CN113194082B - Identity verification method based on block chain, block chain platform and operator platform - Google Patents
Identity verification method based on block chain, block chain platform and operator platform Download PDFInfo
- Publication number
- CN113194082B CN113194082B CN202110455089.0A CN202110455089A CN113194082B CN 113194082 B CN113194082 B CN 113194082B CN 202110455089 A CN202110455089 A CN 202110455089A CN 113194082 B CN113194082 B CN 113194082B
- Authority
- CN
- China
- Prior art keywords
- user
- private key
- information
- block chain
- application program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
Abstract
The present disclosure provides an identity verification method, a block chain platform and an operator platform based on a block chain, wherein the method comprises: receiving an identity authentication request sent by a server of a first application program, and acquiring a private key in the identity authentication request; responding to a public key and a private key signature corresponding to the private key which are inquired in the block chain account book, and sending a verification request carrying the private key to an operator platform; and responding to the received verification passing message carrying the user digital identity information returned by the operator platform, and sending the verification passing message carrying the user digital identity information to the server of the first application program. Anonymous login is realized, and the digital identity information of the user is ensured not to be tampered. The method has the advantages that the safety and controllability in the authorized login scene are greatly improved, the privacy and safety of the personal information of the user are protected, meanwhile, a convenient and efficient mode is provided for the user to register and login a new application program, the user experience is improved, and the application of the block chain technology is promoted.
Description
Technical Field
The disclosure belongs to the technical field of communication, and particularly relates to an identity authentication method based on a block chain, a block chain platform and an operator platform.
Background
Surveys have shown that 80% of people dislike the cumbersome process of web page registration and 35% of online shoppers abandon their shopping carts because there is no account. One survey showed that by 2020, we will have over 200 digital accounts. At the present stage, everyone has a plurality of accounts, logs in various websites and registers various application programs. With the unlimited diffusion of user privacy, various harassing calls are received every day, and even property loss is caused by the leakage of user privacy.
In this case, the existing technology mainly performs login through social media, and completes login by using a third party authorization mechanism and adopting OAuth2.0 protocol. The OAuth2.0 Protocol focuses on the ease of client developers, either on behalf of users through approved interactions organized between resource owners and HTTP (HyperText Transfer Protocol) facilitators, or allows third-party applications to gain access rights on behalf of users. The protocol provides a special authentication flow for Web application, desktop application, mobile phone, and living room equipment. The OAuth2.0 protocol was promulgated as RFC 6749 in month 10 2012. Like the WeChat commonly used by us, payment Login is completed by adopting OAuth2.0 protocol. Taking the wechat as an example, before the wechat oauth2.0 authorized login access is performed, a developer account is registered on the wechat open platform, a mobile application which is approved is owned, a corresponding application account and a corresponding password are obtained, and after the wechat login is applied and the approval is passed, the access process can be started. When the user logs in other application programs, a WeChat login button is displayed, and if the user mobile phone does not install WeChat, the user mobile phone prompts the user to install a WeChat client. The method comprises the following specific steps:
1. the server of the third party initiates a WeChat authorization login request, and after the WeChat user allows the authorization of the third party application, the WeChat server pulls the application or redirects the application to the third party website and takes the authorization temporary bill code parameter;
2. the third party server adds an account number, a password and the like through the code parameter and exchanges access _ token through the API;
3. and the server of the third party performs interface calling through the access _ token to obtain the basic data resources of the user or help the user to realize basic operation.
For the user, the steps can be completed by only pressing a button in a simple place, a series of processes for registering the user are omitted, and the method is widely applied at the present stage. Social media account login has become a mainstream alternative to online registration. This process allows internet users to use existing information in the platform, such as WeChat, paibao, etc., using single sign-on. The oauth2.0 protocol is mainly used. This solution, though, has many advantages, such as simplicity, openness and security. However, this solution also has many disadvantages, such as certain vulnerabilities in terms of security. Three researchers at the hong Kong Chinese university in China, 2016, published a paper that "one billion mobile application accounts could be logged in without difficulty using the OAuth2.0 protocol". Researchers have found that by third party applications, the OAuth2.0 protocol could be used by hackers remotely without the knowledge of the user.
In addition, how the personal information of the user is protected is also important. Businesses are forced to protect users' personal information at all but at a high cost. The british identity verification cost is over 33 billion pounds per year, equivalent to $ 220 billion, expressed by the customer attention marketing solution provider Ctrl-Shift. This also does not include costs resulting from storage, protection, defaulting, management, etc.
Disclosure of Invention
In order to overcome the above defects in the prior art, the present disclosure provides an identity verification method based on a block chain, a block chain platform, and an operator platform.
As a first aspect of the present disclosure, there is provided an identity authentication method based on a blockchain, including:
receiving an authentication request sent by a server of a first application program, and acquiring a private key therein, wherein the authentication request is sent after the server of the first application program sends an authorized login request to a server of a second application program, and a user authorized login message returned by the server of the second application program is received by the server of the first application program, and the private key is acquired from a terminal device of the user;
responding to a public key and a private key signature corresponding to the private key which are inquired in a block chain account book, and sending a verification request carrying the private key to an operator platform;
and responding to the received verification passing message carrying the user digital identity information returned by the operator platform, and sending the verification passing message carrying the user digital identity information to the server of the first application program.
Preferably, the method further comprises:
and responding to the received public key and private key signature broadcasted by the operator platform in the block chain, and storing the public key and the private key signature in a block chain account book.
As a second aspect of the present disclosure, there is provided an identity authentication method based on a blockchain, including:
receiving a verification request sent by a block chain platform, and acquiring a private key in the verification request;
and responding to the user digital identity information corresponding to the private key queried locally, and sending a verification passing message carrying the user digital identity information to the block chain platform.
Preferably, the method further comprises:
in response to monitoring that a user logs in an application program belonging to the operator platform, locally acquiring user information of the user, and generating digital identity information of the user according to the user information;
generating a private key and a public key corresponding to the user digital identity information;
generating the private key signature according to the private key and the user information;
and sending the private key to the terminal equipment of the user, and broadcasting the public key and the private key signature in a block chain.
Preferably, the generating the user digital identity information according to the user information includes:
calculating a hash value of the user information, and using the hash value as leaf node information of the Mercker tree;
and calculating root node information of the Merck tree according to the leaf node information, and determining the root node information as the user digital identity information.
As a third aspect of the present disclosure, there is provided a blockchain platform, comprising:
the system comprises a receiving module, a sending module and a sending module, wherein the receiving module is used for receiving an authentication request sent by a server of a first application program, the authentication request is sent by the server of the first application program to a server of a second application program, and the authentication request is sent after the server of the first application program receives a user authorization login message returned by the server of the second application program and the private key is obtained from terminal equipment of a user;
the obtaining module is used for obtaining a private key in the identity authentication request;
the sending module is used for responding to the public key and the private key signature corresponding to the private key which are inquired in the block chain account book and sending a verification request carrying the private key to an operator platform; and responding to the received verification passing message carrying the user digital identity information returned by the operator platform, and sending the verification passing message carrying the user digital identity information to the server of the first application program.
Preferably, the method further comprises the following steps:
the storage module is used for responding to the public key and the private key signature which are received from the operator platform broadcast in the block chain, and storing the public key and the private key signature in the block chain account book.
As a fourth aspect of the present disclosure, there is provided an operator platform comprising:
the receiving module is used for receiving a verification request sent by the block chain platform;
the first acquisition module is used for acquiring a private key in the verification request;
and the sending module is used for responding to the user digital identity information corresponding to the private key inquired locally and sending a verification passing message carrying the user digital identity information to the block chain platform.
Preferably, the method further comprises the following steps:
the second acquisition module is used for responding to the monitored application program of the user login belonging to the operator platform and locally acquiring the user information of the user;
the first generation module is used for generating the user digital identity information according to the user information;
the second generation module is used for generating a private key and a public key corresponding to the user digital identity information;
the third generation module is used for generating the private key signature according to the private key and the user information;
the sending module is used for sending the private key to the terminal equipment of the user;
a broadcast module to broadcast the public key and the private key signature in a blockchain.
Preferably, the first generating module is specifically configured to:
calculating a hash value of the user information, and taking the hash value as leaf node information of the Merckel tree;
and calculating root node information of the Mercker tree according to the leaf node information, and determining the root node information as the user digital identity information.
In the identity verification method based on the blockchain provided by the embodiment of the present disclosure, when the blockchain platform receives an identity verification request sent by the server of the first application, if a public key and a private key signature corresponding to a private key are queried in the blockchain account book, and the operator platform queries the user digital identity information of the user, it indicates that the user registers the user digital identity information in the operator platform in advance, and sends an identity verification passing message carrying the user digital identity information to the server of the first application after the user passes the identity verification, thereby implementing anonymous login. And the identity of the user is verified by combining the block chain, so that the digital identity information of the user is not tampered. The method has the advantages that the safety and controllability in the authorized login scene are greatly improved, the privacy and safety of the personal information of the user are protected, meanwhile, a convenient and efficient mode is provided for the user to register and login a new application program, the user experience is improved, and the application of the block chain technology is promoted.
Drawings
Fig. 1 is a flowchart of an identity authentication method based on a block chain on a side of a block chain platform according to an embodiment of the present disclosure;
fig. 2 is a flowchart of an identity authentication method based on a block chain at an operator platform side according to an embodiment of the present disclosure;
fig. 3 is another flowchart of an identity authentication method based on a block chain at an operator platform side according to an embodiment of the present disclosure;
fig. 4 is an alternative implementation of step S302 in fig. 3 provided by an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of a block chain platform according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of an operator platform according to an embodiment of the present disclosure.
Detailed Description
In order to make the technical solutions of the present invention better understood, the present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
The problem that the OAuth2.0 scheme lacks security in the authorized login scene and the problem of how to reduce the cost of personal information protection of the user are solved. The disclosure provides an identity verification method based on a block chain, a block chain platform and an operator platform. The following detailed description is made with reference to the accompanying drawings which respectively illustrate embodiments provided by the present disclosure.
Fig. 1 shows a flowchart of a block chain based identity verification method on a block chain platform side according to an embodiment of the present disclosure. As shown in fig. 1, the identity authentication method based on a blockchain provided in this embodiment includes the following steps.
Step S101, receiving an authentication request sent by a server of a first application program.
Step S102, a private key in the identity authentication request is obtained.
Step S103, in response to the public key and the private key signature corresponding to the private key being queried in the blockchain ledger, sending a verification request carrying the private key to the operator platform.
Step S104, responding to the received authentication passing message carrying the user digital identity information returned by the operator platform, and sending the authentication passing message carrying the user digital identity information to the server of the first application program.
The authentication request is sent after the server of the first application program sends an authorized login request to the server of the second application program, and the server of the first application program receives a user authorized login message returned by the server of the second application program and acquires a private key from the terminal equipment of the user. The first application program is an application program which the user needs to log in, the first application program is registered in the operator platform in advance, and the second application program is an authorized login platform which is jumped when the user logs in the first application program (for example, weChat can authorize to log in other application programs). Specifically, the server of the first application sends an authorized login request to the server of the second application, the server of the second application is redirected to the address of the second application, after the user clicks a control for authorized login (whether login of the first application is allowed, whether the first application is allowed to use personal information of the user, etc.) or inputs an account number and a password of the second application, the server of the second application is redirected to the address of the first application, and the server of the first application acquires a private key prestored by the terminal device from the terminal device of the user.
In the identity verification method based on the blockchain provided by the embodiment of the disclosure, an operator platform creates user digital identity information for a user in advance to replace real account information of the user, and a private key corresponding to the user digital identity information, and a public key and a private key signature corresponding to the private key are stored in a blockchain account book of the blockchain platform in advance. When the blockchain platform receives an identity verification request sent by a server of a first application program, if a public key and a private key signature corresponding to a private key are inquired in a blockchain account book and user digital identity information of the user is inquired through an operator platform, the user registers the user digital identity information in the operator platform in advance, the identity verification of the user is passed, and an identity verification passing message carrying the user digital identity information is sent to the server of the first application program.
In the prior art, after the server of the first application receives the user authorized login message returned by the server of the second application, the server of the first application may obtain the real personal information of the user (for example, the information of the user filled when the user registers the second application), and in the present disclosure, after the user identity verification is passed, the block chain platform sends the digital identity information of the user to the server of the first application, so as to implement anonymous login, where the user is an authenticated user. If the blockchain platform does not send an authentication passing message carrying the digital identity information of the user to the server of the first application program, the user cannot log in the first application program.
In the embodiment of the disclosure, the digital identity information of the user can replace the real account information of the user, so as to realize anonymous login, and the identity of the user is verified by combining the blockchain, so that the digital identity information of the user is ensured not to be tampered. The method has the advantages that the safety and controllability in the authorized login scene are greatly improved, the privacy and safety of the personal information of the user are protected, meanwhile, a convenient and efficient mode is provided for the user to register and login a new application program, the user experience is improved, and the application of the block chain technology is promoted.
In addition, the user digital identity information can be used for verification of third-party partners, can also be used in places needing real-name registration, stations, access controls, banks and the like, greatly facilitates users while protecting privacy of the users, and meanwhile, a supervision layer can also be used for positioning specific users.
In some embodiments, the method further comprises: and responding to the received public key and private key signature broadcasted by the operator platform in the block chain, and storing the public key and private key signature in the block chain account book.
In this step, public key and private key signatures broadcast by the operator platform are pre-stored in the blockchain ledger for verifying the users on the blockchain platform when the users log in the first application program, protecting the privacy of the users and avoiding information leakage of the users.
It should be noted that, as long as the servers of the first application program that joins the blockchain can share the authenticated user. Assuming that the first application program also has its own authenticated user database, the authenticated user corresponding to the first application program may directly log in to other first application programs in the blockchain, and the user also needs to execute steps 101 to S104 of this embodiment when logging in to other first application programs.
Fig. 2 shows a flowchart of an identity verification method based on a blockchain on an operator platform side according to an embodiment of the present disclosure. As shown in fig. 2, the identity authentication method based on a blockchain provided in this embodiment includes the following steps.
Step S201, receiving a verification request sent by the blockchain platform.
Step S202, a private key in the verification request is obtained.
Step S203, in response to the user digital identity information corresponding to the private key being queried locally, sending a verification passing message carrying the user digital identity information to the blockchain platform.
In the identity verification method based on the block chain provided by the embodiment of the disclosure, the operator platform creates the user digital identity information for the user in advance to replace the real account information of the user. And the operator platform prestores a private key corresponding to the user digital identity information. And the operator platform receives the verification request sent by the blockchain platform, acquires the private key in the verification request, and sends a verification passing message carrying the user digital identity information to the blockchain platform if the user digital identity information corresponding to the private key is inquired locally. When the user successfully verifies both the blockchain platform and the operator platform, the blockchain platform sends an identity verification passing message carrying the digital identity information of the user to the server of the first application program, so that anonymous login is realized, and the user is an authenticated user. If the blockchain platform does not send an authentication passing message carrying the digital identity information of the user to the server of the first application program, the user cannot log in the first application program.
In the embodiment of the disclosure, the digital identity information of the user can replace the real account information of the user, so as to realize anonymous login, and the identity of the user is verified by combining the blockchain, so that the digital identity information of the user is ensured not to be tampered. The method has the advantages that the safety and controllability in the authorized login scene are greatly improved, the privacy and safety of the personal information of the user are protected, meanwhile, a convenient and efficient mode is provided for the user to register and login a new application program, the user experience is improved, and the application of the block chain technology is promoted.
In addition, the user digital identity information can be used for verification of third-party partners, can also be used in places needing real-name registration, stations, entrance guards, banks and the like, greatly facilitates users while protecting privacy of the users, and meanwhile, a supervision layer can also position specific users.
Fig. 3 shows another flowchart of an identity verification method based on a blockchain at an operator platform side according to an embodiment of the present disclosure. As shown in fig. 3, in some embodiments, the method further comprises:
step S301, in response to the fact that the user logs in the application program belonging to the operator platform, user information of the user is locally acquired.
Step S302, the user digital identity information is generated according to the user information.
In steps S301 to S302, if it is detected that the user logs in to the application program belonging to the operator platform, user information (including user name, identification number, gender, mobile phone number, operator vip rating information, user attribution information, major-minor card identifier, user network access duration, and the like) of the user is locally obtained. And generating unique user digital identity information for the user according to the user information of the user.
Step S303, a private key and a public key corresponding to the user digital identity information are generated.
And step S304, generating a private key signature according to the private key and the user information.
Step S305, sending the private key to the terminal device of the user, and broadcasting the public key and the private key signature in the blockchain.
In step S303 to step S305, a private key and a public key corresponding to the user digital identity information are generated through algorithmic encryption, and a private key signature is generated using the private key and the user information. The private key is sent to the terminal equipment of the user for storage, and the public key and the private key signature are broadcasted in the block chain.
Fig. 4 illustrates an alternative implementation manner of step S302 in fig. 3 provided by an embodiment of the present disclosure.
In some embodiments, as shown in fig. 4, the generating the user digital identity information according to the user information (i.e., step S302) includes:
step S401, calculating a hash value of the user information, and using the hash value as leaf node information of the Mercker tree.
And step S402, calculating root node information of the Merck tree according to the leaf node information, and determining the root node information as user digital identity information.
In step S401-step S402, the user digital identity information is created for the user by using the Mercker tree algorithm. And calculating a hash value aiming at each piece of user information according to a predetermined rule and a predetermined sequence by default to serve as leaf node information of the Merck tree, and calculating sub-node information of the Merck tree step by step according to a predetermined algorithm and the leaf node information. For example, leaf nodes or sub-nodes of a unified hierarchy circularly execute operations such as addition, subtraction, multiplication and division or execute different types of operations according to the hierarchy number recurred to the leaf nodes, calculate operation results of corresponding positions of hash values of two different leaf nodes, and then generate sub-node information corresponding to the two leaf nodes. And calculating step by step according to the child node information, and finally calculating the root node information of the Mercker tree to form the Mercker tree. And determining the root node information as the user digital identity information.
It should be noted that, as long as the servers of the first application program that joins the blockchain can share the authenticated user. Assuming that the first application program also has its own authenticated user database, the authenticated user corresponding to the first application program may directly log in to other first application programs in the blockchain, and all steps in the embodiments corresponding to fig. 2 to 4 need to be executed when the user logs in to other first application programs.
Fig. 5 shows a schematic structural diagram of a blockchain platform provided in an embodiment of the present disclosure. Based on the same technical concept as the embodiment corresponding to fig. 1, as shown in fig. 5, the block chain platform provided by the embodiment of the present disclosure includes the following modules.
A receiving module 11, configured to receive an authentication request sent by a server of a first application, where the authentication request is sent by the server of the first application sending an authorized login request to a server of a second application, and the authentication request is sent after the server of the first application receives a user authorized login message returned by the server of the second application and acquires the private key from a terminal device of the user;
the obtaining module 12 obtains a private key in the authentication request;
the sending module 13 is configured to send a verification request carrying the private key to the operator platform in response to the public key and the private key signature corresponding to the private key being queried in the blockchain ledger; and responding to the received verification passing message carrying the user digital identity information returned by the operator platform, and sending the verification passing message carrying the user digital identity information to the server of the first application program.
Preferably, the method further comprises the following steps:
and the storage module is used for responding to the public key and the private key signature which are received from the operator platform broadcast in the block chain, and storing the public key and the private key signature in the block chain account book.
Fig. 6 shows a schematic structural diagram of a blockchain platform provided in an embodiment of the present disclosure. Based on the same technical concept as the embodiment corresponding to fig. 2, as shown in fig. 6, the operator platform provided by the embodiment of the present disclosure includes the following modules.
The receiving module 21 is configured to receive an authentication request sent by the block chain platform.
The first obtaining module 22 obtains the private key in the verification request.
And the sending module 22 is configured to send, in response to the user digital identity information corresponding to the private key being locally queried, a verification passing message carrying the user digital identity information to the blockchain platform.
Preferably, the method further comprises the following steps:
the second acquisition module is used for responding to the monitored application program of the user login belonging to the operator platform and locally acquiring the user information of the user;
the first generation module is used for generating the user digital identity information according to the user information;
the second generation module is used for generating a private key and a public key corresponding to the user digital identity information;
the third generation module is used for generating the private key signature according to the private key and the user information;
the sending module is used for sending the private key to the terminal equipment of the user;
a broadcast module to broadcast the public key and the private key signature in a blockchain.
Preferably, the first generating module is specifically configured to:
calculating a hash value of the user information, and using the hash value as leaf node information of the Mercker tree;
and calculating root node information of the Mercker tree according to the leaf node information, and determining the root node information as the user digital identity information.
It will be understood that the above embodiments are merely exemplary embodiments adopted to illustrate the principles of the present invention, and the present invention is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and substance of the invention, and these modifications and improvements are also considered to be within the scope of the invention.
Claims (8)
1. An identity authentication method based on a block chain is characterized by comprising the following steps:
receiving an authentication request sent by a server of a first application program, and acquiring a private key therein, wherein the authentication request is sent after the server of the first application program sends an authorized login request to a server of a second application program, and a user authorized login message returned by the server of the second application program is received by the server of the first application program, and the private key is acquired from a terminal device of the user;
responding to a public key and a private key signature corresponding to the private key which are inquired in a block chain account book, and sending a verification request which carries the private key and corresponds to the identity verification request to an operator platform;
in response to receiving a verification passing message which is returned by the operator platform and carries the user digital identity information, sending the identity verification passing message which carries the user digital identity information to a server of the first application program;
wherein the user digital identity information is determined by the operator platform from root node information of the mercker tree; the root node information is obtained by taking a hash value of user information of a user as leaf node information of the Merckel tree and calculating according to the leaf node information.
2. The blockchain-based identity authentication method according to claim 1, further comprising:
and responding to the received public key and private key signature broadcasted by the operator platform in the block chain, and storing the public key and the private key signature in a block chain account book.
3. An identity authentication method based on a block chain is characterized by comprising the following steps:
receiving an authentication request which is sent by a block chain platform and corresponds to an identity authentication request received by the block chain platform, and acquiring a private key in the authentication request, wherein the identity authentication request is sent to the block chain platform by a server of a first application program;
responding to the user digital identity information corresponding to the private key inquired locally, and sending a verification passing message carrying the user digital identity information to the block chain platform;
wherein the user digital identity information is determined according to root node information of the Mercker tree; the root node information is obtained by taking a hash value of user information of a user as leaf node information of the Mercker tree and calculating according to the leaf node information.
4. The blockchain-based identity authentication method according to claim 3, wherein the method further comprises:
in response to monitoring that a user logs in an application program belonging to the operator platform, locally acquiring user information of the user, and generating the user digital identity information according to the user information;
generating a private key and a public key corresponding to the user digital identity information;
generating the private key signature according to the private key and the user information;
and sending the private key to the terminal equipment of the user, and broadcasting the public key and the private key signature in a block chain.
5. A blockchain platform, comprising:
the system comprises a receiving module, a sending module and a sending module, wherein the receiving module is used for receiving an identity authentication request sent by a server of a first application program, the identity authentication request is sent by the server of the first application program to a server of a second application program, and the identity authentication request is sent after the server of the first application program receives a user authorization login message returned by the server of the second application program and acquires a private key of a user from terminal equipment of the user;
the obtaining module is used for obtaining the private key in the identity authentication request;
the sending module is used for responding to a public key and a private key signature which correspond to the private key and are inquired in a block chain account book, and sending a verification request which carries the private key and corresponds to the identity verification request to an operator platform; in response to receiving a verification passing message which is returned by the operator platform and carries the user digital identity information, sending the identity verification passing message which carries the user digital identity information to a server of the first application program;
wherein the user digital identity information is determined by the operator platform from root node information of the mercker tree; the root node information is obtained by taking a hash value of user information of a user as leaf node information of the Merckel tree and calculating according to the leaf node information.
6. The blockchain platform of claim 5, further comprising:
and the storage module is used for responding to the public key and the private key signature which are received from the operator platform broadcast in the block chain, and storing the public key and the private key signature in the block chain account book.
7. An operator platform, comprising:
the system comprises a receiving module, a judging module and a processing module, wherein the receiving module is used for receiving an authentication request which is sent by a block chain platform and corresponds to an identity authentication request received by the block chain platform, and the identity authentication request is sent to the block chain platform by a server of a first application program;
the first acquisition module is used for acquiring a private key in the verification request;
the sending module is used for responding to the user digital identity information corresponding to the private key inquired locally and sending a verification passing message carrying the user digital identity information to the block chain platform;
wherein the user digital identity information is determined according to root node information of the Mercker tree; the root node information is obtained by taking a hash value of user information of a user as leaf node information of the Mercker tree and calculating according to the leaf node information.
8. The operator platform of claim 7, further comprising:
the second acquisition module is used for responding to the monitored application program of the user login belonging to the operator platform and locally acquiring the user information of the user;
the first generation module is used for generating the user digital identity information according to the user information;
the second generation module is used for generating a private key and a public key corresponding to the user digital identity information;
the third generation module is used for generating the private key signature according to the private key and the user information;
the sending module is used for sending the private key to the terminal equipment of the user;
a broadcast module to broadcast the public key and the private key signature in a blockchain.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110455089.0A CN113194082B (en) | 2021-04-26 | 2021-04-26 | Identity verification method based on block chain, block chain platform and operator platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110455089.0A CN113194082B (en) | 2021-04-26 | 2021-04-26 | Identity verification method based on block chain, block chain platform and operator platform |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113194082A CN113194082A (en) | 2021-07-30 |
CN113194082B true CN113194082B (en) | 2022-12-02 |
Family
ID=76979000
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110455089.0A Active CN113194082B (en) | 2021-04-26 | 2021-04-26 | Identity verification method based on block chain, block chain platform and operator platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113194082B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115051848B (en) * | 2022-06-08 | 2023-12-22 | 西安工业大学 | Identity authentication method based on blockchain |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112235290A (en) * | 2020-10-13 | 2021-01-15 | 中国联合网络通信集团有限公司 | Block chain-based Internet of things equipment management method and first Internet of things equipment |
WO2021063963A1 (en) * | 2019-09-30 | 2021-04-08 | Bpce | Process for managing the rights and assets of a user in a block chain |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP6547079B1 (en) * | 2016-12-23 | 2019-07-17 | 深▲セン▼前▲海▼▲達▼▲闥▼▲雲▼端智能科技有限公司Cloudminds (Shenzhen) Robotics Systems Co., Ltd. | Registration / authorization method, device and system |
CN107547514A (en) * | 2017-07-17 | 2018-01-05 | 招商银行股份有限公司 | Identity identifying method, system and computer-readable recording medium |
CN109768865A (en) * | 2019-01-18 | 2019-05-17 | 深圳市威赫科技有限公司 | Block chain upper body part under credible performing environment digitizes realization method and system |
CN110071808A (en) * | 2019-04-09 | 2019-07-30 | 郭浩 | A kind of the secure digital identity verification method and device of block chain user |
-
2021
- 2021-04-26 CN CN202110455089.0A patent/CN113194082B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021063963A1 (en) * | 2019-09-30 | 2021-04-08 | Bpce | Process for managing the rights and assets of a user in a block chain |
CN112235290A (en) * | 2020-10-13 | 2021-01-15 | 中国联合网络通信集团有限公司 | Block chain-based Internet of things equipment management method and first Internet of things equipment |
Also Published As
Publication number | Publication date |
---|---|
CN113194082A (en) | 2021-07-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10594696B2 (en) | Network-based authentication and security services | |
Fett et al. | A comprehensive formal security analysis of OAuth 2.0 | |
US9871791B2 (en) | Multi factor user authentication on multiple devices | |
US9374369B2 (en) | Multi-factor authentication and comprehensive login system for client-server networks | |
US9298890B2 (en) | Preventing unauthorized account access using compromised login credentials | |
US8683565B2 (en) | Authentication | |
EP2307982B1 (en) | Method and service integration platform system for providing internet services | |
CN114679293A (en) | Access control method, device and storage medium based on zero trust security | |
Fett et al. | An extensive formal security analysis of the openid financial-grade api | |
US20220394026A1 (en) | Network identity protection method and device, and electronic equipment and storage medium | |
CN110417790B (en) | Block chain real-name system queuing system and method | |
USRE47533E1 (en) | Method and system of securing accounts | |
CN101771532A (en) | Method, device and system for realizing resource sharing | |
JP2004185623A (en) | Method and system for authenticating user associated with sub-location in network location | |
CN109245897B (en) | Node authentication method and device based on non-interactive zero-knowledge proof | |
CN113922982A (en) | Login method, electronic device and computer-readable storage medium | |
CN113194082B (en) | Identity verification method based on block chain, block chain platform and operator platform | |
CN106888200B (en) | Identification association method, information sending method and device | |
KR101258972B1 (en) | Method for user authentication | |
US20100250607A1 (en) | Personal information management apparatus and personal information management method | |
CN110278178B (en) | Login method, equipment and readable storage medium | |
CN104113511B (en) | A kind of method, system and relevant apparatus for accessing IMS network | |
KR101861441B1 (en) | Finance service providing method using simple login and server performing the same | |
CN111224918A (en) | Real-time networking security control platform and access authentication method | |
WO2016075467A1 (en) | Network based identity federation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |