CN113904850A - Secure login method, generation method and system based on block chain private key keystore and electronic equipment - Google Patents
Secure login method, generation method and system based on block chain private key keystore and electronic equipment Download PDFInfo
- Publication number
- CN113904850A CN113904850A CN202111178401.2A CN202111178401A CN113904850A CN 113904850 A CN113904850 A CN 113904850A CN 202111178401 A CN202111178401 A CN 202111178401A CN 113904850 A CN113904850 A CN 113904850A
- Authority
- CN
- China
- Prior art keywords
- private key
- keystore
- user
- identification information
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
Abstract
The embodiment of the invention provides a security login method based on a block chain private key keystore and electronic equipment, wherein the security login method based on the block chain private key keystore comprises the following steps: acquiring user login information, wherein the login information comprises user biological identification information for uniquely confirming the user information; acquiring unique identification information generated based on the user biological identification information according to the user login information; decrypting a private key keystore in which a private key is stored according to the unique identification information to obtain the private key; authenticating whether the private key and the corresponding public key are successfully paired; and if the pairing is successful, logging in by the user. The scheme of the invention utilizes the biological identification technology to obtain the unique password encryption private key to generate the keystore so as to provide safety. When the keystore is lost, the keystore cannot be decrypted because the biometric information of the user cannot be acquired, so that the safety of the system is guaranteed.
Description
Technical Field
The invention relates to the technical field of block chains, in particular to a key store secure login method based on a block chain private key, a key store generation method, a system and electronic equipment.
Background
With the rapid development of computer technology, information networks have become an important guarantee for social development. There are many sensitive information, even national secrets. So that the attack can be inevitably attracted to various man-made attacks from all over the world (such as information leakage, information stealing, data tampering, data deletion and addition, computer viruses and the like)
Most security problems arise deliberately by human malicious attempts to gain some benefit or harm to someone. It can be seen that ensuring network security is not only necessary to keep it free of programming errors, but more importantly may be more secure against those who are clever, typically sophisticated, professional, and plentiful, wealthy in time and money, from those who maliciously exploit network information security vulnerabilities to create network risks. At the same time, it must be clearly recognized that a method that can deter an enemy from accidentally performing vandalism would be of little use to those skilled in the art. And the login authentication in the information network is taken as the first pass of the system, which is very important. Although password authentication is also required in the login authentication process, the traditional password is stored in the server, and the password is lost and stolen.
Disclosure of Invention
In view of the above, an embodiment of the present invention provides a secure login method based on a block chain private key keystore, which at least partially solves the problems in the prior art.
In a first aspect, an embodiment of the present invention provides a secure login method based on a block chain private key keystore, where the secure login method based on the block chain private key keystore includes:
acquiring user login information, wherein the login information comprises user biological identification information for uniquely confirming the user information;
acquiring unique identification information generated based on the user biological identification information according to the user login information;
decrypting a private key keystore in which a private key is stored according to the unique identification information to obtain the private key;
authenticating whether the private key and the corresponding public key are successfully paired;
and if the pairing is successful, logging in by the user.
According to a specific implementation manner of the embodiment of the present invention, the method for generating the keystore in the step of decrypting the keystore storing the private key according to the user login information includes:
acquiring user information, wherein the user information comprises user biological identification information;
encrypting the user biological identification information according to an encryption algorithm to generate unique identification information;
encrypting the private key according to the unique identification information and a block chain encryption method to generate a private key keystore;
and storing the private key keystore to a local memory and a server side.
According to a specific implementation manner of the embodiment of the present invention, the encryption algorithm in the step of encrypting the biometric information of the user according to an encryption algorithm to generate unique identification information includes a hash algorithm or an elliptic curve encryption algorithm.
According to a specific implementation manner of the embodiment of the present invention, the step of obtaining the user information further includes:
generating a private key and a public key which are paired on a block chain service according to the user information;
and storing the public key to a server side.
According to a specific implementation manner of the embodiment of the present invention, the method for authenticating whether the private key and the corresponding public key are successfully paired comprises:
encrypting a random character string according to the private key to generate a user signature string;
acquiring a public key matched with a private key, and generating a server signature string for a random character string according to the public key;
and comparing whether the user signature string is consistent with the server signature string.
In a second aspect, an embodiment of the present invention provides a method for generating a keystore, where the method for generating a keystore includes:
acquiring user information, wherein the user information comprises user biological identification information;
generating unique identification information by combining encryption algorithm encryption according to the user biological identification information;
encrypting the private key according to the unique identification information and a block chain encryption method to generate a private key keystore;
and saving the private key keystore to a local memory and a server side.
In a third aspect, a block chain based keystore secure login system comprises:
the information acquisition module is used for acquiring user login information, wherein the login information comprises user biological identification information for uniquely confirming the user information;
the unique identification information acquisition module is used for acquiring unique identification information generated based on the user biological identification information according to the user login information;
the Keystore decryption module is used for decrypting a private key Keystore stored with a private key according to the unique identification information to obtain the private key;
the authentication module is used for authenticating whether the private key and the corresponding public key are successfully paired;
and the login module is used for logging in by the user when the pairing is successful.
According to a specific implementation manner of the embodiment of the present invention, the Keystore secure login system based on the block chain further includes a Keystore generation module, where the Keystore generation module includes:
a user information acquisition unit for acquiring user information including user biometric information;
a unique identification information generating unit for encrypting the user biometric identification information according to an encryption algorithm to generate unique identification information;
the Keystore generating unit is used for generating a private key Keystore by combining the unique identification information and the private key encrypted by the block chain encryption method;
and the storage unit is used for storing the private key keystore to a local memory and a server side.
In a fourth aspect, an embodiment of the present invention further provides an electronic device, where the electronic device includes:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method for secure login based on a block chain private key keystore in any of the implementations of the first aspect or the first aspect.
In a fourth aspect, an embodiment of the present invention further provides a non-transitory computer-readable storage medium storing computer instructions for causing a computer to execute the method for secure login based on a block chain private key keystore in the foregoing first aspect or any implementation manner of the first aspect.
In a fifth aspect, the present invention also provides a computer program product, which includes a computer program stored on a non-transitory computer-readable storage medium, where the computer program includes program instructions, which, when executed by a computer, cause the computer to execute the method for secure login based on a block chain private key keystore in the foregoing first aspect or any implementation manner of the first aspect.
The secure login method based on the block chain private key keystore in the embodiment of the invention comprises the following steps: acquiring user login information, wherein the login information comprises user biological identification information for uniquely confirming the user information; acquiring unique identification information generated based on the user biological identification information according to the user login information; decrypting a private key keystore in which a private key is stored according to the unique identification information to obtain the private key; authenticating whether the private key and the corresponding public key are successfully paired; and if the pairing is successful, logging in by the user. The scheme of the invention utilizes the biological identification technology to obtain the unique password encryption private key to generate the keystore so as to provide safety. When the keystore is lost, the keystore cannot be decrypted because the biometric information of the user cannot be acquired, so that the safety of the system is guaranteed.
Drawings
Fig. 1 is a schematic flowchart of a secure login method based on a block chain private key keystore according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a secure login method based on a block chain private key keystore according to an embodiment of the present invention;
fig. 3 is a block diagram of a system for secure login based on a block chain private key keystore according to an embodiment of the present invention;
fig. 4 is a schematic diagram of an electronic device according to an embodiment of the present invention.
The objects, features and advantages of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It is noted that various aspects of the embodiments are described below within the scope of the appended claims. It should be apparent that the aspects described herein may be embodied in a wide variety of forms and that any specific structure and/or function described herein is merely illustrative. Based on the disclosure, one skilled in the art should appreciate that one aspect described herein may be implemented independently of any other aspects and that two or more of these aspects may be combined in various ways. For example, an apparatus may be implemented and/or a method practiced using any number of the aspects set forth herein. Additionally, such an apparatus may be implemented and/or such a method may be practiced using other structure and/or functionality in addition to one or more of the aspects set forth herein.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present invention, and the drawings only show the components related to the present invention rather than the number, shape and size of the components in practical implementation, and the type, quantity and proportion of the components in practical implementation can be changed freely, and the layout of the components can be more complicated.
In addition, in the following description, specific details are provided to facilitate a thorough understanding of the examples. However, it will be understood by those skilled in the art that the aspects may be practiced without these specific details.
The embodiment of the invention provides a secure login method based on a block chain private key keystore. The secure login method based on the blockchain private key keystore provided by the embodiment may be executed by a computing device, which may be implemented as software or as a combination of software and hardware, and may be integrally disposed in a server, a terminal device, or the like.
The embodiment of the invention relates to the explanation of related terms:
1. block chain public key private key
The public key is the non-secret half of the key pair used with the private key algorithm. The public key is typically used to encrypt session keys, verify digital signatures, or encrypt data that can be decrypted with a corresponding private key. The public key and the private key are a key pair (namely, a public key and a private key) obtained through an algorithm, and one of the public key and the private key is published to the outside and is called as a public key; the other one itself holds, called the private key. The key pair derived by such an algorithm can be guaranteed to be unique worldwide. When using this key pair, if one of the keys is used to encrypt a piece of data, the other key must be used to decrypt the piece of data. If the public key is used for encrypting data, the data must be decrypted by the private key, and if the data is encrypted by the private key, the data must also be decrypted by the public key, otherwise the decryption will not be successful.
Instead of using one shared key, two keys are used in the public key encryption algorithm. One key is a public key (public key) and one key is a private key (private key). The ciphertext encrypted with the public key can only be decrypted with the corresponding private key, whereas the ciphertext encrypted with the private key can only be decrypted with the corresponding public key.
Public key encryption, also called asymmetric key encryption (public key encryption), belongs to the second-level discipline of network security in communication technology, and refers to an encryption method composed of a corresponding pair of unique keys (i.e., a public key and a private key). The key issuing and managing method solves the problems of key issuing and management and is the core of business passwords. In the public key cryptosystem, a private key is not disclosed, and a public key is disclosed.
2. Biometric identification technology.
The biometric identification technology is to closely combine a computer with high-tech means such as optics, acoustics, biosensors and the principle of biometrics, and identify the identity of a person by utilizing the inherent physiological characteristics (such as fingerprints, face images, irises and the like) and behavior characteristics (such as handwriting, voice, gait and the like) of the person.
Biometric identification systems sample biometric features, extract their features and convert them into digital codes, and further compose these codes into feature templates. As the cost of the microprocessor and various electronic components is continuously reduced and the precision is gradually improved, the biological identification system is gradually applied to the fields of commercial authorization control such as entrance guard, enterprise attendance management system security authentication and the like. The biological characteristics used for biological identification include hand shape, fingerprint, face shape, iris, retina, pulse, auricle, etc., and the behavior characteristics include signature, voice, key pressing force, etc. Based on these features, various biometric identification technologies such as hand shape recognition, fingerprint recognition, face recognition, pronunciation recognition, iris recognition, signature recognition, etc. have been developed.
Because the human body characteristics have the unique characteristic that the human body is not copied, the biological secret key cannot be copied, stolen or forgotten, and the identity identification is carried out by utilizing the biological identification technology, so that the method is safe, reliable and accurate. The common password, IC card, bar code, magnetic card or key have many disadvantages such as missing, forgetting, copying and being stolen. Therefore, by adopting the biological 'key', a user does not need to carry a large string of keys and does not need to remember or change the password with worry. The system administrator is not bound by forgetting the password. The biological recognition technology products are realized by means of modern computer technology, and are easy to be integrated with a computer and a safety, monitoring and management system to realize automatic management.
Hash algorithm
The Hash algorithm (Hash), also called Digest algorithm (Digest), functions as: any set of input data is calculated to obtain an output abstract with a fixed length. The characteristics of the hash algorithm:
1) one-way irreversible
The Hash algorithm is a one-way cryptosystem, i.e. only encryption process and no decryption process.
2) Repeatability
The same input is processed by the same hash function to obtain the same hash value, but the input result is the same if the hash values are not the same.
4. Elliptic curve cryptography
Elliptic curve cryptography (abbreviated as ECC), an algorithm for creating public key cryptography, is based on Elliptic curve mathematics. The use of elliptic curves in cryptography was independently proposed in 1985 by Neal Koblitz and Victor Miller, respectively.
The main advantage of ECC is that it provides a comparable or higher level of security in some cases than other methods using smaller keys, such as the RSA encryption algorithm. Another advantage of ECC is that bilinear mappings between groups can be defined, based on Weil pairs or Tate pairs; bilinear mapping has found a number of applications in cryptography, such as identity-based encryption. The disadvantage is that the encryption and decryption operations under the same length key take longer to implement than other mechanisms, but are relatively faster at the level of security since a shorter key can be used to achieve the level of security. It is generally believed that an elliptic curve key of 140 bits provides a security strength comparable to a 1024-bit RSA key.
Referring to fig. 1, an embodiment of the present invention provides a method for generating a keystore, where the method for generating a keystore includes:
step S101, user information is obtained, wherein the user information comprises user biological identification information;
the step of obtaining the user information further comprises the following steps:
generating a private key and a public key which are paired on a block chain service according to the user information;
and storing the public key to a server side.
In this embodiment, the public key and the private key are a pair, and if the public key is used to encrypt data, only the corresponding private key is used to decrypt the data; if the data is encrypted with a private key, it can only be decrypted with the corresponding public key. This algorithm is called asymmetric encryption algorithm because two different keys are used for encryption and decryption. The basic process of realizing confidential information exchange by the asymmetric encryption algorithm is as follows: the first party generates a pair of keys and uses one of the keys as a public key to be published to other parties; the party B obtaining the public key encrypts the confidential information by using the secret key and then sends the encrypted confidential information to the party A; the first party decrypts the encrypted information by using another private key stored by the first party. On the other hand, the party A can use the public key of the party B to sign the confidential information and then send the information to the party B; and the party B checks the data by using the private key of the party B.
The user provides identity information for the server side to register, and the server side verifies the information after receiving the request and calls the block chain service to generate a public key and a private key. The public key is stored in the server, and the private key is issued to the user. After the link, the server does not have private key information, and even if the user data of the server is stolen, the private key of the user cannot be acquired, so that the security of the user login information is ensured.
Step S102, generating unique identification information by combining encryption algorithm encryption according to the user biological identification information;
step S103, encrypting a private key according to the unique identification information and a block chain encryption method to generate a private key keystore;
and step S104, saving the private key keystore to a local memory and a server side.
The user calls a biological identification technology to obtain biological specific information of the face, the fingerprint, the posture and the like of the user, calculation, encryption and other operations are carried out through a HasH algorithm and an elliptic curve encryption algorithm to generate unique identification information, the unique identification information is not stored, and the unique identification information is obtained by calling the biological identification technology when the unique identification information is used every time.
The key store is generated by encrypting the private key using the block chain technique using the user unique identification information as a password. And locally performing persistent storage on the generated keystore and simultaneously storing the generated keystore to a server side.
The keystore is a re-encryption form of the private key, when the keystore is exported from the block chain wallet, a user is usually prompted to input a password, the password is used for re-encrypting the private key once, and the obtained keystore file can be spread in any network environment as long as the password is not lost. Other users cannot recover the private key without the password even if they take the keystore file.
The embodiment of the invention adopts the block chain keystore technology to store the private key, and utilizes the biological identification technology to acquire the unique password encryption private key to generate the keystore so as to provide safety. When the keystore is lost, the keystore cannot be decrypted because the biometric information of the user cannot be acquired, so that the safety of the system is guaranteed.
Based on the foregoing embodiment, referring to fig. 2, an embodiment of the present invention further provides a secure login method based on a block chain private key keystore, where the secure login method based on the block chain private key keystore includes:
step S201, obtaining user login information, wherein the login information comprises user biological identification information for uniquely confirming the user information;
the user inputs login information, the login information comprises basic identity information of the user, the basic identity information is limited when the user registers, and the user can use related identity number registration, or a mobile phone number, or other related information in a limited mode. The system also comprises user biological identification information which can uniquely confirm user information, wherein the user biological identification information comprises fingerprints, face images, irises and the like.
Step S202, obtaining unique identification information generated based on the user biological identification information according to the user login information;
the user calls a biological identification technology to obtain biological specific information of the face, the fingerprint, the posture and the like of the user, calculation, encryption and other operations are carried out through a HasH algorithm and an elliptic curve encryption algorithm to generate unique identification information, the unique identification information is not stored, and the unique identification information is obtained by calling the biological identification technology when the unique identification information is used every time.
Step S203, decrypting the private key keystore stored with the private key according to the unique identification information to obtain the private key;
the user calls a biological identification technology to obtain the unique identification information of the user, and the unique identification information of the user is used for decrypting the keystore to obtain the private key of the user.
Step S204, whether the private key and the corresponding public key are successfully paired is authenticated;
step S205, if the pairing is successful, the user logs in.
And calling a server authentication interface, uploading the random character string and the signature string to the server, signing the random character string by using the pairing public key by the server, comparing the server signature string with the user signature string, and passing authentication if the two signature strings are consistent.
Corresponding to the above method embodiment, referring to fig. 3, an embodiment of the present invention further provides a block chain keystore-based secure login system, where the block chain keystore-based secure login system includes:
an information obtaining module 201, configured to obtain user login information, where the login information includes user biometric information for uniquely confirming user information;
a unique identification information obtaining module 203, configured to obtain, according to the user login information, unique identification information generated based on the user biometric identification information;
the Keystore decryption module 203 is used for decrypting a private key Keystore stored with a private key according to the unique identification information to obtain the private key;
the authentication module 204 is configured to authenticate whether the private key and the corresponding public key are successfully paired;
and a login module 205, configured to log in by the user when the pairing is successful.
The Keystore secure login system based on the block chain further comprises a Keystore generation module, wherein the Keystore generation module comprises:
a user information acquisition unit for acquiring user information including user biometric information;
a unique identification information generating unit for encrypting the user biometric identification information according to an encryption algorithm to generate unique identification information;
the Keystore generating unit is used for generating a private key Keystore by combining the unique identification information and the private key encrypted by the block chain encryption method;
and the storage unit is used for storing the private key keystore to a local memory and a server side.
The apparatus shown in fig. 3 may correspondingly execute the content in the above method embodiment, and details of the part not described in detail in this embodiment refer to the content described in the above method embodiment, which is not described again here.
Referring to fig. 4, an embodiment of the present invention further provides an electronic device 40, including:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the keystore generation method based on the blockchain private key keystore secure login method in the aforementioned method embodiments.
Embodiments of the present invention also provide a non-transitory computer-readable storage medium storing computer instructions for causing a computer to execute the keystore generation method based on the block chain private key keystore secure login method in the foregoing method embodiments.
Embodiments of the present invention also provide a computer program product comprising a computer program stored on a non-transitory computer-readable storage medium, the computer program comprising program instructions which, when executed by a computer, cause the computer to perform the keystore generation method based on the blockchain private key keystore secure login method in the aforementioned method embodiments.
Referring now to FIG. 4, a block diagram of an electronic device 40 suitable for use in implementing embodiments of the present invention is shown. The electronic devices in the embodiments of the present invention may include, but are not limited to, mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., car navigation terminals), and the like, and fixed terminals such as digital TVs, desktop computers, and the like. The electronic device shown in fig. 4 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 4, the electronic device 40 may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 401 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)402 or a program loaded from a storage means 408 into a Random Access Memory (RAM) 403. In the RAM 403, various programs and data necessary for the operation of the electronic apparatus 40 are also stored. The processing device 401, the ROM402, and the RAM 403 are connected to each other via a bus 404. An input/output (I/O) interface 405 is also connected to bus 404.
Generally, the following devices may be connected to the I/O interface 405: input devices 406 including, for example, a touch screen, touch pad, keyboard, mouse, image sensor, microphone, accelerometer, gyroscope, etc.; an output device 407 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 408 including, for example, tape, hard disk, etc.; and a communication device 409. The communication device 409 may allow the electronic device 40 to communicate wirelessly or by wire with other devices to exchange data. While the figures illustrate an electronic device 40 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.
In particular, according to an embodiment of the present invention, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the invention include a computer program product comprising a computer program embodied on a computer-readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication device 409, or from the storage device 408, or from the ROM 402. The computer program performs the above-described functions defined in the methods of embodiments of the invention when executed by the processing apparatus 401.
It should be noted that the computer readable medium of the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: acquiring at least two internet protocol addresses; sending a node evaluation request comprising the at least two internet protocol addresses to node evaluation equipment, wherein the node evaluation equipment selects the internet protocol addresses from the at least two internet protocol addresses and returns the internet protocol addresses; receiving an internet protocol address returned by the node evaluation equipment; wherein the obtained internet protocol address indicates an edge node in the content distribution network.
Alternatively, the computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: receiving a node evaluation request comprising at least two internet protocol addresses; selecting an internet protocol address from the at least two internet protocol addresses; returning the selected internet protocol address; wherein the received internet protocol address indicates an edge node in the content distribution network.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present invention may be implemented by software or hardware. Where the name of a unit does not in some cases constitute a limitation of the unit itself, for example, the first retrieving unit may also be described as a "unit for retrieving at least two internet protocol addresses".
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A key ystore secure login method based on a block chain private key is characterized by comprising the following steps:
acquiring user login information, wherein the login information comprises user biological identification information for uniquely confirming the user information;
acquiring unique identification information generated based on the user biological identification information according to the user login information;
decrypting a private key keystore in which a private key is stored according to the unique identification information to obtain the private key;
authenticating whether the private key and the corresponding public key are successfully paired;
and if the pairing is successful, logging in by the user.
2. The method for securely logging on a keystore based on a block chain private key according to claim 1, wherein the method for generating the keystore in the step of decrypting the keystore storing a private key according to the user login information comprises:
acquiring user information, wherein the user information comprises user biological identification information;
encrypting the user biological identification information according to an encryption algorithm to generate unique identification information;
encrypting the private key according to the unique identification information and a block chain encryption method to generate a private key keystore;
and storing the private key keystore to a local memory and a server side.
3. The method of claim 2, wherein the encryption algorithm in the step of encrypting the user biometric information according to an encryption algorithm to generate unique identification information comprises a hash algorithm or an elliptic curve encryption algorithm.
4. The method of claim 1, wherein the step of obtaining user information further comprises:
generating a private key and a public key which are paired on a block chain service according to the user information;
and storing the public key to a server side.
5. The method of claim 1, wherein the method for authenticating whether the private key and the corresponding public key are successfully paired comprises:
encrypting a random character string according to the private key to generate a user signature string;
acquiring a public key matched with a private key, and generating a server signature string for a random character string according to the public key;
and comparing whether the user signature string is consistent with the server signature string.
6. A keystore generation method for the block chain private key based keystore secure login method of claim 1, wherein the keystore generation method comprises:
acquiring user information, wherein the user information comprises user biological identification information;
generating unique identification information by combining encryption algorithm encryption according to the user biological identification information;
encrypting the private key according to the unique identification information and a block chain encryption method to generate a private key keystore;
and saving the private key keystore to a local memory and a server side.
7. A block chain keystore-based secure login system, comprising:
the information acquisition module is used for acquiring user login information, wherein the login information comprises user biological identification information for uniquely confirming the user information;
the unique identification information acquisition module is used for acquiring unique identification information generated based on the user biological identification information according to the user login information;
the Keystore decryption module is used for decrypting a private key Keystore stored with a private key according to the unique identification information to obtain the private key;
the authentication module is used for authenticating whether the private key and the corresponding public key are successfully paired;
and the login module is used for logging in by the user when the pairing is successful.
8. The block chain based Keystore secure login system of claim 7, wherein the block chain based Keystore secure login system further comprises a Keystore generation module comprising:
a user information acquisition unit for acquiring user information including user biometric information;
a unique identification information generating unit for encrypting the user biometric identification information according to an encryption algorithm to generate unique identification information;
the Keystore generating unit is used for generating a private key Keystore by combining the unique identification information and the private key encrypted by the block chain encryption method;
and the storage unit is used for storing the private key keystore to a local memory and a server side.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the block chain private key keystore based secure login method of any of the preceding claims 1-5.
10. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the block chain private key keystore based secure login method of any one of the preceding claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111178401.2A CN113904850A (en) | 2021-10-10 | 2021-10-10 | Secure login method, generation method and system based on block chain private key keystore and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111178401.2A CN113904850A (en) | 2021-10-10 | 2021-10-10 | Secure login method, generation method and system based on block chain private key keystore and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113904850A true CN113904850A (en) | 2022-01-07 |
Family
ID=79190819
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111178401.2A Pending CN113904850A (en) | 2021-10-10 | 2021-10-10 | Secure login method, generation method and system based on block chain private key keystore and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113904850A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115987499A (en) * | 2022-12-20 | 2023-04-18 | 蚂蚁区块链科技(上海)有限公司 | Method and system for generating private key of user |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104901967A (en) * | 2015-06-09 | 2015-09-09 | 四川省宁潮科技有限公司 | Registration method for trusted device |
| KR20190063796A (en) * | 2017-11-30 | 2019-06-10 | 주식회사 베프스 | Identification apparatus and method based on biometric data for blockchain system |
| CN111414599A (en) * | 2020-02-26 | 2020-07-14 | 北京奇艺世纪科技有限公司 | Identity authentication method, device, terminal, server and readable storage medium |
| CN111526021A (en) * | 2020-04-10 | 2020-08-11 | 厦门慢雾科技有限公司 | Block chain private key security management method |
| CN113051341A (en) * | 2019-12-27 | 2021-06-29 | 浙江金融资产交易中心股份有限公司 | User data storage system and method based on multiple block chains |
-
2021
- 2021-10-10 CN CN202111178401.2A patent/CN113904850A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104901967A (en) * | 2015-06-09 | 2015-09-09 | 四川省宁潮科技有限公司 | Registration method for trusted device |
| KR20190063796A (en) * | 2017-11-30 | 2019-06-10 | 주식회사 베프스 | Identification apparatus and method based on biometric data for blockchain system |
| CN113051341A (en) * | 2019-12-27 | 2021-06-29 | 浙江金融资产交易中心股份有限公司 | User data storage system and method based on multiple block chains |
| CN111414599A (en) * | 2020-02-26 | 2020-07-14 | 北京奇艺世纪科技有限公司 | Identity authentication method, device, terminal, server and readable storage medium |
| CN111526021A (en) * | 2020-04-10 | 2020-08-11 | 厦门慢雾科技有限公司 | Block chain private key security management method |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115987499A (en) * | 2022-12-20 | 2023-04-18 | 蚂蚁区块链科技(上海)有限公司 | Method and system for generating private key of user |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11799668B2 (en) | Electronic identification verification methods and systems with storage of certification records to a side chain | |
| US10681025B2 (en) | Systems and methods for securely managing biometric data | |
| US11824991B2 (en) | Securing transactions with a blockchain network | |
| US20180144114A1 (en) | Securing Blockchain Transactions Against Cyberattacks | |
| US10797879B2 (en) | Methods and systems to facilitate authentication of a user | |
| US20180309581A1 (en) | Decentralized biometric signing of digital contracts | |
| WO2020073513A1 (en) | Blockchain-based user authentication method and terminal device | |
| US9384338B2 (en) | Architectures for privacy protection of biometric templates | |
| WO2018145127A1 (en) | Electronic identification verification methods and systems with storage of certification records to a side chain | |
| US20070266427A1 (en) | Biometric Template Similarity Based on Feature Locations | |
| CN112232814B (en) | Encryption and decryption methods of payment key, payment authentication method and terminal equipment | |
| CN111931158A (en) | Bidirectional authentication method, terminal and server | |
| JP7309261B2 (en) | Authentication method for biometric payment device, authentication device for biometric payment device, computer device, and computer program | |
| CN115001841A (en) | Identity authentication method, identity authentication device and storage medium | |
| Meshram et al. | An efficient remote user authentication with key agreement procedure based on convolution-Chebyshev chaotic maps using biometric | |
| JP2020521341A (en) | Cryptographic key management based on identification information | |
| CN106789977A (en) | A kind of method and system that handset token is realized based on Secret splitting | |
| US11868457B2 (en) | Device and method for authenticating user and obtaining user signature using user's biometrics | |
| CN113904850A (en) | Secure login method, generation method and system based on block chain private key keystore and electronic equipment | |
| US11343078B2 (en) | System and method for secure input at a remote service | |
| Alhothaily | Secure Verification for Payment and Banking Systems | |
| KR102019388B1 (en) | High Speed Biometric Authentication with Biometric Privacy | |
| Wang et al. | A three-factor two-way identity authentication scheme in mobile internet | |
| CN117675182A (en) | Identity authentication method, system, equipment and medium | |
| CN117834242A (en) | Verification method, device, apparatus, storage medium, and program product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |