CN113468594A - Identity management method based on bitcoin or branch block chain thereof - Google Patents

Identity management method based on bitcoin or branch block chain thereof Download PDF

Info

Publication number
CN113468594A
CN113468594A CN202110712465.XA CN202110712465A CN113468594A CN 113468594 A CN113468594 A CN 113468594A CN 202110712465 A CN202110712465 A CN 202110712465A CN 113468594 A CN113468594 A CN 113468594A
Authority
CN
China
Prior art keywords
registration
information
registrant
time
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110712465.XA
Other languages
Chinese (zh)
Other versions
CN113468594B (en
Inventor
吴岩
刘继琴
陆佳慧
刘晨
刘路
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu University
Original Assignee
Jiangsu University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu University filed Critical Jiangsu University
Priority to CN202110712465.XA priority Critical patent/CN113468594B/en
Publication of CN113468594A publication Critical patent/CN113468594A/en
Application granted granted Critical
Publication of CN113468594B publication Critical patent/CN113468594B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Lock And Its Accessories (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种基于比特币或其分支区块链的身份管理方法,包括如下:首先注册中心要注册自身的公钥信息,注册中心是无法造假的。然后注册者通过区块链向注册中心申请注册身份信息,接着注册中心收到注册申请,若是审核通过,注册中心向区块链写入注册者信息;之后查询者可以通过区块链或者注册中心查询注册者身份信息,身份查询方法采用注册请求交易查询和注册交易查询双确认方法,注册请求交易查询保证了注册公钥由注册者拥有,注册交易查询保证了注册者通过了注册中心的验证,双确认查询可以防止冒名注册攻击。最后,注册者通过区块链作废自己的身份信息。本发明能实现在线验证用户身份,同时能避免繁琐的作废流程,节约时间成本。

Figure 202110712465

The invention discloses an identity management method based on bitcoin or its branch block chain, which includes the following steps: firstly, the registration center needs to register its own public key information, and the registration center cannot fake it. Then the registrant applies to the registration center for registration identity information through the blockchain, and then the registration center receives the registration application. If it is approved, the registration center writes the registrant information to the blockchain; then the inquirer can use the blockchain or the registration center. To query the identity information of the registrant, the identity query method adopts the double confirmation method of registration request transaction query and registration transaction query. The registration request transaction query ensures that the registered public key is owned by the registrant, and the registration transaction query ensures that the registrant has passed the verification of the registration center. Double-confirmation queries can prevent impostor attacks. Finally, registrants void their identity information through the blockchain. The present invention can realize the online verification of user identity, avoid the cumbersome invalidation process, and save time and cost.

Figure 202110712465

Description

Identity management method based on bitcoin or branch block chain thereof
Technical Field
The invention relates to the technical field of public block chain identity management, in particular to an identity management method based on a bitcoin or a branch block chain thereof.
Background
Nowadays, with the rapid development of internet technology, the network environment becomes increasingly complex, the accuracy of personal data information directly determines the quality and safety of network communication, and the guarantee that the identity information of personal data is real, reliable and credible is an important condition for safe sharing in network communication. The block chain technology is an emerging information technology in recent years, and has the characteristics of openness and transparency, traceability, trace retention in the whole process, impossibility of counterfeiting, decentralization and the like, so that the block chain has unique advantages in data authentication, evidence storage, sharing and privacy protection, and the data security can be ensured to a certain extent. In a traditional Public Key Infrastructure (PKI) mechanism, a trusted third party authority certificate certification Center (CA) issues and verifies a certificate to provide service, although a centralized structure brings convenience for management and supervision, certain challenge exists in safety of the certificate, once the centralized structure is attacked, user information is lost or leaked, meanwhile, lawless persons can perform illegal registration, and thus, the loss which cannot be estimated is brought to the user. Therefore, a decentralized identity information storage management platform can be established by using the block chain technology, and the identity information storage management platform is used as an upgrading scheme of the PKI to realize identity management and authentication.
The invention provides an identity management method aiming at the centralized storage defect of the existing system and based on a bitcoin or a branch block chain thereof. The method organically fuses public and private keys of the PKI and public and private keys of the block chain, stores the identity information of the user on the block chain by decentralized storage of the block chain, does not need a third-party trusted authority to store the identity information, and can avoid loss of the identity information of the user. The user under the invention has decentralized autonomous digital identity, so that the user can really master own identity information, and the safety and transparency of identity information storage are improved.
Disclosure of Invention
Aiming at the problems, the invention provides an identity management method based on a bitcoin or a branch block chain thereof, which aims to solve the problems of centralization and single-point failure of the traditional digital identity management. The invention comprises the following methods and operations:
1) role and role in the method;
2) a construction method of a registration request;
3) a construction method of registration information;
4) registering a construction method of revocation information;
5) a construction method of a registration request transaction;
6) a construction method of a registration transaction;
7) registering a construction method of a voiding transaction;
8) registering an operation method of identity information;
9) operation method of cancelling registration information;
10) an operation method for inquiring the effective registration time period of the registration information;
11) and (4) an operation method of identity query.
Further, as shown in fig. 1, the roles and roles in the method include the following descriptions:
the method includes three roles, registrant (its private key is S, public key is P, address is A), registration Center (RC, its private key is S)RCThe public key is PRCThe address is ARC) And a querier.
1.1) the registrant makes a registration request to the registry through a registration request transaction.
1.2) the registry verifies the identity of the registrant and registers the information to the blockchain by registering the transaction record.
1.3) the registrant may invalidate the registered message.
1.4) inquiring the identity information of the registrant by the inquirer.
1.5) the first registration service processed by the registration center is the registration information of the self public key and the registration center name.
Further, the method for constructing the registration request information in method 2 includes the following steps:
the registration request message contains eight entries, each delimited by parentheses, the format of which is as follows: [ identifier ] [ registration request ] [ registrar name ] [ registrar public key ] [ chain code ] [ registration validation time ] [ registration invalidation time ] [ remark ]. The registration request information is used for making a registration application to the registration information center.
2.1) [ identifier ] is a fixed value of 146 znkdhhxm 6 tdrik 44yVsAYow9CFhoLim, indicating that the piece of information is resolved according to the definition of the method;
2.2) [ registration request ] is a fixed value, represents an operation name and indicates that the piece of information is registration request information;
2.3) [ registrant name ] is registration authority, department or personal name;
2.4) [ public key of registrant ] is the public key which marks the identity of registrant, its correspondent private key is kept secret;
2.5) [ chain code ] can be set to a specific value or null value as required;
2.6) [ registration effective time ] is effective time of the registration information;
2.7) [ registration failure time ] is the failure time of the registration information;
2.8) [ remarks ] can be set to null and can be left as extension.
Further, the method for constructing the registration information of method 3 includes the following description:
the registration information contains eight entries, each delimited by parentheses, in the following format: [ identifier ] [ register ] [ registrant name ] [ registrant public key ] [ chain code ] [ registration effective time ] [ registration failure time ] [ remark ]
3.1) [ identifier ] is a fixed value of 146 znkdhhxm 6 tdrik 44yVsAYow9CFhoLim, indicating that the piece of information is resolved according to the definition of the method;
3.2) [ register ] is a fixed value, represents the operation name, shows that this piece of information is registration information;
3.3) [ registrant name ] is registration authority, department or personal name;
3.4) [ registrant public key ] is a public key for identifying the identity of the registrant, and a corresponding private key is kept secret;
3.5) [ chain code ] can be set to a specific value or null value as required;
3.6) [ registration effective time ] is effective time of the registration information;
3.7) [ registration failure time ] is the failure time of the registration information;
3.8) [ remarks ] can be set to null and can be left as extension.
Further, the method for constructing the registration revocation information of the method 4 includes the following description:
the registration revocation information contains nine items, each of which is defined by middle brackets and is in the format as follows: [ protocol identifier ] [ cancel ] [ registration revocation time ] [ registrant name ] [ registrant public key ] [ chain code ] [ registration validation time ] [ registration revocation time ] [ remark ].
4.1) [ identifier ] is a fixed value of 146 znkdhhxm 6 tdrik 44yVsAYow9CFhoLim, indicating that the piece of information is resolved according to the definition of the method;
4.2) [ cancel ] is a fixed value, represents the operation name, shows that this information is the registration cancellation information;
4.3) [ registration revocation time ] is revocation time of the registration information;
4.4) [ registrant name ] is a registration authority, department or personal name;
4.5) [ public key of registrant ] is the public key which marks the identity of registrant, its correspondent private key is kept secret;
4.6) [ chain code ] can be set to a specific value or null value as required;
4.7) [ registration effective time ] is effective time of the registration information;
4.8) [ registration failure time ] is the failure time of the registration information;
4.9) [ remarks ] can be set to null and can be left as extension.
Further, as shown in fig. 2, the registration request transaction construction method of the method 5 includes the following descriptions:
the registration request transaction is sent to the registration center by the registrant through the block chain, and the following conditions are met:
5.1) a registration request transaction comprises at least one input which is signed with the registrant 'S private key S to unlock at least one standard output of the P2PKH locked at the registrant' S address A.
5.2) the registration request transaction contains at least two outputs. One of the outputs is a standard P2PKH output and the output address is the registry address ARC. The other one of themThe output is an output containing registration request information. The registration request information may be stored in the output Op _ Return region or Op _ Pushdata region.
Further, as shown in fig. 3, the method for constructing the registration transaction of method 6 includes the following steps:
the registration transaction is issued by the registry to the registrant via the blockchain. The following conditions are satisfied:
6.1) A registration transaction comprises at least one input using the private key S of the registration centerRCSigning, unlocking at least one lock at a registry address ARCStandard output of P2PKH above.
6.2) the registration transaction contains at least two outputs. One of the outputs is a standard P2PKH output and the output address is registrar address a. Wherein the other output is an output containing registration information. The registration information may be stored in the output Op _ Return region or Op _ Pushdata region.
Further, as shown in fig. 4, the method for constructing the cancellation registration transaction of method 7 includes the following steps:
the registration cancellation transaction is issued by the registrant to the registry via the blockchain. The following conditions are satisfied:
7.1) a registration revocation transaction comprises at least one input which is signed with the registrant 'S private key S to unlock at least one standard output of the P2PKH locked at the registrant' S address A.
7.2) the registration voiding transaction comprises at least two outputs. One of the outputs is a standard P2PKH output and the output address is the registry address ARC. Wherein the other output is an output containing registration revocation information. The registration revocation information may be stored in the output Op _ Return region or Op _ Pushdata region.
Further, as shown in fig. 5, the identity information registration method of the method 8 includes the following steps:
8.1) the registrant constructs the registration request information according to the construction method of the registration request information;
8.2) the registrant constructs a registration request transaction according to the construction method of the registration request transaction, and sends the registration request transaction to the address of the registration center through the block chain to apply for registration to the registration center.
8.3) the registrant presents the legal document for proving the identity of the registrant to a registration center;
8.4) the registration center verifies the identity of the registrant;
8.5) if the identity check can not be passed, rejecting and suspending the registration;
8.6) the registration center searches the registration request transaction of the public key P under the identifier of the method;
8.7) if not, rejecting and aborting the registration;
8.8) the registration center searches the registration transaction of the public key P under the identifier of the method;
8.9) if present, rejecting and aborting the registration;
8.10) the registry searches the registration invalidation transaction of the public key P under the identifier of the method;
8.11) if present, reject and abort registration;
8.12) the registry constructs the registration transaction according to the construction method of the registration transaction, and the registration transaction is sent to the registrant address through the block chain to complete registration.
Further, as shown in fig. 8, the revocation registration information method of the method 9 includes the steps of:
9.1) constructing the registration revocation information of the public key according to the construction method of the registration revocation information;
9.2) constructing the registration invalidation transaction of the public key according to the construction method of the registration invalidation transaction;
9.3) the registrant broadcasts a registration cancellation transaction, stores the transaction on the blockchain, and completes registration information cancellation. Further, as shown in fig. 7, the method for querying the registration information valid registration period of the method 10 includes the following steps:
10.1) registration request transaction looking for public key P registration request transaction can ensure that the registration public key is owned by the registrant.
10.2) if the search fails, returning a null value;
10.3) searching the first registration transaction of the public key P, and inquiring the registration transaction to ensure that the identity of the registrant is authenticated by the registration center. Double-confirmation queries may prevent impersonation registration attacks.
10.4) if the search fails, returning a null value;
10.5) comparing the registration request information with the registration information, and judging whether other items are consistent except the operation name;
10.6) if not consistent, returning a null value;
10.7) analyzing the registration effective time and the registration failure time of the public key P;
10.8) acquiring the time of the block where the registered transaction is located;
10.9) if the registration effective time is earlier than the time of the block where the registration transaction is located, the registration effective time of the updated public key P is the time of the block where the registration transaction is located, and as the registration effective time is only one planned time, in the method, the registration effective time is subject to the time of the block where the registration transaction is located.
10.10) searching the first registration invalidation transaction of the public key P, wherein one registration public key P can only be invalidated effectively once under the method, and the registration invalidation transaction of the first public key P is an effective registration invalidation transaction.
10.10.1) if it exists, obtaining the registration cancellation time of the public key P and the time of the block where the registration cancellation transaction is located;
10.10.2) if the registration invalidation time is earlier (less) than the time of the block where the registration invalidation transaction is located, updating the registration invalidation time as the time of the block where the registration invalidation transaction is located, in the information invalidation information, the registration invalidation time is only a scheduled time, and the real registration invalidation time is based on the time of the block where the registration invalidation transaction is located, so as to prevent the public key P from not being invalidated effectively in time.
10.10.3) if the registration invalidation time is earlier than the registration invalidation time of the public key P, updating the registration invalidation time of the public key P to be the registration invalidation time, if not judged, if the registration invalidation time is earlier than the registration invalidation time, forward attack is easy to cause.
10.11) if the registration effective time of the public key P is equal to or later than the registration failure time, returning a null value;
10.12) the registration validation time and the registration expiration time of the public key P are returned.
Further, as shown in fig. 6, in the identity query method of method 11, the input is the public key P and the name of the registrant, and the public key P of the registryRCAnd a registry name. The output is true or false, and true indicates that the registrant is the legal owner of the public key P in the valid registration time period of the public key P; otherwise, the method is realized according to the following steps:
11.1) inquiring the valid registration time period of the public key P by using a registration information valid registration time period inquiry method to judge whether the public key P is in the valid registration time period.
11.2) if a null value is returned, then false is returned;
11.3) query P Using registration information valid registration time period query methodRCIn the effective registration time period, the public key P of the registration center is judgedRCWhether within a valid registration period.
11.4) if a null value is returned, then false is returned;
11.5) acquiring the registration information of P;
11.6) if the registrant name in the registration information is not equal to the input registrant name, returning false;
11.7) obtaining PRCThe registration information of (2);
11.8) if the registry name in the registration information is not equal to the input registry name, returning false;
11.9) if the registration effective time of P is not in PRCIf the time period of the valid registration is within the valid registration time period, returning to false;
11.10) returns true.
Instructions for use of method 10 registration information valid registration period query method and method 11 identity query: method 11 the identity lookup method returns a true representation of the legitimate owner of the registrant's public key P during the valid registration period of the public key P provided by method 10. In actual use, the combined usage method 10 and the method 11 are required to determine the validity of the public key P of the registrant at a certain point in time.
Description of the invention: the registry cannot make a fake, and if the registry makes a fake, the registration public key information is not credible.
The invention has the beneficial effects that:
aiming at the defect of centralized storage of the registration information in the prior art, the invention realizes identity management by using a block chain technology, stores the identity information on a block chain, and can verify the public key registration information of an identity registrant through the block chain by each user, thereby avoiding the single-point fault problem of identity management in the traditional center.
Drawings
FIG. 1 is a flow chart of roles and roles in identity management based on Bingworth or its branched blockchain;
FIG. 2 is a schematic diagram of a registration request transaction;
FIG. 3 is a schematic diagram of a registration transaction;
FIG. 4 is a schematic illustration of a registration voiding transaction;
FIG. 5 is a flow chart of registering identity information;
FIG. 6 is a flow chart of identity lookup.
FIG. 7 is a flow chart of a registration information valid registration period query;
fig. 8 is a flowchart of invalidating registration information.
Detailed Description
In order to make those skilled in the art better understand the technical solution of the present invention, the identity management method based on bitcoin or its branch blockchain provided by the present invention is described in detail below with reference to the accompanying drawings and the detailed description. In the invention, assume that the public key of registrant is P, chain code is C, the private key for generating public key P is S, the address of unique P2PKH corresponding to P is A, the public key of registry is PRCGenerating a public key PRCThe private key of (A) is SRCThe corresponding unique P2PKH address is ARC
Step 1: the registration center registers the registration information of the registration center on the block chain, and comprises the following substeps:
step 1.1: the registration center constructs its own registration request information according to the construction method of the registration request information. The specific registration request information is as follows: [146zNkDhXM6tDrHiK44yVsAYow9CFhoLi m][registration request][ registration center][PRC][][20200801000000][20300801000000][]。
Step 1.2: the registration center constructs registration request information according to a construction method of registration request transaction. Since the registrant is the registry itself, the input address of the registration request transaction of the registry must contain ARC. Because the output is streamed to the registry, the registration request transaction output address must also contain ARC
Step 1.3: method for registration center to register identity information by using method 8 to carry out public key PRCThe identity registration of (2).
Step 2: as shown in fig. 3, registering identity information, a registrar makes a registration request to a registry through a blockchain, and includes the following substeps:
step 2.1: the registrant constructs the registration request information according to the construction method of the registration request information; the registration request information of the registrant includes: [146zNkDhXM6tDrHiK44yVsAYow9 CFHOLIME ] [ registration request ] [ P ] [ ] [20200901000000] [20301001000000] [ ].
Step 2.2: the registrant constructs a registration request transaction according to a construction method of the registration request transaction and sends the registration request transaction to a registration center address through a block chain; the input address of the register request transaction must contain A, and the output address must contain ARCThe output may be used to pay a registration fee to a registry.
Step 2.3: the registrant presents the legal document for proving the identity of the registrant to a registry;
step 2.4: the registry verifies the identity of the registrant;
step 2.5: if the identity check can not be passed, refusing the registration;
step 2.6: the method of registering identity information by the registry using method 8 performs identity registration of the public key P for the registrant.
And step 3: as shown in the flow chart of identity query in fig. 4, the querier may query the registration information of the public key P through the registry or the blockchain, and includes the following sub-steps:
step 3.1: the inquiry list uses the method 10 to inquire the effective registration time period of the public key P to be inquired by the inquiry method of the effective registration time period of the registration information;
step 3.2: the inquirer inquires about the legal registrant of the identity information of the public key P in the valid registration time period by using the method 11 for inquiring the identity;
and 4, step 4: when the registrant needs to invalidate the public key P in advance for some reason, the operation of invalidating the registration information can be carried out at any time. As shown in the revocation registration flow diagram of fig. 6, the registrant can revoke his registration information via the blockchain. Without the operation of the registry, the public key, once revoked, loses authentication effectiveness and cannot be registered again. The revocation registration information includes the following substeps:
step 4.1: and constructing the registration revocation information of the public key according to the construction method of the registration revocation information. The registration revocation information includes: [146zNkDhXM6tDrHiK44yVsAYow9CFhoLim ] [ cancel ] [20200801000000] [ P ] for registrant name ] [ P ] [ ] [20200901000000] [20301001000000] [ ]
Step 4.2: and constructing the registration invalidation transaction of the public key according to the construction method of the registration invalidation transaction. The revocation transaction comprises at least one signature using the registrar 'S private key S, which unlocks at least one standard export of the P2PKH locked at the revoked registrar' S address a. And an output address of the registration invalidation transaction is a registry address ARCThe other output is an output containing registration revocation information, which can be stored in the output Op _ Return region or the Op _ Pushdata region.
Step 4.3: the registrant broadcasts a registration cancellation transaction, stores the transaction on the blockchain, and cancels the registrant's registration information.
The above-listed series of detailed descriptions are merely specific illustrations of possible embodiments of the present invention, and they are not intended to limit the scope of the present invention, and all equivalent means or modifications that do not depart from the technical spirit of the present invention are intended to be included within the scope of the present invention.

Claims (9)

1.一种基于比特币或其分支区块链的身份管理方法,其特征在于,包括注册请求的构造方法、注册信息的构造方法、注册作废信息的构造方法、注册请求交易的构建方法、注册交易的构建方法、注册作废交易的构建方法、注册身份信息的方法、作废注册信息的方法、注册信息有效注册时间段查询的方法、身份查询的方法。1. an identity management method based on bitcoin or its branch block chain, it is characterized in that, comprise the construction method of registration request, the construction method of registration information, the construction method of registration void information, the construction method of registration request transaction, the registration The construction method of the transaction, the construction method of the registration and void transaction, the method of registering identity information, the method of voiding the registration information, the method of querying the valid registration period of registration information, and the method of identity query. 2.根据权利要求1所述的一种基于比特币或其分支区块链的身份管理方法,其特征在于,所述注册请求的构造方法:注册请求信息包含八项,每项用中括号界定,其格式如下:[标识符][registration request][注册者名称][注册者公钥][链码][注册生效时间][注册失效时间][备注];其中:2. a kind of identity management method based on bitcoin or its branch block chain according to claim 1, is characterized in that, the construction method of described registration request: registration request information comprises eight items, and each item is delimited with square brackets , the format is as follows: [identifier][registration request][registrant name][registrant public key][chain code][registration effective time][registration expiration time][remarks]; of which: [标识符]是固定值,为146zNkDhXM6tDrHiK44yVsAYow9CFhoLim,表明该条信息按照该方法的定义进行解析;[Identifier] is a fixed value, which is 146zNkDhXM6tDrHiK44yVsAYow9CFhoLim, indicating that the message is parsed according to the definition of this method; [registration request]是固定值,表示操作名称,表明该条信息是注册请求信息;[registration request] is a fixed value, indicating the operation name, indicating that this piece of information is registration request information; [注册者名称]为注册机构、部门或个人名称;[Name of Registrant] is the name of the Registrar, Department or individual; [注册者公钥]为标识注册者身份的公钥,其对应的私钥机密保存;[Registrant public key] is the public key that identifies the registrant's identity, and its corresponding private key is kept confidential; [链码]可根据需要设置为具体值或空值;[Chaincode] can be set to a specific value or an empty value as needed; [注册生效时间]为本条注册信息的生效时间;[Registration effective time] is the effective time of this registration information; [注册失效时间]为本条注册信息的失效时间;[Registration expiration time] is the expiration time of this registration information; [备注]可设为空值,可留作扩展项;[Remarks] It can be set to empty value and can be reserved as an extension item; 所述注册信息的构造方法:The construction method of the registration information: 注册信息包含八项,每项用中括号界定,其格式如下:[标识符][register][注册者名称][注册者公钥][链码][注册生效时间][注册失效时间][备注];其中The registration information includes eight items, each of which is delimited by square brackets, and its format is as follows: [identifier][register][registrant name][registrant public key][chain code][registration effective time][registration expiration time][ remarks]; of which [标识符]是固定值,为146zNkDhXM6tDrHiK44yVsAYow9CFhoLim,表明该条信息按照该方法的定义进行解析;[Identifier] is a fixed value, which is 146zNkDhXM6tDrHiK44yVsAYow9CFhoLim, indicating that the message is parsed according to the definition of this method; [register]是固定值,表示操作名称,表明该条信息是注册信息;[register] is a fixed value, indicating the operation name, indicating that this piece of information is registered information; [注册者名称]为注册机构、部门或个人名称;[Name of Registrant] is the name of the Registrar, Department or individual; [注册者公钥]为标识注册者身份的公钥,其对应的私钥机密保存;[Registrant public key] is the public key that identifies the registrant's identity, and its corresponding private key is kept confidential; [链码]可根据需要设置为具体值或空值;[Chaincode] can be set to a specific value or an empty value as needed; [注册生效时间]为本条注册信息的生效时间;[Registration effective time] is the effective time of this registration information; [注册失效时间]为本条注册信息的失效时间;[Registration expiration time] is the expiration time of this registration information; [备注]可设为空值,可留作扩展项;[Remarks] It can be set to empty value and can be reserved as an extension item; 所述注册作废信息的构造方法:The construction method of the registration invalidation information: 注册作废信息包含九项,每项用中括号界定,其格式如下:[协议标识符][cancel][注册作废时间][注册者名称][注册者公钥][链码][注册生效时间][注册失效时间][备注];其中:The registration cancellation information includes nine items, each of which is delimited by square brackets. ][registration expiration time][remarks]; of which: [标识符]是固定值,为146zNkDhXM6tDrHiK44yVsAYow9CFhoLim,表明该条信息按照该方法的定义进行解析;[Identifier] is a fixed value, which is 146zNkDhXM6tDrHiK44yVsAYow9CFhoLim, indicating that the message is parsed according to the definition of this method; [cancel]是固定值,表示操作名称,表明该条信息是注册作废信息;[cancel] is a fixed value, indicating the name of the operation, indicating that this piece of information is registration cancellation information; [注册作废时间]为本条注册信息的作废时间;[Registration invalidation time] is the invalidation time of this registration information; [注册者名称]为注册机构、部门或个人名称;[Name of Registrant] is the name of the Registrar, Department or individual; [注册者公钥]为标识注册者身份的公钥,其对应的私钥机密保存;[Registrant public key] is the public key that identifies the registrant's identity, and its corresponding private key is kept confidential; [链码]可根据需要设置为具体值或空值;[Chaincode] can be set to a specific value or an empty value as needed; [注册生效时间]为本条注册信息的生效时间;[Registration effective time] is the effective time of this registration information; [注册失效时间]为本条注册信息的失效时间;[Registration expiration time] is the expiration time of this registration information; [备注]可设为空值,可留作扩展项。[Remarks] It can be set to null and can be reserved as an extension item. 3.根据权利要求1所述的一种基于比特币或其分支区块链的身份管理方法,其特征在于,所述注册请求交易的构建方法:注册请求交易由注册者经区块链向注册中心发出,且满足下列条件3. a kind of identity management method based on bitcoin or its branch block chain according to claim 1, it is characterized in that, the construction method of described registration request transaction: registration request transaction is registered by registrant via block chain issued by the center, and meet the following conditions 5.1)一个注册请求交易至少包含一个输入,该输入使用注册者私钥S签名,解锁至少一个锁定在注册者地址A上的P2PKH的标准输出;5.1) A registration request transaction contains at least one input, which is signed with the registrant's private key S and unlocks at least one standard output of P2PKH locked on the registrant's address A; 5.2)该注册请求交易至少包含两个输出,其中一个输出是标准的P2PKH输出,输出地址是注册中心地址ARC,另一个输出是包含注册请求信息的输出,该注册请求信息可以存储在输出的Op_Return区域或Op_Pushdata区域。5.2) The registration request transaction contains at least two outputs, one of which is the standard P2PKH output, the output address is the registration center address A RC , and the other output is the output containing the registration request information, which can be stored in the output. Op_Return area or Op_Pushdata area. 4.根据权利要求1所述的一种基于比特币或其分支区块链的身份管理方法,其特征在于,所述注册交易的构建方法:注册交易由注册中心经区块链向注册者发出,满足下列条件:4. a kind of identity management method based on bitcoin or its branch block chain according to claim 1, is characterized in that, the construction method of described registration transaction: the registration transaction is sent by the registration center to the registrant through the block chain , which satisfies the following conditions: 6.1)一个注册交易至少包含一个输入,该输入使用注册中心私钥SRC签名,解锁至少一个锁定在注册中心地址ARC上的P2PKH的标准输出;6.1) A registration transaction contains at least one input, which is signed with the registration center private key S RC , and unlocks at least one standard output of P2PKH locked on the registration center address A RC ; 6.2)该注册交易至少包含两个输出,其中一个输出是标准的P2PKH输出,输出地址是注册者地址A,另一个输出是包含注册信息的输出,该注册信息可以存储在输出的Op_Return区域或Op_Pushdata区域。6.2) The registration transaction contains at least two outputs, one of which is a standard P2PKH output, the output address is the registrant's address A, and the other output is an output containing registration information, which can be stored in the output's Op_Return area or Op_Pushdata area. 5.根据权利要求1所述的一种基于比特币或其分支区块链的身份管理方法,其特征在于,所述注册作废交易的构建方法:注册作废交易由注册者经区块链向注册中心发出,满足下列条件:5. The identity management method based on Bitcoin or its branch blockchain according to claim 1, wherein the method for constructing the registration void transaction: the registration void transaction is registered by the registrant via the blockchain issued by the center, meeting the following conditions: 7.1)一个注册作废交易至少包含一个输入,该输入使用注册者私钥S签名,解锁至少一个锁定在注册者地址A上的P2PKH的标准输出;7.1) A registration void transaction contains at least one input, which is signed with the registrant's private key S and unlocks at least one standard output of P2PKH locked on the registrant's address A; 7.2)该注册作废交易至少包含两个输出,其中一个输出是标准的P2PKH输出,输出地址是注册中心地址ARC,另一个输出是包含注册作废信息的输出,该注册作废信息可以存储在输出的Op_Return区域或Op_Pushdata区域。7.2) The registration invalidation transaction contains at least two outputs, one of which is a standard P2PKH output, the output address is the registration center address A RC , and the other output is an output containing registration invalidation information, which can be stored in the output. Op_Return area or Op_Pushdata area. 6.根据权利要求1所述的一种基于比特币或其分支区块链的身份管理方法,其特征在于,所述注册身份信息的方法按如下步骤实现:6. a kind of identity management method based on bitcoin or its branch block chain according to claim 1, is characterized in that, the method for described registration identity information is realized as follows: 8.1)注册者按注册请求信息的构造方法构造注册请求信息;8.1) The registrant constructs the registration request information according to the construction method of the registration request information; 8.2)注册者按注册请求交易的构建方法构建注册请求交易,通过区块链发送至注册中心地址,向注册中心提出注册申请;8.2) The registrant constructs the registration request transaction according to the construction method of the registration request transaction, sends it to the address of the registration center through the blockchain, and submits a registration application to the registration center; 8.3)注册者将证明自身身份的具有法律效力的文件出示给注册中心;8.3) The registrant presents a legally valid document proving his identity to the registration center; 8.4)注册中心校验注册者身份;8.4) The registration center verifies the identity of the registrant; 8.5)如果不能通过身份校验,则拒绝并中止注册;8.5) If the identity verification cannot be passed, the registration will be rejected and terminated; 8.6)注册中心查找公钥P在本方法标识符下的注册请求交易;8.6) The registration center searches for the registration request transaction of the public key P under the identifier of this method; 8.7)如果不存在,则拒绝并中止注册;8.7) If it does not exist, refuse and suspend the registration; 8.8)注册中心查找公钥P在本方法标识符下的注册交易;8.8) The registration center searches for the registration transaction of the public key P under this method identifier; 8.9)如果存在,则拒绝并中止注册;8.9) if it exists, refuse and suspend the registration; 8.10)注册中心查找公钥P在本方法标识符下的注册作废交易;8.10) The registration center searches for the registration void transaction of the public key P under the identifier of this method; 8.11)如果存在,则拒绝并中止注册;8.11) if it exists, refuse and suspend the registration; 8.12)注册中心按注册交易的构建方法构建注册交易,通过区块链发送到注册者地址,完成注册。8.12) The registration center constructs the registration transaction according to the construction method of the registration transaction, and sends it to the registrant's address through the blockchain to complete the registration. 7.根据权利要求1所述的一种基于比特币或其分支区块链的身份管理方法,其特征在于,所述作废注册信息的方法按如下步骤实现:7. a kind of identity management method based on bitcoin or its branch block chain according to claim 1, is characterized in that, the described method for voiding registration information is realized according to the following steps: 9.1)按照注册作废信息的构造方法构造公钥的注册作废信息;9.1) Construct the registration invalidation information of the public key according to the construction method of the registration invalidation information; 9.2)按照注册作废交易的构建方法构建公钥的注册作废交易;9.2) Construct the registration invalidation transaction of the public key according to the construction method of the registration invalidation transaction; 9.3)注册者广播注册作废交易,将该交易存储在区块链上,完成注册信息作废。9.3) The registrant broadcasts the registration invalidation transaction, stores the transaction on the blockchain, and completes the registration information invalidation. 8.根据权利要求1所述的一种基于比特币或其分支区块链的身份管理方法,其特征在于,所述注册信息有效注册时间段查询的方法按如下步骤实现:8. a kind of identity management method based on bitcoin or its branch block chain according to claim 1, is characterized in that, the method for the effective registration time period inquiry of described registration information is realized as follows: 10.1)查找公钥P的注册请求交易注册请求交易可以确保注册公钥由注册者拥有;10.1) Find the registration request transaction of the public key P The registration request transaction can ensure that the registration public key is owned by the registrant; 10.2)如果查找失败,返回空值;10.2) If the search fails, return a null value; 10.3)查找公钥P的第一个注册交易,注册交易查询可以确保注册者身份通过了注册中心认证。双确认查询可以防止冒名注册攻击;10.3) Find the first registration transaction of the public key P, and the registration transaction query can ensure that the identity of the registrant has passed the authentication of the registration center. Double confirmation query can prevent impostor registration attacks; 10.4)如果查找失败,返回空值;10.4) If the search fails, return a null value; 10.5)比较注册请求信息与注册信息,除操作名称外,其它项是否一致;10.5) Compare the registration request information with the registration information, except for the operation name, whether other items are consistent; 10.6)如果不一致,返回空值;10.6) If inconsistent, return null; 10.7)解析公钥P的注册生效时间和注册失效时间;10.7) Analyze the registration effective time and registration expiration time of the public key P; 10.8)获取注册交易所在区块的时间;10.8) Obtain the time of the registered exchange in the block; 10.9)如果注册生效时间早于注册交易所在区块的时间,更新公钥P的注册生效时间为注册交易所在区块的时间,由于注册生效时间是只是一个计划时间,该方法中,注册生效时间还是要以注册交易所在区块的时间为准;10.9) If the registration effective time is earlier than the time when the registered exchange is in the block, the registration effective time for updating the public key P is the time when the registered exchange is in the block. Since the registration effective time is only a planned time, in this method, the registration The effective time is still subject to the time when the registered exchange is in the block; 10.10)查找公钥P的第一个注册作废交易,一个注册公钥P在本方法下只能被有效作废一次,第一个公钥P的注册作废交易为有效注册作废交易;10.10) Find the first registration invalidation transaction of the public key P, a registration public key P can only be validly invalidated once under this method, and the registration invalidation transaction of the first public key P is a valid registration invalidation transaction; 10.10.1)如果存在,获取公钥P的注册作废时间和注册作废交易所在区块的时间;10.10.1) If it exists, obtain the registration invalidation time of the public key P and the time when the registration invalidation exchange is in the block; 10.10.2)如果注册作废时间早于(小于)注册作废交易所在区块的时间,更新注册作废时间为注册作废交易所在区块的时间,在信息作废信息中,注册作废时间只是一个计划时间,真正的注册作废时间要以注册作废交易所在区块的时间为准,以防止公钥P没有及时被有效作废;10.10.2) If the registration invalidation time is earlier (less than) the time when the registration invalidation exchange is in the block, the update registration invalidation time is the time when the registration invalidation exchange is in the block. In the information invalidation information, the registration invalidation time is only a plan Time, the real registration invalidation time should be based on the time of the registration invalidation exchange in the block, in order to prevent the public key P from being invalidated effectively in time; 10.10.3)如果注册作废时间早于公钥P的注册失效时间,更新公钥P的注册失效时间为注册作废时间,若不判断,注册失效时间若早于注册作废时间,容易引起前向攻击;10.10.3) If the registration invalidation time is earlier than the registration invalidation time of the public key P, the registration invalidation time of updating the public key P is the registration invalidation time. If not judged, if the registration invalidation time is earlier than the registration invalidation time, it is easy to cause forward attacks. ; 10.11)如果公钥P的注册生效时间等于或晚于注册失效时间,返回空值;10.11) If the registration effective time of the public key P is equal to or later than the registration expiration time, return a null value; 10.12)返回公钥P的注册生效时间和注册失效时间。10.12) Return the registration effective time and registration expiration time of the public key P. 9.根据权利要求1所述的一种基于比特币或其分支区块链的身份管理方法,其特征在于,所述身份查询的方法中,输入为公钥P和注册者名称,以及注册中心公钥PRC和注册中心名称,输出为真或假,真表示在公钥P的有效注册时间段内注册者是公钥P的合法拥有者,否则,反之;该方法按如下步骤实现:9. The identity management method based on Bitcoin or its branch block chain according to claim 1, characterized in that, in the method for identity query, the input is the public key P and the name of the registrant, and the registration center The public key P RC and the name of the registration center, the output is true or false, true means that the registrant is the legal owner of the public key P during the valid registration period of the public key P, otherwise, the opposite is true; the method is implemented as follows: 11.1)使用注册信息有效注册时间段查询方法查询P的有效注册时间段判断公钥P是否在有效注册时间段内;11.1) Use the registration information valid registration period query method to query the valid registration period of P to determine whether the public key P is within the valid registration period; 11.2)如果返回空值,则返回假;11.2) If it returns null, return false; 11.3)使用注册信息有效注册时间段查询方法查询PRC的有效注册时间段,判断注册中心公钥PRC是否在有效注册时间段内;11.3) Use the registration information valid registration time period query method to query the valid registration time period of the PRC, and determine whether the public key PRC of the registration center is within the valid registration time period; 11.4)如果返回空值,则返回假;11.4) If it returns null, it returns false; 11.5)获取P的注册信息;11.5) Obtain the registration information of P; 11.6)如果注册信息中的注册者名称不等于输入的注册者名称,则返回假;11.6) If the registrant name in the registration information is not equal to the entered registrant name, return false; 11.7)获取PRC的注册信息;11.7) Obtain the registration information of PRC; 11.8)如果注册信息中的注册中心名称不等于输入的注册中心名称,则返回假;11.8) If the registration center name in the registration information is not equal to the input registration center name, return false; 11.9)如果P的注册生效时间不在PRC的有效注册时间段内,则返回假;否则,返回真。11.9) If the registration effective time of P is not within the valid registration time period of PRC, return false; otherwise, return true.
CN202110712465.XA 2021-06-25 2021-06-25 Identity management method based on block chain Active CN113468594B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110712465.XA CN113468594B (en) 2021-06-25 2021-06-25 Identity management method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110712465.XA CN113468594B (en) 2021-06-25 2021-06-25 Identity management method based on block chain

Publications (2)

Publication Number Publication Date
CN113468594A true CN113468594A (en) 2021-10-01
CN113468594B CN113468594B (en) 2024-03-19

Family

ID=77873018

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110712465.XA Active CN113468594B (en) 2021-06-25 2021-06-25 Identity management method based on block chain

Country Status (1)

Country Link
CN (1) CN113468594B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109150836A (en) * 2018-07-21 2019-01-04 江苏飞搏软件股份有限公司 Block chain entity identities management system and method
CN109819443A (en) * 2018-12-29 2019-05-28 东莞见达信息技术有限公司 Authentication registration method, apparatus and system based on block chain
CN111753014A (en) * 2020-06-28 2020-10-09 中国银行股份有限公司 Identity authentication method and device based on block chain

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109150836A (en) * 2018-07-21 2019-01-04 江苏飞搏软件股份有限公司 Block chain entity identities management system and method
CN109819443A (en) * 2018-12-29 2019-05-28 东莞见达信息技术有限公司 Authentication registration method, apparatus and system based on block chain
CN111753014A (en) * 2020-06-28 2020-10-09 中国银行股份有限公司 Identity authentication method and device based on block chain

Also Published As

Publication number Publication date
CN113468594B (en) 2024-03-19

Similar Documents

Publication Publication Date Title
US10829088B2 (en) Identity management for implementing vehicle access and operation management
CN113239382B (en) A trusted identity model based on blockchain smart contracts
CN108810073B (en) Block chain-based Internet of things multi-domain access control system and method
US11698958B2 (en) Systems and methods for device and user authorization
EP3460693A1 (en) Methods and apparatus for implementing identity and asset sharing management
CN101645900B (en) Cross-domain authority management system and method
CN113204783B (en) Privacy protection safety decentralized self-ownership identity authentication protocol method
CN112311530A (en) A blockchain-based alliance trust distributed identity credential management and authentication method
EP3966769B1 (en) Methods and devices for registering and authenticating miner identity in a blockchain network
RU2004105509A (en) REGISTRATION / SUB-REGISTRATION OF THE DIGITAL RIGHTS MANAGEMENT SERVER (DRM) IN THE DRM ARCHITECTURE
CN101160783A (en) Security authentication system and method
GB2583766A (en) Methods and devices for recording work history and proving reputation in a blockchain network
US20080052388A1 (en) Substitutable domain management system and method for substituting the system
US20230412400A1 (en) Method for suspending protection of an object achieved by a protection device
CN101051895B (en) An authentication method and system integrating biometric authentication and attribute certificate
CN113032814A (en) Internet of things data management method and system
KR20100066907A (en) Integrated authentication and access control system and method the same
Rahat et al. Blockchain based secured multipurpose identity (smid) management system for smart cities
CN113468594A (en) Identity management method based on bitcoin or branch block chain thereof
CN116760619A (en) A vehicle privacy protection method based on cloud storage blockchain in the Internet of Vehicles
CN103559429B (en) The method and system of software processes
CN114760333A (en) Power internet of things data trusted exchange method and system based on alliance link identification service
CN114036482A (en) Blockchain-based data management method, electronic device, and storage medium
KR102709649B1 (en) Method for generating verifiable credential of mobile device based on residential area through decentralized identifier technology of blockchain
KR102709650B1 (en) Method for generating verifiable credential of mobile device according to change of residential area through decentralized identifier technology of blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant