CN113572616B - Authentication method and device based on distributed bidding platform and related equipment - Google Patents
Authentication method and device based on distributed bidding platform and related equipment Download PDFInfo
- Publication number
- CN113572616B CN113572616B CN202110712856.1A CN202110712856A CN113572616B CN 113572616 B CN113572616 B CN 113572616B CN 202110712856 A CN202110712856 A CN 202110712856A CN 113572616 B CN113572616 B CN 113572616B
- Authority
- CN
- China
- Prior art keywords
- node
- data
- public key
- certificate
- authenticated
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 238000012795 verification Methods 0.000 claims abstract description 67
- 238000004422 calculation algorithm Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 8
- 238000013500 data storage Methods 0.000 claims description 4
- 230000000875 corresponding effect Effects 0.000 description 15
- 230000008569 process Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a distributed bidding platform-based authentication method, a distributed bidding platform-based authentication device, computer equipment and a distributed bidding platform-based authentication medium, wherein the method comprises the following steps: in this embodiment, the first node encrypts to-be-authenticated data to other broadcast to-be-authenticated data, where the to-be-authenticated data is obtained by encrypting to-be-issued data by using a private key of a node certificate of the first node, the node certificate of the first node is a CA certificate issued by the first node, the second node obtains a public key of the node certificate of the first node stored in the second node as the first public key, the second node performs signature verification on the to-be-authenticated data by using the first public key to obtain a signature verification result, if the signature verification result of the second node is passed, the to-be-authenticated data is used as authentication data, and performs data consensus storage by a node of the blockchain network to store the authentication data in the blockchain network.
Description
Technical Field
The invention relates to the technical field of blockchains, in particular to a distributed bidding platform-based authentication method, a distributed bidding platform-based authentication device, computer equipment and media.
Background
In the bidding field, different bidding platforms are asymmetric for information acquisition, such as information sources including related information published in a bidding sharing platform, related information published by a bidding related supervision, and the like. For inter-institution identity mutual authentication, a distributed CA authentication architecture based on blockchain may be employed.
The problems of inter-institution mutual identification and bidding platform user identity identification are all that all institutions adopt the same trusted third party CA certificate system, but the mode is too centralized in control, the risk of single-point failure exists, and the security of data in the bidding platform authentication process is difficult to ensure.
Disclosure of Invention
The embodiment of the invention provides a distributed bidding platform based authentication method, a distributed bidding platform based authentication device, computer equipment and a storage medium, so as to improve data security in the bidding platform authentication process.
In order to solve the above technical problems, an embodiment of the present application provides a distributed bidding platform authentication method, including:
The method comprises the steps that a first node broadcasts data to be authenticated to other broadcasting, wherein the data to be authenticated is obtained by encrypting data to be issued by adopting a private key of a node certificate of the first node, and the node certificate of the first node is a CA certificate issued by the first node;
A second node obtains a public key of a node certificate of the first node stored in the second node as a first public key, wherein the second node is any node in the other nodes;
the second node adopts the first public key to check the data to be authenticated to obtain a check result;
and if the signature verification result of the second node is passed, taking the data to be authenticated as authentication data, executing data consensus storage through the nodes of the blockchain network, and storing the authentication data into the blockchain network.
Optionally, before the first node broadcasts the data to be authenticated to other nodes, the distributed bidding platform based authentication method further comprises:
When the first node receives a certificate application request of a platform user, verifying user information contained in the certificate application request, and distributing a public key to the platform user by adopting a root certificate of the first node after verification is passed;
When receiving user uploading data encrypted by a public key of a platform user, the first node performs identity authentication on the platform user, and after the authentication is passed, the user uploading data is encrypted and stored, and the encrypted and stored user uploading data is used as the data to be authenticated.
Optionally, after the verification is passed, encrypting and storing the user uploading data, and taking the user uploading data stored in an encrypting way as the data to be authenticated includes:
Constructing the user uploading data into a transaction body;
And signing and storing the transaction body by adopting the root certificate private key of the first node.
Optionally, before the second node obtains, as the first public key, the public key of the node certificate of the first node stored in the second node, the method includes:
The first node sends the public key corresponding to the root certificate to other nodes in the network;
And the second node receives the public key corresponding to the root certificate, and associates the public key with the first node and stores the public key in the self node.
Optionally, the data to be authenticated is obtained by encrypting by adopting a national encryption asymmetric encryption algorithm SM 2.
Optionally, the second node performs signature verification on the data to be authenticated by adopting the first public key, and obtaining a signature verification result includes:
Each second node adopts a national encryption asymmetric encryption algorithm SM2 to check the data to be authenticated according to the first public key;
and determining that the signature verification result is the signature verification passing after acquiring any message that the second node passes the signature verification.
In order to solve the above technical problems, the embodiment of the present application further provides a distributed bidding platform authentication device, which includes:
The data broadcasting module is used for broadcasting data to be authenticated to other nodes, wherein the data to be authenticated is obtained by encrypting data to be issued by adopting a private key of a node certificate of the first node, and the node certificate of the first node is a CA certificate issued by the first node;
The public key acquisition module is used for acquiring a public key of the node certificate of the first node stored in the second node by the second node as a first public key, wherein the second node is any node in the other nodes;
The data signing verification module is used for verifying the data to be authenticated by the second node through the first public key to obtain a signing verification result;
and the data storage module is used for taking the data to be authenticated as authentication data if the signature verification result of the second node is passed, executing data consensus storage through the nodes of the blockchain network and storing the authentication data into the blockchain network.
Optionally, the distribution-based bidding platform authentication device further comprises:
The public key distribution module is used for verifying the user information contained in the certificate application request when the first node receives the certificate application request of the platform user, and distributing a public key to the platform user by adopting the root certificate of the first node after the verification is passed;
And the data receiving module is used for carrying out identity authentication on the platform user by the first node when receiving the user uploading data encrypted by the platform user through the public key, carrying out encryption storage on the user uploading data after the authentication is passed, and taking the user uploading data stored in an encryption mode as the data to be authenticated.
Optionally, the data receiving module includes:
The transaction body construction unit is used for constructing the user uploading data into a transaction body;
and the data signing unit is used for signing and storing the transaction body by adopting the root certificate private key of the first node.
Optionally, the distribution-based bidding platform authentication device further comprises:
The public key distribution module is used for sending the public key corresponding to the root certificate to other nodes in the network by the first node;
And the public key storage module is used for receiving the public key corresponding to the root certificate by the second node and storing the public key and the first node in the own node in a correlated way.
Optionally, the data signing verification module includes:
The data signing verification unit is used for each second node to verify the data to be authenticated by adopting a national encryption asymmetric encryption algorithm SM2 according to the first public key;
And the result determining unit is used for determining that the signature verification result is the signature verification passing after acquiring any message that the second node passes the signature verification.
In order to solve the technical problem, the embodiment of the application also provides a computer device, which comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the steps of the authentication method based on the distributed bidding platform are realized when the processor executes the computer program.
In order to solve the above technical problem, an embodiment of the present application further provides a computer readable storage medium, where a computer program is stored, where the computer program, when executed by a processor, implements the steps of the above-mentioned distributed bidding platform authentication method.
According to the distributed bidding platform authentication method, device, computer equipment and storage medium, through the embodiment, the first node broadcasts data to be authenticated to other nodes, the data to be authenticated is obtained by encrypting the data to be issued by adopting the private key of the node certificate of the first node, the node certificate of the first node is the CA certificate issued by the first node, the second node obtains the public key of the node certificate of the first node stored in the second node as the first public key, the second node adopts the first public key to check the data to be authenticated to obtain the checking result, if the checking result of the second node is passed, the data to be authenticated is used as the authentication data, and the data to be authenticated is stored in the block chain network by executing data consensus through the nodes of the block chain network, so that verification is realized without depending on other main nodes, the mutual influence among all the nodes can be avoided, and the security in the bidding platform data authentication process is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments of the present invention will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic illustration of an application environment in which the present application may be applied;
FIG. 2 is a flow chart of one embodiment of a distributed bidding platform based authentication method of the present application;
FIG. 3 is a schematic diagram illustrating one embodiment of a distributed-based bidding platform authentication apparatus, in accordance with the present application;
FIG. 4 is a schematic structural diagram of one embodiment of a computer device in accordance with the present application.
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used in the description of the applications herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "comprising" and "having" and any variations thereof in the description of the application and the claims and the description of the drawings above are intended to cover a non-exclusive inclusion. The terms first, second and the like in the description and in the claims or in the above-described figures, are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, as shown in fig. 1, fig. 1 is a schematic diagram of an application environment based on a distributed bidding platform authentication method in an embodiment of the present application, the distributed bidding platform authentication method provided in the present application may be applied in an application environment as shown in fig. 1, where a blockchain is composed of a plurality of nodes capable of communicating with each other, each node may be regarded as a block storage, each block storage is used to store data, each data node includes all data, the block storage data has a complete history record and may be rapidly restored and expanded, a regional chain is divided into public chains, private chains and alliance chains, any node is open, each mechanism/node may participate in the blockchain calculation, any mechanism/node may download to obtain complete blockchain data, the private chains are some blockchains and do not wish to participate in the system, and are not disclosed for the outside, and are applicable to internal data management and audit or open test of a specific mechanism, the alliance chains are all participated in each node, all nodes are all in peer-to-peer nodes, all data may be completely exited from a hash chain, and a hash function is more than one entity may need to be completely and completely complete to be added to a hash-based system in a hash-based network, and a hash function has a full-size and a hash function is realized.
Referring to fig. 2, fig. 2 shows a distributed bidding platform authentication method according to an embodiment of the present invention, and the method is applied to the application environment in fig. 1 for explanation, and is described in detail as follows:
S201: the first node broadcasts data to be authenticated to other nodes, wherein the data to be authenticated is obtained by encrypting the data to be issued by adopting a private key of a node certificate of the first node, and the node certificate of the first node is a CA certificate issued by the first node.
Specifically, each bidding platform is a node in the blockchain network, each node stores a root certificate (including public and private keys) corresponding to the node and certificates (including public keys) issued by other nodes, in this embodiment, the node needing to perform information sharing is used as a first node, the first node needs to verify identity through other nodes of the blockchain network before performing information sharing, so as to ensure the authenticity and reliability of data sources.
Optionally, in order to ensure data security, the data to be authenticated is encrypted, and as a preferred mode, the data to be authenticated in this embodiment is obtained by encrypting by adopting a cryptographic asymmetric encryption algorithm SM 2.
Among them, the bidding platform in this embodiment includes, but is not limited to, a bidding public service platform, a bidding procurement information platform, a bidding supervision, and the like.
In a specific optional embodiment, before step S201, the distributed bidding platform authentication method further includes:
When receiving a certificate application request of a platform user, a first node verifies user information contained in the certificate application request, and after verification is passed, a public key is distributed to the platform user by adopting a root certificate of the first node;
When receiving user uploading data encrypted by a platform user through a public key, a first node performs identity authentication on the platform user, and after the authentication is passed, the user uploading data is encrypted and stored, and the encrypted and stored user uploading data is used as data to be authenticated.
Specifically, for a platform user using a bidding platform, a certificate of the user needs to be acquired, and when uploading information to the bidding platform, the uploading information of the platform user is encrypted through the certificate, so that the non-repudiation of the data is ensured, and the process of acquiring the certificate by the platform user is as follows: and the user submits personal identity information, wherein the personal identity information comprises, but is not limited to, an account number, a password, an identity card number, a name, a department belonging to the user on the platform, and the like, after the platform node verifies the identity of the applicant, a public key is distributed to the user by utilizing a root certificate, the public key and the applicant identity information are bound together, and after signing, a certificate is formed and sent to the applicant.
Further, the user needs to store the CA certificate of the user in the local client, when the user uploads the digital information by the client, the user public key in the CA certificate is used for encrypting the digital information, so that the integrity and the safety of the digital information transmission are ensured, and meanwhile, the digital signature of the identity authentication node in the CA certificate and the user identity information are carried. The digital signature of the identity verification node can ensure the authenticity of the certificate information, and the digital information is signed by the CA certificate so as to ensure the non-repudiation of the digital information.
In a specific optional embodiment, after the verification is passed, encrypting and storing the user uploading data, wherein the step of using the user uploading data stored in an encrypting way as the data to be authenticated comprises the following steps:
constructing user uploading data into a transaction body;
and signing and storing the transaction body by adopting the root certificate private key of the first node.
Specifically, in this embodiment, the transaction body is a data structure, and the data structure is specifically formed by a plurality of parts, each part represents a group of data, in this embodiment, the data is configured into a transaction body, and when the data is linked, the chain can obtain corresponding data through analysis, so as to implement timely processing of the sent information, and further can verify and store the sent information. The transaction body contains data as follows: uplink data, data source address, data upload address, whether or not to use contract type (if contracts are used) through consensus, signature information. The transaction body can be java class, one class has a plurality of attributes, each attribute corresponds to various data above, various data are packaged, and the transaction body is transmitted to the node.
After the transaction body arrives, the blockchain node analyzes the transaction body through own code logic to obtain signature information in the transaction body, performs signature verification, passes the signature verification, obtains corresponding data to store, performs io operation on the data through serialization and a disk, and stores the data in leveldb, wherein leveldb is a place where the blockchain data is stored, similar to a database, and occupies disk space of a server. Meanwhile, the SM2 algorithm is utilized to sign the transaction body based on the root certificate private key, the environment where the signature is located is the blockchain operation environment, and then the signed transaction body is sent to other nodes through a communication network among the blockchain nodes.
S202: the second node obtains a public key of a node certificate of the first node stored in the second node as the first public key, wherein the second node is any node in other nodes.
The second node is any one of the other nodes mentioned in S201, each node in the blockchain network stores a public key corresponding to a node certificate of the other node, and after receiving the broadcast information of the first node, acquires the public key corresponding to the node certificate of the first node from the stored public keys, and uses the public key as the first public key.
Note that, in this embodiment, the number of the second nodes may be one or more, which is not limited in particular.
In a specific optional embodiment, before step S202, the distributed bidding platform authentication method further includes:
the first node sends the public key corresponding to the root certificate to other nodes in the network;
And the second node receives the public key corresponding to the root certificate, and associates the public key with the first node and stores the public key in the self node.
In this embodiment, the first node sends the public key corresponding to the root certificate to other nodes in the blockchain network in advance, and when the first node needs to perform data authentication on the uploaded data, the other nodes are facilitated to perform quick signature verification through the stored public key, so that signature verification efficiency and accuracy are improved.
S203: and the second node adopts the first public key to carry out signature verification on the data to be authenticated, and a signature verification result is obtained.
In a specific optional embodiment, in step S203, the second node performs signature verification on the data to be authenticated by using the first public key, and the obtaining a signature verification result includes:
Each second node adopts a national encryption asymmetric encryption algorithm SM2 to check and sign the data to be authenticated according to the first public key;
And when the message that any one of the second nodes passes the signature verification is obtained, determining that the signature verification result is the signature verification pass.
In this embodiment, the plurality of nodes all have own root certificates, each node can issue certificates for its own user by using its own root certificate, and each node has the root certificate public key of other nodes except its own, that is, when one node a broadcasts the transaction body to other nodes, other nodes can verify directly according to the public key of the node a stored by itself, and do not rely on other main nodes to verify, so that each node cannot affect each other.
S204: if the signature verification result of the second node is passed, the data to be authenticated is used as authentication data, and the data consensus storage is executed through the nodes of the blockchain network, so that the authentication data is stored in the blockchain network.
It should be noted that, in this embodiment, all participants are not required to sign a transaction, a first node receives a transaction, after signing the transaction, after broadcasting to other nodes, the other nodes directly sign the transaction, and then directly store the transaction in a second node through signing.
In this embodiment, the first node encrypts to-be-authenticated data to other broadcast to-be-authenticated data, where the to-be-authenticated data is obtained by encrypting to-be-issued data by using a private key of a node certificate of the first node, the node certificate of the first node is a CA certificate issued by the first node, the second node obtains a public key of the node certificate of the first node stored in the second node as the first public key, the second node performs signature verification on the to-be-authenticated data by using the first public key to obtain a signature verification result, if the signature verification result of the second node is passed, the to-be-authenticated data is used as authentication data, and performs data consensus storage by a node of a blockchain network, so that verification is realized without depending on other main nodes, and thus, each node cannot be affected, and safety in a bidding platform data authentication process is improved.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic, and should not limit the implementation process of the embodiment of the present invention.
Fig. 3 shows a schematic block diagram of a distributed bidding platform authentication apparatus based on a one-to-one correspondence with the distributed bidding platform authentication method of the above embodiment. As shown in fig. 3, the distributed bidding platform authentication apparatus includes a data broadcasting module 31, a public key acquisition module 32, a data signing module 33 and a data storage module 34. The functional modules are described in detail as follows:
the data broadcasting module 31 is configured to broadcast data to be authenticated to other nodes, where the data to be authenticated is obtained by encrypting data to be issued by using a private key of a node certificate of the first node, and the node certificate of the first node is a CA certificate issued by the first node;
A public key obtaining module 32, configured to obtain, by a second node, a public key of a node certificate of a first node stored in the second node, as the first public key, where the second node is any one of the other nodes;
the data signing verification module 33 is configured to verify signing of the data to be authenticated by using the first public key by using the second node, so as to obtain a signing verification result;
And the data storage module 34 is configured to take the data to be authenticated as authentication data if the signature verification result of the second node is passed, perform data consensus storage through the nodes of the blockchain network, and store the authentication data to the blockchain network.
Optionally, the distribution-based bidding platform authentication device further comprises:
The public key distribution module is used for verifying the user information contained in the certificate application request when the first node receives the certificate application request of the platform user, and distributing a public key to the platform user by adopting the root certificate of the first node after the verification is passed;
and the data receiving module is used for carrying out identity verification on the platform user by the first node when receiving the user uploading data encrypted by the platform user through the public key, carrying out encryption storage on the user uploading data after the verification is passed, and taking the user uploading data stored in an encryption mode as data to be authenticated.
Optionally, the data receiving module includes:
The transaction body construction unit is used for constructing the user uploading data into a transaction body;
And the data signing unit is used for signing and storing the transaction body by adopting the root certificate private key of the first node.
Optionally, the distribution-based bidding platform authentication device further comprises:
the public key distribution module is used for transmitting the public key corresponding to the root certificate to other nodes in the network by the first node;
and the public key storage module is used for receiving the public key corresponding to the root certificate by the second node and storing the public key and the first node in the own node in an associated manner.
Optionally, the data tag verification module 33 includes:
the data signing verification unit is used for signing the data to be authenticated by each second node according to the first public key by adopting a national encryption asymmetric encryption algorithm SM 2;
and the result determining unit is used for determining that the signature verification result is the signature verification passing after acquiring the message that any one of the second nodes passes the signature verification.
Specific limitations regarding the distributed bidding platform authentication apparatus may be found in the above description of the distributed bidding platform authentication method, and will not be described in detail herein. The various modules in the distributed bidding platform based authentication apparatus described above may be implemented in whole or in part in software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In order to solve the technical problems, the embodiment of the application also provides computer equipment. Referring specifically to fig. 4, fig. 4 is a basic structural block diagram of a computer device according to the present embodiment.
The computer device 4 comprises a memory 41, a processor 42, a network interface 43 communicatively connected to each other via a system bus. It is noted that only a computer device 4 having a component connection memory 41, a processor 42, a network interface 43 is shown in the figures, but it is understood that not all of the illustrated components are required to be implemented and that more or fewer components may be implemented instead. It will be appreciated by those skilled in the art that the computer device herein is a device capable of automatically performing numerical calculation and/or information processing according to a preset or stored instruction, and its hardware includes, but is not limited to, a microprocessor, an Application SPECIFIC INTEGRATED Circuit (ASIC), a Programmable gate array (Field-Programmable GATE ARRAY, FPGA), a digital Processor (DIGITAL SIGNAL Processor, DSP), an embedded device, and the like.
The computer equipment can be a desktop computer, a notebook computer, a palm computer, a cloud server and other computing equipment. The computer equipment can perform man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch pad or voice control equipment and the like.
The memory 41 includes at least one type of readable storage medium including flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or D interface display memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the storage 41 may be an internal storage unit of the computer device 4, such as a hard disk or a memory of the computer device 4. In other embodiments, the memory 41 may also be an external storage device of the computer device 4, such as a plug-in hard disk, a smart memory card (SMART MEDIA CARD, SMC), a Secure Digital (SD) card, a flash memory card (FLASH CARD) or the like, which are provided on the computer device 4. Of course, the memory 41 may also comprise both an internal memory unit of the computer device 4 and an external memory device. In this embodiment, the memory 41 is generally used to store an operating system and various application software installed on the computer device 4, such as program code based on distributed bidding platform authentication. Further, the memory 41 may be used to temporarily store various types of data that have been output or are to be output.
The processor 42 may be a central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor, or other data processing chip in some embodiments. The processor 42 is typically used to control the overall operation of the computer device 4. In this embodiment, the processor 42 is configured to execute a program code stored in the memory 41 or process data, such as a program code for executing control of an electronic file.
The network interface 43 may comprise a wireless network interface or a wired network interface, which network interface 43 is typically used for establishing a communication connection between the computer device 4 and other electronic devices.
The present application also provides another embodiment, namely, a computer readable storage medium storing an interface display program executable by at least one processor to cause the at least one processor to perform the steps of the distributed-based bidding platform authentication method as described above.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present application.
It is apparent that the above-described embodiments are only some embodiments of the present application, but not all embodiments, and the preferred embodiments of the present application are shown in the drawings, which do not limit the scope of the patent claims. This application may be embodied in many different forms, but rather, embodiments are provided in order to provide a thorough and complete understanding of the present disclosure. Although the application has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described in the foregoing description, or equivalents may be substituted for elements thereof. All equivalent structures made by the content of the specification and the drawings of the application are directly or indirectly applied to other related technical fields, and are also within the scope of the application.
Claims (7)
1. The distributed bidding platform-based authentication method is applied to a blockchain network comprising at least two bidding platforms or related institutions, each bidding platform or related institution corresponds to one node in the blockchain network, and is characterized in that each node stores a root certificate corresponding to the node and certificates issued by other nodes, the first node is a node corresponding to the bidding platform for information sharing, and the second node is another bidding platform, and the method comprises the following steps:
when a first node receives a certificate application request of a platform user, verifying user information contained in the certificate application request, and distributing a public key to the platform user by adopting a root certificate of the first node after verification is passed;
when receiving user uploading data encrypted by a platform user through a public key, the first node performs identity verification on the platform user, and after verification is passed, the user uploading data is encrypted and stored, and the encrypted and stored user uploading data is used as data to be authenticated;
The first node sends the public key corresponding to the root certificate to other nodes in the network;
The second node receives the public key corresponding to the root certificate, and associates the public key with the first node and stores the public key in the self node;
The method comprises the steps that a first node broadcasts data to be authenticated to other nodes, wherein the data to be authenticated is obtained by encrypting data to be issued by adopting a private key of a node certificate of the first node, and the node certificate of the first node is a CA certificate issued by the first node;
A second node obtains a public key of a node certificate of the first node stored in the second node as a first public key, wherein the second node is any node in the other nodes;
the second node adopts the first public key to check the data to be authenticated to obtain a check result;
and if the signature verification result of the second node is passed, taking the data to be authenticated as authentication data, executing data consensus storage through the nodes of the blockchain network, and storing the authentication data into the blockchain network.
2. The distributed bidding platform based authentication method of claim 1, wherein after the verification is passed, encrypting the user upload data, and using the encrypted user upload data as the data to be authenticated comprises:
Constructing the user uploading data into a transaction body;
And signing and storing the transaction body by adopting the root certificate private key of the first node.
3. The distributed bidding platform authentication method according to claim 1, wherein the data to be authenticated is obtained by encrypting by adopting a national encryption asymmetric encryption algorithm SM 2.
4. The distributed bidding platform based authentication method of claim 3, wherein the second node performs signature verification on the data to be authenticated using the first public key, and obtaining a signature verification result comprises:
Each second node adopts a national encryption asymmetric encryption algorithm SM2 to check the data to be authenticated according to the first public key;
and determining that the signature verification result is the signature verification passing after acquiring any message that the second node passes the signature verification.
5. A distributed bidding platform-based authentication device applied to a blockchain network comprising at least two bidding platforms or related institutions, wherein each bidding platform or related institution corresponds to one node in the blockchain network, and the distributed bidding platform-based authentication device is characterized in that each node stores a root certificate corresponding to the node and certificates issued by other nodes, the first node corresponds to the bidding platform for information sharing, the second node corresponds to the other bidding platform, and the distributed bidding platform-based authentication device comprises:
The public key distribution module is used for verifying the user information contained in the certificate application request when the first node receives the certificate application request of the platform user, and distributing a public key to the platform user by adopting the root certificate of the first node after the verification is passed;
The data receiving module is used for carrying out identity verification on the platform user by the first node when receiving user uploading data encrypted by the platform user through a public key, carrying out encryption storage on the user uploading data after verification is passed, and taking the user uploading data stored in an encryption mode as data to be authenticated;
The public key distribution module is used for sending the public key corresponding to the root certificate to other nodes in the network by the first node;
The public key storage module is used for receiving a public key corresponding to the root certificate by the second node and storing the public key and the first node in the own node in an associated manner;
the data broadcasting module is used for broadcasting data to be authenticated to other nodes by a first node, wherein the data to be authenticated is obtained by encrypting data to be issued by adopting a private key of a node certificate of the first node, and the node certificate of the first node is a CA certificate issued by the first node;
The public key acquisition module is used for acquiring a public key of the node certificate of the first node stored in the second node by the second node as a first public key, wherein the second node is any node in the other nodes;
The data signing verification module is used for verifying the data to be authenticated by the second node through the first public key to obtain a signing verification result;
and the data storage module is used for taking the data to be authenticated as authentication data if the signature verification result of the second node is passed, executing data consensus storage through the nodes of the blockchain network and storing the authentication data into the blockchain network.
6. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the distributed bidding platform based authentication method of any of claims 1 to 4 when the computer program is executed.
7.A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the distributed bidding platform authentication method of any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110712856.1A CN113572616B (en) | 2021-06-25 | 2021-06-25 | Authentication method and device based on distributed bidding platform and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110712856.1A CN113572616B (en) | 2021-06-25 | 2021-06-25 | Authentication method and device based on distributed bidding platform and related equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113572616A CN113572616A (en) | 2021-10-29 |
| CN113572616B true CN113572616B (en) | 2024-06-28 |
Family
ID=78162792
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110712856.1A Active CN113572616B (en) | 2021-06-25 | 2021-06-25 | Authentication method and device based on distributed bidding platform and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113572616B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110247757A (en) * | 2019-04-19 | 2019-09-17 | 中国工商银行股份有限公司 | Block chain processing method based on national secret algorithm, apparatus and system |
| CN110751544A (en) * | 2019-10-18 | 2020-02-04 | 中国联合网络通信集团有限公司 | Bidding information, supervision information and bid evaluation information processing method, terminal and system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110311883B (en) * | 2018-03-27 | 2020-11-10 | 华为技术有限公司 | Identity management method, device, communication network and storage medium |
| CN110061846B (en) * | 2019-03-14 | 2022-08-23 | 深圳壹账通智能科技有限公司 | Method, device and computer readable storage medium for identity authentication and confirmation of user node in block chain |
-
2021
- 2021-06-25 CN CN202110712856.1A patent/CN113572616B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110247757A (en) * | 2019-04-19 | 2019-09-17 | 中国工商银行股份有限公司 | Block chain processing method based on national secret algorithm, apparatus and system |
| CN110751544A (en) * | 2019-10-18 | 2020-02-04 | 中国联合网络通信集团有限公司 | Bidding information, supervision information and bid evaluation information processing method, terminal and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113572616A (en) | 2021-10-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111737724B (en) | Data processing method and device, intelligent equipment and storage medium | |
| US12095932B2 (en) | Digital certificate verification method and apparatus, computer device, and storage medium | |
| JP7093428B2 (en) | Digital certificate management methods, devices, computer devices and computer programs | |
| US20200143019A1 (en) | System and method for mapping decentralized identifiers to real-world entities | |
| CN111314172B (en) | Block chain-based data processing method, device, equipment and storage medium | |
| CN112527912B (en) | Data processing method and device based on block chain network and computer equipment | |
| CN110569674A (en) | Block chain network-based authentication method and device | |
| CN110362357A (en) | A kind of configuration file management method and device of application program | |
| CN112953978B (en) | Multi-signature authentication method, device, equipment and medium | |
| CN111343170B (en) | Electronic signing method and system | |
| CN111460457A (en) | Real estate property registration supervision method, device, electronic equipment and storage medium | |
| CN111488372A (en) | Data processing method, device and storage medium | |
| CN114760071B (en) | Zero-knowledge proof based cross-domain digital certificate management method, system and medium | |
| CN111461799B (en) | Data processing method, data processing device, computer equipment and medium | |
| CN111385096A (en) | Block chain network, signature processing method, terminal and storage medium | |
| CN116975901A (en) | Identity verification method, device, equipment, medium and product based on block chain | |
| CN112069529B (en) | Block chain-based volume management method and device, computer and storage medium | |
| CN118114222A (en) | Authentication method, device, system, equipment and medium for data product | |
| CN108833104A (en) | A kind of signature method, verification method and the device of file | |
| CN113572616B (en) | Authentication method and device based on distributed bidding platform and related equipment | |
| CN115549984A (en) | Cross-chain transaction method, device, equipment and storage medium | |
| CN112163917B (en) | Bill processing method and device based on blockchain, medium and electronic equipment | |
| CN114844695A (en) | Service data circulation method, system and related equipment based on block chain | |
| CN113326527A (en) | Credible digital signature system and method based on block chain | |
| CN114362960B (en) | Resource account data supervision method and device, computer equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |