CN113206857A - Data authentication method and system based on block chain - Google Patents
Data authentication method and system based on block chain Download PDFInfo
- Publication number
- CN113206857A CN113206857A CN202110513964.6A CN202110513964A CN113206857A CN 113206857 A CN113206857 A CN 113206857A CN 202110513964 A CN202110513964 A CN 202110513964A CN 113206857 A CN113206857 A CN 113206857A
- Authority
- CN
- China
- Prior art keywords
- user
- information
- attribute information
- digital identity
- account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a data authentication and certification method based on a block chain, which comprises the following steps: receiving digital identity information registered by a user on a block chain system to obtain a successfully registered digital identity account; adding attribute information of a user statement to the digital identity account which is successfully registered to obtain attribute information of an unauthenticated user statement; and authenticating the attribute information of the user declaration which is not authenticated by using the identity information and the face information provided by the user, and confirming that the attribute information of the user declaration which is not authenticated passes authentication to obtain the attribute information of the user declaration which is authenticated. The invention also provides a data authentication system based on the block chain. The invention ensures the credibility, traceability, irreversibility and safety of the user stored data, and also ensures the integrity and safety of the data submitted to the IPFS storage in the whole authentication and certification link.
Description
Technical Field
The invention belongs to the technical field of block chains, and particularly relates to a data authentication method and system based on a block chain.
Background
A digital identity is a set of digital records representing a user that provide identity information or a warranty basis for an entity to complete a transaction. The digital recording may also incorporate new information to enable a more comprehensive understanding of the user.
The centralized data storage method in the prior art has certain safety faults, and has very large risks of theft and stealing.
Disclosure of Invention
The embodiment of the invention provides a data authentication and authentication method and system based on a block chain, which at least solve one technical problem in the prior art.
In a first aspect, an embodiment of the present invention provides a data authentication method based on a block chain, where the method includes:
receiving digital identity information registered by a user on a block chain system to obtain a successfully registered digital identity account;
adding attribute information of a user statement to the digital identity account which is successfully registered to obtain attribute information of an unauthenticated user statement;
and authenticating the attribute information of the user declaration which is not authenticated by using the identity information and the face information provided by the user, and confirming that the attribute information of the user declaration which is not authenticated passes authentication to obtain the attribute information of the user declaration which is authenticated.
Optionally, the method further comprises:
identifying the attribute information of the authenticated user statement;
storing the attribute information of the authenticated user statement in a JWT format interface request mode to obtain identified attribute information;
and calling an encryption interface, encrypting the attribute information after the identification and carrying out uplink operation.
Optionally, the receiving digital identity information registered by the user on the blockchain system to obtain a successfully registered digital identity account includes:
acquiring one or more digital identity parameters and preset interface header information which are received by a registration interface and registered on a blockchain system by a user;
responding to an account registration request initiated by a registration interface; the information of the account registration request comprises digital identity parameters and preset JWT interface header information;
judging whether the information of the account registration request is matched with the digital identity information of the reference library;
if the contract address is matched with the contract address, establishing an account for the user, and allocating the contract address to the account;
and storing the hash value of the digital identity information of the user on the IPFS based on the contract address to obtain the successfully registered digital identity account.
Optionally, the adding attribute information of the user declaration to the digital identity account that has been successfully registered to obtain attribute information of an unauthenticated user declaration includes:
adding attribute information of a user statement to the digital identity account which is successfully registered;
storing the attribute information of the user declaration in a JWT format interface request manner;
and performing uplink operation on the attribute information of the user declaration to obtain the attribute information of the user declaration which is not authenticated.
Optionally, the identified attribute information corresponds to a globally unique information digest, and after the encryption interface is invoked and the uplink operation is performed on the identified attribute information, the method further includes:
recording the information abstract into a public registry of a block chain;
after the application system obtains the query command, obtaining the information abstract from the block chain;
and retrieving the original file information corresponding to the identified attribute information from the IPFS system by using the acquired information abstract.
Optionally, the performing authentication and verification on the attribute information of the unauthenticated user statement by using the identity information and the face information provided by the user, and confirming that the attribute information of the unauthenticated user statement passes the authentication and verification, includes:
reading the identity card information of the user;
identifying face information of a user by using a face identification method;
and comparing the identity card information and the face information of the user with the digital identity information of the reference library, and confirming that the attribute information of the user declaration which is not authenticated passes authentication after the comparison is consistent.
In a second aspect, an embodiment of the present invention provides a data authentication and authentication system based on a block chain, where the system includes:
the receiving module is used for receiving the digital identity information registered on the block chain system by the user to obtain a successfully registered digital identity account;
the adding module is used for adding attribute information of the user statement to the digital identity account which is successfully registered to obtain the attribute information of the user statement which is not authenticated;
and the authentication module is used for carrying out authentication and authentication on the attribute information of the user declaration which is not authenticated by utilizing the identity information and the face information provided by the user, and confirming that the attribute information of the user declaration which is not authenticated passes the authentication and authentication to obtain the attribute information of the user declaration which is authenticated.
Optionally, the system further comprises:
the identification module is used for identifying the attribute information of the authenticated user statement;
the storage module is used for storing the attribute information of the authenticated user statement in a JWT format interface request mode to obtain the identified attribute information;
and the calling module is used for calling an encryption interface, encrypting the identified attribute information and carrying out uplink operation.
Optionally, the receiving module is configured to:
acquiring one or more digital identity parameters and preset interface header information which are received by a registration interface and registered on a blockchain system by a user;
responding to an account registration request initiated by a registration interface; the information of the account registration request comprises digital identity parameters and preset JWT interface header information;
judging whether the information of the account registration request is matched with the digital identity information of the reference library;
if the contract address is matched with the contract address, establishing an account for the user and allocating the contract address for the account;
and storing the hash value of the digital identity information of the user on the IPFS based on the contract address to obtain the successfully registered digital identity account.
Optionally, the adding module is configured to:
adding attribute information of a user statement to the digital identity account which is successfully registered;
storing the attribute information of the user declaration in a JWT format interface request manner;
and performing uplink operation on the attribute information of the user declaration to obtain the attribute information of the user declaration which is not authenticated.
According to the data authentication and certification method and system based on the block chain, the attribute information of the user declaration which is not certified is authenticated based on the IPFS decentralized storage technology, so that the credibility, traceability, irreversibility and safety of the user storage data are guaranteed; and authentication are carried out on the attribute information declared by the unauthenticated user by utilizing the identity information and the face information provided by the user, and the integrity and the safety of data submitted to an IPFS (Internet protocol file system) storage in the whole authentication and authentication link are also ensured.
Drawings
Fig. 1 is a schematic flowchart of a block chain-based data authentication method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a block chain-based data authentication system according to an embodiment of the present invention.
Detailed Description
The present invention is described in detail with reference to the embodiments shown in the drawings, but it should be understood that these embodiments are not intended to limit the present invention, and those skilled in the art should understand that functional, methodological, or structural equivalents or substitutions made by these embodiments are within the scope of the present invention.
Example one
Fig. 1 is a schematic flowchart of a block chain-based data authentication method according to an embodiment of the present invention, and referring to fig. 1, the method includes the following steps:
a data authentication and authentication method based on a block chain comprises the following steps:
s100: receiving digital identity information registered by a user on a block chain system to obtain a successfully registered digital identity account;
specifically, in an actual scenario, for example, a user may register a digital identity account on a blockchain system on a terminal APP, and the following requirements are required: the mobile phone number is used for filling in a nickname of a user, then filling in a mobile phone number which is not registered in the APP and can receive the verification code, inputting within 2 minutes after receiving the verification code, checking a user protocol, clicking a registration button to check the result correctly, and smoothly and automatically logging in a home page, namely completing the registration operation of the digital identity account; wherein, the registration operation of the digital identity account is completed by a non-JWT request mode, and the digital identity account of a block chain can be obtained after the completion of the registration operation.
S200: adding attribute information of a user statement to the digital identity account which is successfully registered to obtain attribute information of an unauthenticated user statement;
specifically, in an actual scenario, for example, the user needs to add necessary attribute information of a legitimate user statement of authenticity to a digital identity account that has been successfully registered, where the attribute information includes information with authority such as a user name, an identity card, and a graduation card.
However, it is obvious that the attribute information that only has the user self-declaration is not authoritative, because the attribute information at this time has not been authenticated, the authentication method needs to further authenticate the attribute information declared by the unauthenticated user, and the authentication method is shown in the following step S300;
s300: and authenticating the attribute information of the user declaration which is not authenticated by using the identity information and the face information provided by the user, and confirming that the attribute information of the user declaration which is not authenticated passes the authentication.
The embodiment is based on IPFS decentralized storage technology to authenticate and authenticate the attribute information of the user declaration which is not authenticated, so as to ensure the credibility, traceability, irreversibility and safety of user storage data; and authentication are carried out on the attribute information declared by the unauthenticated user by utilizing the identity information and the face information provided by the user, and the integrity and the safety of data submitted to an IPFS (Internet protocol file system) storage in the whole authentication and authentication link are also ensured.
After confirming that the attribute information of the unauthenticated user statement is authenticated by authentication, optionally, the method further comprises the steps of:
s400: identifying the attribute information of the authenticated user statement;
s500: storing the attribute information of the authenticated user statement in a JWT format interface request mode to obtain identified attribute information;
s600: calling an encryption interface, encrypting the attribute information after the identification and carrying out uplink operation;
in the above steps S400-S600, by encrypting the identified attribute information and performing uplink operation, a short board in the block chain technology, that is, legalized original data, can be solved, and such a block chain distributed storage mode is an integrated mode, which ensures the legality of data before uplink and protects the security of data after uplink.
Optionally, the step S100 of receiving the digital identity information registered by the user on the blockchain system to obtain a successfully registered digital identity account includes the following substeps:
s11: acquiring one or more digital identity parameters and preset interface header information which are received by a registration interface and registered on a blockchain system by a user;
s12: responding to an account registration request initiated by a registration interface; the information of the account registration request comprises digital identity parameters and preset JWT interface header information;
s13: judging whether the information of the account registration request is matched with the digital identity information of the reference library;
s14: if the contract address is matched with the contract address, establishing an account for the user, and allocating the contract address to the account;
s15: storing a hash value of the digital identity information of the user on an IPFS (Internet protocol file system) based on the contract address to obtain the digital identity account which is successfully registered;
specifically, in a practical scenario, for example: the registration interface uses parameters of a user such as a mobile phone number, a verification code, a nickname and the like, adds preset interface head information (head), initiates a request to a background, judges whether the information of the account registration request is matched with the digital identity information of a reference library after the background receives the request, creates a new account and allocates a contract address for the user if the information of the account registration request is matched with the digital identity information of the reference library, and stores a hash value of the digital identity information of the user on a distributed IPFS (Internet protocol multimedia File System), so that the user can obtain the successfully registered digital identity account.
Optionally, in the step S200, adding attribute information of a user claim to the digital identity account that has been successfully registered to obtain attribute information of an unauthenticated user claim, including the following sub-steps:
s21: adding attribute information of a user statement to the digital identity account which is successfully registered;
s22: storing the attribute information of the user declaration in a JWT format interface request manner;
s23: performing uplink operation on the attribute information of the user declaration to obtain the attribute information of the user declaration which is not authenticated;
specifically, in a practical scenario, for example, a user may autonomously declare some related attribute information that needs to be uplink-stored, which may include information with authority such as a user name, an identity card, a graduation certificate, and the like, and submit the information to the background for storage by using an interface request method in the JWT format, and the background performs uplink operation on a hash value of the attribute information of the user declaration, where the attribute information of the user declaration is still in a submitted but unauthenticated stage and will be identified by the system as the attribute information of the unauthenticated user declaration.
The above-mentioned JWT format is explained in detail below to facilitate a better understanding of the technical solution of the present embodiment.
The JWT of this embodiment is encoded into the JWT format by performing segmentation operation on the public parameters and the specific parameters and using the secp256k1 algorithm to perform signature calculation, and is a technical solution of a set of customized content conforming to the standard customized according to the block chain digital identity system, and the JWT format used in this embodiment is specifically defined as follows:
JWT is a three-segment structure, which includes three parts of a header, a payload and a signature, the middle part is divided by ". quadrature.", and the JWT is encoded by using base64, and finally a compact JSON object with safe URL is generated. Like this structure:
cccccc(header).dddddd(payload).eeeeee(signature)
wherein, the first section: JWT header. This segment is divided into two parts, one type and one algorithm, we use base64 code, (QmPVUYN5f1LbkiHkXpMTR3 hvlsypp 74iss s9vJDdgdE4Z5a) and defines the form in conjunction with the SECP256k1 algorithm as follows:
{
“alg”:“SECP256K1”
“type”:“JWT”
}
the second section is also the most important section, and is the embodiment of the specific content: JWT payload. It has standard fields, and corresponding contents can be defined according to different digital identities. The data request comprises common parameters of the data request and parameters of the actual request, and different data can be generated according to different interface parameters. Common parameters such as usage: hash, id, public key, timestamp, etc.; the specific interface parameters need to be determined by combining background definition, and the used coding form is as follows: base64 encoding, an example is as follows:
yJzaWciOiIiLCJjZXJ0UmVzIjoiMCIsImNlcnRTdHIiOiIwMFhYIiwiZnVsbE5hbWUiOiLmsaTkuabkupoi==
the third section is also the most critical step, which concerns the private key signature and the security of the interface: JWT signature. The third section needs the form of the two previous sections of base64 codes, and the two sections of base64 codes are combined together by using ". multidot.m. to carry out SECP256k1 signature of private key, the signature mode is already defined in the head, and the data after the final signature is carried out base64 coding.
The SECP256k1 algorithm mode is: and performing signature calculation on the first two segments to obtain a signature value (v, r, s), then performing RLP (Long term evolution) coding on the signature value (v, r, s), outputting a final coding result as a signature result, and finally performing Base64 coding to generate a signature item. Examples are as follows:
ny1iMWRlZGM4ZGFmOGEiLCJpZE51bSI6IjM3MjkyODE5ODgwMjAzNzQ2 MCIsImNlcRNb 2RlIjoiNjYifQ, which is referred to as a signature entry.
The calculation of three sections is completed, and the final output effect of the JWT is as follows: splicing three-section, base64 encoding. The two parts (header and payload) and the calculated signature are spliced together to obtain final data, and then the final data is assembled into a json data format to carry out interface request, wherein the examples are as follows:
{“jwt”:“eyJzaWciOiIiLCJjZXJ0UmVzIjoiMCIsImNlcnRTdHIiOiIwMFhYIiwiZnVsbE5hbWUiOiLmsaTkuabkupoiLCJjZXJ0VG9rZW4iOiJiMTczMzUzNS0zODBlL”}
optionally, the identified attribute information corresponds to a globally unique information digest, and in step S600, after the encryption interface is invoked and the uplink operation is performed on the identified attribute information, the method further includes the following steps:
s700: recording the information abstract into a public registry of a block chain;
s800: after the application system obtains the query command, obtaining the information abstract from the block chain;
s900: retrieving original file information corresponding to the identified attribute information from the IPFS system by using the acquired information abstract;
in particular, in a practical scenario, for example, the function undertaken by the background during the enrollment phase is to generate an identity identifier using a public key provided by the user, which is globally unique and controllable only by the registrant's private key, which is indicative of the digital identity of the user at the blockchain and application system.
And the background carries out uplink storage of attribute information of the user statement on the IPFS, and each piece of information stored on the IPFS distributed storage system corresponds to a globally unique information abstract.
In this embodiment, the APP program records the information digest in the public registry of the blockchain, and after the application system obtains the query command, the APP program first obtains the information digest from the blockchain, and then retrieves the original file information corresponding to the identified attribute information from the IPFS system.
Optionally, in the step 300, the authentication and verification of the attribute information of the unauthenticated user declaration is performed by using the identity information and the face information provided by the user, and it is confirmed that the attribute information of the unauthenticated user declaration passes the authentication and verification, which includes the following sub-steps:
s31: reading the identity card information of the user;
s32: identifying face information of a user by using a face identification method;
s33: comparing the identity card information and the face information of the user with the digital identity information of the reference library, and confirming that the attribute information of the user declaration which is not authenticated passes authentication after the comparison is consistent;
specifically, in an actual scenario, for example, the user may select an offline or online authentication and authentication manner, where the offline manner is:
when the user selects the offline authentication, the system prompts the user to carry the identity card to transact the authentication work of the stored information personally. The offline authentication link comprises the steps that the card reader reads identity card information, compares the identity card information with the digital identity information of the reference library in combination with the facial information of the user on site, and gives a conclusion that the authentication passes if the read information is consistent with the digital identity information of the reference library, otherwise, the authentication fails and subsequent services cannot be handled;
if the user selects the on-line authentication mode, the user is required to upload an identity card picture and a face image for authentication (for example, the pupil iris is used for identifying whether the user can blink or not to identify the face);
by the off-line or on-line authentication and authentication method, the authenticity and the validity of the attribute information declared by an unauthenticated user are confirmed, and the data stored in the block chain cannot guarantee the originality and the authenticity of the data before being stored, so the data needs to be stored after being validated. .
The terminal APP of the method can be connected with a public security system reference library in real time to confirm the digital identity information, the face information identification method can obtain a prompt and specific information of successful authentication and authentication after determining that the operation is the operation of the user, and at the moment, the block chain account only has an authoritative user information and can be used for uplink storage to serve as an effective certificate for handling the service later by the user.
Example two
Fig. 2 is a schematic structural diagram of a block chain-based data authentication system according to an embodiment of the present invention, referring to fig. 2, where the system includes:
a receiving module 101, configured to receive digital identity information registered by a user on a blockchain system, and obtain a digital identity account that has been successfully registered;
an adding module 102, configured to add attribute information of a user declaration to the successfully registered digital identity account to obtain attribute information of an unauthenticated user declaration;
and the authentication module 103 is configured to perform authentication on the attribute information of the unauthenticated user statement by using the identity information and the face information provided by the user, and confirm that the attribute information of the unauthenticated user statement passes the authentication.
Optionally, the system further comprises:
an identification module 104, configured to identify attribute information of the authenticated user declaration;
the storage module 105, which stores the attribute information of the authenticated user statement in a JWT format interface request mode to obtain the identified attribute information;
and the invoking module 106 is configured to invoke an encryption interface, encrypt the identified attribute information, and perform uplink operation.
Optionally, the receiving module 101 is configured to perform the following operations:
acquiring one or more digital identity parameters and preset interface header information which are received by a registration interface and registered on a blockchain system by a user;
responding to an account registration request initiated by a registration interface; the information of the account registration request comprises digital identity parameters and preset JWT interface header information;
judging whether the information of the account registration request is matched with the digital identity information of the reference library;
if the contract address is matched with the contract address, establishing an account for the user and allocating the contract address for the account;
and storing the hash value of the digital identity information of the user on the IPFS based on the contract address to obtain the successfully registered digital identity account.
Optionally, the adding module 202 is configured to:
adding attribute information of a user statement to the digital identity account which is successfully registered;
storing the attribute information of the user declaration in a JWT format interface request manner;
and performing uplink operation on the attribute information of the user declaration to obtain the attribute information of the user declaration which is not authenticated.
Optionally, the system further comprises:
a recording module 107, configured to record the information summary into a public registry of a blockchain;
the obtaining module 108 obtains the information summary from the block chain after the application system obtains the query command;
and retrieving the original file information corresponding to the identified attribute information from the IPFS system by using the acquired information abstract.
Optionally, the authentication module 103 is configured to:
reading the identity card information of the user;
identifying face information of a user by using a face identification method;
and comparing the identity card information and the face information of the user with the digital identity information of the reference library, and confirming that the attribute information of the user declaration which is not authenticated passes authentication after the comparison is consistent.
The working process of the block chain-based data authentication and certification system in this embodiment is substantially the same as that of the block chain-based data authentication and certification method in the first embodiment, and is not described herein again.
In summary, the invention has the following advantages:
the invention stores the data information into the decentralized IPFS system, can get rid of the traditional central processing unit and solves the safety problem of user data storage to a great extent.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A data authentication and authentication method based on a block chain comprises the following steps:
receiving digital identity information registered by a user on a block chain system to obtain a successfully registered digital identity account;
adding attribute information of a user statement to the digital identity account which is successfully registered to obtain attribute information of an unauthenticated user statement;
and authenticating the attribute information of the user declaration which is not authenticated by using the identity information and the face information provided by the user, and confirming that the attribute information of the user declaration which is not authenticated passes authentication to obtain the attribute information of the user declaration which is authenticated.
2. The method of claim 1, further comprising:
identifying the attribute information of the authenticated user statement;
storing the attribute information of the authenticated user statement in a JWT format interface request mode to obtain identified attribute information;
and calling an encryption interface, encrypting the attribute information after the identification and carrying out uplink operation.
3. The method of claim 1, wherein receiving digital identity information registered by a user on a blockchain system, and obtaining a successfully registered digital identity account comprises:
acquiring one or more digital identity parameters and preset interface header information which are received by a registration interface and registered on a blockchain system by a user;
responding to an account registration request initiated by a registration interface; the information of the account registration request comprises digital identity parameters and preset JWT interface header information;
judging whether the information of the account registration request is matched with the digital identity information of the reference library;
if the contract address is matched with the contract address, establishing an account for the user, and allocating the contract address to the account;
and storing the hash value of the digital identity information of the user on the IPFS based on the contract address to obtain the successfully registered digital identity account.
4. The method of claim 1, wherein adding attribute information of a user claim to the successfully registered digital identity account to obtain attribute information of an unauthenticated user claim comprises:
adding attribute information of a user statement to the digital identity account which is successfully registered;
storing the attribute information of the user declaration in a JWT format interface request manner;
and performing uplink operation on the attribute information of the user declaration to obtain the attribute information of the user declaration which is not authenticated.
5. The method of claim 2, wherein the identified attribute information corresponds to a globally unique information digest, and wherein after the invoking of the ciphering interface and the uplink operation performed on the identified attribute information, the method further comprises:
recording the information abstract into a public registry of a block chain;
after the application system obtains the query command, obtaining the information abstract from the block chain;
and retrieving the original file information corresponding to the identified attribute information from the IPFS system by using the acquired information abstract.
6. The method of claim 1, wherein the authenticating the attribute information of the unauthorized user assertion with the identity information and the face information provided by the user, and confirming that the attribute information of the unauthorized user assertion passes the authentication, comprises:
reading the identity card information of the user;
identifying face information of a user by using a face identification method;
and comparing the identity card information and the face information of the user with the digital identity information of the reference library, and confirming that the attribute information of the user declaration which is not authenticated passes authentication after the comparison is consistent.
7. A block chain based data authentication system, the system comprising:
the receiving module is used for receiving the digital identity information registered on the block chain system by the user to obtain a successfully registered digital identity account;
the adding module is used for adding attribute information of the user statement to the digital identity account which is successfully registered to obtain the attribute information of the user statement which is not authenticated;
and the authentication module is used for carrying out authentication and authentication on the attribute information of the user declaration which is not authenticated by utilizing the identity information and the face information provided by the user, and confirming that the attribute information of the user declaration which is not authenticated passes the authentication and authentication to obtain the attribute information of the user declaration which is authenticated.
8. The system of claim 7, further comprising:
the identification module is used for identifying the attribute information of the authenticated user statement;
the storage module is used for storing the attribute information of the authenticated user statement in a JWT format interface request mode to obtain the identified attribute information;
and the calling module is used for calling an encryption interface, encrypting the identified attribute information and carrying out uplink operation.
9. The system of claim 7, wherein the receiving module is configured to:
acquiring one or more digital identity parameters and preset interface header information which are received by a registration interface and registered on a blockchain system by a user;
responding to an account registration request initiated by a registration interface; the information of the account registration request comprises digital identity parameters and preset JWT interface header information;
judging whether the information of the account registration request is matched with the digital identity information of the reference library;
if the contract address is matched with the contract address, establishing an account for the user and allocating the contract address for the account;
and storing the hash value of the digital identity information of the user on the IPFS based on the contract address to obtain the successfully registered digital identity account.
10. The system of claim 7, wherein the add module is configured to:
adding attribute information of a user statement to the digital identity account which is successfully registered;
storing the attribute information of the user declaration in a JWT format interface request manner;
and performing uplink operation on the attribute information of the user declaration to obtain the attribute information of the user declaration which is not authenticated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110513964.6A CN113206857A (en) | 2021-05-12 | 2021-05-12 | Data authentication method and system based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110513964.6A CN113206857A (en) | 2021-05-12 | 2021-05-12 | Data authentication method and system based on block chain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113206857A true CN113206857A (en) | 2021-08-03 |
Family
ID=77031040
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110513964.6A Pending CN113206857A (en) | 2021-05-12 | 2021-05-12 | Data authentication method and system based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113206857A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106529946A (en) * | 2016-11-01 | 2017-03-22 | 北京金股链科技有限公司 | Method for realizing user identity digitalization based on block chain |
| US20180294966A1 (en) * | 2017-04-05 | 2018-10-11 | Samsung Sds Co., Ltd. | Blockchain-based digital identity management method |
| CN110991253A (en) * | 2019-11-08 | 2020-04-10 | 中国联合网络通信集团有限公司 | Block chain-based face digital identity recognition method and device |
| CN111010372A (en) * | 2019-11-20 | 2020-04-14 | 国家信息中心 | Block chain network identity authentication system, data processing method and gateway equipment |
| CN111625800A (en) * | 2020-06-05 | 2020-09-04 | 光载互联(杭州)科技有限公司 | Digital identity authentication method and system based on in-vivo detection |
| CN111666545A (en) * | 2020-07-23 | 2020-09-15 | 光载互联(杭州)科技有限公司 | Block chain-based digital identity information retrieving system and method |
-
2021
- 2021-05-12 CN CN202110513964.6A patent/CN113206857A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106529946A (en) * | 2016-11-01 | 2017-03-22 | 北京金股链科技有限公司 | Method for realizing user identity digitalization based on block chain |
| US20180294966A1 (en) * | 2017-04-05 | 2018-10-11 | Samsung Sds Co., Ltd. | Blockchain-based digital identity management method |
| CN110991253A (en) * | 2019-11-08 | 2020-04-10 | 中国联合网络通信集团有限公司 | Block chain-based face digital identity recognition method and device |
| CN111010372A (en) * | 2019-11-20 | 2020-04-14 | 国家信息中心 | Block chain network identity authentication system, data processing method and gateway equipment |
| CN111625800A (en) * | 2020-06-05 | 2020-09-04 | 光载互联(杭州)科技有限公司 | Digital identity authentication method and system based on in-vivo detection |
| CN111666545A (en) * | 2020-07-23 | 2020-09-15 | 光载互联(杭州)科技有限公司 | Block chain-based digital identity information retrieving system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11777726B2 (en) | Methods and systems for recovering data using dynamic passwords | |
| CN110098932B (en) | Electronic document signing method based on safe electronic notarization technology | |
| CN108834144B (en) | Method and system for managing association of operator number and account | |
| CN102045367B (en) | Registration method and authentication server of real-name authentication | |
| US11588638B2 (en) | Digital notarization using a biometric identification service | |
| CN114531277B (en) | User identity authentication method based on blockchain technology | |
| CN112199721A (en) | Authentication information processing method, device, equipment and storage medium | |
| JP2007527059A (en) | User and method and apparatus for authentication of communications received from a computer system | |
| US9692754B2 (en) | Ensuring the security of a data transmission | |
| WO2021190197A1 (en) | Method and apparatus for authenticating biometric payment device, computer device and storage medium | |
| KR20180013710A (en) | Public key infrastructure based service authentication method and system | |
| WO2020042508A1 (en) | Method, system and electronic device for processing claim incident based on blockchain | |
| CN113676332B (en) | Two-dimensional code authentication method, communication device and storage medium | |
| JPH10224345A (en) | Cipher key authentication method for chip card and certificate | |
| CN113487321A (en) | Identity identification and verification method and system based on block chain wallet | |
| CN109829722A (en) | A kind of user identity real name identification method of electronic fare payment system | |
| KR20200055178A (en) | Management server and method of digital signature for electronic document | |
| EP3443501B1 (en) | Account access | |
| CN114519206A (en) | Method for anonymously signing electronic contract and signature system | |
| CN111934881A (en) | Data right confirming method and device, storage medium and electronic device | |
| CN115482132A (en) | Data processing method and device for electronic contract based on block chain and server | |
| CN113206857A (en) | Data authentication method and system based on block chain | |
| KR102160892B1 (en) | Public key infrastructure based service authentication method and system | |
| CN109672526B (en) | Method and system for managing executable program | |
| CN115470499A (en) | Data processing method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20210803 |
|
| WD01 | Invention patent application deemed withdrawn after publication |