CN113194082B - Identity verification method based on block chain, block chain platform and operator platform - Google Patents

Identity verification method based on block chain, block chain platform and operator platform Download PDF

Info

Publication number
CN113194082B
CN113194082B CN202110455089.0A CN202110455089A CN113194082B CN 113194082 B CN113194082 B CN 113194082B CN 202110455089 A CN202110455089 A CN 202110455089A CN 113194082 B CN113194082 B CN 113194082B
Authority
CN
China
Prior art keywords
user
private key
information
block chain
application program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110455089.0A
Other languages
Chinese (zh)
Other versions
CN113194082A (en
Inventor
田新雪
蒙睿
肖征荣
马书惠
杨子文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202110455089.0A priority Critical patent/CN113194082B/en
Publication of CN113194082A publication Critical patent/CN113194082A/en
Application granted granted Critical
Publication of CN113194082B publication Critical patent/CN113194082B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption

Abstract

The present disclosure provides an identity verification method, a block chain platform and an operator platform based on a block chain, wherein the method comprises: receiving an identity authentication request sent by a server of a first application program, and acquiring a private key in the identity authentication request; responding to a public key and a private key signature corresponding to the private key which are inquired in the block chain account book, and sending a verification request carrying the private key to an operator platform; and responding to the received verification passing message carrying the user digital identity information returned by the operator platform, and sending the verification passing message carrying the user digital identity information to the server of the first application program. Anonymous login is realized, and the digital identity information of the user is ensured not to be tampered. The method has the advantages that the safety and controllability in the authorized login scene are greatly improved, the privacy and safety of the personal information of the user are protected, meanwhile, a convenient and efficient mode is provided for the user to register and login a new application program, the user experience is improved, and the application of the block chain technology is promoted.

Description

Block chain-based identity verification method, block chain platform and operator platform
Technical Field
The disclosure belongs to the technical field of communication, and particularly relates to an identity authentication method based on a block chain, a block chain platform and an operator platform.
Background
Surveys have shown that 80% of people dislike the cumbersome process of web page registration and 35% of online shoppers abandon their shopping carts because there is no account. One survey showed that by 2020, we will have over 200 digital accounts. At the present stage, everyone has a plurality of accounts, logs in various websites and registers various application programs. With the unlimited diffusion of user privacy, various harassing calls are received every day, and even property loss is caused by the leakage of user privacy.
In this case, the existing technology mainly performs login through social media, and completes login by using a third party authorization mechanism and adopting OAuth2.0 protocol. The OAuth2.0 Protocol focuses on the ease of client developers, either on behalf of users through approved interactions organized between resource owners and HTTP (HyperText Transfer Protocol) facilitators, or allows third-party applications to gain access rights on behalf of users. The protocol provides a special authentication flow for Web application, desktop application, mobile phone, and living room equipment. The OAuth2.0 protocol was promulgated as RFC 6749 in month 10 2012. Like the WeChat commonly used by us, payment Login is completed by adopting OAuth2.0 protocol. Taking the wechat as an example, before the wechat oauth2.0 authorized login access is performed, a developer account is registered on the wechat open platform, a mobile application which is approved is owned, a corresponding application account and a corresponding password are obtained, and after the wechat login is applied and the approval is passed, the access process can be started. When the user logs in other application programs, a WeChat login button is displayed, and if the user mobile phone does not install WeChat, the user mobile phone prompts the user to install a WeChat client. The method comprises the following specific steps:
1. the server of the third party initiates a WeChat authorization login request, and after the WeChat user allows the authorization of the third party application, the WeChat server pulls the application or redirects the application to the third party website and takes the authorization temporary bill code parameter;
2. the third party server adds an account number, a password and the like through the code parameter and exchanges access _ token through the API;
3. and the server of the third party performs interface calling through the access _ token to obtain the basic data resources of the user or help the user to realize basic operation.
For the user, the steps can be completed by only pressing a button in a simple place, a series of processes for registering the user are omitted, and the method is widely applied at the present stage. Social media account login has become a mainstream alternative to online registration. This process allows internet users to use existing information in the platform, such as WeChat, paibao, etc., using single sign-on. The oauth2.0 protocol is mainly used. This solution, though, has many advantages, such as simplicity, openness and security. However, this solution also has many disadvantages, such as certain vulnerabilities in terms of security. Three researchers at the hong Kong Chinese university in China, 2016, published a paper that "one billion mobile application accounts could be logged in without difficulty using the OAuth2.0 protocol". Researchers have found that by third party applications, the OAuth2.0 protocol could be used by hackers remotely without the knowledge of the user.
In addition, how the personal information of the user is protected is also important. Businesses are forced to protect users' personal information at all but at a high cost. The british identity verification cost is over 33 billion pounds per year, equivalent to $ 220 billion, expressed by the customer attention marketing solution provider Ctrl-Shift. This also does not include costs resulting from storage, protection, defaulting, management, etc.
Disclosure of Invention
In order to overcome the above defects in the prior art, the present disclosure provides an identity verification method based on a block chain, a block chain platform, and an operator platform.
As a first aspect of the present disclosure, there is provided an identity authentication method based on a blockchain, including:
receiving an authentication request sent by a server of a first application program, and acquiring a private key therein, wherein the authentication request is sent after the server of the first application program sends an authorized login request to a server of a second application program, and a user authorized login message returned by the server of the second application program is received by the server of the first application program, and the private key is acquired from a terminal device of the user;
responding to a public key and a private key signature corresponding to the private key which are inquired in a block chain account book, and sending a verification request carrying the private key to an operator platform;
and responding to the received verification passing message carrying the user digital identity information returned by the operator platform, and sending the verification passing message carrying the user digital identity information to the server of the first application program.
Preferably, the method further comprises:
and responding to the received public key and private key signature broadcasted by the operator platform in the block chain, and storing the public key and the private key signature in a block chain account book.
As a second aspect of the present disclosure, there is provided an identity authentication method based on a blockchain, including:
receiving a verification request sent by a block chain platform, and acquiring a private key in the verification request;
and responding to the user digital identity information corresponding to the private key queried locally, and sending a verification passing message carrying the user digital identity information to the block chain platform.
Preferably, the method further comprises:
in response to monitoring that a user logs in an application program belonging to the operator platform, locally acquiring user information of the user, and generating digital identity information of the user according to the user information;
generating a private key and a public key corresponding to the user digital identity information;
generating the private key signature according to the private key and the user information;
and sending the private key to the terminal equipment of the user, and broadcasting the public key and the private key signature in a block chain.
Preferably, the generating the user digital identity information according to the user information includes:
calculating a hash value of the user information, and using the hash value as leaf node information of the Mercker tree;
and calculating root node information of the Merck tree according to the leaf node information, and determining the root node information as the user digital identity information.
As a third aspect of the present disclosure, there is provided a blockchain platform, comprising:
the system comprises a receiving module, a sending module and a sending module, wherein the receiving module is used for receiving an authentication request sent by a server of a first application program, the authentication request is sent by the server of the first application program to a server of a second application program, and the authentication request is sent after the server of the first application program receives a user authorization login message returned by the server of the second application program and the private key is obtained from terminal equipment of a user;
the obtaining module is used for obtaining a private key in the identity authentication request;
the sending module is used for responding to the public key and the private key signature corresponding to the private key which are inquired in the block chain account book and sending a verification request carrying the private key to an operator platform; and responding to the received verification passing message carrying the user digital identity information returned by the operator platform, and sending the verification passing message carrying the user digital identity information to the server of the first application program.
Preferably, the method further comprises the following steps:
the storage module is used for responding to the public key and the private key signature which are received from the operator platform broadcast in the block chain, and storing the public key and the private key signature in the block chain account book.
As a fourth aspect of the present disclosure, there is provided an operator platform comprising:
the receiving module is used for receiving a verification request sent by the block chain platform;
the first acquisition module is used for acquiring a private key in the verification request;
and the sending module is used for responding to the user digital identity information corresponding to the private key inquired locally and sending a verification passing message carrying the user digital identity information to the block chain platform.
Preferably, the method further comprises the following steps:
the second acquisition module is used for responding to the monitored application program of the user login belonging to the operator platform and locally acquiring the user information of the user;
the first generation module is used for generating the user digital identity information according to the user information;
the second generation module is used for generating a private key and a public key corresponding to the user digital identity information;
the third generation module is used for generating the private key signature according to the private key and the user information;
the sending module is used for sending the private key to the terminal equipment of the user;
a broadcast module to broadcast the public key and the private key signature in a blockchain.
Preferably, the first generating module is specifically configured to:
calculating a hash value of the user information, and taking the hash value as leaf node information of the Merckel tree;
and calculating root node information of the Mercker tree according to the leaf node information, and determining the root node information as the user digital identity information.
In the identity verification method based on the blockchain provided by the embodiment of the present disclosure, when the blockchain platform receives an identity verification request sent by the server of the first application, if a public key and a private key signature corresponding to a private key are queried in the blockchain account book, and the operator platform queries the user digital identity information of the user, it indicates that the user registers the user digital identity information in the operator platform in advance, and sends an identity verification passing message carrying the user digital identity information to the server of the first application after the user passes the identity verification, thereby implementing anonymous login. And the identity of the user is verified by combining the block chain, so that the digital identity information of the user is not tampered. The method has the advantages that the safety and controllability in the authorized login scene are greatly improved, the privacy and safety of the personal information of the user are protected, meanwhile, a convenient and efficient mode is provided for the user to register and login a new application program, the user experience is improved, and the application of the block chain technology is promoted.
Drawings
Fig. 1 is a flowchart of an identity authentication method based on a block chain on a side of a block chain platform according to an embodiment of the present disclosure;
fig. 2 is a flowchart of an identity authentication method based on a block chain at an operator platform side according to an embodiment of the present disclosure;
fig. 3 is another flowchart of an identity authentication method based on a block chain at an operator platform side according to an embodiment of the present disclosure;
fig. 4 is an alternative implementation of step S302 in fig. 3 provided by an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of a block chain platform according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of an operator platform according to an embodiment of the present disclosure.
Detailed Description
In order to make the technical solutions of the present invention better understood, the present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
The problem that the OAuth2.0 scheme lacks security in the authorized login scene and the problem of how to reduce the cost of personal information protection of the user are solved. The disclosure provides an identity verification method based on a block chain, a block chain platform and an operator platform. The following detailed description is made with reference to the accompanying drawings which respectively illustrate embodiments provided by the present disclosure.
Fig. 1 shows a flowchart of a block chain based identity verification method on a block chain platform side according to an embodiment of the present disclosure. As shown in fig. 1, the identity authentication method based on a blockchain provided in this embodiment includes the following steps.
Step S101, receiving an authentication request sent by a server of a first application program.
Step S102, a private key in the identity authentication request is obtained.
Step S103, in response to the public key and the private key signature corresponding to the private key being queried in the blockchain ledger, sending a verification request carrying the private key to the operator platform.
Step S104, responding to the received authentication passing message carrying the user digital identity information returned by the operator platform, and sending the authentication passing message carrying the user digital identity information to the server of the first application program.
The authentication request is sent after the server of the first application program sends an authorized login request to the server of the second application program, and the server of the first application program receives a user authorized login message returned by the server of the second application program and acquires a private key from the terminal equipment of the user. The first application program is an application program which the user needs to log in, the first application program is registered in the operator platform in advance, and the second application program is an authorized login platform which is jumped when the user logs in the first application program (for example, weChat can authorize to log in other application programs). Specifically, the server of the first application sends an authorized login request to the server of the second application, the server of the second application is redirected to the address of the second application, after the user clicks a control for authorized login (whether login of the first application is allowed, whether the first application is allowed to use personal information of the user, etc.) or inputs an account number and a password of the second application, the server of the second application is redirected to the address of the first application, and the server of the first application acquires a private key prestored by the terminal device from the terminal device of the user.
In the identity verification method based on the blockchain provided by the embodiment of the disclosure, an operator platform creates user digital identity information for a user in advance to replace real account information of the user, and a private key corresponding to the user digital identity information, and a public key and a private key signature corresponding to the private key are stored in a blockchain account book of the blockchain platform in advance. When the blockchain platform receives an identity verification request sent by a server of a first application program, if a public key and a private key signature corresponding to a private key are inquired in a blockchain account book and user digital identity information of the user is inquired through an operator platform, the user registers the user digital identity information in the operator platform in advance, the identity verification of the user is passed, and an identity verification passing message carrying the user digital identity information is sent to the server of the first application program.
In the prior art, after the server of the first application receives the user authorized login message returned by the server of the second application, the server of the first application may obtain the real personal information of the user (for example, the information of the user filled when the user registers the second application), and in the present disclosure, after the user identity verification is passed, the block chain platform sends the digital identity information of the user to the server of the first application, so as to implement anonymous login, where the user is an authenticated user. If the blockchain platform does not send an authentication passing message carrying the digital identity information of the user to the server of the first application program, the user cannot log in the first application program.
In the embodiment of the disclosure, the digital identity information of the user can replace the real account information of the user, so as to realize anonymous login, and the identity of the user is verified by combining the blockchain, so that the digital identity information of the user is ensured not to be tampered. The method has the advantages that the safety and controllability in the authorized login scene are greatly improved, the privacy and safety of the personal information of the user are protected, meanwhile, a convenient and efficient mode is provided for the user to register and login a new application program, the user experience is improved, and the application of the block chain technology is promoted.
In addition, the user digital identity information can be used for verification of third-party partners, can also be used in places needing real-name registration, stations, access controls, banks and the like, greatly facilitates users while protecting privacy of the users, and meanwhile, a supervision layer can also be used for positioning specific users.
In some embodiments, the method further comprises: and responding to the received public key and private key signature broadcasted by the operator platform in the block chain, and storing the public key and private key signature in the block chain account book.
In this step, public key and private key signatures broadcast by the operator platform are pre-stored in the blockchain ledger for verifying the users on the blockchain platform when the users log in the first application program, protecting the privacy of the users and avoiding information leakage of the users.
It should be noted that, as long as the servers of the first application program that joins the blockchain can share the authenticated user. Assuming that the first application program also has its own authenticated user database, the authenticated user corresponding to the first application program may directly log in to other first application programs in the blockchain, and the user also needs to execute steps 101 to S104 of this embodiment when logging in to other first application programs.
Fig. 2 shows a flowchart of an identity verification method based on a blockchain on an operator platform side according to an embodiment of the present disclosure. As shown in fig. 2, the identity authentication method based on a blockchain provided in this embodiment includes the following steps.
Step S201, receiving a verification request sent by the blockchain platform.
Step S202, a private key in the verification request is obtained.
Step S203, in response to the user digital identity information corresponding to the private key being queried locally, sending a verification passing message carrying the user digital identity information to the blockchain platform.
In the identity verification method based on the block chain provided by the embodiment of the disclosure, the operator platform creates the user digital identity information for the user in advance to replace the real account information of the user. And the operator platform prestores a private key corresponding to the user digital identity information. And the operator platform receives the verification request sent by the blockchain platform, acquires the private key in the verification request, and sends a verification passing message carrying the user digital identity information to the blockchain platform if the user digital identity information corresponding to the private key is inquired locally. When the user successfully verifies both the blockchain platform and the operator platform, the blockchain platform sends an identity verification passing message carrying the digital identity information of the user to the server of the first application program, so that anonymous login is realized, and the user is an authenticated user. If the blockchain platform does not send an authentication passing message carrying the digital identity information of the user to the server of the first application program, the user cannot log in the first application program.
In the embodiment of the disclosure, the digital identity information of the user can replace the real account information of the user, so as to realize anonymous login, and the identity of the user is verified by combining the blockchain, so that the digital identity information of the user is ensured not to be tampered. The method has the advantages that the safety and controllability in the authorized login scene are greatly improved, the privacy and safety of the personal information of the user are protected, meanwhile, a convenient and efficient mode is provided for the user to register and login a new application program, the user experience is improved, and the application of the block chain technology is promoted.
In addition, the user digital identity information can be used for verification of third-party partners, can also be used in places needing real-name registration, stations, entrance guards, banks and the like, greatly facilitates users while protecting privacy of the users, and meanwhile, a supervision layer can also position specific users.
Fig. 3 shows another flowchart of an identity verification method based on a blockchain at an operator platform side according to an embodiment of the present disclosure. As shown in fig. 3, in some embodiments, the method further comprises:
step S301, in response to the fact that the user logs in the application program belonging to the operator platform, user information of the user is locally acquired.
Step S302, the user digital identity information is generated according to the user information.
In steps S301 to S302, if it is detected that the user logs in to the application program belonging to the operator platform, user information (including user name, identification number, gender, mobile phone number, operator vip rating information, user attribution information, major-minor card identifier, user network access duration, and the like) of the user is locally obtained. And generating unique user digital identity information for the user according to the user information of the user.
Step S303, a private key and a public key corresponding to the user digital identity information are generated.
And step S304, generating a private key signature according to the private key and the user information.
Step S305, sending the private key to the terminal device of the user, and broadcasting the public key and the private key signature in the blockchain.
In step S303 to step S305, a private key and a public key corresponding to the user digital identity information are generated through algorithmic encryption, and a private key signature is generated using the private key and the user information. The private key is sent to the terminal equipment of the user for storage, and the public key and the private key signature are broadcasted in the block chain.
Fig. 4 illustrates an alternative implementation manner of step S302 in fig. 3 provided by an embodiment of the present disclosure.
In some embodiments, as shown in fig. 4, the generating the user digital identity information according to the user information (i.e., step S302) includes:
step S401, calculating a hash value of the user information, and using the hash value as leaf node information of the Mercker tree.
And step S402, calculating root node information of the Merck tree according to the leaf node information, and determining the root node information as user digital identity information.
In step S401-step S402, the user digital identity information is created for the user by using the Mercker tree algorithm. And calculating a hash value aiming at each piece of user information according to a predetermined rule and a predetermined sequence by default to serve as leaf node information of the Merck tree, and calculating sub-node information of the Merck tree step by step according to a predetermined algorithm and the leaf node information. For example, leaf nodes or sub-nodes of a unified hierarchy circularly execute operations such as addition, subtraction, multiplication and division or execute different types of operations according to the hierarchy number recurred to the leaf nodes, calculate operation results of corresponding positions of hash values of two different leaf nodes, and then generate sub-node information corresponding to the two leaf nodes. And calculating step by step according to the child node information, and finally calculating the root node information of the Mercker tree to form the Mercker tree. And determining the root node information as the user digital identity information.
It should be noted that, as long as the servers of the first application program that joins the blockchain can share the authenticated user. Assuming that the first application program also has its own authenticated user database, the authenticated user corresponding to the first application program may directly log in to other first application programs in the blockchain, and all steps in the embodiments corresponding to fig. 2 to 4 need to be executed when the user logs in to other first application programs.
Fig. 5 shows a schematic structural diagram of a blockchain platform provided in an embodiment of the present disclosure. Based on the same technical concept as the embodiment corresponding to fig. 1, as shown in fig. 5, the block chain platform provided by the embodiment of the present disclosure includes the following modules.
A receiving module 11, configured to receive an authentication request sent by a server of a first application, where the authentication request is sent by the server of the first application sending an authorized login request to a server of a second application, and the authentication request is sent after the server of the first application receives a user authorized login message returned by the server of the second application and acquires the private key from a terminal device of the user;
the obtaining module 12 obtains a private key in the authentication request;
the sending module 13 is configured to send a verification request carrying the private key to the operator platform in response to the public key and the private key signature corresponding to the private key being queried in the blockchain ledger; and responding to the received verification passing message carrying the user digital identity information returned by the operator platform, and sending the verification passing message carrying the user digital identity information to the server of the first application program.
Preferably, the method further comprises the following steps:
and the storage module is used for responding to the public key and the private key signature which are received from the operator platform broadcast in the block chain, and storing the public key and the private key signature in the block chain account book.
Fig. 6 shows a schematic structural diagram of a blockchain platform provided in an embodiment of the present disclosure. Based on the same technical concept as the embodiment corresponding to fig. 2, as shown in fig. 6, the operator platform provided by the embodiment of the present disclosure includes the following modules.
The receiving module 21 is configured to receive an authentication request sent by the block chain platform.
The first obtaining module 22 obtains the private key in the verification request.
And the sending module 22 is configured to send, in response to the user digital identity information corresponding to the private key being locally queried, a verification passing message carrying the user digital identity information to the blockchain platform.
Preferably, the method further comprises the following steps:
the second acquisition module is used for responding to the monitored application program of the user login belonging to the operator platform and locally acquiring the user information of the user;
the first generation module is used for generating the user digital identity information according to the user information;
the second generation module is used for generating a private key and a public key corresponding to the user digital identity information;
the third generation module is used for generating the private key signature according to the private key and the user information;
the sending module is used for sending the private key to the terminal equipment of the user;
a broadcast module to broadcast the public key and the private key signature in a blockchain.
Preferably, the first generating module is specifically configured to:
calculating a hash value of the user information, and using the hash value as leaf node information of the Mercker tree;
and calculating root node information of the Mercker tree according to the leaf node information, and determining the root node information as the user digital identity information.
It will be understood that the above embodiments are merely exemplary embodiments adopted to illustrate the principles of the present invention, and the present invention is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and substance of the invention, and these modifications and improvements are also considered to be within the scope of the invention.

Claims (8)

1. An identity authentication method based on a block chain is characterized by comprising the following steps:
receiving an authentication request sent by a server of a first application program, and acquiring a private key therein, wherein the authentication request is sent after the server of the first application program sends an authorized login request to a server of a second application program, and a user authorized login message returned by the server of the second application program is received by the server of the first application program, and the private key is acquired from a terminal device of the user;
responding to a public key and a private key signature corresponding to the private key which are inquired in a block chain account book, and sending a verification request which carries the private key and corresponds to the identity verification request to an operator platform;
in response to receiving a verification passing message which is returned by the operator platform and carries the user digital identity information, sending the identity verification passing message which carries the user digital identity information to a server of the first application program;
wherein the user digital identity information is determined by the operator platform from root node information of the mercker tree; the root node information is obtained by taking a hash value of user information of a user as leaf node information of the Merckel tree and calculating according to the leaf node information.
2. The blockchain-based identity authentication method according to claim 1, further comprising:
and responding to the received public key and private key signature broadcasted by the operator platform in the block chain, and storing the public key and the private key signature in a block chain account book.
3. An identity authentication method based on a block chain is characterized by comprising the following steps:
receiving an authentication request which is sent by a block chain platform and corresponds to an identity authentication request received by the block chain platform, and acquiring a private key in the authentication request, wherein the identity authentication request is sent to the block chain platform by a server of a first application program;
responding to the user digital identity information corresponding to the private key inquired locally, and sending a verification passing message carrying the user digital identity information to the block chain platform;
wherein the user digital identity information is determined according to root node information of the Mercker tree; the root node information is obtained by taking a hash value of user information of a user as leaf node information of the Mercker tree and calculating according to the leaf node information.
4. The blockchain-based identity authentication method according to claim 3, wherein the method further comprises:
in response to monitoring that a user logs in an application program belonging to the operator platform, locally acquiring user information of the user, and generating the user digital identity information according to the user information;
generating a private key and a public key corresponding to the user digital identity information;
generating the private key signature according to the private key and the user information;
and sending the private key to the terminal equipment of the user, and broadcasting the public key and the private key signature in a block chain.
5. A blockchain platform, comprising:
the system comprises a receiving module, a sending module and a sending module, wherein the receiving module is used for receiving an identity authentication request sent by a server of a first application program, the identity authentication request is sent by the server of the first application program to a server of a second application program, and the identity authentication request is sent after the server of the first application program receives a user authorization login message returned by the server of the second application program and acquires a private key of a user from terminal equipment of the user;
the obtaining module is used for obtaining the private key in the identity authentication request;
the sending module is used for responding to a public key and a private key signature which correspond to the private key and are inquired in a block chain account book, and sending a verification request which carries the private key and corresponds to the identity verification request to an operator platform; in response to receiving a verification passing message which is returned by the operator platform and carries the user digital identity information, sending the identity verification passing message which carries the user digital identity information to a server of the first application program;
wherein the user digital identity information is determined by the operator platform from root node information of the mercker tree; the root node information is obtained by taking a hash value of user information of a user as leaf node information of the Merckel tree and calculating according to the leaf node information.
6. The blockchain platform of claim 5, further comprising:
and the storage module is used for responding to the public key and the private key signature which are received from the operator platform broadcast in the block chain, and storing the public key and the private key signature in the block chain account book.
7. An operator platform, comprising:
the system comprises a receiving module, a judging module and a processing module, wherein the receiving module is used for receiving an authentication request which is sent by a block chain platform and corresponds to an identity authentication request received by the block chain platform, and the identity authentication request is sent to the block chain platform by a server of a first application program;
the first acquisition module is used for acquiring a private key in the verification request;
the sending module is used for responding to the user digital identity information corresponding to the private key inquired locally and sending a verification passing message carrying the user digital identity information to the block chain platform;
wherein the user digital identity information is determined according to root node information of the Mercker tree; the root node information is obtained by taking a hash value of user information of a user as leaf node information of the Mercker tree and calculating according to the leaf node information.
8. The operator platform of claim 7, further comprising:
the second acquisition module is used for responding to the monitored application program of the user login belonging to the operator platform and locally acquiring the user information of the user;
the first generation module is used for generating the user digital identity information according to the user information;
the second generation module is used for generating a private key and a public key corresponding to the user digital identity information;
the third generation module is used for generating the private key signature according to the private key and the user information;
the sending module is used for sending the private key to the terminal equipment of the user;
a broadcast module to broadcast the public key and the private key signature in a blockchain.
CN202110455089.0A 2021-04-26 2021-04-26 Identity verification method based on block chain, block chain platform and operator platform Active CN113194082B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110455089.0A CN113194082B (en) 2021-04-26 2021-04-26 Identity verification method based on block chain, block chain platform and operator platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110455089.0A CN113194082B (en) 2021-04-26 2021-04-26 Identity verification method based on block chain, block chain platform and operator platform

Publications (2)

Publication Number Publication Date
CN113194082A CN113194082A (en) 2021-07-30
CN113194082B true CN113194082B (en) 2022-12-02

Family

ID=76979000

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110455089.0A Active CN113194082B (en) 2021-04-26 2021-04-26 Identity verification method based on block chain, block chain platform and operator platform

Country Status (1)

Country Link
CN (1) CN113194082B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115051848B (en) * 2022-06-08 2023-12-22 西安工业大学 Identity authentication method based on blockchain

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112235290A (en) * 2020-10-13 2021-01-15 中国联合网络通信集团有限公司 Block chain-based Internet of things equipment management method and first Internet of things equipment
WO2021063963A1 (en) * 2019-09-30 2021-04-08 Bpce Process for managing the rights and assets of a user in a block chain

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6547079B1 (en) * 2016-12-23 2019-07-17 深▲セン▼前▲海▼▲達▼▲闥▼▲雲▼端智能科技有限公司Cloudminds (Shenzhen) Robotics Systems Co., Ltd. Registration / authorization method, device and system
CN107547514A (en) * 2017-07-17 2018-01-05 招商银行股份有限公司 Identity identifying method, system and computer-readable recording medium
CN109768865A (en) * 2019-01-18 2019-05-17 深圳市威赫科技有限公司 Block chain upper body part under credible performing environment digitizes realization method and system
CN110071808A (en) * 2019-04-09 2019-07-30 郭浩 A kind of the secure digital identity verification method and device of block chain user

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021063963A1 (en) * 2019-09-30 2021-04-08 Bpce Process for managing the rights and assets of a user in a block chain
CN112235290A (en) * 2020-10-13 2021-01-15 中国联合网络通信集团有限公司 Block chain-based Internet of things equipment management method and first Internet of things equipment

Also Published As

Publication number Publication date
CN113194082A (en) 2021-07-30

Similar Documents

Publication Publication Date Title
US10594696B2 (en) Network-based authentication and security services
Fett et al. A comprehensive formal security analysis of OAuth 2.0
US9871791B2 (en) Multi factor user authentication on multiple devices
US9374369B2 (en) Multi-factor authentication and comprehensive login system for client-server networks
US9298890B2 (en) Preventing unauthorized account access using compromised login credentials
US8683565B2 (en) Authentication
EP2307982B1 (en) Method and service integration platform system for providing internet services
CN114679293A (en) Access control method, device and storage medium based on zero trust security
Fett et al. An extensive formal security analysis of the openid financial-grade api
US20220394026A1 (en) Network identity protection method and device, and electronic equipment and storage medium
CN110417790B (en) Block chain real-name system queuing system and method
USRE47533E1 (en) Method and system of securing accounts
CN101771532A (en) Method, device and system for realizing resource sharing
JP2004185623A (en) Method and system for authenticating user associated with sub-location in network location
CN109245897B (en) Node authentication method and device based on non-interactive zero-knowledge proof
CN113922982A (en) Login method, electronic device and computer-readable storage medium
CN113194082B (en) Identity verification method based on block chain, block chain platform and operator platform
CN106888200B (en) Identification association method, information sending method and device
KR101258972B1 (en) Method for user authentication
US20100250607A1 (en) Personal information management apparatus and personal information management method
CN110278178B (en) Login method, equipment and readable storage medium
CN104113511B (en) A kind of method, system and relevant apparatus for accessing IMS network
KR101861441B1 (en) Finance service providing method using simple login and server performing the same
CN111224918A (en) Real-time networking security control platform and access authentication method
WO2016075467A1 (en) Network based identity federation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant