Epidemic situation prevention and control information management method, device and medium based on block chain |
| CN111626731A (en) * | 2020-04-10 | 2020-09-04 | 南京优物链科技有限公司 | Contract signing identity authentication and signature system based on block chain technology |
| KR102139645B1 (en) * | 2020-04-13 | 2020-07-30 | 주식회사 한국정보보호경영연구소 | System for Certificating identity based on Blockchain and Driving method thereof |
-
2020
- 2020-09-07 CN CN202010928821.7A patent/CN112104631B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN112104631A (en) | 2020-12-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108737418B (en) | Identity authentication method and system based on block chain | |
| US8670562B2 (en) | Generation and use of a biometric key | |
| RU2458481C2 (en) | Method and system for trusted third party-based two-way object identification | |
| CN111949953B (en) | Identity authentication method, system and device based on block chain and computer equipment | |
| CN109088865B (en) | User identity authentication method and device, readable storage medium and computer equipment | |
| CN108809953B (en) | Anonymous identity authentication method and device based on block chain | |
| RU2445741C1 (en) | Method and system for two-way authentication of subjects | |
| JP5468137B2 (en) | Entity two-way authentication method introducing online third party device | |
| US20100318614A1 (en) | Displaying User Profile and Reputation with a Communication Message | |
| CN110602455B (en) | Video storage system, video processing method, device, equipment and storage medium | |
| WO2001054346A1 (en) | Method for issuing an electronic identity | |
| CN109243045A (en) | A kind of voting method, device, computer equipment and computer readable storage medium | |
| CN103929482B (en) | A kind of method and apparatus for being securely accessed by monitoring frontend | |
| CN105164689A (en) | User authentication | |
| CN112000744A (en) | Signature method and related equipment | |
| CN112738121B (en) | Password security situation awareness method, device, equipment and readable storage medium | |
| CN112118239A (en) | Block chain consensus method and device, electronic equipment and storage medium | |
| CN114444134A (en) | Data use authorization method, system and device | |
| CN113342892A (en) | Cloud security data processing method based on block chain node cluster and block chain system | |
| CN112104631B (en) | Identity verification method and device based on block chain network | |
| CN111698204A (en) | Bidirectional identity authentication method and device | |
| CN112465516B (en) | Block chain network-based device management method, related device and storage medium | |
| CN112036884B (en) | Signature method and related equipment | |
| CN108763965A (en) | Method, apparatus, equipment and the medium that electronic contract data are saved from damage | |
| CN114157492A (en) | CAN bus intrusion detection method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |