CN113468594A - Identity management method based on bitcoin or branch block chain thereof - Google Patents
Identity management method based on bitcoin or branch block chain thereof Download PDFInfo
- Publication number
- CN113468594A CN113468594A CN202110712465.XA CN202110712465A CN113468594A CN 113468594 A CN113468594 A CN 113468594A CN 202110712465 A CN202110712465 A CN 202110712465A CN 113468594 A CN113468594 A CN 113468594A
- Authority
- CN
- China
- Prior art keywords
- registration
- time
- information
- transaction
- registrant
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 title claims abstract description 25
- 238000000034 method Methods 0.000 claims abstract description 77
- 238000012790 confirmation Methods 0.000 claims abstract description 4
- 238000010276 construction Methods 0.000 claims description 34
- 238000010200 validation analysis Methods 0.000 claims description 6
- 238000012795 verification Methods 0.000 abstract 3
- 238000005516 engineering process Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Lock And Its Accessories (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an identity management method based on a bitcoin or a branch block chain thereof, which comprises the following steps: first, the registry needs to register its own public key information, and the registry cannot be counterfeited. Then the registrant applies for registering identity information to the registration center through the block chain, then the registration center receives the registration application, if the registration application passes the verification, the registration center writes the registrant information into the block chain; the inquirer can inquire the identity information of the registrant through a block chain or a registration center, the identity inquiry method adopts a registration request transaction inquiry and registration transaction inquiry double-confirmation method, the registration request transaction inquiry ensures that the registration public key is owned by the registrant, the registration transaction inquiry ensures that the registrant passes the verification of the registration center, and the double-confirmation inquiry can prevent the impersonation registration attack. Finally, the registrant invalidates its own identity information through the blockchain. The invention can realize the on-line verification of the user identity, simultaneously avoid the complicated invalidation process and save the time cost.
Description
Technical Field
The invention relates to the technical field of public block chain identity management, in particular to an identity management method based on a bitcoin or a branch block chain thereof.
Background
Nowadays, with the rapid development of internet technology, the network environment becomes increasingly complex, the accuracy of personal data information directly determines the quality and safety of network communication, and the guarantee that the identity information of personal data is real, reliable and credible is an important condition for safe sharing in network communication. The block chain technology is an emerging information technology in recent years, and has the characteristics of openness and transparency, traceability, trace retention in the whole process, impossibility of counterfeiting, decentralization and the like, so that the block chain has unique advantages in data authentication, evidence storage, sharing and privacy protection, and the data security can be ensured to a certain extent. In a traditional Public Key Infrastructure (PKI) mechanism, a trusted third party authority certificate certification Center (CA) issues and verifies a certificate to provide service, although a centralized structure brings convenience for management and supervision, certain challenge exists in safety of the certificate, once the centralized structure is attacked, user information is lost or leaked, meanwhile, lawless persons can perform illegal registration, and thus, the loss which cannot be estimated is brought to the user. Therefore, a decentralized identity information storage management platform can be established by using the block chain technology, and the identity information storage management platform is used as an upgrading scheme of the PKI to realize identity management and authentication.
The invention provides an identity management method aiming at the centralized storage defect of the existing system and based on a bitcoin or a branch block chain thereof. The method organically fuses public and private keys of the PKI and public and private keys of the block chain, stores the identity information of the user on the block chain by decentralized storage of the block chain, does not need a third-party trusted authority to store the identity information, and can avoid loss of the identity information of the user. The user under the invention has decentralized autonomous digital identity, so that the user can really master own identity information, and the safety and transparency of identity information storage are improved.
Disclosure of Invention
Aiming at the problems, the invention provides an identity management method based on a bitcoin or a branch block chain thereof, which aims to solve the problems of centralization and single-point failure of the traditional digital identity management. The invention comprises the following methods and operations:
1) role and role in the method;
2) a construction method of a registration request;
3) a construction method of registration information;
4) registering a construction method of revocation information;
5) a construction method of a registration request transaction;
6) a construction method of a registration transaction;
7) registering a construction method of a voiding transaction;
8) registering an operation method of identity information;
9) operation method of cancelling registration information;
10) an operation method for inquiring the effective registration time period of the registration information;
11) and (4) an operation method of identity query.
Further, as shown in fig. 1, the roles and roles in the method include the following descriptions:
the method includes three roles, registrant (its private key is S, public key is P, address is A), registration Center (RC, its private key is S)RCThe public key is PRCThe address is ARC) And a querier.
1.1) the registrant makes a registration request to the registry through a registration request transaction.
1.2) the registry verifies the identity of the registrant and registers the information to the blockchain by registering the transaction record.
1.3) the registrant may invalidate the registered message.
1.4) inquiring the identity information of the registrant by the inquirer.
1.5) the first registration service processed by the registration center is the registration information of the self public key and the registration center name.
Further, the method for constructing the registration request information in method 2 includes the following steps:
the registration request message contains eight entries, each delimited by parentheses, the format of which is as follows: [ identifier ] [ registration request ] [ registrar name ] [ registrar public key ] [ chain code ] [ registration validation time ] [ registration invalidation time ] [ remark ]. The registration request information is used for making a registration application to the registration information center.
2.1) [ identifier ] is a fixed value of 146 znkdhhxm 6 tdrik 44yVsAYow9CFhoLim, indicating that the piece of information is resolved according to the definition of the method;
2.2) [ registration request ] is a fixed value, represents an operation name and indicates that the piece of information is registration request information;
2.3) [ registrant name ] is registration authority, department or personal name;
2.4) [ public key of registrant ] is the public key which marks the identity of registrant, its correspondent private key is kept secret;
2.5) [ chain code ] can be set to a specific value or null value as required;
2.6) [ registration effective time ] is effective time of the registration information;
2.7) [ registration failure time ] is the failure time of the registration information;
2.8) [ remarks ] can be set to null and can be left as extension.
Further, the method for constructing the registration information of method 3 includes the following description:
the registration information contains eight entries, each delimited by parentheses, in the following format: [ identifier ] [ register ] [ registrant name ] [ registrant public key ] [ chain code ] [ registration effective time ] [ registration failure time ] [ remark ]
3.1) [ identifier ] is a fixed value of 146 znkdhhxm 6 tdrik 44yVsAYow9CFhoLim, indicating that the piece of information is resolved according to the definition of the method;
3.2) [ register ] is a fixed value, represents the operation name, shows that this piece of information is registration information;
3.3) [ registrant name ] is registration authority, department or personal name;
3.4) [ registrant public key ] is a public key for identifying the identity of the registrant, and a corresponding private key is kept secret;
3.5) [ chain code ] can be set to a specific value or null value as required;
3.6) [ registration effective time ] is effective time of the registration information;
3.7) [ registration failure time ] is the failure time of the registration information;
3.8) [ remarks ] can be set to null and can be left as extension.
Further, the method for constructing the registration revocation information of the method 4 includes the following description:
the registration revocation information contains nine items, each of which is defined by middle brackets and is in the format as follows: [ protocol identifier ] [ cancel ] [ registration revocation time ] [ registrant name ] [ registrant public key ] [ chain code ] [ registration validation time ] [ registration revocation time ] [ remark ].
4.1) [ identifier ] is a fixed value of 146 znkdhhxm 6 tdrik 44yVsAYow9CFhoLim, indicating that the piece of information is resolved according to the definition of the method;
4.2) [ cancel ] is a fixed value, represents the operation name, shows that this information is the registration cancellation information;
4.3) [ registration revocation time ] is revocation time of the registration information;
4.4) [ registrant name ] is a registration authority, department or personal name;
4.5) [ public key of registrant ] is the public key which marks the identity of registrant, its correspondent private key is kept secret;
4.6) [ chain code ] can be set to a specific value or null value as required;
4.7) [ registration effective time ] is effective time of the registration information;
4.8) [ registration failure time ] is the failure time of the registration information;
4.9) [ remarks ] can be set to null and can be left as extension.
Further, as shown in fig. 2, the registration request transaction construction method of the method 5 includes the following descriptions:
the registration request transaction is sent to the registration center by the registrant through the block chain, and the following conditions are met:
5.1) a registration request transaction comprises at least one input which is signed with the registrant 'S private key S to unlock at least one standard output of the P2PKH locked at the registrant' S address A.
5.2) the registration request transaction contains at least two outputs. One of the outputs is a standard P2PKH output and the output address is the registry address ARC. The other one of themThe output is an output containing registration request information. The registration request information may be stored in the output Op _ Return region or Op _ Pushdata region.
Further, as shown in fig. 3, the method for constructing the registration transaction of method 6 includes the following steps:
the registration transaction is issued by the registry to the registrant via the blockchain. The following conditions are satisfied:
6.1) A registration transaction comprises at least one input using the private key S of the registration centerRCSigning, unlocking at least one lock at a registry address ARCStandard output of P2PKH above.
6.2) the registration transaction contains at least two outputs. One of the outputs is a standard P2PKH output and the output address is registrar address a. Wherein the other output is an output containing registration information. The registration information may be stored in the output Op _ Return region or Op _ Pushdata region.
Further, as shown in fig. 4, the method for constructing the cancellation registration transaction of method 7 includes the following steps:
the registration cancellation transaction is issued by the registrant to the registry via the blockchain. The following conditions are satisfied:
7.1) a registration revocation transaction comprises at least one input which is signed with the registrant 'S private key S to unlock at least one standard output of the P2PKH locked at the registrant' S address A.
7.2) the registration voiding transaction comprises at least two outputs. One of the outputs is a standard P2PKH output and the output address is the registry address ARC. Wherein the other output is an output containing registration revocation information. The registration revocation information may be stored in the output Op _ Return region or Op _ Pushdata region.
Further, as shown in fig. 5, the identity information registration method of the method 8 includes the following steps:
8.1) the registrant constructs the registration request information according to the construction method of the registration request information;
8.2) the registrant constructs a registration request transaction according to the construction method of the registration request transaction, and sends the registration request transaction to the address of the registration center through the block chain to apply for registration to the registration center.
8.3) the registrant presents the legal document for proving the identity of the registrant to a registration center;
8.4) the registration center verifies the identity of the registrant;
8.5) if the identity check can not be passed, rejecting and suspending the registration;
8.6) the registration center searches the registration request transaction of the public key P under the identifier of the method;
8.7) if not, rejecting and aborting the registration;
8.8) the registration center searches the registration transaction of the public key P under the identifier of the method;
8.9) if present, rejecting and aborting the registration;
8.10) the registry searches the registration invalidation transaction of the public key P under the identifier of the method;
8.11) if present, reject and abort registration;
8.12) the registry constructs the registration transaction according to the construction method of the registration transaction, and the registration transaction is sent to the registrant address through the block chain to complete registration.
Further, as shown in fig. 8, the revocation registration information method of the method 9 includes the steps of:
9.1) constructing the registration revocation information of the public key according to the construction method of the registration revocation information;
9.2) constructing the registration invalidation transaction of the public key according to the construction method of the registration invalidation transaction;
9.3) the registrant broadcasts a registration cancellation transaction, stores the transaction on the blockchain, and completes registration information cancellation. Further, as shown in fig. 7, the method for querying the registration information valid registration period of the method 10 includes the following steps:
10.1) registration request transaction looking for public key P registration request transaction can ensure that the registration public key is owned by the registrant.
10.2) if the search fails, returning a null value;
10.3) searching the first registration transaction of the public key P, and inquiring the registration transaction to ensure that the identity of the registrant is authenticated by the registration center. Double-confirmation queries may prevent impersonation registration attacks.
10.4) if the search fails, returning a null value;
10.5) comparing the registration request information with the registration information, and judging whether other items are consistent except the operation name;
10.6) if not consistent, returning a null value;
10.7) analyzing the registration effective time and the registration failure time of the public key P;
10.8) acquiring the time of the block where the registered transaction is located;
10.9) if the registration effective time is earlier than the time of the block where the registration transaction is located, the registration effective time of the updated public key P is the time of the block where the registration transaction is located, and as the registration effective time is only one planned time, in the method, the registration effective time is subject to the time of the block where the registration transaction is located.
10.10) searching the first registration invalidation transaction of the public key P, wherein one registration public key P can only be invalidated effectively once under the method, and the registration invalidation transaction of the first public key P is an effective registration invalidation transaction.
10.10.1) if it exists, obtaining the registration cancellation time of the public key P and the time of the block where the registration cancellation transaction is located;
10.10.2) if the registration invalidation time is earlier (less) than the time of the block where the registration invalidation transaction is located, updating the registration invalidation time as the time of the block where the registration invalidation transaction is located, in the information invalidation information, the registration invalidation time is only a scheduled time, and the real registration invalidation time is based on the time of the block where the registration invalidation transaction is located, so as to prevent the public key P from not being invalidated effectively in time.
10.10.3) if the registration invalidation time is earlier than the registration invalidation time of the public key P, updating the registration invalidation time of the public key P to be the registration invalidation time, if not judged, if the registration invalidation time is earlier than the registration invalidation time, forward attack is easy to cause.
10.11) if the registration effective time of the public key P is equal to or later than the registration failure time, returning a null value;
10.12) the registration validation time and the registration expiration time of the public key P are returned.
Further, as shown in fig. 6, in the identity query method of method 11, the input is the public key P and the name of the registrant, and the public key P of the registryRCAnd a registry name. The output is true or false, and true indicates that the registrant is the legal owner of the public key P in the valid registration time period of the public key P; otherwise, the method is realized according to the following steps:
11.1) inquiring the valid registration time period of the public key P by using a registration information valid registration time period inquiry method to judge whether the public key P is in the valid registration time period.
11.2) if a null value is returned, then false is returned;
11.3) query P Using registration information valid registration time period query methodRCIn the effective registration time period, the public key P of the registration center is judgedRCWhether within a valid registration period.
11.4) if a null value is returned, then false is returned;
11.5) acquiring the registration information of P;
11.6) if the registrant name in the registration information is not equal to the input registrant name, returning false;
11.7) obtaining PRCThe registration information of (2);
11.8) if the registry name in the registration information is not equal to the input registry name, returning false;
11.9) if the registration effective time of P is not in PRCIf the time period of the valid registration is within the valid registration time period, returning to false;
11.10) returns true.
Instructions for use of method 10 registration information valid registration period query method and method 11 identity query: method 11 the identity lookup method returns a true representation of the legitimate owner of the registrant's public key P during the valid registration period of the public key P provided by method 10. In actual use, the combined usage method 10 and the method 11 are required to determine the validity of the public key P of the registrant at a certain point in time.
Description of the invention: the registry cannot make a fake, and if the registry makes a fake, the registration public key information is not credible.
The invention has the beneficial effects that:
aiming at the defect of centralized storage of the registration information in the prior art, the invention realizes identity management by using a block chain technology, stores the identity information on a block chain, and can verify the public key registration information of an identity registrant through the block chain by each user, thereby avoiding the single-point fault problem of identity management in the traditional center.
Drawings
FIG. 1 is a flow chart of roles and roles in identity management based on Bingworth or its branched blockchain;
FIG. 2 is a schematic diagram of a registration request transaction;
FIG. 3 is a schematic diagram of a registration transaction;
FIG. 4 is a schematic illustration of a registration voiding transaction;
FIG. 5 is a flow chart of registering identity information;
FIG. 6 is a flow chart of identity lookup.
FIG. 7 is a flow chart of a registration information valid registration period query;
fig. 8 is a flowchart of invalidating registration information.
Detailed Description
In order to make those skilled in the art better understand the technical solution of the present invention, the identity management method based on bitcoin or its branch blockchain provided by the present invention is described in detail below with reference to the accompanying drawings and the detailed description. In the invention, assume that the public key of registrant is P, chain code is C, the private key for generating public key P is S, the address of unique P2PKH corresponding to P is A, the public key of registry is PRCGenerating a public key PRCThe private key of (A) is SRCThe corresponding unique P2PKH address is ARC。
Step 1: the registration center registers the registration information of the registration center on the block chain, and comprises the following substeps:
step 1.1: the registration center constructs its own registration request information according to the construction method of the registration request information. The specific registration request information is as follows: [146zNkDhXM6tDrHiK44yVsAYow9CFhoLi m][registration request][ registration center][PRC][][20200801000000][20300801000000][]。
Step 1.2: the registration center constructs registration request information according to a construction method of registration request transaction. Since the registrant is the registry itself, the input address of the registration request transaction of the registry must contain ARC. Because the output is streamed to the registry, the registration request transaction output address must also contain ARC。
Step 1.3: method for registration center to register identity information by using method 8 to carry out public key PRCThe identity registration of (2).
Step 2: as shown in fig. 3, registering identity information, a registrar makes a registration request to a registry through a blockchain, and includes the following substeps:
step 2.1: the registrant constructs the registration request information according to the construction method of the registration request information; the registration request information of the registrant includes: [146zNkDhXM6tDrHiK44yVsAYow9 CFHOLIME ] [ registration request ] [ P ] [ ] [20200901000000] [20301001000000] [ ].
Step 2.2: the registrant constructs a registration request transaction according to a construction method of the registration request transaction and sends the registration request transaction to a registration center address through a block chain; the input address of the register request transaction must contain A, and the output address must contain ARCThe output may be used to pay a registration fee to a registry.
Step 2.3: the registrant presents the legal document for proving the identity of the registrant to a registry;
step 2.4: the registry verifies the identity of the registrant;
step 2.5: if the identity check can not be passed, refusing the registration;
step 2.6: the method of registering identity information by the registry using method 8 performs identity registration of the public key P for the registrant.
And step 3: as shown in the flow chart of identity query in fig. 4, the querier may query the registration information of the public key P through the registry or the blockchain, and includes the following sub-steps:
step 3.1: the inquiry list uses the method 10 to inquire the effective registration time period of the public key P to be inquired by the inquiry method of the effective registration time period of the registration information;
step 3.2: the inquirer inquires about the legal registrant of the identity information of the public key P in the valid registration time period by using the method 11 for inquiring the identity;
and 4, step 4: when the registrant needs to invalidate the public key P in advance for some reason, the operation of invalidating the registration information can be carried out at any time. As shown in the revocation registration flow diagram of fig. 6, the registrant can revoke his registration information via the blockchain. Without the operation of the registry, the public key, once revoked, loses authentication effectiveness and cannot be registered again. The revocation registration information includes the following substeps:
step 4.1: and constructing the registration revocation information of the public key according to the construction method of the registration revocation information. The registration revocation information includes: [146zNkDhXM6tDrHiK44yVsAYow9CFhoLim ] [ cancel ] [20200801000000] [ P ] for registrant name ] [ P ] [ ] [20200901000000] [20301001000000] [ ]
Step 4.2: and constructing the registration invalidation transaction of the public key according to the construction method of the registration invalidation transaction. The revocation transaction comprises at least one signature using the registrar 'S private key S, which unlocks at least one standard export of the P2PKH locked at the revoked registrar' S address a. And an output address of the registration invalidation transaction is a registry address ARCThe other output is an output containing registration revocation information, which can be stored in the output Op _ Return region or the Op _ Pushdata region.
Step 4.3: the registrant broadcasts a registration cancellation transaction, stores the transaction on the blockchain, and cancels the registrant's registration information.
The above-listed series of detailed descriptions are merely specific illustrations of possible embodiments of the present invention, and they are not intended to limit the scope of the present invention, and all equivalent means or modifications that do not depart from the technical spirit of the present invention are intended to be included within the scope of the present invention.
Claims (9)
1. An identity management method based on bitcoin or a branch block chain thereof is characterized by comprising a construction method of a registration request, a construction method of registration information, a construction method of registration cancellation information, a construction method of registration request transaction, a construction method of registration cancellation transaction, a method of registration identity information, a method of cancellation registration information, a method of inquiry of effective registration time period of registration information and a method of identity inquiry.
2. The identity management method based on Bingcoin or its branch block chain as claimed in claim 1, wherein the construction method of the registration request is: the registration request message contains eight entries, each delimited by parentheses, the format of which is as follows: [ identifier ] [ registration request ] [ registrar name ] [ registrar public key ] [ chain code ] [ registration validation time ] [ registration invalidation time ] [ remark ]; wherein:
[ identifier ] is a fixed value of 146zNkDhXM6tDrHiK44yVsAYow9CFhoLim, indicating that the piece of information is resolved as defined in the method;
the registration request is a fixed value, represents an operation name, and indicates that the piece of information is registration request information;
the [ registrant name ] is a registration authority, department, or individual name;
the public key of the registrant is a public key for identifying the identity of the registrant, and the corresponding private key is stored in secret;
[ chain code ] can be set to a specific value or null value as needed;
the registration effective time is the effective time of the registration information;
the registration failure time is the failure time of the registration information;
the [ remark ] can be set as a null value and can be reserved as an expansion item;
the construction method of the registration information comprises the following steps:
the registration information contains eight entries, each delimited by parentheses, in the following format: [ identifier ] [ register ] [ registrant name ] [ registrant public key ] [ chain code ] [ registration effective time ] [ registration invalid time ] [ remark ]; wherein
[ identifier ] is a fixed value of 146zNkDhXM6tDrHiK44yVsAYow9CFhoLim, indicating that the piece of information is resolved as defined in the method;
register is a fixed value representing the name of the operation, indicating that the piece of information is registration information;
the [ registrant name ] is a registration authority, department, or individual name;
the public key of the registrant is a public key for identifying the identity of the registrant, and the corresponding private key is stored in secret;
[ chain code ] can be set to a specific value or null value as needed;
the registration effective time is the effective time of the registration information;
the registration failure time is the failure time of the registration information;
the [ remark ] can be set as a null value and can be reserved as an expansion item;
the construction method of the registration revocation information comprises the following steps:
the registration revocation information contains nine items, each of which is defined by middle brackets and is in the format as follows: [ protocol identifier ] [ cancel ] [ registration revocation time ] [ registrant name ] [ registrant public key ] [ chain code ] [ registration validation time ] [ registration revocation time ] [ remark ]; wherein:
[ identifier ] is a fixed value of 146zNkDhXM6tDrHiK44yVsAYow9CFhoLim, indicating that the piece of information is resolved as defined in the method;
[ cancel ] is a fixed value, representing the operation name, indicating that the piece of information is registration revocation information;
the registration revocation time is revocation time of the registration information;
the [ registrant name ] is a registration authority, department, or individual name;
the public key of the registrant is a public key for identifying the identity of the registrant, and the corresponding private key is stored in secret;
[ chain code ] can be set to a specific value or null value as needed;
the registration effective time is the effective time of the registration information;
the registration failure time is the failure time of the registration information;
[ remark ] can be set to null and can be left as an extension.
3. The identity management method based on Bittery coins or branched blockchains thereof according to claim 1, wherein the registration request transaction construction method comprises the following steps: the registration request transaction is sent to the registration center by the registrant through the block chain and the following conditions are satisfied
5.1) a registration request transaction comprises at least one input signed with the registrar private key S to unlock at least one standard output of the P2PKH locked at the registrar address A;
5.2) the registration request transaction comprises at least two outputs, one of which is a standard P2PKH output and the output address is the registry address ARCAnother output is an output containing registration request information, which may be stored in an Op _ Return region or an Op _ Pushdata region of the output.
4. The identity management method based on bitcoin or its branch blockchain as claimed in claim 1, wherein the construction method of the registration transaction comprises: the registration transaction is sent to the registrant by the registry through the block chain, and the following conditions are met:
6.1) A registration transaction comprises at least one input using the private key S of the registration centerRCSigning, unlocking at least one lock at a registry address ARCStandard output of P2PKH above;
6.2) the registration transaction comprises at least two outputs, one of which is a standard P2PKH output and the output address is the registrar address A, and the other of which is an output containing registration information that can be stored in the Op _ Return field or the Op _ Pushdata field of the output.
5. The identity management method based on bitcoin or its branch blockchain as claimed in claim 1, wherein the construction method of the registration invalidation transaction is as follows: the registration cancellation transaction is sent to the registration center by the registrant through the block chain, and the following conditions are met:
7.1) a registration revocation transaction comprises at least one input which is signed using the registrant 'S private key S to unlock at least one standard output of the P2PKH locked at the registrant' S address A;
7.2) the registration invalidation transaction comprises at least two outputs, one of which is a standard P2PKH output and the output address is the registry address ARCAnother output is an output containing registration revocation information, which may be stored in an Op _ Return region or an Op _ Pushdata region of the output.
6. The identity management method based on the bitcoin or the branch blockchain thereof according to claim 1, wherein the method for registering the identity information is implemented as follows:
8.1) the registrant constructs the registration request information according to the construction method of the registration request information;
8.2) the registrant constructs a registration request transaction according to a construction method of the registration request transaction, sends the registration request transaction to a registration center address through a block chain, and proposes a registration application to the registration center;
8.3) the registrant presents the legal document for proving the identity of the registrant to a registration center;
8.4) the registration center verifies the identity of the registrant;
8.5) if the identity check can not be passed, rejecting and suspending the registration;
8.6) the registration center searches the registration request transaction of the public key P under the identifier of the method;
8.7) if not, rejecting and aborting the registration;
8.8) the registration center searches the registration transaction of the public key P under the identifier of the method;
8.9) if present, rejecting and aborting the registration;
8.10) the registry searches the registration invalidation transaction of the public key P under the identifier of the method;
8.11) if present, reject and abort registration;
8.12) the registry constructs the registration transaction according to the construction method of the registration transaction, and the registration transaction is sent to the registrant address through the block chain to complete registration.
7. An identity management method based on Bingcoin or its branch blockchain according to claim 1, characterized in that the method for revoking registration information is implemented as follows:
9.1) constructing the registration revocation information of the public key according to the construction method of the registration revocation information;
9.2) constructing the registration invalidation transaction of the public key according to the construction method of the registration invalidation transaction;
9.3) the registrant broadcasts a registration cancellation transaction, stores the transaction on the blockchain, and completes registration information cancellation.
8. The identity management method based on Bingcoin or its branch block chain as claimed in claim 1, wherein the method for inquiring the registration information valid registration time period is implemented as following steps:
10.1) searching for registration request transaction of public key P registration request transaction can ensure that the registration public key is owned by the registrant;
10.2) if the search fails, returning a null value;
10.3) searching the first registration transaction of the public key P, and inquiring the registration transaction to ensure that the identity of the registrant is authenticated by the registration center. Double-confirmation query can prevent impersonation registration attack;
10.4) if the search fails, returning a null value;
10.5) comparing the registration request information with the registration information, and judging whether other items are consistent except the operation name;
10.6) if not consistent, returning a null value;
10.7) analyzing the registration effective time and the registration failure time of the public key P;
10.8) acquiring the time of the block where the registered transaction is located;
10.9) if the registration effective time is earlier than the time of the block where the registration transaction is located, the registration effective time for updating the public key P is the time of the block where the registration transaction is located, and as the registration effective time is only one planned time, in the method, the registration effective time is also subject to the time of the block where the registration transaction is located;
10.10) searching a first registration invalidation transaction of the public key P, wherein one registration public key P can only be effectively invalidated once under the method, and the registration invalidation transaction of the first public key P is an effective registration invalidation transaction;
10.10.1) if it exists, obtaining the registration cancellation time of the public key P and the time of the block where the registration cancellation transaction is located;
10.10.2) if the registration invalidation time is earlier (less) than the time of the block where the registration invalidation transaction is located, updating the registration invalidation time as the time of the block where the registration invalidation transaction is located, in the information invalidation information, the registration invalidation time is only a planned time, and the real registration invalidation time is based on the time of the block where the registration invalidation transaction is located, so as to prevent the public key P from not being effectively invalidated in time;
10.10.3) if the registration invalidation time is earlier than the registration invalidation time of the public key P, updating the registration invalidation time of the public key P to be the registration invalidation time, if not, if the registration invalidation time is earlier than the registration invalidation time, the forward attack is easy to cause;
10.11) if the registration effective time of the public key P is equal to or later than the registration failure time, returning a null value;
10.12) the registration validation time and the registration expiration time of the public key P are returned.
9. The identity management method of claim 1, wherein the inputs of the identity query method are the public key P and the name of the registrant, and the public key P of the registryRCThe output of the registry name is true or false, which indicates that the registrant is the legal owner of the public key P in the effective registration time period of the public key P, otherwise, the output is not true; the method is realized by the following steps:
11.1) inquiring the valid registration time period of the public key P by using a registration information valid registration time period inquiry method to judge whether the public key P is in the valid registration time period;
11.2) if a null value is returned, then false is returned;
11.3) efficient registration time period query method using registration informationQuery PRCIn the effective registration time period, the public key P of the registration center is judgedRCWhether within a valid registration period;
11.4) if a null value is returned, then false is returned;
11.5) acquiring the registration information of P;
11.6) if the registrant name in the registration information is not equal to the input registrant name, returning false;
11.7) obtaining PRCThe registration information of (2);
11.8) if the registry name in the registration information is not equal to the input registry name, returning false;
11.9) if the registration effective time of P is not in PRCIf the time period of the valid registration is within the valid registration time period, returning to false; otherwise, true is returned.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110712465.XA CN113468594B (en) | 2021-06-25 | 2021-06-25 | Identity management method based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110712465.XA CN113468594B (en) | 2021-06-25 | 2021-06-25 | Identity management method based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113468594A true CN113468594A (en) | 2021-10-01 |
| CN113468594B CN113468594B (en) | 2024-03-19 |
Family
ID=77873018
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110712465.XA Active CN113468594B (en) | 2021-06-25 | 2021-06-25 | Identity management method based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113468594B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109150836A (en) * | 2018-07-21 | 2019-01-04 | 江苏飞搏软件股份有限公司 | Block chain entity identities management system and method |
| CN109819443A (en) * | 2018-12-29 | 2019-05-28 | 东莞见达信息技术有限公司 | Authentication registration method, apparatus and system based on block chain |
| CN111753014A (en) * | 2020-06-28 | 2020-10-09 | 中国银行股份有限公司 | Identity authentication method and device based on block chain |
-
2021
- 2021-06-25 CN CN202110712465.XA patent/CN113468594B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109150836A (en) * | 2018-07-21 | 2019-01-04 | 江苏飞搏软件股份有限公司 | Block chain entity identities management system and method |
| CN109819443A (en) * | 2018-12-29 | 2019-05-28 | 东莞见达信息技术有限公司 | Authentication registration method, apparatus and system based on block chain |
| CN111753014A (en) * | 2020-06-28 | 2020-10-09 | 中国银行股份有限公司 | Identity authentication method and device based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113468594B (en) | 2024-03-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10829088B2 (en) | Identity management for implementing vehicle access and operation management | |
| CN108810073B (en) | Block chain-based Internet of things multi-domain access control system and method | |
| US10682981B2 (en) | Systems and methods for networked device security | |
| CN106415674B (en) | System and method for access control | |
| EP3460693A1 (en) | Methods and apparatus for implementing identity and asset sharing management | |
| CN110324335B (en) | Automobile software upgrading method and system based on electronic mobile certificate | |
| CN113239382A (en) | Credible identity model based on block chain intelligent contract | |
| CN106789090A (en) | Public key infrastructure system and semi-random participating certificate endorsement method based on block chain | |
| CN107886388A (en) | The traffic trip credit and safety service platform and its operation method of multicenter are realized based on alliance's chain | |
| CN113032814B (en) | Internet of things data management method and system | |
| RU2004105509A (en) | REGISTRATION / SUB-REGISTRATION OF THE DIGITAL RIGHTS MANAGEMENT SERVER (DRM) IN THE DRM ARCHITECTURE | |
| US20230412400A1 (en) | Method for suspending protection of an object achieved by a protection device | |
| US20080052388A1 (en) | Substitutable domain management system and method for substituting the system | |
| GB2583766A (en) | Methods and devices for recording work history and proving reputation in a blockchain network | |
| CN109685664B (en) | Digital asset real-name registration system based on asset hosting system association | |
| EP3966769A1 (en) | Methods and devices for registering and authenticating miner identity in a blockchain network | |
| CN109670825B (en) | Digital asset real name registration system based on certificate association | |
| CN115396893A (en) | Digital key issuing and verifying method and system | |
| KR20100066907A (en) | Integrated authentication and access control system and method the same | |
| CN113468594A (en) | Identity management method based on bitcoin or branch block chain thereof | |
| CN116566615A (en) | Identity authentication method and device based on blockchain | |
| Rahat et al. | Blockchain based secured multipurpose identity (smid) management system for smart cities | |
| CN103559429B (en) | The method and system of software processes | |
| KR102709649B1 (en) | Method for generating verifiable credential of mobile device based on residential area through decentralized identifier technology of blockchain | |
| KR102709650B1 (en) | Method for generating verifiable credential of mobile device according to change of residential area through decentralized identifier technology of blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |