CN112565294B - Identity authentication method based on block chain electronic signature - Google Patents

Identity authentication method based on block chain electronic signature Download PDF

Info

Publication number
CN112565294B
CN112565294B CN202011544469.3A CN202011544469A CN112565294B CN 112565294 B CN112565294 B CN 112565294B CN 202011544469 A CN202011544469 A CN 202011544469A CN 112565294 B CN112565294 B CN 112565294B
Authority
CN
China
Prior art keywords
user
trusted
sid
certificate
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011544469.3A
Other languages
Chinese (zh)
Other versions
CN112565294A (en
Inventor
李程
金宏洲
程亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Tiangu Information Technology Co ltd
Original Assignee
Hangzhou Tiangu Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Tiangu Information Technology Co ltd filed Critical Hangzhou Tiangu Information Technology Co ltd
Priority to CN202011544469.3A priority Critical patent/CN112565294B/en
Publication of CN112565294A publication Critical patent/CN112565294A/en
Application granted granted Critical
Publication of CN112565294B publication Critical patent/CN112565294B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention provides an identity authentication method based on a block chain electronic signature, which relates to a user APP, a trusted authentication mechanism and a SID account management system, wherein the APP is used for information filling of a user, key storage of the user and identity authentication of the user; the trusted certification authority is used for authenticating the identity of the user and sending the signed trusted declaration of the user to the block chain; the SID account management system is used for keeping all SID accounts. The method realizes the safety of the identity system, achieves the privacy protection of identity authentication, has the convenience of identity authentication, can separate authentication data and privacy data, minimizes the data principle, and meets the requirement of compliance.

Description

Identity authentication method based on block chain electronic signature
Technical Field
The invention relates to an identity authentication method, in particular to an identity authentication method based on block chain electronic signature.
Background
Currently, the most mainstream of the conventional authentication system is based on PKI (public key infrastructure). PKI is a set of infrastructures consisting of hardware, software, participants, management policies and procedures aimed at creating, managing, distributing, using, storing and revoking digital certificates. The basic system of PKI includes a certificate signing Authority (CA), a certificate Registration Authority (RA), and a public database for storing certificates. The signing and use of certificates, etc. comprise the following sections.
Certificate registration:
the user establishes a connection with a PKI security server and generates a public key and a private key of the user. The user sends own identity information and public key to the RA through the security server, and requests the RA to register the digital certificate.
Signing the certificate:
and in the process of issuing the certificate, after RA reviews, the information of the certificate which is applied for registration by the user is sent to CA, and after CA verifies the information, the public key forms a digital certificate, and the digital signature of CA is added to complete issuing.
Storing certificates:
after the application of the digital certificate is successful, the RA obtains the certificate and forwards the certificate to the user, and stores the certificate and the user information in a certificate database. The reason for the need to store the certificate is that the user may not necessarily be on-line or at any time answering when the user identity needs to be verified. Having a standard database of PKI, users that need digital certificates can query this database.
Certificate revocation and renewal:
when a user applies for canceling a digital certificate, a private key corresponding to the public key is used for digitally signing a message with a fixed format and transmitting the message to RA, when the RA verifies that the signature is legal, the certificate is deleted from the database, and simultaneously, cancelled certificate information is added in a certificate cancellation list (CRL). When a user needs to update the own certificate, a new public key is selected, the new public key is signed by using a private key corresponding to the original public key, signature information is transmitted to a Certificate Authority (CA), and the CA signs a new digital certificate after verifying that the signature is valid. And the user transmits the new digital certificate and a certificate updating request signed by the original private key to the RA, and after verifying the validity of the signature and the new certificate, the RA deletes the original certificate from the database, adds the new certificate and adds the information of the revoked certificate in a certificate revocation list.
Acquiring a certificate:
when other users need the digital certificate of a certain user, a consultation request is made to the RA, and the RA transmits the digital certificate to the consultant. Sometimes, the consultant only wants to check whether the digital certificate is still valid, and the RA only needs to transmit the valid information, and does not need to transmit the whole certificate data on the internet.
And (3) verification of the certificate:
when the certificate is obtained, the digital certificate can be decrypted by the public key of the CA. However, since there are many CAs, the verifier and certificate holder do not necessarily have the same CA. The multiple CAs usually communicate through a tree-like CA structure from top to bottom, with the top being the root CA, through which the lower branch CAs are verified one by one and the required digital certificates are obtained.
It follows that the user has very poor control over the data. On one hand, the digital certificates are required to be controlled by a centralized CA mechanism; on the other hand, security of the certificate presents great challenges, such as storage of the certificate, transmission of the certificate, use of the certificate, and the like.
As shown in fig. 1, when using PKI to verify identity, the system includes a PKI authentication server, an application client, and a PKI authentication server client component, where the PKI authentication server can verify a private key of a user and a digital certificate of a database, the PKI authentication server client component can read public key information of the user, and the PKI authentication server client component is in contact with the PKI authentication server through the application client and the application server.
When a user places a key carrier of the user at a client component of a PKI authentication server, (1) an application client initiates a login request to the application server; (2) The application server carries out a random number request to a PKI authentication server; (3) The PKI authentication server returns a random number to the application server; (4) The application server stores the random number and sends the random number to the application client; (5) The PKI authentication server client component signs the random number and login information, wherein the login information comprises a public key of a user; (6) The application client sends the signature information to an application server; (7) The application server sends the previously stored random number and the signature information to a PKI authentication server; (8) The PKI authentication server returns an authentication result and basic certificate information; (9) The application server returns the signature result, so that the application client knows whether the user passes the verification.
On the basis of the verification of the PKI, the eID of the Ministry of public Security is taken as an example, the eID is based on a domestic autonomous cryptographic technology, an intelligent security chip is taken as a carrier, a mode of opening in the air or facing a counter for examination is adopted, and according to the verification result of legal identity documents, a network electronic identity mark of a citizen is signed and issued by a citizen network identity recognition system, so that a natural person main body can be recognized on line on the premise of not revealing identity information, the eID can also be used for off-line identity certification, and in the issuing and service flow, the eID is served by storing original data by a universal user, an application scene, a multi-registration issuing mechanism, a centralized issuing center and an internal network and combining real-name identity authentication service, signature authentication service, anonymous identity authentication service, network identity information protection service and the like.
Electronic signatures are mostly authenticated by using a PKI (public key infrastructure) set, but the central identity authentication systems are easily influenced by external factors, so that the usability of the whole system is seriously influenced, and even the whole system is paralyzed, so that the usability of the identity system is greatly reduced by several factors:
1) Privacy protection
The identity data of the identity owner is stored and utilized by other parties, so that the identity privacy of the user is influenced, and the security is not strong;
2) The centralized platform is likely to be overwhelmed
When different devices frequently transmit information, the data brought by the transmitted information is massive, and the system is probably overwhelmed, but the problem can be alleviated to a certain extent along with the release of 5G or even faster traffic platforms.
3) Single point of failure
The centralized identity management platform is like a series circuit, and once a single-point fault occurs, the operation of the whole system is seriously hindered.
Disclosure of Invention
The invention provides an identity authentication method based on a block chain electronic signature, which is used for solving the safety problem of an electronic contract identity system, the robustness problem of the electronic contract identity system and the privacy protection problem of the electronic contract identity system, and adopts the following technical scheme:
an identity authentication method based on block chain electronic signature relates to a user APP, a trusted certification authority and a SID account management system, wherein the APP is used for information filling of a user, key storage of the user and identity verification of the user; the trusted certification authority is used for identity certification of the user and sending the signed trusted declaration of the user to the block chain; the SID account management system is used for keeping all SID accounts;
comprises the following steps:
s100: user registration and authentication: a user registers on an APP, obtains an SID account from an SID account management system, performs identity authentication on a trusted authentication authority, and stores a key obtained after authentication;
s200: and (3) authenticating the information of the user electronic identity card: the trusted certification authority sends a digital certificate to the user, signs the trusted declaration of the user by using a public key of the digital certificate, and sends the formed declaration evidence to the block chain;
s300: user identity authentication: the certificate verifier acquires the declaration evidence of the user from the blockchain, and the user sends the credible declaration of the user to the certificate verifier for verification.
Further, in step S100, the user registration and authentication specifically includes the following steps:
s1: a user installs an APP on a personal mobile terminal;
s2: after entering an APP interface, a user fills in personal basic information, and applies for an account number from a SID account number management system, wherein the SID account number management system distributes the SID account number to provide for the user;
s3: the user carries out identity authentication through a trusted authentication mechanism;
the basic information comprises the identity card number and the name of the user, the identity authentication can be realized by adopting a traditional authentication mode, such as face recognition or on-site confirmation, the authentication party is a credible authentication mechanism, the authentication is carried out according to the basic information of the user and the identity of the user, and the identity authentication of the user is successful after the authentication;
s4: the trusted certification authority sends the key of the user to the APP, and the APP stores the user key.
Further, in step S200, the authentication of the electronic identification card information of the user includes the following steps:
s5: filling related information on an APP by a user, wherein the basic information and the related information are collectively called a statement;
s6: the user signs by using the private key of the user and signs the filled statement;
s7: the user sends the signed content and the user public key to a trusted certification authority together, and submits a digital certificate application to the trusted certification authority;
s8: the trusted certification authority decrypts the signed content by using the received user public key to obtain a statement of the user, and sends the statement to the SID account management system for verification and information storage;
s9: the SID account management system feeds back verification passing information of a trusted certification authority, the certificate becomes a trusted certificate, and the trusted certification authority signs and stores the trusted certificate by using a private key of the trusted certificate;
s10: the trusted certification authority stores the signature and evidence storing process on a block chain as a declaration evidence, and the declaration evidence adopts the SID account number of the user as an identifier;
s11: the trusted certification authority signs the trusted declaration by using the user public key to form a signature abstract, then the trusted certification authority signs the signature abstract by using the private key of the trusted certification authority to form a digital certificate, and the digital certificate is sent to the user for storage.
Further, in step S300, the user authentication includes the following steps:
s12: when a certificate verifier verifies the identity of a user, the certificate verifier acquires the SID account of the user;
s13: the certificate verifying party acquires a statement evidence corresponding to the account number from the block chain according to the SID account number; after downloading the statement evidence, the certificate verifier decrypts by adopting the public key of the credible certification authority to obtain the abstract information of the credible statement;
s14: the user decrypts the digital certificate by adopting the public key of the trusted certification authority, decrypts the signature abstract by using the private key of the user to obtain the abstract information of the trusted declaration, and then sends the abstract information of the trusted declaration to the certificate verifier for verification;
s15: the certificate verifying party compares the abstract information of the credible statement sent by the user with the abstract information of the credible statement obtained by decryption, and if the verification is passed, the identity verification of the user is realized.
Furthermore, the user signs the SID of the user by using a private key and stores the SID in an electronic signature platform.
Further, in step S2, the SID accounts allocated by the SID account management system are not repeated, and each user corresponds to a unique SID account.
Further, in step S4, the user key and the key of the trusted certificate authority can be provided by a third-party trusted authority.
Further, in step S8, the SID account management system verifies the user identity according to the basic information in the statement, and stores the relevant information content of the user according to the relevant information in the statement.
The identity authentication method based on the block chain electronic signature realizes the safety of an identity system, achieves the privacy protection of identity authentication, has the convenience of identity authentication, can separate authentication data and privacy data, minimizes the data principle, and meets the requirement of compliance.
Drawings
FIG. 1 is a schematic diagram of a generic electronic signature identity authentication system using PKI;
FIG. 2 is a block chain based decentralized electronic signature identity authentication system;
fig. 3 is a schematic diagram of the identity authentication method based on the block chain electronic signature.
Detailed Description
The invention provides an identity authentication method based on a block chain electronic signature, which is different from a PKI electronic signature identity authentication method.
As shown in fig. 2, the distributed digital certificate issuance is implemented by using the blockchain technology, so that the digital certificate issuance conventionally performed by a centralized CA certificate authority can be implemented by using a blockchain distributed ledger. One way is to form a blockchain between CAs so that the CAs do not have to trust each other to accomplish the issuance and management of digital certificates in a consensus manner. Second, accounting and maintenance of the blockchain may be done jointly by all certificate holders in the system. The PKI based on the block chain can realize the certificate application, issuance, verification and management of the traditional PKI system.
(1) And (3) certificate issuing:
the user generates a public and private key pair, the private key is stored, and the public key and the data used for verifying the personal identity information are sent to the verification node for certificate application.
(2) And (3) certificate issuing:
the block chain can verify the authenticity of the identity of the new user according to the information submitted by the new user; and generating a digital certificate after the verification is passed and chaining.
(3) Certificate revocation:
the certificate user makes a certificate revocation request, wherein the certificate revocation request comprises a certificate of the user and information which can prove the identity of the user; and the verification node verifies the user identity according to the information submitted by the user, and chains up the legal certificate information and the certificate state which are not included in the block after the certificate revocation request is approved.
(4) And (3) certificate updating:
the user needs to generate a new digital certificate with the same DN (distinggushed Name) entry as the original certificate. The certificate user initiates a certificate update request to the blockchain network, submits the certificate to be updated, the newly generated certificate and the identity verification information. Then, the verification node performs verification uplink.
Decentralized identity authentication is compared with central identity authentication, and the method has the following advantages:
1. the method is not easily influenced by network partition faults, single point faults and network disconnection, and information transmission, verification and value transfer can still be carried out between different nodes when a single node fault or network disconnection occurs to a bottom layer network protocol (IP/TCP).
2. The high-standard privacy protection protocol such as GDPR is strictly adhered to in compliance. By establishing a data use mechanism based on user permission, a user can provide corresponding information according to the actual situation of the user and complete the exchange function of verifiable statements, so that other core information such as an identification number, a mobile phone contact way, a birth date and the like is not disclosed. Meanwhile, a supervisor or an authority department can serve as a verifier, so that the supervision is facilitated, and the space for money laundering and crime is reduced.
3. Has certain portability. With the gradual maturity of future cross-link technology, decentralized identity can be authorized to log in other applications like an instant messaging software account or a Paibao account, and a user can autonomously control identity.
As shown in fig. 3, the identity authentication method based on the block chain electronic signature provided by the present invention is designed with an APP, a trusted authentication authority, and a SID account management system.
The APP can be manufactured by a trusted certification authority or a trusted third party and is used for information filling of the user, key storage of the user and identity verification of the user.
And the trusted certification authority is used for verifying the identity of the user, maintaining the SID account management system and simultaneously sending the user information of the user to the block chain after being encrypted by the private key of the trusted certification authority.
And the SID account management system is used for managing the account of the APP and keeping all SID accounts, wherein the SID refers to digital identity information.
The method comprises three main aspects of user registration and verification, user electronic identity card information authentication and user identity verification.
1. The user registration and verification comprises the following steps:
s1: a user installs an APP on a personal mobile terminal;
the personal mobile terminal can adopt mobile phones, tablets and other electronic products with network communication functions;
s2: after entering an APP interface, a user fills in personal basic information, applies for an account number to a SID account number management system, and the SID account number management system distributes the SID account number to provide for the user;
the account numbers are not repeated, and each user corresponds to a unique SID account number;
s3: the user performs identity authentication through a trusted certification authority (such as a public security bureau platform);
the basic information comprises the identity card number and the name of the user, the identity authentication can be realized by adopting a traditional authentication mode, such as face recognition or on-site confirmation, the authentication party is a credible authentication mechanism, the authentication is carried out according to the basic information of the user and the user, and the identity authentication of the user is successful after the authentication and verification;
s4: the trusted certification authority sends the key of the user to the APP, and the APP stores the user key.
The user key may be provided by a trusted certificate authority and the keys of the user and the trusted certificate authority may also be provided by a third party trusted authority.
2. The user electronic identity card information authentication is mainly operated by a trusted authentication mechanism, and comprises the following steps:
s5: the user fills in further relevant information about himself on the APP, such as addresses, zip codes, genders and other contents, and specific content options can be determined by a trusted certification authority;
s6: the basic information and the related information are collectively called a statement, and a user signs by using a private key of the user and signs the filled statement;
s7: the user sends the signed content and the user public key to a trusted certification authority and submits a digital certificate application to the trusted certification authority;
s8: the trusted certification authority decrypts the signed content by using the received user public key to obtain the related information of the user, and sends the statement to the SID account management system for verification and information storage;
the SID account management system verifies the user identity according to the basic information in the statement, and stores the related information content of the user according to the related information in the statement;
s9: the SID account management system feeds back verification information of a credible certification authority, the certification authority is a credible statement at the moment, and the credible certification authority signs and stores the credible statement by using a private key of the certification authority (abstracts the credible statement and signs the abstract by using the private key);
s10: the trusted certification authority records the state of the trusted declaration and stores the process (the trusted certification authority signs and verifies the trusted declaration by using a private key thereof) in a block chain to be used as a declaration evidence, and the declaration evidence adopts an SID account number of the user as an identifier;
s11: the trusted certification authority signs the trusted declaration by using the user public key to form a signature abstract, then the trusted certification authority signs the signature abstract by using the private key of the trusted certification authority to form a digital certificate, and the digital certificate is sent to the user for storage.
3. The user identity authentication is an identity authentication process for a certificate verifier, and comprises the following steps:
s12: when a user needs to show an electronic identity document to a document verifier, for example, the electronic identity document needs to be shown in an electronic signature process, the document verifier needs to acquire an SID account of the user when verifying the identity of the user;
during authentication, the authentication is usually performed on the spot, such as entrance guard access, or performed off-line, such as when a user performs online authentication by using the internet, to determine whether the user operates the scene.
S13: the certificate verifying party acquires a statement evidence corresponding to the account number from the block chain according to the SID account number; after the certificate verifier downloads the declaration evidence, the certificate verifier decrypts the declaration evidence by using the public key of the trusted certificate authority, obtaining summary information of the credible statement;
s14: the user decrypts the digital certificate by adopting the public key of the trusted certification authority, decrypts the signature abstract by using the private key of the user to obtain the abstract information of the trusted declaration, and then sends the abstract information of the trusted declaration to the certificate verifier for verification;
s15: the certificate verifying party compares the abstract information of the credible statement sent by the user with the abstract information of the credible statement obtained by decryption, and if the verification is passed, the identity verification of the user is realized.
The method can carry out identity authentication on the electronic signature platform, greatly protects the privacy of the user, and in order to prevent the SID from being abused, the user private key is required to be used for carrying out encryption and storage on the electronic signature platform, and the user needs to keep the own SID.
The identity authentication method based on the block chain electronic signature realizes the safety of an identity system, achieves the privacy protection of identity authentication, has the convenience of identity authentication, can separate authentication data and privacy data, minimizes the data principle, and meets the requirement of compliance.

Claims (6)

1. An identity authentication method based on block chain electronic signature relates to a user APP, a trusted certification authority and a SID account management system, wherein the APP is used for information filling of a user, key storage of the user and identity verification of the user; the trusted certification authority is used for identity certification of the user and sending the signed trusted declaration of the user to the block chain; the SID account management system is used for keeping all SID accounts;
comprises the following steps:
s100: user registration and authentication: the method comprises the steps that a user registers on an APP, obtains an SID from an SID management system, carries out identity authentication on a trusted authentication mechanism, stores a key obtained after authentication, and stores the SID signed by the user through a private key in an electronic signature platform;
s200: and (3) authenticating the information of the user electronic identity card: the trusted certification authority sends a digital certificate to the user, signs the trusted declaration of the user by using a private key of the digital certificate, and sends the formed declaration evidence to the block chain; the information authentication of the user electronic identity card comprises the following steps:
s5: filling related information on an APP by a user, wherein the basic information and the related information are collectively called a statement;
s6: the user uses the private key of the user to sign and signs the filled statement;
s7: the user sends the signed content and the user public key to a trusted certification authority together, and submits a digital certificate application to the trusted certification authority;
s8: the trusted certification authority decrypts the signed content by using the received user public key to obtain a statement of the user, and sends the statement to the SID account management system for verification and information storage;
s9: the SID account management system feeds back verification passing information of a trusted certification authority, the certificate becomes a trusted certificate, and the trusted certification authority signs and stores the trusted certificate by using a private key of the trusted certificate;
s10: the trusted certification authority stores the signature and evidence storing process on a block chain as a declaration evidence, and the declaration evidence adopts the SID account number of the user as an identifier;
s11: the trusted certification authority signs the trusted declaration by using the user public key to form a signature abstract, then signs the signature abstract by using a private key of the trusted certification authority to form a digital certificate, and sends the digital certificate to the user for storage;
s300: user identity authentication: the certificate verifier acquires the declaration evidence of the user from the blockchain, and the user sends the self credible declaration abstract to the certificate verifier for verification.
2. The identity authentication method based on block chain electronic signature as claimed in claim 1, wherein: in step S100, the user registration and authentication specifically includes the following steps:
s1: a user installs an APP on a personal mobile terminal;
s2: after entering an APP interface, a user fills in personal basic information, and applies for an account to a SID account management system, wherein the SID account management system distributes an SID account to provide for the user;
s3: the user carries out identity authentication through a trusted authentication mechanism;
the basic information comprises the identity card number and the name of the user, the identity authentication adopts face recognition or on-site confirmation, the authenticator is a credible authentication mechanism, the authentication is carried out according to the basic information of the user and the user, and the identity authentication of the user is successful after the authentication;
s4: the trusted certification authority sends the key of the user to the APP, and the APP stores the user key.
3. The identity authentication method based on block chain electronic signature as claimed in claim 1, wherein: in step S300, the user authentication includes the following steps:
s12: when a certificate verifier verifies the identity of a user, the certificate verifier acquires the SID account of the user;
s13: the certificate verifying party acquires a statement evidence corresponding to the account number from the block chain according to the SID account number; after downloading the statement evidence, the certificate verifier decrypts by adopting the public key of the credible certification authority to obtain the abstract information of the credible statement;
s14: the user decrypts the digital certificate by adopting the public key of the trusted certification authority, decrypts the signature abstract by using the private key of the user to obtain the abstract information of the trusted declaration, and then sends the abstract information of the trusted declaration to the certificate verifier for verification;
s15: the certificate verifying party compares the abstract information of the credible statement sent by the user with the abstract information of the credible statement obtained by decryption, and if the verification is passed, the identity verification of the user is realized.
4. The identity authentication method based on block chain electronic signature as claimed in claim 1, wherein: in step S2, the SID accounts allocated by the SID account management system are not repeated, and each user corresponds to a unique SID account.
5. The identity authentication method based on block chain electronic signature as claimed in claim 1, wherein: in step S4, the user key and the key of the trusted authority can be provided by a third-party trusted authority.
6. The identity authentication method based on the block chain electronic signature as claimed in claim 2, wherein: in step S8, the SID account management system verifies the user identity according to the basic information in the declaration, and stores the relevant information content of the user according to the relevant information in the declaration.
CN202011544469.3A 2020-12-23 2020-12-23 Identity authentication method based on block chain electronic signature Active CN112565294B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011544469.3A CN112565294B (en) 2020-12-23 2020-12-23 Identity authentication method based on block chain electronic signature

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011544469.3A CN112565294B (en) 2020-12-23 2020-12-23 Identity authentication method based on block chain electronic signature

Publications (2)

Publication Number Publication Date
CN112565294A CN112565294A (en) 2021-03-26
CN112565294B true CN112565294B (en) 2023-04-07

Family

ID=75031037

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011544469.3A Active CN112565294B (en) 2020-12-23 2020-12-23 Identity authentication method based on block chain electronic signature

Country Status (1)

Country Link
CN (1) CN112565294B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114531277B (en) * 2022-01-21 2024-01-26 北京送好运信息技术有限公司 User identity authentication method based on blockchain technology
CN116821883A (en) * 2023-08-31 2023-09-29 成都智慧锦城大数据有限公司 Method and system for acquiring, verifying and using personal electronic identity card
CN117692152A (en) * 2024-02-04 2024-03-12 杭州天谷信息科技有限公司 Signature verification network-based signature method, signature verification method and certificate issuing method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107070667A (en) * 2017-06-07 2017-08-18 国民认证科技(北京)有限公司 Identity identifying method, user equipment and server
CN110958229A (en) * 2019-11-20 2020-04-03 南京理工大学 Credible identity authentication method based on block chain
CN111478769A (en) * 2020-03-18 2020-07-31 西安电子科技大学 Distributed credible identity authentication method, system, storage medium and terminal
CN111884815A (en) * 2020-08-07 2020-11-03 上海格尔安全科技有限公司 Block chain-based distributed digital certificate authentication system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109005036B (en) * 2017-06-06 2023-04-07 北京握奇智能科技有限公司 Block chain member management method and system based on identification cipher algorithm
CN107196966B (en) * 2017-07-05 2020-04-14 北京信任度科技有限公司 Identity authentication method and system based on block chain multi-party trust
CN108898389B (en) * 2018-06-26 2021-05-18 创新先进技术有限公司 Content verification method and device based on block chain and electronic equipment
CN110677376B (en) * 2018-07-03 2022-03-22 中国电信股份有限公司 Authentication method, related device and system and computer readable storage medium
CN110572262A (en) * 2019-09-20 2019-12-13 中国银行股份有限公司 Block chain alliance chain construction method, device and system
CN111859348B (en) * 2020-07-31 2022-07-19 上海微位网络科技有限公司 Identity authentication method and device based on user identification module and block chain technology

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107070667A (en) * 2017-06-07 2017-08-18 国民认证科技(北京)有限公司 Identity identifying method, user equipment and server
CN110958229A (en) * 2019-11-20 2020-04-03 南京理工大学 Credible identity authentication method based on block chain
CN111478769A (en) * 2020-03-18 2020-07-31 西安电子科技大学 Distributed credible identity authentication method, system, storage medium and terminal
CN111884815A (en) * 2020-08-07 2020-11-03 上海格尔安全科技有限公司 Block chain-based distributed digital certificate authentication system

Also Published As

Publication number Publication date
CN112565294A (en) 2021-03-26

Similar Documents

Publication Publication Date Title
CN108270571B (en) Internet of Things identity authorization system and its method based on block chain
US7020778B1 (en) Method for issuing an electronic identity
EP1476980B1 (en) Requesting digital certificates
US8621206B2 (en) Authority-neutral certification for multiple-authority PKI environments
US10567370B2 (en) Certificate authority
KR101205385B1 (en) Method and system for electronic voting over a high-security network
AU739898B2 (en) Method of and apparatus for providing secure distributed directory services and public key infrastructure
CN112565294B (en) Identity authentication method based on block chain electronic signature
US8799981B2 (en) Privacy protection system
CN113691560B (en) Data transmission method, method for controlling data use, and cryptographic device
US20110055556A1 (en) Method for providing anonymous public key infrastructure and method for providing service using the same
US20070245139A1 (en) URL-based certificate in a PKI
KR20090057586A (en) Method and apparatus of mutual authentication and key distribution for downloadable conditional access system in digital cable broadcasting network
CN111049835B (en) Unified identity management system of distributed public certificate service network
EP2957064B1 (en) Method of privacy-preserving proof of reliability between three communicating parties
CN103490881A (en) Authentication service system, user authentication method, and authentication information processing method and system
CN109963282A (en) Secret protection access control method in the wireless sensor network that IP is supported
JP2007525125A (en) Public key transmission by mobile terminal
CN109981287A (en) A kind of code signature method and its storage medium
JPH10336172A (en) Managing method of public key for electronic authentication
US11146536B2 (en) Method and a system for managing user identities for use during communication between two web browsers
EP1437024B1 (en) Method and arrangement in a communications network
CN115102695A (en) Vehicle networking certificate authentication method based on block chain
US9882891B2 (en) Identity verification
CN100596066C (en) Entity identification method based on H323 system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant