CN114844685A - Block chain-based private data authentication device, method, device and storage medium - Google Patents
Block chain-based private data authentication device, method, device and storage medium Download PDFInfo
- Publication number
- CN114844685A CN114844685A CN202210390261.3A CN202210390261A CN114844685A CN 114844685 A CN114844685 A CN 114844685A CN 202210390261 A CN202210390261 A CN 202210390261A CN 114844685 A CN114844685 A CN 114844685A
- Authority
- CN
- China
- Prior art keywords
- data
- authentication
- unit
- privacy
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000012795 verification Methods 0.000 claims abstract description 103
- 238000012545 processing Methods 0.000 claims abstract description 6
- 238000012544 monitoring process Methods 0.000 claims description 19
- 238000004891 communication Methods 0.000 claims description 10
- 230000002093 peripheral effect Effects 0.000 claims description 7
- 238000004590 computer program Methods 0.000 claims description 3
- 238000007726 management method Methods 0.000 description 22
- 238000001994 activation Methods 0.000 description 9
- 230000004913 activation Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000003213 activating effect Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 238000007796 conventional method Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the field of data processing, and discloses privacy data authentication equipment, a method and a device based on a block chain and a storage medium, wherein the method comprises the following steps: the method comprises the steps of obtaining a privacy authentication request, wherein the privacy authentication request comprises identity information and privacy authentication data; based on the private data authentication equipment, performing identity verification on the identity information to obtain a verification result; when the verification result is that the verification is passed, confirming that the privacy authentication data is credible data; based on the private data authentication equipment, the trusted data is forwarded to the data exchange node, and the trusted data is forwarded to the block chain by the data exchange node for data authentication to obtain an authentication result.
Description
Technical Field
The present invention relates to the field of data processing, and in particular, to a device, a method, an apparatus, and a storage medium for privacy data authentication based on a block chain.
Background
When the private data is shared, the private data needs to be accessed to the data exchange node through the service system, and meanwhile, in the process, the private data needs to be confirmed and authenticated. However, in the current scheme of confirming and authenticating the private data, authentication is mainly performed by means of a personal certificate and a password in a computer, but the method has a security problem, and once a computer security hole is attacked, the certificate and the password are easily leaked, so that the private data is leaked.
Therefore, the existing private data has the problem of low security during sharing.
Disclosure of Invention
The embodiment of the invention provides a device, a method and a device for authenticating private data based on a block chain and a storage medium, which are used for improving the security of the private data during sharing.
In order to solve the above technical problem, an embodiment of the present application provides a private data authentication device, where the device includes a system operation module, a password management module, and a data authentication module;
the system operation module is connected with the data authentication module, and two ends of the system operation module are connected with a hardware layer and a system layer of the privacy data authentication equipment and are used for monitoring the operation of the data authentication module of the privacy data authentication equipment;
the password management module is connected with the data authentication module, and two ends of the password management module are connected with the hardware layer and the system layer and are used for acquiring and managing all passwords in the data authentication module of the privacy data authentication equipment;
the data authentication module is located in an application layer of the privacy data authentication device and used for acquiring a password for authenticating the privacy data from the password management module and performing data authentication on the privacy data based on the password.
In order to solve the foregoing technical problem, an embodiment of the present application provides a private data authentication method based on a block chain, including:
the method comprises the steps of obtaining a privacy authentication request, wherein the privacy authentication request comprises identity information and privacy authentication data;
based on the private data authentication equipment, performing identity verification on the identity information to obtain a verification result;
when the verification result is that the verification is passed, confirming that the privacy authentication data are credible data;
and based on the private data authentication equipment, forwarding the trusted data to a data exchange node, and forwarding the trusted data to a block chain by adopting the data exchange node for data authentication to obtain an authentication result.
In order to solve the above technical problem, an embodiment of the present application further provides a private data authentication apparatus based on a block chain, including:
the privacy authentication request acquisition module is used for acquiring a privacy authentication request, wherein the privacy authentication request comprises identity information and privacy authentication data;
the identity verification module is used for verifying the identity of the identity information based on the private data authentication equipment to obtain a verification result;
the trusted data acquisition module is used for confirming that the privacy authentication data is trusted data when the verification result is that the verification is passed;
and the data authentication module is used for forwarding the trusted data to a data exchange node based on the private data authentication equipment, and forwarding the trusted data to a block chain by adopting the data exchange node for data authentication to obtain an authentication result.
In order to solve the technical problem, an embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored, and the computer program, when executed by a processor, implements the steps of the above block chain-based private data authentication method.
According to the block chain-based privacy data authentication device, method, device and storage medium provided by the embodiment of the invention, a privacy authentication request is obtained, wherein the privacy authentication request comprises identity information and privacy authentication data; based on the private data authentication equipment, performing identity verification on the identity information to obtain a verification result; when the verification result is that the verification is passed, confirming that the privacy authentication data is credible data; and based on the private data authentication equipment, forwarding the trusted data to a data exchange node, and forwarding the trusted data to a block chain by adopting the data exchange node for data authentication to obtain an authentication result. The secret key is replaced without changing the account through the credible private data authentication equipment, so that the safety of the account is ensured. The trueness and the credibility of the data are ensured through the credibility of the equipment, so that the safety of the private data during sharing is ensured.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
FIG. 1 is an exemplary system architecture diagram in which the present application may be applied;
FIG. 2 is a flow diagram of one embodiment of a block chain based private data authentication method of the present application;
fig. 3 is a schematic structural diagram of an embodiment of a block chain-based private data authentication apparatus according to the present application.
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used in the description of the application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "including" and "having," and any variations thereof, in the description and claims of this application and the description of the above figures are intended to cover non-exclusive inclusions. The terms "first," "second," and the like in the description and claims of this application or in the above-described drawings are used for distinguishing between different objects and not for describing a particular order.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, as shown in fig. 1, an embodiment of the present application provides a private data authentication device, where the private data authentication device includes a system running module 01, a password management module 02, and a data authentication module 03.
The system operation module 01 is connected with the data authentication module 03, and two ends of the system operation module 01 are connected with a hardware layer and a system layer of the privacy data authentication device, and are used for monitoring the operation of the data authentication module 03 of the privacy data authentication device.
The password management module 02 is connected with the data authentication module 03, and both ends of the password management module 02 are connected with the hardware layer and the system layer, and are used for acquiring and managing all passwords in the data authentication module 03 of the privacy data authentication device.
The data authentication module 03 is located in an application layer of the private data authentication device, and is configured to acquire a password for authenticating the private data from the password management module 02, and perform data authentication on the private data based on the password.
The system operation module 01 refers to an operation module in the private data authentication device, and the realized functions include but are not limited to monitoring password management and monitoring data authentication.
All the passwords of the password management module 02 are stored in the trusted storage environment, and the security of private key storage is ensured through the trusted storage environment.
The functions of the application layer include but are not limited to registration activation, account logout, identity recognition and privacy authentication. The equipment registration activation is responsible for activating the equipment on the block chain; the equipment account logout is responsible for logging out the equipment on the block chain; the identity recognition is responsible for recognizing the personal identity information of the user; the privacy certification is responsible for signature certification of the privacy data.
The private data authentication device comprises a system operation module, a password management module and a data authentication module, private data verification and storage at a link end are achieved through connection of the system operation module, the password management module and the data authentication module, and due to the fact that the private data authentication device is a credible device, authenticity and credibility of data are guaranteed, and therefore safety of the private data is guaranteed when the private data are shared.
Further, when the system operation module 01 is located in the hardware layer, the system operation module 01 includes a processor unit 011, a data bus unit 012, a real-time clock unit 013, a display unit 014, a fingerprint unit 015, and a communication unit 016:
the processor unit 011 is connected to the data bus unit 012, the real-time clock unit 013, the display unit 014, the fingerprint unit 015, and the communication unit 016 respectively, and is configured to execute system operation instructions.
The data bus unit 012 is connected to the communication unit 016, and communicates with an external device.
Real-time clock unit 013 is used for realizing real-time clock management, and the display element is used for display system operation and monitoring condition, and fingerprint unit 014 is used for gathering fingerprint information, and communication unit 015 is used for with host computer communication and debugging.
The processor unit 011 includes, but is not limited to, a central processing unit and a microprocessor. Preferably, the embodiment of the present application employs a central processing unit.
The data bus unit 012 includes, but is not limited to, a parallel data bus and a serial data bus. Preferably, the embodiments of the present application employ a universal serial data bus.
The display unit 014 includes, but is not limited to, a picture-tube display, a liquid crystal display. Preferably, the embodiment of the present application employs a liquid crystal display.
It should be noted that the system operation module 01 includes a processor unit 011, a data bus unit 012, a real-time clock unit 013, a display unit 014, a fingerprint unit 015, a communication unit 016 and their circuit components.
Through the unit and the circuit composition, the hardware basis for monitoring the system is ensured on the hardware level, so that the operation of the monitoring privacy data authentication equipment is realized.
Further, when the system operation module 01 is located in the system layer, the system operation module 01 includes an operation state machine unit 017, a file system unit 018, a system monitoring unit 019, and a peripheral drive unit 020:
the running state machine unit 017 is used for controlling the system to normally execute logic and exception handling, the file system unit 018 is used for managing and storing files, the system monitoring unit 019 is used for monitoring and tracking the system state in real time, and the peripheral driving unit 020 is used for driving peripheral hardware and interacting with the processor unit.
The running state machine unit 017, the file system unit 018, the system monitoring unit 019 and the peripheral drive unit 020 are all software logic implementation units.
The File System for managing and storing files includes, but is not limited to, FAT File System (File Allocation Table), Extended File Allocation Table (Extended File Allocation Table), and NTFS File System (New Technology File System). Preferably, the embodiment of the present application employs a FAT32 file system.
Through the software logic implementation unit, a software foundation for monitoring the system is guaranteed on a software level, so that the operation of the monitoring privacy data authentication equipment is realized.
Further, when the cryptographic management module 02 is located at the hardware layer, the cryptographic management module 02 includes a trusted execution unit 021 and a trusted storage unit 022, the trusted execution unit 021 is configured to perform cryptographic calculations on the key in the trusted execution environment, and the trusted storage unit 022 is configured to store the key in the trusted execution environment.
When the password management module 02 is located in the hardware layer, the password management module 02 is composed of a trusted execution environment and a trusted storage environment. Wherein, the trusted execution environment is used for the trusted execution unit 021 to perform cryptographic operation on the key in the secure environment. The above cryptographic operations include, but are not limited to, encryption and decryption. The trusted storage environment is used for securely storing the key, preventing the key from being stolen.
Through the trusted execution environment and the trusted storage environment, all passwords are stored in the trusted storage environment, all password calculation operations are executed in the trusted execution environment, and through the security of the trusted storage environment and the security of the trusted execution environment, the security and the reliability of the private data authentication equipment are further guaranteed.
Further, when the password management module 02 is located at a system layer, the password management module 02 includes a secure signature unit 023 and a key escrow unit 024, where the secure signature unit 023 is configured to send data to be signed to a trusted execution environment for signing and obtaining a signature result, and the key escrow unit 024 is configured to generate a public-private key pair in the trusted storage environment and obtain public information from the trusted storage environment.
The key escrow unit 024 is configured to generate a public-private key pair in the trusted storage environment and obtain public information from the trusted storage environment, and the generation of the public-private key pair is preferably generated by using a random number generator.
The security signature unit 023 and the key escrow unit 024 are software logic units, and perform security management on the password in a software layer, so as to ensure the security and credibility of the private data authentication device.
Referring to fig. 2, fig. 2 shows a block chain based private data authentication method according to an embodiment of the present invention, which is described by taking the private data authentication apparatus in fig. 1 as an example, and is detailed as follows:
s201, a privacy authentication request is obtained, wherein the privacy authentication request comprises identity information and privacy authentication data.
In step S201, the privacy authentication request refers to an authentication request initiated by a user uploading privacy authentication data in computer software and sending the data to a privacy data authentication device.
Here, it should be noted that, in the conventional method, the personal certificate and the password of the user are generally confirmed and authenticated directly on the computer software. And the privacy data is put into the privacy authentication request and sent to the privacy data authentication equipment for authentication in the embodiment of the application.
And sending the privacy authentication request to the privacy data authentication equipment, and ensuring the authenticity and credibility of the data through the credibility of the equipment, thereby ensuring the security of the privacy data during sharing.
S202, identity verification is carried out on the identity information based on the privacy data authentication equipment, and a verification result is obtained.
In step S202, specifically, after receiving the privacy authentication request, the privacy data authentication device prompts the user to input identity information, and performs identity verification on the identity information based on the privacy data authentication device to obtain a verification result.
The identity information includes but is not limited to an identification number, face recognition information, fingerprint information, and a user password. Preferably, the embodiment of the present application employs fingerprint information.
The verification result is the result of whether the identity information is matched with the user.
The identity information is authenticated through the privacy data authentication equipment, so that the user can be ensured to be a real user, and the privacy authentication data sent by the user can be conveniently authenticated subsequently.
And S203, when the verification result is that the verification is passed, confirming that the privacy authentication data is credible data.
In step S203, it is specifically:
and when the verification result is that the verification fails, the authentication result is that the user identity authentication fails, and the privacy authentication data is not credible.
And when the verification result is that the verification is passed, confirming that the privacy authentication data is credible data.
By verifying the identity of the user, the user is ensured to be a real user, the problem that the private data authentication equipment forwards and authenticates the untrusted data, resource waste is caused, and the authentication efficiency is improved.
S204, based on the private data authentication device, the credible data are forwarded to the data exchange node, and the credible data are forwarded to the block chain by the data exchange node for data authentication, so that an authentication result is obtained.
In step S204, it is specifically:
and when the privacy authentication data is confirmed to be credible data, acquiring a hardware unique number of the privacy data authentication equipment.
And initiating an authentication transaction based on the hardware unique number, signing the authentication transaction, and performing network forwarding on the signed authentication transaction as trusted data to send to a data exchange node.
And after receiving the authentication transaction, the data node sends the authentication transaction to the block chain for verification.
And the blockchain carries out transaction validity verification on the authentication transaction, and when the verification is passed, the authentication result is passed, and the blockchain returns the authentication result to the privacy data authentication equipment.
The hardware unique number is a unique number obtained by a trusted entity through activating an account on a block chain through an activation process after the equipment leaves a factory.
The hardware unique number can map the equipment number into a block chain account through a security registration mechanism and an updating mechanism, so that the account is not changed when the key is changed, and the account security is ensured.
Through the steps, the data authentication of the trusted data is realized, and the trueness and the credibility of the data are ensured through the credibility of the equipment, so that the safety of the private data during sharing is ensured.
In the embodiment, a privacy authentication request is acquired, wherein the privacy authentication request comprises identity information and privacy authentication data; based on the private data authentication equipment, performing identity verification on the identity information to obtain a verification result; when the verification result is that the verification is passed, confirming that the privacy authentication data is credible data; based on the private data authentication equipment, the trusted data is forwarded to the data exchange node, and the trusted data is forwarded to the block chain by the data exchange node for data authentication, so that an authentication result is obtained. The credible private data authentication equipment realizes that the secret key is not changed, and the account safety is ensured. The trueness and the credibility of the data are ensured through the credibility of the equipment, so that the safety of the private data during sharing is ensured.
In some optional implementations of this embodiment, before step S201, the method for authenticating privacy data based on a block chain further includes steps S101 to S107 as follows:
s101, a user information hash value and a hardware number corresponding to the private data authentication equipment are obtained, wherein the user information hash value refers to a hash value corresponding to the information of the registered user.
And S102, acquiring the registration transaction information based on the hardware number corresponding to the private data authentication equipment.
S103, based on the private data authentication device, signing the registered transaction information to obtain signature information, and sending the signature information to the block chain.
And S104, verifying the signature information based on the block chain to obtain a verification result.
And S105, when the verification result is that the user passes the verification, confirming that the user is successfully registered.
And S106, confirming that the user registration fails when the verification result is that the verification fails.
In step S101, the user information hash value is a hash value obtained by inputting personal information and calculating a hash value of the personal information when the user registers a personal account.
It should be understood that when a user needs to perform registration activation, personal information is input into computer software to obtain a user information hash value, and an activation request is initiated to the private data authentication device by carrying the user information hash value.
The hardware number refers to a hardware unique number corresponding to the private data authentication device, and the hardware unique number is a unique number obtained by activating an account on a block chain through an activation process after the device leaves a factory to form a trusted entity.
The hardware unique number can map the equipment number into a block chain account through a security registration mechanism and an updating mechanism, so that the account is not changed when the key is changed, and the account security is ensured.
In step S102, the registered transaction information refers to transaction information generated by a user making an activation request in the private data authentication device.
For example, the method for acquiring the registration transaction information may include:
and acquiring a public key, a secret key and a batch number corresponding to the secret key corresponding to the private data authentication equipment based on the hardware number corresponding to the private data authentication equipment.
And based on the secret key, carrying out encryption processing on the hash value of the user information and the public key to obtain encrypted information.
And connecting the encrypted information with the batch number to obtain the registered transaction information.
Explaining step S102 by taking an example, when the user identity information is fingerprint information, and the private data authentication device is powered on, receives an activation request, starts a fingerprint entering program, retains the fingerprint information of the user in the private data authentication device, reads a hardware unique number of the device, reads a public key from a trusted storage environment, reads a built-in batch unified key and a user information hash value, encrypts the batch number and the encrypted information by using the unified key, and forms registered transaction information by using the batch number and the encrypted information.
In step S104, it specifically includes:
and obtaining the key corresponding to the batch number according to the batch number.
The encrypted information is decrypted based on the key.
And verifying whether the batch numbers are the same or not, and simultaneously verifying the signature of the signature information by using the public key to obtain a verification result.
In step 105, if the verification is passed, the user registration is confirmed to be successful.
And generating a block chain account according to the hardware unique number, starting life cycle management on the account, and endowing the account with corresponding user related authority.
In this embodiment, the user registration activation is realized through the above steps, so that it is ensured that the user can pass through user identity verification and the credibility of the device to ensure the authenticity and credibility of the data when performing privacy authentication in the later period, thereby ensuring the security of the privacy data during sharing.
In some optional implementations of this embodiment, after step S204, the method for authenticating privacy data based on a blockchain further includes steps S401 to S407 as follows:
s401, a logout request is obtained, wherein the logout request comprises identity information corresponding to a user.
S402, identity verification is carried out on the identity information based on the privacy data authentication equipment, and a verification result is obtained.
S403, when the verification result is that the verification is passed, acquiring the logout transaction information.
S404, based on the private data authentication device, signing the registered transaction information to obtain signature information, and sending the signature information to the block chain.
S405, based on the block chain, the signature information is verified, and a verification result is obtained.
S406, when the verification result is that the verification is passed, the user is confirmed to be successfully logged off.
And S407, when the verification result is that the verification is not passed, confirming that the user fails to log off.
In step S401, the logout request refers to a request for logging out user identity information.
In step S403, the above-mentioned cancellation transaction information is implemented by: and initiating a logout transaction based on the hardware unique number of the privacy data authentication device.
In step S405, the above-described verification process verifies the transaction validity of the signature information.
In the embodiment, the user logout is realized through the steps, so that the authenticity and the credibility of the user logout are ensured, and the closed-loop credible management of the account is realized.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
Fig. 3 is a schematic block diagram of a block chain-based private data authentication apparatus in one-to-one correspondence with the block chain-based private data authentication method according to the foregoing embodiment. As shown in fig. 3, the block chain-based private data authentication apparatus includes a private authentication request acquisition module 31, an identity verification module 32, a trusted data acquisition module 33, and a data authentication module 34. The functional modules are explained in detail as follows:
the privacy certification request obtaining module 31 is configured to obtain a privacy certification request, where the privacy certification request includes identity information and privacy certification data.
And the identity verification module 32 is configured to perform identity verification on the identity information based on the private data authentication device to obtain a verification result.
And the trusted data acquisition module 33 is configured to, when the verification result is that the verification is passed, confirm that the privacy authentication data is trusted data.
And the data authentication module 34 is configured to forward the trusted data to the data exchange node based on the private data authentication device, and forward the trusted data to the block chain by using the data exchange node for data authentication, so as to obtain an authentication result.
Optionally, before the privacy certification request obtaining module 31, the block chain-based privacy data certification apparatus includes:
and the data acquisition module is used for acquiring a user information hash value and a hardware number corresponding to the private data authentication equipment, wherein the user information hash value is a hash value corresponding to the information of the registered user.
And the registration transaction information acquisition module is used for acquiring the registration transaction information based on the hardware number corresponding to the privacy data authentication equipment.
And the signature module is used for signing the registered transaction information based on the private data authentication equipment to obtain signature information and sending the signature information to the block chain.
And the verification result acquisition module is used for verifying the signature information based on the block chain to obtain a verification result.
And the successful registration module is used for confirming that the user is successfully registered when the verification result is that the verification is passed.
And the registration failure module is used for confirming that the user registration fails when the verification result is that the verification fails.
Optionally, the registration transaction information obtaining module includes:
and the information acquisition unit is used for acquiring a public key, a secret key and a batch number corresponding to the secret key corresponding to the privacy data authentication equipment based on the hardware number corresponding to the privacy data authentication equipment.
And the encrypted information acquisition unit is used for encrypting the user information hash value and the public key based on the secret key to obtain encrypted information.
And the registration transaction information acquisition unit is used for connecting the encrypted information with the batch number to obtain registration transaction information.
Optionally, after the data authentication module 34, the block chain based private data authentication apparatus includes:
and the logout request acquisition module is used for acquiring a logout request, wherein the logout request comprises the identity information corresponding to the user.
And the verification module is used for performing identity verification on the identity information based on the private data authentication equipment to obtain a verification result.
And the logout transaction information acquisition module is used for acquiring logout transaction information when the verification result is that the verification is passed.
And the signature module is used for signing the registered transaction information based on the private data authentication equipment to obtain signature information and sending the signature information to the block chain.
And the verification module is used for verifying the signature information based on the block chain to obtain a verification result.
And the logout success module is used for confirming that the user logout is successful when the verification result is that the verification is passed.
And the logout failure module is used for confirming that the user logout fails when the verification result is that the verification fails.
For specific limitations of the block chain based privacy data authentication apparatus, reference may be made to the above limitations of the block chain based privacy data authentication method, which are not described herein again. The modules in the block chain-based private data authentication device may be implemented in whole or in part by software, hardware, and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
The present application further provides another embodiment, which is to provide a computer-readable storage medium storing an interface display program, which is executable by at least one processor to cause the at least one processor to execute the steps of the block chain based private data authentication method as described above.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present application.
It is to be understood that the above-described embodiments are merely illustrative of some, but not restrictive, of the broad invention, and that the appended drawings illustrate preferred embodiments of the invention and do not limit the scope of the invention. This application is capable of embodiments in many different forms and is provided for the purpose of enabling a thorough understanding of the disclosure of the application. Although the present application has been described in detail with reference to the foregoing embodiments, it will be apparent to one skilled in the art that the present application may be practiced without modification or with equivalents of some of the features described in the foregoing embodiments. All equivalent structures made by using the contents of the specification and the drawings of the present application are directly or indirectly applied to other related technical fields and are within the protection scope of the present application.
Claims (10)
1. The private data authentication device is characterized by comprising a system operation module, a password management module and a data authentication module;
the system operation module is connected with the data authentication module, and two ends of the system operation module are connected with a hardware layer and a system layer of the privacy data authentication equipment and are used for monitoring the operation of the data authentication module of the privacy data authentication equipment;
the password management module is connected with the data authentication module, and two ends of the password management module are connected with the hardware layer and the system layer and are used for acquiring and managing all passwords in the data authentication module of the privacy data authentication equipment;
the data authentication module is located in an application layer of the privacy data authentication device and used for acquiring a password for authenticating the privacy data from the password management module and performing data authentication on the privacy data based on the password.
2. The apparatus of claim 1, wherein when the system operation module is located in the hardware layer, the system operation module comprises a processor unit, a data bus unit, a real-time clock unit, a display unit, a fingerprint unit, and a communication unit:
the processor unit is respectively connected with the data bus unit, the real-time clock unit, the display unit, the fingerprint unit and the communication unit and is used for executing system operation instructions;
the data bus unit is connected with the communication unit and is used for communicating with external equipment;
the real-time clock unit is used for realizing real-time clock management, the display unit is used for displaying the running and monitoring conditions of a system, the fingerprint unit is used for collecting fingerprint information, and the communication unit is used for communicating and debugging with an upper computer;
when the system operation module is located in the system layer, the system operation module comprises an operation state machine unit, a file system unit, a system monitoring unit and an external drive unit:
the system comprises a running state machine unit, a file system unit, a system monitoring unit and a peripheral driving unit, wherein the running state machine unit is used for controlling a system to normally execute logic and exception handling, the file system unit is used for managing and storing files, the system monitoring unit is used for monitoring and tracking the system state in real time, and the peripheral driving unit is used for driving peripheral hardware and interacting with the processor unit.
3. The device of claim 1, wherein when the cryptographic management module is located at the hardware layer, the cryptographic management module includes a trusted execution unit to cryptographically compute a key in a trusted execution environment and a trusted storage unit to store a key in the trusted execution environment;
when the password management module is located in the system layer, the password management module comprises a security signature unit and a key escrow unit, the security signature unit is used for sending data to be signed into the trusted execution environment for signature and obtaining a signature result, and the key escrow unit is used for generating a public and private key pair in the trusted storage environment and obtaining public information from the trusted storage environment.
4. A block chain based private data authentication method applied to the private data authentication apparatus according to any one of claims 1 to 3, the method comprising:
the method comprises the steps of obtaining a privacy authentication request, wherein the privacy authentication request comprises identity information and privacy authentication data;
based on the private data authentication equipment, performing identity verification on the identity information to obtain a verification result;
when the verification result is that the verification is passed, confirming that the privacy authentication data is credible data;
and based on the private data authentication equipment, forwarding the trusted data to a data exchange node, and forwarding the trusted data to a block chain by adopting the data exchange node for data authentication to obtain an authentication result.
5. The method of claim 4, wherein prior to the obtaining the privacy authentication request, the method further comprises:
acquiring a user information hash value and a hardware number corresponding to the private data authentication equipment, wherein the user information hash value is a hash value corresponding to the information of a registered user;
acquiring registration transaction information based on the hardware number corresponding to the private data authentication equipment;
based on the private data authentication equipment, signing the registered transaction information to obtain signature information, and sending the signature information to a block chain;
verifying the signature information based on the block chain to obtain a verification result;
when the verification result is that the verification is passed, the user is confirmed to be successfully registered;
and when the verification result is that the verification is not passed, confirming that the user registration fails.
6. The method according to claim 5, wherein the step of obtaining the registration transaction information based on the hardware number corresponding to the private data authentication device comprises:
acquiring a public key, a secret key and a batch number corresponding to the secret key corresponding to the private data authentication equipment based on the hardware number corresponding to the private data authentication equipment;
based on the secret key, carrying out encryption processing on the user information hash value and the public key to obtain encrypted information;
and connecting the encrypted information with the batch number to obtain the registration transaction information.
7. The method according to claim 4, wherein after the device for authenticating private data based on blockchain forwards the trusted data to a data exchange node and forwards the trusted data to blockchain for data authentication by using the data exchange node, and obtains an authentication result, the method further comprises:
acquiring a logout request, wherein the logout request comprises identity information corresponding to a user;
based on the private data authentication equipment, performing identity verification on the identity information to obtain a verification result;
when the verification result is that the verification is passed, acquiring logout transaction information;
based on the private data authentication equipment, signing the registered transaction information to obtain signature information, and sending the signature information to a block chain;
verifying the signature information based on the block chain to obtain a verification result;
when the verification result is that the verification is passed, the user is confirmed to be successfully logged off;
and when the verification result is that the verification is not passed, confirming that the user logout fails.
8. An apparatus for block chain based private data authentication, the apparatus comprising:
the privacy authentication request acquisition module is used for acquiring a privacy authentication request, wherein the privacy authentication request comprises identity information and privacy authentication data;
the identity verification module is used for verifying the identity of the identity information based on the private data authentication equipment to obtain a verification result;
the trusted data acquisition module is used for confirming that the privacy authentication data is trusted data when the verification result is that the verification is passed;
and the data authentication module is used for forwarding the trusted data to a data exchange node based on the private data authentication equipment, and forwarding the trusted data to a block chain by adopting the data exchange node for data authentication to obtain an authentication result.
9. The apparatus for block chain based privacy data authentication according to claim 8, wherein the privacy authentication request acquisition module is preceded by the apparatus comprising:
the data acquisition module is used for acquiring a user information hash value and a hardware number corresponding to the private data authentication device, wherein the user information hash value is a hash value corresponding to the information of the registered user.
And the registration transaction information acquisition module is used for acquiring the registration transaction information based on the hardware number corresponding to the privacy data authentication equipment.
And the signature module is used for signing the registered transaction information based on the private data authentication equipment to obtain signature information and sending the signature information to the block chain.
And the verification result acquisition module is used for verifying the signature information based on the block chain to obtain a verification result.
And the successful registration module is used for confirming that the user is successfully registered when the verification result is that the verification is passed.
And the registration failure module is used for confirming that the user registration fails when the verification result is that the verification fails.
10. A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, implements the block chain based privacy data authentication method according to any one of claims 4 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210390261.3A CN114844685B (en) | 2022-04-14 | 2022-04-14 | Private data authentication device, method, device and storage medium based on blockchain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210390261.3A CN114844685B (en) | 2022-04-14 | 2022-04-14 | Private data authentication device, method, device and storage medium based on blockchain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114844685A true CN114844685A (en) | 2022-08-02 |
| CN114844685B CN114844685B (en) | 2024-08-02 |
Family
ID=82563721
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210390261.3A Active CN114844685B (en) | 2022-04-14 | 2022-04-14 | Private data authentication device, method, device and storage medium based on blockchain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114844685B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180341775A1 (en) * | 2017-05-23 | 2018-11-29 | International Business Machines Corporation | Digital license authentication with secure privacy logging |
| CN109255661A (en) * | 2018-09-27 | 2019-01-22 | 王国俊 | A kind of business datum authentication method and system based on block chain |
| CN111783071A (en) * | 2020-07-07 | 2020-10-16 | 支付宝(杭州)信息技术有限公司 | Password-based and privacy data-based verification method, device, equipment and system |
| EP3916604A1 (en) * | 2020-05-29 | 2021-12-01 | Baidu Online Network Technology (Beijing) Co., Ltd | Method and apparatus for processing privacy data of block chain, device, storage medium and coputer program product |
-
2022
- 2022-04-14 CN CN202210390261.3A patent/CN114844685B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180341775A1 (en) * | 2017-05-23 | 2018-11-29 | International Business Machines Corporation | Digital license authentication with secure privacy logging |
| CN109255661A (en) * | 2018-09-27 | 2019-01-22 | 王国俊 | A kind of business datum authentication method and system based on block chain |
| EP3916604A1 (en) * | 2020-05-29 | 2021-12-01 | Baidu Online Network Technology (Beijing) Co., Ltd | Method and apparatus for processing privacy data of block chain, device, storage medium and coputer program product |
| CN111783071A (en) * | 2020-07-07 | 2020-10-16 | 支付宝(杭州)信息技术有限公司 | Password-based and privacy data-based verification method, device, equipment and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114844685B (en) | 2024-08-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI667585B (en) | Method and device for safety authentication based on biological characteristics | |
| KR101759193B1 (en) | Network authentication method for secure electronic transactions | |
| US8689290B2 (en) | System and method for securing a credential via user and server verification | |
| CN103136463B (en) | System and method for for the temporary transient safety opening terminal flow process of electronic installation | |
| CN101350723B (en) | USB Key equipment and method for implementing verification thereof | |
| JP2012530311A5 (en) | ||
| CN112651036B (en) | Identity authentication method based on collaborative signature and computer readable storage medium | |
| CN111401901B (en) | Authentication method and device of biological payment device, computer device and storage medium | |
| CN111786799B (en) | Digital certificate signing and issuing method and system based on Internet of things communication module | |
| CN112396735B (en) | Internet automobile digital key safety authentication method and device | |
| CN106161028A (en) | Safety chip, communication terminal and the method improving communication security | |
| KR102012262B1 (en) | Key management method and fido authenticator software authenticator | |
| CN112733129B (en) | Trusted access method for server out-of-band management | |
| US10333707B1 (en) | Systems and methods for user authentication | |
| CN105119716A (en) | Secret key negotiation method based on SD cards | |
| WO2010128451A2 (en) | Methods of robust multi-factor authentication and authorization and systems thereof | |
| US7073062B2 (en) | Method and apparatus to mutually authentication software modules | |
| CN114301617A (en) | Identity authentication method and device for multi-cloud application gateway, computer equipment and medium | |
| CN110838919B (en) | Communication method, storage method, operation method and device | |
| CN110868415B (en) | Remote identity verification method and device | |
| WO2013067792A1 (en) | Method, device and system for querying smart card | |
| CN115103356A (en) | Computer security verification system, method, mobile terminal and readable storage medium | |
| CN115529591A (en) | Token-based authentication method, device, equipment and storage medium | |
| CN114844685B (en) | Private data authentication device, method, device and storage medium based on blockchain | |
| JP4372403B2 (en) | Authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |