CN114221764A - Public key updating method, device and equipment based on block chain - Google Patents

Public key updating method, device and equipment based on block chain Download PDF

Info

Publication number
CN114221764A
CN114221764A CN202111555822.2A CN202111555822A CN114221764A CN 114221764 A CN114221764 A CN 114221764A CN 202111555822 A CN202111555822 A CN 202111555822A CN 114221764 A CN114221764 A CN 114221764A
Authority
CN
China
Prior art keywords
public
private key
public key
key pair
login
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111555822.2A
Other languages
Chinese (zh)
Inventor
冯婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CCB Finetech Co Ltd
Original Assignee
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CCB Finetech Co Ltd filed Critical CCB Finetech Co Ltd
Priority to CN202111555822.2A priority Critical patent/CN114221764A/en
Publication of CN114221764A publication Critical patent/CN114221764A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The application provides a public key updating method, a device and equipment based on a block chain, which relate to the technical field of the block chain, and the method comprises the following steps: if the terminal equipment determines that the first private key in the first public and private key pair used for login verification is lost, a third public and private key pair is generated in an off-line mode, and the first public and private key pair is replaced according to the third public and private key pair; performing signature processing on the third public key according to a second private key in a prestored second public and private key pair to obtain signature information; sending the third public key and the signature information to the block chain equipment; and then the blockchain equipment verifies the signature information according to a second public key prestored in the blockchain equipment, after the verification is passed, the first public key in the blockchain equipment is replaced, the private key for login verification is not transmitted through a network, the possibility that the private key is stolen and lost is reduced, after the private key is leaked or lost, the public and private key pair for login verification is updated and replaced, and the information safety and the success rate of the login process are improved.

Description

Public key updating method, device and equipment based on block chain
Technical Field
The present application relates to a block chain technology, and in particular, to a public key updating method, apparatus and device based on a block chain.
Background
The rapid development of the internet technology enables a large amount of websites and network software to be generated, brings convenience to life of people, and meanwhile, the problem of privacy disclosure of users is also generated. When a user logs in, a website and network software acquire a large amount of user privacy information, which causes great threat to the privacy and even property safety of the user.
In the prior art, a pair of public key and private key for login verification is generated by a block chain and distributed to a terminal device and a verification server, and then the terminal device completes login according to the public key and the private key.
In the prior art, the private key for login verification is issued to the terminal device through the network, and if the private key is leaked or stolen, the information security is low and the subsequent login process fails.
Disclosure of Invention
The application provides a public key updating method, device and equipment based on a block chain, which are used for solving the problems that a private key is possibly leaked or stolen and the information security is low.
In a first aspect, the present application provides a public key updating method based on a block chain, where the method is applied to a terminal device, and the method includes:
if the first private key in the first public and private key pair is determined to be lost, generating a third public and private key pair in an off-line manner, and replacing the first public and private key pair according to the third public and private key pair; wherein the first public-private key pair comprises the first private key and a first public key, and the third public-private key pair comprises a third private key and a third public key; the first public and private key pair is a public and private key pair of login verification when login processing is carried out between the terminal equipment and the server;
performing signature processing on the third public key according to a second private key in a prestored second public and private key pair to obtain signature information;
sending the third public key and the signature information to block chain equipment; the third public key is used for replacing the first public key in the blockchain device after the signature information passes the verification according to the second public key prestored in the blockchain device.
In a possible implementation manner, signing the third public key according to a second private key of a prestored second public and private key pair to obtain signature information includes:
encrypting the first hash value of the third public key according to a second private key in a prestored second public and private key pair to obtain the signature information;
the signature information is used for decrypting the signature information according to a second public key prestored in the blockchain device to obtain a first hash value; and the third public key is used for replacing the first public key in the block chain device when the second hash value of the third public key is determined to be consistent with the first hash value obtained after decryption.
In a possible embodiment, the method further comprises:
and receiving a first message sent by the blockchain device, wherein the first message is used for representing whether a first public key in the blockchain device is successfully replaced.
In a possible embodiment, the method further comprises:
sending a login request to an authentication server, and receiving login authentication information sent by the authentication server;
encrypting the login verification information according to the third private key to obtain encrypted login verification information, and sending the encrypted login verification information to the verification server; the encrypted login verification information is used for verifying the encrypted login verification information according to a third public key in the block chain equipment to generate a second message;
and receiving the second message sent by the authentication server, wherein the second message represents whether login is successful or not.
In a possible implementation, the login authentication information includes a random number and a time stamp; the encrypted login authentication information comprises an encrypted random number, an encrypted timestamp and an encrypted user identifier.
In a possible implementation, the second message is received after the encrypted login authentication information is authenticated and the timestamp is authenticated.
In a possible implementation manner, the user identifier is used to obtain a third public key corresponding to the user identifier in the blockchain device.
In a possible embodiment, the method further comprises:
generating the first public-private key pair and the second public-private key pair offline;
sending a first public key in the first public and private key pair and a second public key in the second public and private key pair to the block chain device for storage;
receiving a user identifier sent by the blockchain equipment; and the user identification corresponds to the first public key and the second public key.
In a second aspect, the present application provides a public key updating method based on a blockchain, where the method is applied to a blockchain device, and the method includes:
receiving a third public key and signature information in a third public and private key pair generated by the terminal device in an off-line manner; wherein the third public-private key pair is generated after determining that the terminal device loses the first private key of the first public-private key pair; the first public and private key pair comprises the first private key and a first public key, and the third public and private key pair comprises a third private key and a third public key; the first public and private key pair is a public and private key pair of login verification when login processing is carried out between the terminal equipment and the server; the signature information is obtained by performing signature processing on the third public key according to a second private key in a second public and private key pair;
and if the signature information passes the verification according to the pre-stored second public key, replacing the first public key in the block chain equipment according to the received third public key.
In a possible implementation manner, the signature information is obtained by encrypting a first hash value of the third public key according to a second private key of a second public-private key pair; before replacing the first public key in the block chain device according to the received third public key if the signature information passes the verification according to the pre-stored second public key, the method further includes:
decrypting the signature information according to a pre-stored second public key to obtain a first hash value; calculating the third public key to obtain a second hash value;
and if the second hash value is consistent with the first hash value, determining that the signature information is verified.
In a possible embodiment, the method further comprises:
and sending a first message to the terminal device, wherein the first message is used for representing whether the first public key in the blockchain device is successfully replaced.
In a possible embodiment, the method further comprises:
receiving an acquisition request sent by a verification server, wherein the acquisition request is used for acquiring a third public key corresponding to a user identifier; the user identification is sent by the terminal equipment according to the initiated login request;
sending a third public key corresponding to the user identifier to the verification server; the third public key is used for generating a second message after verifying the encrypted login verification information corresponding to the login request, wherein the second message represents whether the login is successful; the encrypted login authentication information is obtained by encrypting the login authentication information sent by the authentication server according to the third private key.
In a possible implementation, the login authentication information includes a random number and a time stamp; the encrypted login authentication information comprises an encrypted random number, an encrypted timestamp and an encrypted user identifier.
In a possible embodiment, the method further comprises:
receiving a second public key in a second public and private key pair and a first public key in a first public and private key pair sent by the terminal equipment; wherein the first public-private key pair and the second public-private key pair are generated offline by the terminal device;
and determining and sending user identifications corresponding to the first public key and the second public key to the terminal equipment, and storing the first public key and the second public key.
In a third aspect, the present application provides a public key updating apparatus based on a block chain, where the apparatus is applied to a terminal device, and the apparatus includes:
the first processing unit is used for generating a third public and private key pair in an off-line manner if the first private key in the first public and private key pair is determined to be lost, and replacing the first public and private key pair according to the third public and private key pair; wherein the first public-private key pair comprises the first private key and a first public key, and the third public-private key pair comprises a third private key and a third public key; the first public and private key pair is a public and private key pair of login verification when login processing is carried out between the terminal equipment and the server;
the second processing unit is used for carrying out signature processing on the third public key according to a second private key in a prestored second public and private key pair to obtain signature information;
a first sending unit, configured to send the third public key and the signature information to a blockchain device; the third public key is used for replacing the first public key in the blockchain device after the signature information passes the verification according to the second public key prestored in the blockchain device.
In a possible implementation manner, the second processing unit is specifically configured to:
encrypting the first hash value of the third public key according to a second private key in a prestored second public and private key pair to obtain the signature information;
the signature information is used for decrypting the signature information according to a second public key prestored in the blockchain device to obtain a first hash value; and the third public key is used for replacing the first public key in the block chain device when the second hash value of the third public key is determined to be consistent with the first hash value obtained after decryption.
In a possible embodiment, the apparatus further comprises:
a first receiving unit, configured to receive a first message sent by the blockchain device, where the first message is used to characterize whether a first public key in the blockchain device is successfully replaced.
In a possible embodiment, the apparatus further comprises:
a second sending unit, configured to send a login request to the authentication server;
a second receiving unit, configured to receive login authentication information sent by the authentication server;
the encryption unit is used for encrypting the login authentication information according to the third private key to obtain encrypted login authentication information and sending the encrypted login authentication information to the authentication server; the encrypted login verification information is used for verifying the encrypted login verification information according to a third public key in the block chain equipment to generate a second message;
a third receiving unit, configured to receive the second message sent by the authentication server, where the second message indicates whether login is successful.
In a possible implementation, the login authentication information includes a random number and a time stamp; the encrypted login authentication information comprises an encrypted random number, an encrypted timestamp and an encrypted user identifier.
In a possible implementation, the second message is received after the encrypted login authentication information is authenticated and the timestamp is authenticated.
In a possible implementation manner, the user identifier is used to obtain a third public key corresponding to the user identifier in the blockchain device.
In a possible embodiment, the apparatus further comprises:
a generation unit, configured to generate the first public-private key pair and the second public-private key pair offline;
a third sending unit, configured to send a first public key in the first public-private key pair and a second public key in the second public-private key pair to the blockchain device for storage;
a fourth receiving unit, configured to receive a user identifier sent by the blockchain device; and the user identification corresponds to the first public key and the second public key.
In a fourth aspect, the present application provides a public key updating apparatus based on a blockchain, where the apparatus is applied to a blockchain device, and the apparatus includes:
the first receiving unit is used for receiving a third public key and signature information in a third public and private key pair generated by the terminal device in an off-line manner; wherein the third public-private key pair is generated after determining that the terminal device loses the first private key of the first public-private key pair; the first public and private key pair comprises the first private key and a first public key, and the third public and private key pair comprises a third private key and a third public key; the first public and private key pair is a public and private key pair of login verification when login processing is carried out between the terminal equipment and the server; the signature information is obtained by performing signature processing on the third public key according to a second private key in a second public and private key pair;
and the first processing unit is used for replacing the first public key in the block chain device according to the received third public key if the signature information passes the verification according to the pre-stored second public key.
In a possible implementation manner, the signature information is obtained by encrypting a first hash value of the third public key according to a second private key of a second public-private key pair; before the processing unit, the apparatus further comprises:
the second processing unit is used for decrypting the signature information according to a pre-stored second public key to obtain a first hash value; calculating the third public key to obtain a second hash value;
and the determining unit is used for determining that the signature information is verified if the second hash value is consistent with the first hash value.
In a possible embodiment, the apparatus further comprises:
a first sending unit, configured to send a first message to the terminal device, where the first message is used to characterize whether the first public key in the blockchain device is successfully replaced.
In a possible embodiment, the apparatus further comprises:
a second receiving unit, configured to receive an acquisition request sent by a verification server, where the acquisition request is used to acquire a third public key corresponding to a user identifier; the user identification is sent by the terminal equipment according to the initiated login request;
a second sending unit, configured to send a third public key corresponding to the user identifier to the authentication server; the third public key is used for generating a second message after verifying the encrypted login verification information corresponding to the login request, wherein the second message represents whether the login is successful; the encrypted login authentication information is obtained by encrypting the login authentication information sent by the authentication server according to the third private key.
In a possible implementation, the login authentication information includes a random number and a time stamp; the encrypted login authentication information comprises an encrypted random number, an encrypted timestamp and an encrypted user identifier.
In a possible embodiment, the apparatus further comprises:
a third receiving unit, configured to receive a first public key in a first public-private key pair and a second public key in a second public-private key pair sent by the terminal device; wherein the first public-private key pair and the second public-private key pair are generated offline by the terminal device;
and the storage unit is used for determining and sending the user identification corresponding to the first public key and the second public key to the terminal equipment, and storing the first public key and the second public key.
In a fifth aspect, the present application provides a terminal device, including: a processor and a memory;
the memory stores computer-executable instructions;
the computer executable instructions, when executed by the processor, implement the method of the first aspect.
In a sixth aspect, the present application provides a blockchain apparatus, comprising: a processor and a memory;
the memory stores computer-executable instructions;
the computer executable instructions, when executed by the processor, implement the method of the second aspect.
In a seventh aspect, the present application provides a non-transitory computer readable storage medium having stored therein computer executable instructions for implementing the method according to the first aspect when executed by a processor or for implementing the method according to the second aspect when executed by a processor.
In an eighth aspect, the present application provides a computer program product comprising a computer program which, when executed by a processor, implements the method according to the first aspect, or which, when executed by a processor, implements the method according to the second aspect.
The public key updating method, device and equipment based on the block chain provided by the application are characterized in that the method comprises the following steps: if the terminal equipment determines that the first private key in the first public and private key pair used for login verification is lost, a third public and private key pair is generated in an off-line mode and comprises a third public key and a third private key, and the first public and private key pair is replaced according to the third public and private key pair; performing signature processing on the third public key according to a second private key in a prestored second public and private key pair to obtain signature information; sending the third public key and the signature information to the block chain equipment; and then the block chain equipment verifies the signature information according to a second public key prestored in the block chain equipment, and after the verification is passed, the first public key in the block chain equipment is replaced, so that the method realizes that: the private key for login verification is not transmitted through a network, so that the possibility of stealing and losing the private key is reduced, and when the private key is leaked or lost, a public and private key pair for login verification is updated and replaced, so that the success rate of a login process and the information security are improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
Fig. 1 is an interaction diagram of a public key update method based on a blockchain according to an embodiment of the present disclosure;
fig. 2 is a signaling diagram of a public key updating method based on a block chain according to an embodiment of the present application;
fig. 3 is a signaling diagram of another public key updating method based on a block chain according to an embodiment of the present application;
fig. 4 is a flowchart of another public key updating method based on a blockchain according to an embodiment of the present disclosure;
fig. 5 is a flowchart of another method for updating a public key based on a block chain according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a public key updating apparatus based on a block chain according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of another block chain-based public key updating apparatus according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a terminal device according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a block chain apparatus according to an embodiment of the present disclosure;
fig. 10 is a block diagram of a terminal device provided in this embodiment.
With the above figures, there are shown specific embodiments of the present application, which will be described in more detail below. These drawings and written description are not intended to limit the scope of the inventive concepts in any manner, but rather to illustrate the inventive concepts to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The rapid development of the internet technology enables a large amount of websites and network software to be generated, brings convenience to life of people, and meanwhile, the problem of privacy disclosure of users is also generated. For example, the use of an application on a mobile phone usually requires registration and login, and also requires a user to authorize the mobile phone application to access certain functional rights of the mobile phone, such as storage, photos, location, and the like; moreover, most mobile phone applications are authorized to be registered through mobile phone verification codes or are authorized to be registered through social account numbers, and no matter which one is adopted, mobile phone numbers, login passwords or authorized social account number information during user registration can be stored in a centralized server of a mobile phone application service provider, so that user privacy is easily leaked, and the privacy and even property safety of users are greatly threatened.
In one example, 31.5.2017, the southern City newspaper is published in conjunction with the research center of the spreading law of Chinese political university in the transparent report of Internet enterprise privacy policy. The report ranks the transparency of the user information protection policy of 1000 commonly used websites and mobile phone applications, the fields related to the 1000 commonly used websites and the mobile phone applications are all distributed in life service, entertainment and medical health, ranking results are displayed, in 1000 evaluated platforms, more than 50% of websites and mobile phone applications are scored to be in a low level, and the current situation of user privacy protection is worried.
In the prior art, in order to solve the problem that a user privacy is easily leaked due to a login mode, a pair of public key and private key for login verification is generated by a block chain and distributed to a terminal device and a verification server, and then the terminal device completes login according to the public key and the private key. However, in this process, the private key for login verification is issued to the terminal device through the network, and there is a possibility that if the private key is leaked or stolen, once the private key is leaked or stolen, not only the user login fails, but also the personal information of the user is leaked, which poses a great threat to the privacy security and even the property security of the user.
The method utilizes the characteristics of 'non-tamper property', 'traceability' and the like of the block chain to realize the interaction among the terminal device, the verification server and the block chain device, fig. 1 is an interaction schematic diagram of the block chain-based public key updating method provided by the embodiment of the application, as shown in fig. 1, the terminal device 100 generates a first public and private key, a second public and private key, a third public and private key and three pairs of public and private keys in an off-line manner, and stores the first and second public keys on the block chain device 300; the first public and private key pair is used as a login authentication public and private key pair for login authentication of the terminal equipment, and the second public and private key pair is used for updating the login authentication public and private key pair when the first private key is lost or leaked, and replacing the first public and private key with a third public and private key pair; the terminal device 100 and the authentication server 200 use the asymmetric encryption technology to authenticate the login information composed of the random number, the user identifier and the request timestamp, thereby solving the above technical problems.
The following describes the technical solutions of the present application and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
Fig. 2 is a signaling diagram of a public key updating method based on a block chain according to an embodiment of the present application, where the method is applied to a terminal device, and as shown in fig. 2, the method includes:
201. if the terminal equipment determines that the first private key in the first public and private key pair is lost, generating a third public and private key pair in an off-line manner, and replacing the first public and private key pair according to the third public and private key pair; the first public and private key pair comprises a first private key and a first public key, and the third public and private key pair comprises a third private key and a third public key; and the first public and private key pair is a public and private key pair for login verification when login processing is carried out between the terminal equipment and the server.
Illustratively, when a terminal device performs login processing with a server, a pair of public and private keys for login verification, namely a first public and private key pair, is required, wherein the first public and private key pair comprises a first private key and a first public key, the first private key is stored in the terminal device, if the terminal device loses or reveals the first private key, a third public and private key pair is generated offline, and the first public and private key pair is replaced according to the third public and private key pair. Likewise, the third public-private key pair includes a third private key and a third public key.
202. And signing the third public key according to a second private key in a prestored second public and private key pair to obtain signature information.
The terminal device also has a second private key prestored therein, wherein a second public-private key pair including the second private key is also generated offline by the terminal device. The second public-private key pair is used in a process of replacing the first public-private key pair when the first private key pair is lost. When the terminal equipment loses or reveals the first private key, the terminal equipment carries out signature processing on the third public key according to the prestored second private key to form signature information, and the signature information is used for verifying the validity of the third public key by the block chain equipment.
203. The terminal equipment sends the third public key and the signature information to the block chain equipment; the third public key is used for replacing the first public key in the block chain device after the signature information passes the verification of the second public key prestored in the block chain device.
For example, in order to ensure information security, before the blockchain device replaces the first public key, the validity of the third public key needs to be verified and judged first, so as to avoid the situation that the illegal public key sent by the illegal device is replaced and stored, and therefore, the terminal device sends the information for verifying the validity, namely the signature information, and the third public key used for replacing the first public key in the blockchain device after the verification is passed to the blockchain device.
204. And the block chain equipment replaces the first public key in the block chain equipment after the signature information passes the verification of the second public key prestored in the block chain equipment.
Illustratively, the blockchain device verifies the signature information by using a pre-stored second public key, and if the verification passes, that is, the third public key is approved by the blockchain device for validity, the first public key in the blockchain device is replaced. Meanwhile, the terminal device also stores the third private key locally in the terminal device to replace the first private key stored by the terminal device.
In this embodiment, if it is determined that the first private key of the first public-private key pair used for login verification is lost, the terminal device generates a third public-private key pair including a third public key and a third private key offline, and replaces the first public-private key pair with the third public-private key pair; performing signature processing on the third public key according to a second private key in a prestored second public and private key pair to obtain signature information; sending the third public key and the signature information to the block chain equipment; and then the blockchain equipment verifies the signature information according to a second public key prestored in the blockchain equipment, and after the verification is passed, the first public key in the blockchain equipment is replaced.
Fig. 3 is a signaling diagram of another public key updating method based on a block chain according to an embodiment of the present application, where the method is applied to a terminal device, and as shown in fig. 3, the method includes:
301. and the terminal equipment generates a first public and private key pair and a second public and private key pair off line.
Illustratively, when the terminal device performs login processing with the server, a pair of public and private keys for login verification is needed, so the terminal device generates a first public and private key pair offline, wherein the first public and private key pair comprises a first private key and a first public key; if the first private key for login verification is lost or leaked in the terminal device, at this time, in order to ensure the security of information data, the first public and private key pair for login verification needs to be updated and replaced, so that the terminal device generates a second public and private key pair including a second public key and a second private key offline in addition to the first public and private key pair.
302. And the terminal equipment sends a first public key in the first public and private key pair and a second public key in the second public and private key pair to the block chain equipment for storage.
Illustratively, the first public-private key pair comprises a first public key and a first private key, and the second public-private key pair comprises a second public key and a second private key; and the terminal equipment sends the first public key and the second public key to the blockchain equipment for storage, and stores the first private key and the second private key in a local storage of the terminal equipment.
303. And the block chain device receives and stores the first public key and the second public key, and sends the user identification corresponding to the first public key and the second public key to the terminal device.
Illustratively, the blockchain device receives and stores the first public key and the second public key, and generates a user identifier corresponding to the first public key and the second public key by using the first public key and the second public key as parameters, wherein different user identifiers represent different terminal devices, and the user identifier may be composed of letters, numbers, or a combination of letters and numbers.
304. The terminal equipment receives a user identifier sent by the block chain equipment; the user identification corresponds to the first public key and the second public key.
For example, the user identifier is used as an identifier that the terminal device can be identified and authenticated, and will play a role in performing various operations on the terminal device, so that the terminal device receives and stores the user identifier sent by the blockchain device for subsequent use.
305. If the terminal equipment determines that the first private key in the first public and private key pair is lost, generating a third public and private key pair in an off-line manner, and replacing the first public and private key pair according to the third public and private key pair; the first public and private key pair comprises a first private key and a first public key, and the third public and private key pair comprises a third private key and a third public key; and the first public and private key pair is a public and private key pair for login verification when login processing is carried out between the terminal equipment and the server.
For example, this step is referred to as step 201, and is not described again.
306. And the terminal equipment carries out signature processing on the third public key according to a second private key in a prestored second public and private key pair to obtain signature information.
In one example, step 306 includes the steps of:
and the terminal equipment encrypts the first hash value of the third public key according to a second private key in a prestored second public and private key pair to obtain signature information. The signature information is used for decrypting the signature information according to a second public key prestored in the block chain equipment to obtain a first hash value; and the third public key is used for replacing the first public key in the block chain device when the second hash value of the third public key is determined to be consistent with the first hash value obtained after decryption.
Exemplarily, the hash calculation is performed on the third public key to obtain a first hash value of the third public key, and the terminal device encrypts the first hash value of the third public key according to a second private key of a pre-stored second public and private key pair to obtain signature information. The blockchain device can decrypt the signature information based on a pre-stored second public key to obtain a first hash value; and the third public key is used for replacing the first public key in the block chain device when the second hash value of the third public key is determined to be consistent with the first hash value obtained after decryption.
307. The terminal equipment sends the third public key and the signature information to the block chain equipment; the third public key is used for replacing the first public key in the block chain device after the signature information passes the verification of the second public key prestored in the block chain device.
For example, this step is referred to as step 203, and is not described again.
308. The block chain device receives a third public key and signature information in a third public and private key pair generated by the terminal device in an off-line manner, and decrypts the signature information according to a prestored second public key to obtain a first hash value; and calculating the third public key to obtain a second hash value.
Illustratively, the blockchain device receives a third public key in a third public-private key pair generated by the terminal device offline and signature information, and then the replacement process of the first public key can be executed according to the signature information and the third public key. The blockchain device decrypts the signature information according to a prestored second public key, and if the second public key can unlock the data decrypted by the second private key to obtain a first hash value, the source of the signature information and the source of the third public key are legal and are sent by the terminal device; and calculating the third public key based on the second public key to obtain a second hash value.
309. And if the blockchain device determines that the second hash value is consistent with the first hash value, determining that the pre-stored second public key passes the verification of the signature information, and replacing the first public key in the blockchain device according to the received third public key.
Exemplarily, the second hash value is compared with the first hash value of the third public key, and if the second hash value is consistent with the first hash value, it indicates that the third public key is not illegally tampered and is complete and reliable, it is determined that the signature information is verified to pass according to the pre-stored second public key, and the first public key in the blockchain device can be replaced according to the received third public key.
310. And the blockchain device sends a first message to the terminal device, wherein the first message is used for representing whether the first public key in the blockchain device is successfully replaced.
Illustratively, if the blockchain device has completed replacing the first public key by the third public key, a first message is sent to the terminal device, indicating that the first public key in the blockchain device is successfully replaced; and if the blockchain device does not finish the replacement of the first public key by the third public key due to the failure of verification or other reasons, sending a first message to the terminal device, which indicates that the first public key in the blockchain device is not successfully replaced.
311. The terminal device receives a first message sent by the blockchain device, wherein the first message is used for representing whether a first public key in the blockchain device is successfully replaced.
Illustratively, a feedback message, that is, a first message, sent by the blockchain device and used for characterizing whether the first public key in the blockchain device is successfully replaced is received, and when the first public key in the first message characterizing the blockchain device is successfully replaced, a third private key corresponding to the third public key is stored, so that the terminal device may perform subsequent login verification operations based on the third public key and the third private key.
312. The terminal device sends a login request to the authentication server.
For example, when the terminal device needs to log in the server due to actual needs, the terminal device sends a login request to the authentication server, and the authentication server may determine information of the terminal device requesting to log in the server according to the login request to authenticate whether the terminal device can log in the server.
313. The authentication server sends login authentication information to the terminal device.
In one example, the login authentication information includes a random number and a time stamp.
For example, after receiving a login request sent by a terminal device, an authentication server determines a timestamp of the login request according to the login request, generates a random number, and sends the random number and the timestamp to the terminal device.
314. And the terminal equipment receives login authentication information sent by the authentication server.
Illustratively, when the login request is successfully sent, the terminal device receives login authentication information sent by the authentication server, namely the random number and the time stamp of the login request.
315. And the terminal equipment encrypts the login authentication information and the user identification according to the third private key to obtain encrypted login authentication information, and sends the encrypted login authentication information to the authentication server. And the encrypted login authentication information is used for verifying the encrypted login authentication information according to a third public key in the block chain equipment to generate a second message.
In one example, the encrypted login authentication information includes an encrypted random number, an encrypted timestamp, and an encrypted user identifier.
In one example, the user identifier is used to obtain a third public key corresponding to the user identifier in the blockchain device.
Illustratively, the terminal device encrypts the login authentication information and the user identifier according to the stored third private key to obtain encrypted login authentication information, namely an encrypted random number, an encrypted timestamp and an encrypted user identifier, and sends the encrypted login authentication information, the encrypted user identifier and the unencrypted original data, namely the random number, the timestamp and the user identifier, to the authentication server; and the verification server can acquire a third public key in the blockchain device according to the user identifier, and decrypt and verify the encrypted random number, the timestamp and the user identifier according to the third public key, so as to generate a second message.
316. The verification server sends an acquisition request to the blockchain device, wherein the acquisition request is used for acquiring a third public key corresponding to the user identifier; the user identification is sent by the terminal equipment according to the initiated login request.
Illustratively, the login authentication server identifies and extracts a user identifier sent by the terminal device according to the login request, sends an acquisition request to the blockchain device by taking the user identifier as a parameter, and requests to acquire a third public key stored in the blockchain device by the terminal device corresponding to the user identifier.
317. And the blockchain equipment receives the acquisition request sent by the verification server and sends a third public key corresponding to the user identifier to the verification server.
Illustratively, the blockchain device receives an acquisition request sent by the verification server, determines a terminal device corresponding to the user identifier according to the user identifier therein, further determines a third public key of the terminal device, and sends the third public key to the verification server.
318. And the authentication server receives the third public key, authenticates the encrypted login authentication information corresponding to the login request and the timestamp according to the third public key, generates a second message and sends the second message to the terminal equipment, wherein the second message represents whether the login is successful or not.
Illustratively, the authentication server decrypts and authenticates the encrypted random number, the encrypted timestamp and the encrypted user identifier according to the third public key, if the random number and the user identifier are authenticated, the current timestamp is obtained and compared with the timestamp of the login request, if the difference between the random number and the user identifier is smaller than a preset time threshold, the login request of the terminal device is agreed, and then the terminal device logs in successfully, a second message representing successful login is sent to the terminal device, otherwise, the login fails, and a second message representing unsuccessful login is sent to the terminal device.
319. And the terminal equipment receives a second message sent by the authentication server, wherein the second message represents whether the login is successful or not.
Illustratively, the terminal device receives a second message sent by the authentication server and determines whether the login is successful or failed.
In this embodiment, the terminal device generates the first public-private key pair and the second public-private key pair offline. Sending a first public key in the first public and private key pair and a second public key in the second public and private key pair to the block chain equipment for storage; after receiving the user identifier, the block chain device sends the user identifier corresponding to the first public key and the second public key to the terminal device; if the terminal equipment determines that the first private key is lost, a third public and private key pair is generated in an off-line mode, and signature encryption processing is carried out on a third public key according to a second private key in a prestored second public and private key pair to obtain signature information; further sending the third public key and the signature information to the block chain equipment; the blockchain device decrypts the signature information according to a pre-stored second public key to obtain a first hash value; calculating a third public key to obtain a second hash value, if the second hash value is consistent with the first hash value, determining that the pre-stored second public key passes the verification of the signature information, and replacing the first public key in the block chain equipment according to the received third public key; and sending a first message to the terminal equipment, wherein the first public key in the block chain device is successfully replaced. After the replacement is successful, the terminal device, the authentication server and the block chain device can perform login authentication on the terminal device based on the third public and private key pair, and the login process of the terminal device is completed. In the process, the private key is generated by the terminal device in an off-line mode and is not transmitted through a network, the possibility that the private key is stolen and lost is reduced, and when the private key is leaked or lost, a public and private key pair for login verification is updated and replaced, so that the success rate of the login process and the information security are improved.
Fig. 4 is a flowchart of another method for updating a public key based on a blockchain according to an embodiment of the present disclosure, where the method is applied to a blockchain device, and as shown in fig. 4, the method includes:
401. receiving a third public key and signature information in a third public and private key pair generated by the terminal device in an off-line manner; the third public and private key pair is generated after the terminal equipment is determined to lose the first private key in the first public and private key pair; the first public and private key pair comprises a first private key and a first public key, and the third public and private key pair comprises a third private key and a third public key; the first public and private key pair is a public and private key pair of login verification when login processing is carried out between the terminal equipment and the server; the signature information is obtained by performing signature processing on the third public key according to the second private key in the second public and private key pair.
402. And if the signature information passes the verification according to the pre-stored second public key, replacing the first public key in the block chain equipment according to the received third public key.
For example, the present embodiment may refer to the above embodiments, and details are not described again.
Fig. 5 is a flowchart of another method for updating a public key based on a blockchain according to an embodiment of the present application, where the method is applied to a blockchain device, and as shown in fig. 5, the method includes:
501. receiving a first public key in a first public and private key pair and a second public key in a second public and private key pair sent by terminal equipment; the first public and private key pair and the second public and private key pair are generated for the terminal equipment in an off-line manner; and determining and sending the user identification corresponding to the first public key and the second public key to the terminal equipment, and storing the first public key and the second public key.
502. Receiving a third public key and signature information in a third public and private key pair generated by the terminal device in an off-line manner; the third public and private key pair is generated after the terminal equipment is determined to lose the first private key in the first public and private key pair; the first public and private key pair comprises a first private key and a first public key, and the third public and private key pair comprises a third private key and a third public key; the first public and private key pair is a public and private key pair of login verification when login processing is carried out between the terminal equipment and the server; the signature information is obtained by performing signature processing on the third public key according to the second private key in the second public and private key pair.
In one example, the signature information is obtained by encrypting a first hash value of the third public key according to a second private key of the second public-private key pair.
503. Decrypting the signature information according to a prestored second public key to obtain a first hash value; and calculating the third public key to obtain a second hash value.
504. And if the second hash value is consistent with the first hash value, the signature information is verified to be passed.
505. And if the signature information passes the verification according to the pre-stored second public key, replacing the first public key in the block chain equipment according to the received third public key.
506. And sending a first message to the terminal device, wherein the first message is used for representing whether the first public key in the blockchain device is successfully replaced.
507. Receiving an acquisition request sent by a verification server, wherein the acquisition request is used for acquiring a third public key corresponding to the user identifier; the user identification is sent by the terminal equipment according to the initiated login request.
508. Sending a third public key corresponding to the user identifier to the verification server; the third public key is used for verifying the encrypted login verification information corresponding to the login request and then generating a second message, wherein the second message represents whether the login is successful; the encrypted login authentication information is obtained by encrypting the login authentication information sent by the authentication server according to the third private key.
In one example, the login authentication information includes a random number and a time stamp; the encrypted login authentication information comprises an encrypted random number, an encrypted timestamp and an encrypted user identifier.
For example, the present embodiment may refer to the above embodiments, and details are not described again.
Fig. 6 is a schematic structural diagram of a public key updating apparatus based on a block chain according to an embodiment of the present application, where the apparatus is applied to a terminal device, and as shown in fig. 6, the apparatus includes:
a first processing unit 61, configured to generate a third public-private key pair offline if it is determined that the first private key in the first public-private key pair is lost, and replace the first public-private key pair according to the third public-private key pair; the first public and private key pair comprises a first private key and a first public key, and the third public and private key pair comprises a third private key and a third public key; and the first public and private key pair is a public and private key pair for login verification when login processing is carried out between the terminal equipment and the server.
And the second processing unit 62 is configured to perform signature processing on the third public key according to a second private key in a prestored second public and private key pair to obtain signature information.
A first sending unit 63, configured to send the third public key and the signature information to the blockchain device; the third public key is used for replacing the first public key in the block chain device after the signature information passes the verification of the second public key prestored in the block chain device.
The public key updating apparatus based on the block chain provided in the embodiment of the present application may be used to implement the method embodiments described above, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 7 is a schematic structural diagram of another block chain-based public key updating apparatus according to an embodiment of the present application, where the apparatus is applied to a block chain device, as shown in fig. 7, the apparatus includes:
a first receiving unit 71, configured to receive a third public key in a third public-private key pair generated by the terminal device offline, and signature information; the third public and private key pair is generated after the terminal equipment is determined to lose the first private key in the first public and private key pair; the first public and private key pair comprises a first private key and a first public key, and the third public and private key pair comprises a third private key and a third public key; the first public and private key pair is a public and private key pair of login verification when login processing is carried out between the terminal equipment and the server; the signature information is obtained by performing signature processing on the third public key according to the second private key in the second public and private key pair.
The first processing unit 72 is configured to replace the first public key in the blockchain device according to the received third public key if the signature information passes verification according to the pre-stored second public key.
The public key updating apparatus based on the block chain provided in the embodiment of the present application may be used to implement the method embodiments described above, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 8 is a schematic structural diagram of a terminal device according to an embodiment of the present application, and as shown in fig. 8, the terminal device includes: a memory 81 and a processor 82.
The memory 81: for storing computer-executable instructions.
The processor 82 is configured to perform the methods provided in the embodiments described above.
Fig. 9 is a schematic structural diagram of a blockchain apparatus according to an embodiment of the present disclosure, and as shown in fig. 9, the blockchain apparatus includes: a memory 91 and a processor 92.
The memory 91: for storing computer-executable instructions.
The processor 92 is configured to perform the methods provided in the embodiments described above.
Fig. 10 is a block diagram of a terminal device provided in this embodiment, which may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, or the like.
The apparatus 800 may include one or more of the following components: a processing component 802, a memory 804, a power component 806, a multimedia component 808, an audio component 810, an input/output (I/O) interface 812, a sensor component 814, and a communication component 816.
The processing component 802 generally controls overall operation of the device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing components 802 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interaction between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.
The memory 804 is configured to store various types of data to support operations at the apparatus 800. Examples of such data include instructions for any application or method operating on device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
Power components 806 provide power to the various components of device 800. The power components 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the apparatus 800.
The multimedia component 808 includes a screen that provides an output interface between the device 800 and the user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front facing camera and/or a rear facing camera. The front camera and/or the rear camera may receive external multimedia data when the device 800 is in an operating mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.
The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the apparatus 800 is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may further be stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.
The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.
The sensor assembly 814 includes one or more sensors for providing various aspects of state assessment for the device 800. For example, the sensor assembly 814 may detect the open/closed status of the device 800, the relative positioning of the components, such as a display and keypad of the device 800, the sensor assembly 814 may also detect a change in the position of the device 800 or a component of the device 800, the presence or absence of user contact with the device 800, the orientation or acceleration/deceleration of the device 800, and a change in the temperature of the device 800. Sensor assembly 814 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.
The communication component 816 is configured to facilitate communications between the apparatus 800 and other devices in a wired or wireless manner. The device 800 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, communications component 816 further includes a Near Field Communications (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.
In an exemplary embodiment, the apparatus 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.
In an exemplary embodiment, a non-transitory computer-readable storage medium comprising instructions, such as the memory 804 comprising instructions, executable by the processor 820 of the device 800 to perform the above-described method is also provided. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
A non-transitory computer-readable storage medium, in which instructions, when executed by a processor of a terminal device, enable the terminal device to perform a split screen processing method of the terminal device.
Embodiments of the present application also provide a non-transitory computer-readable storage medium, where instructions in the storage medium, when executed by a processor of a control device, enable the control device to perform the method provided by the above embodiments.
An embodiment of the present application further provides a computer program product, where the computer program product includes: a computer program, stored in a readable storage medium, from which at least one processor of the control device can read the computer program, the execution of the computer program by the at least one processor causing the control device to carry out the solution provided by any of the embodiments described above.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (32)

1. A public key updating method based on a block chain is characterized in that the method is applied to a terminal device and comprises the following steps:
if the first private key in the first public and private key pair is determined to be lost, generating a third public and private key pair in an off-line manner, and replacing the first public and private key pair according to the third public and private key pair; wherein the first public-private key pair comprises the first private key and a first public key, and the third public-private key pair comprises a third private key and a third public key; the first public and private key pair is a public and private key pair of login verification when login processing is carried out between the terminal equipment and the server;
performing signature processing on the third public key according to a second private key in a prestored second public and private key pair to obtain signature information;
sending the third public key and the signature information to block chain equipment; the third public key is used for replacing the first public key in the blockchain device after the signature information passes the verification according to the second public key prestored in the blockchain device.
2. The method of claim 1, wherein signing the third public key according to a second private key of a pre-stored second public and private key pair to obtain signature information comprises:
encrypting the first hash value of the third public key according to a second private key in a prestored second public and private key pair to obtain the signature information;
the signature information is used for decrypting the signature information according to a second public key prestored in the blockchain device to obtain a first hash value; and the third public key is used for replacing the first public key in the block chain device when the second hash value of the third public key is determined to be consistent with the first hash value obtained after decryption.
3. The method of claim 1, further comprising:
and receiving a first message sent by the blockchain device, wherein the first message is used for representing whether a first public key in the blockchain device is successfully replaced.
4. The method of claim 1, further comprising:
sending a login request to an authentication server, and receiving login authentication information sent by the authentication server;
encrypting the login verification information according to the third private key to obtain encrypted login verification information, and sending the encrypted login verification information to the verification server; the encrypted login verification information is used for verifying the encrypted login verification information according to a third public key in the block chain equipment to generate a second message;
and receiving the second message sent by the authentication server, wherein the second message represents whether login is successful or not.
5. The method according to claim 4, wherein the login authentication information comprises a random number and a time stamp; the encrypted login authentication information comprises an encrypted random number, an encrypted timestamp and an encrypted user identifier.
6. The method of claim 5, wherein the second message is received after verifying the encrypted login authentication information and verifying the timestamp.
7. The method of claim 5, wherein the user identifier is used to obtain a third public key corresponding to the user identifier in the blockchain device.
8. The method according to any one of claims 1-7, further comprising:
generating the first public-private key pair and the second public-private key pair offline;
sending a first public key in the first public and private key pair and a second public key in the second public and private key pair to the block chain device for storage;
receiving a user identifier sent by the blockchain equipment; and the user identification corresponds to the first public key and the second public key.
9. A public key updating method based on a block chain is characterized in that the method is applied to a block chain device, and the method comprises the following steps:
receiving a third public key and signature information in a third public and private key pair generated by the terminal device in an off-line manner; wherein the third public-private key pair is generated after determining that the terminal device loses the first private key of the first public-private key pair; the first public and private key pair comprises the first private key and a first public key, and the third public and private key pair comprises a third private key and a third public key; the first public and private key pair is a public and private key pair of login verification when login processing is carried out between the terminal equipment and the server; the signature information is obtained by performing signature processing on the third public key according to a second private key in a second public and private key pair;
and if the signature information passes the verification according to the pre-stored second public key, replacing the first public key in the block chain equipment according to the received third public key.
10. The method of claim 9, wherein the signature information is obtained by encrypting a first hash value of the third public key according to a second private key of a second public-private key pair; before replacing the first public key in the block chain device according to the received third public key if the signature information passes the verification according to the pre-stored second public key, the method further includes:
decrypting the signature information according to a pre-stored second public key to obtain a first hash value; calculating the third public key to obtain a second hash value;
and if the second hash value is consistent with the first hash value, determining that the signature information is verified.
11. The method of claim 9, further comprising:
and sending a first message to the terminal device, wherein the first message is used for representing whether the first public key in the blockchain device is successfully replaced.
12. The method of claim 9, further comprising:
receiving an acquisition request sent by a verification server, wherein the acquisition request is used for acquiring a third public key corresponding to a user identifier; the user identification is sent by the terminal equipment according to the initiated login request;
sending a third public key corresponding to the user identifier to the verification server; the third public key is used for generating a second message and sending the second message to the terminal equipment after verifying the encrypted login verification information corresponding to the login request, wherein the second message represents whether the login is successful or not; the encrypted login authentication information is obtained by encrypting the login authentication information sent by the authentication server according to the third private key.
13. The method according to claim 12, wherein the login authentication information includes a random number and a time stamp; the encrypted login authentication information comprises an encrypted random number, an encrypted timestamp and an encrypted user identifier.
14. The method according to any one of claims 9-13, further comprising:
receiving a second public key in a second public and private key pair and a first public key in a first public and private key pair sent by the terminal equipment; wherein the first public-private key pair and the second public-private key pair are generated offline by the terminal device;
and determining and sending user identifications corresponding to the first public key and the second public key to the terminal equipment, and storing the first public key and the second public key.
15. An apparatus for updating a public key based on a block chain, the apparatus being applied to a terminal device, the apparatus comprising:
the first processing unit is used for generating a third public and private key pair in an off-line manner if the first private key in the first public and private key pair is determined to be lost, and replacing the first public and private key pair according to the third public and private key pair; wherein the first public-private key pair comprises the first private key and a first public key, and the third public-private key pair comprises a third private key and a third public key; the first public and private key pair is a public and private key pair of login verification when login processing is carried out between the terminal equipment and the server;
the second processing unit is used for carrying out signature processing on the third public key according to a second private key in a prestored second public and private key pair to obtain signature information;
a first sending unit, configured to send the third public key and the signature information to a blockchain device; the third public key is used for replacing the first public key in the blockchain device after the signature information passes the verification according to the second public key prestored in the blockchain device.
16. The apparatus according to claim 15, wherein the second processing unit is specifically configured to:
encrypting the first hash value of the third public key according to a second private key in a prestored second public and private key pair to obtain the signature information;
the signature information is used for decrypting the signature information according to a second public key prestored in the blockchain device to obtain a first hash value; and the third public key is used for replacing the first public key in the block chain device when the second hash value of the third public key is determined to be consistent with the first hash value obtained after decryption.
17. The apparatus of claim 15, further comprising:
a first receiving unit, configured to receive a first message sent by the blockchain device, where the first message is used to characterize whether a first public key in the blockchain device is successfully replaced.
18. The apparatus of claim 15, further comprising:
a second sending unit, configured to send a login request to the authentication server;
a second receiving unit, configured to receive login authentication information sent by the authentication server;
the encryption unit is used for encrypting the login authentication information according to the third private key to obtain encrypted login authentication information and sending the encrypted login authentication information to the authentication server; the encrypted login verification information is used for verifying the encrypted login verification information according to a third public key in the block chain equipment to generate a second message and sending the second message to the terminal equipment;
a third receiving unit, configured to receive the second message sent by the authentication server, where the second message indicates whether login is successful.
19. The apparatus according to claim 18, wherein the login authentication information comprises a random number and a time stamp; the encrypted login authentication information comprises an encrypted random number, an encrypted timestamp and an encrypted user identifier.
20. The apparatus of claim 19, wherein the second message is received after verifying the encrypted login authentication information and verifying the timestamp.
21. The apparatus of claim 19, wherein the user identifier is used to obtain a third public key corresponding to the user identifier in the blockchain device.
22. The apparatus of any one of claims 15-21, further comprising:
a generation unit, configured to generate the first public-private key pair and the second public-private key pair offline;
a third sending unit, configured to send a first public key in the first public-private key pair and a second public key in the second public-private key pair to the blockchain device for storage;
a fourth receiving unit, configured to receive a user identifier sent by the blockchain device; and the user identification corresponds to the first public key and the second public key.
23. An apparatus for updating a public key based on a blockchain, the apparatus being applied to a blockchain device, the apparatus comprising:
the first receiving unit is used for receiving a third public key and signature information in a third public and private key pair generated by the terminal device in an off-line manner; wherein the third public-private key pair is generated after determining that the terminal device loses the first private key of the first public-private key pair; the first public and private key pair comprises the first private key and a first public key, and the third public and private key pair comprises a third private key and a third public key; the first public and private key pair is a public and private key pair of login verification when login processing is carried out between the terminal equipment and the server; the signature information is obtained by performing signature processing on the third public key according to a second private key in a second public and private key pair;
and the first processing unit is used for replacing the first public key in the block chain device according to the received third public key if the signature information passes the verification according to the pre-stored second public key.
24. The apparatus of claim 23, wherein the signature information is obtained by encrypting a first hash value of the third public key according to a second private key of a second public-private key pair; before the processing unit, the apparatus further comprises:
the second processing unit is used for decrypting the signature information according to a pre-stored second public key to obtain a first hash value; calculating the third public key to obtain a second hash value;
and the determining unit is used for determining that the signature information is verified if the second hash value is consistent with the first hash value.
25. The apparatus of claim 23, further comprising:
a first sending unit, configured to send a first message to the terminal device, where the first message is used to characterize whether the first public key in the blockchain device is successfully replaced.
26. The apparatus of claim 23, further comprising:
a second receiving unit, configured to receive an acquisition request sent by a verification server, where the acquisition request is used to acquire a third public key corresponding to a user identifier; the user identification is sent by the terminal equipment according to the initiated login request;
a second sending unit, configured to send a third public key corresponding to the user identifier to the authentication server; the third public key is used for generating a second message after verifying the encrypted login verification information corresponding to the login request, wherein the second message represents whether the login is successful; the encrypted login authentication information is obtained by encrypting the login authentication information sent by the authentication server according to the third private key.
27. The apparatus according to claim 26, wherein the login authentication information comprises a random number and a time stamp; the encrypted login authentication information comprises an encrypted random number, an encrypted timestamp and an encrypted user identifier.
28. The apparatus of any one of claims 23-27, further comprising:
a third receiving unit, configured to receive a first public key in a first public-private key pair and a second public key in a second public-private key pair sent by the terminal device; wherein the first public-private key pair and the second public-private key pair are generated offline by the terminal device;
and the storage unit is used for determining and sending the user identification corresponding to the first public key and the second public key to the terminal equipment, and storing the first public key and the second public key.
29. A terminal device, comprising: a processor and a memory;
the memory stores computer-executable instructions;
the computer executable instructions, when executed by the processor, implement the method of any one of claims 1-8.
30. A blockchain apparatus, comprising: a processor and a memory;
the memory stores computer-executable instructions;
the computer executable instructions, when executed by the processor, implement the method of any of claims 9-14.
31. A non-transitory computer readable storage medium having stored therein computer executable instructions for implementing the method of any one of claims 1-8 when executed by a processor or for implementing the method of any one of claims 9-14 when executed by a processor.
32. A computer program product, characterized in that it comprises a computer program which, when executed by a processor, implements the method of any one of claims 1-8, or which, when executed by a processor, implements the method of any one of claims 9-14.
CN202111555822.2A 2021-12-17 2021-12-17 Public key updating method, device and equipment based on block chain Pending CN114221764A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111555822.2A CN114221764A (en) 2021-12-17 2021-12-17 Public key updating method, device and equipment based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111555822.2A CN114221764A (en) 2021-12-17 2021-12-17 Public key updating method, device and equipment based on block chain

Publications (1)

Publication Number Publication Date
CN114221764A true CN114221764A (en) 2022-03-22

Family

ID=80703960

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111555822.2A Pending CN114221764A (en) 2021-12-17 2021-12-17 Public key updating method, device and equipment based on block chain

Country Status (1)

Country Link
CN (1) CN114221764A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116112167A (en) * 2023-04-13 2023-05-12 恒生电子股份有限公司 Key management system, method and device
WO2024035503A1 (en) * 2022-08-11 2024-02-15 Microsoft Technology Licensing, Llc Verifiable identity maps

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104144054A (en) * 2013-10-17 2014-11-12 腾讯科技(深圳)有限公司 Login system based on server, login server and verification method of login server
CN106878016A (en) * 2017-04-27 2017-06-20 上海木爷机器人技术有限公司 Data is activation, method of reseptance and device
CN107508681A (en) * 2017-08-15 2017-12-22 中国联合网络通信集团有限公司 Block chain cryptographic key protection method and device
CN110022316A (en) * 2019-03-29 2019-07-16 阿里巴巴集团控股有限公司 The method and apparatus for creating block chain account and resetting account key
CN112633884A (en) * 2020-12-30 2021-04-09 标信智链(杭州)科技发展有限公司 Local private key recovery method and device for transaction main body identity certificate

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104144054A (en) * 2013-10-17 2014-11-12 腾讯科技(深圳)有限公司 Login system based on server, login server and verification method of login server
CN106878016A (en) * 2017-04-27 2017-06-20 上海木爷机器人技术有限公司 Data is activation, method of reseptance and device
CN107508681A (en) * 2017-08-15 2017-12-22 中国联合网络通信集团有限公司 Block chain cryptographic key protection method and device
CN110022316A (en) * 2019-03-29 2019-07-16 阿里巴巴集团控股有限公司 The method and apparatus for creating block chain account and resetting account key
CN112633884A (en) * 2020-12-30 2021-04-09 标信智链(杭州)科技发展有限公司 Local private key recovery method and device for transaction main body identity certificate

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024035503A1 (en) * 2022-08-11 2024-02-15 Microsoft Technology Licensing, Llc Verifiable identity maps
CN116112167A (en) * 2023-04-13 2023-05-12 恒生电子股份有限公司 Key management system, method and device
CN116112167B (en) * 2023-04-13 2023-06-27 恒生电子股份有限公司 Key management system, method and device

Similar Documents

Publication Publication Date Title
EP3657370B1 (en) Methods and devices for authenticating smart card
CN109146470B (en) Method and device for generating payment code
CN104869612B (en) Access the method and device of network
US10313870B2 (en) Identity verification method and apparatus, and storage medium
CN104955031A (en) Information transmission method and device
CN113242224B (en) Authorization method and device, electronic equipment and storage medium
CN112115464B (en) Unlocking processing method and device, electronic equipment and storage medium
CN114221764A (en) Public key updating method, device and equipment based on block chain
CN107766701A (en) Electronic equipment, dynamic library file guard method and device
CN111917728A (en) Password verification method and device
CN115277117A (en) File viewing method and device, electronic equipment and storage medium
CN104852800A (en) Data transmission method and device
CN113055169B (en) Data encryption method and device, electronic equipment and storage medium
CN114218510A (en) Service page display method, device and equipment
CN108712384B (en) Terminal authentication method and device, terminal and server
CN107302519B (en) Identity authentication method and device for terminal equipment, terminal equipment and server
CN116204895A (en) Method and terminal for accessing specific data
CN114221788B (en) Login method, login device, electronic equipment and storage medium
CN108924136B (en) Authorization authentication method, device and storage medium
CN114139134A (en) Program upgrading method, device and equipment for terminal equipment
CN114386008A (en) Information processing method and device, equipment and storage medium
CN108881242B (en) Method and device for acquiring electronic identity card
CN106874793B (en) Database processing method and device
CN111371563A (en) Password verification method and device, electronic equipment and storage medium
CN111241522B (en) Firmware signature method and device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20220322