CN114884702A - Identity registration method, identity authentication method and identity management system - Google Patents

Identity registration method, identity authentication method and identity management system Download PDF

Info

Publication number
CN114884702A
CN114884702A CN202210411586.5A CN202210411586A CN114884702A CN 114884702 A CN114884702 A CN 114884702A CN 202210411586 A CN202210411586 A CN 202210411586A CN 114884702 A CN114884702 A CN 114884702A
Authority
CN
China
Prior art keywords
identity
identity information
user
public key
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210411586.5A
Other languages
Chinese (zh)
Inventor
肖娟秀
罗文琪
郭阳
蔡栋
赵芃
冯建波
吕荣鑫
李桂秋
谭琳惠
韩彩娜
沈义俊
王东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hainan University
Original Assignee
Hainan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hainan University filed Critical Hainan University
Priority to CN202210411586.5A priority Critical patent/CN114884702A/en
Publication of CN114884702A publication Critical patent/CN114884702A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to an identity registration method, an identity authentication method and an identity management system, which use a consensus mechanism to perform multi-node consensus to complete the verification process of user identity and avoid the problem of over centralized authority management of the traditional identity registration mechanism. Meanwhile, the key generator is used for carrying out a key distribution strategy of the public key and the private key, so that the self-management of the user on the key is realized, and the key loss and the leakage which are easy to occur in the identity registration process can be effectively avoided. Based on the method, the public key and the digital signature are stored in the identity verification node group of the block chain network, so that the safety and privacy of identity registration in scientific and technological services are improved.

Description

Identity registration method, identity authentication method and identity management system
Technical Field
The invention relates to the technical field of platform identity management, in particular to an identity registration method, an identity authentication method and an identity management system.
Background
In recent years, the service industry continues to develop rapidly, and the scientific service industry is an important ring of the modern service industry. The scientific and technological service provides intelligence service by using modern scientific and technological knowledge, modern technology, analysis and research method, experience, information and other elements. Based on the scientific and technological service platform center, each user is used as a user of scientific and technological service, and identity management is realized through corresponding registration and login in use. However, most of the existing scientific and technological service platforms are based on a centralized architecture, a trusted third party is required to participate in a transaction process, so that data is excessively concentrated, information is opaque, transaction intermediary cost exists, once a central node is damaged, a system is greatly influenced, and privacy disclosure and huge property loss of a user are caused.
On the other hand, the internet does not have a uniform and safe identity authentication scheme, and the identity authentication is used as a first gateway of asset protection of a scientific and technological service network platform and plays a crucial role in safety and privacy protection. The existing user identity authentication mode is mainly based on a trusted third-party service center, for example, authentication is performed by using a PKI mode, biometric identification, password, combination factor authentication and other modes, once a third party fails, the third party is easily subjected to risks of privacy leakage and permission abuse, meanwhile, other management modes such as a block chain combination identity authentication technology, for example, a block chain and PKI identity authentication technology are combined, uplink storage is performed on a digital certificate generated by PKI, and the like, but the problem of authenticity of initial user identity authentication cannot be avoided from the source. If the user registration information itself is forged and the authentication platform performs wrong identification and judgment, the platform transaction is deceptive, which causes immeasurable loss to other users of the platform.
In summary, it can be seen that in the conventional scientific and technical service, the identity management of the user still has the above disadvantages.
Disclosure of Invention
Therefore, it is necessary to provide an identity registration method, an identity authentication method and an identity management system for overcoming the defects of the identity management of the user in the conventional scientific and technological service.
An identity registration method, comprising the steps of:
acquiring identity information of a user to be registered;
when the identity information is not checked, submitting the identity information to an identity verification node group of the block chain network to indicate the identity verification node group to assemble the identity information into transaction data and broadcast the transaction data to the block chain network so as to indicate the block chain network to perform consensus analysis on the identity information according to a consensus rule;
when the result of the consensus analysis is that consensus is achieved, indicating the identity verification node group to pack the identity information into blocks and uplink the blocks;
giving authority to the user to be registered to indicate the user to be registered to download the key generator to generate a public key and a private key and indicate the user to be registered to encrypt identity information according to the private key to obtain a digital signature;
and acquiring the public key and the digital signature and submitting the public key and the digital signature to the identity verification node group so as to complete identity registration of the user to be registered.
The identity registration method utilizes the consensus mechanism to perform multi-node consensus, completes the verification process of the user identity and avoids the problem that the authority management of the traditional identity registration mechanism is too centralized. Meanwhile, the key generator is used for carrying out a key distribution strategy of the public key and the private key, so that the self-management of the user on the key is realized, and the key loss and the leakage which are easy to occur in the identity registration process can be effectively avoided. Based on the method, the public key and the digital signature are stored in the identity verification node group of the block chain network, so that the safety and privacy of identity registration in scientific and technological services are improved.
In one embodiment, the process of generating a public key and a private key comprises the steps of:
the public key and the private key are generated according to an RSA asymmetric key algorithm.
In one embodiment, a process for encrypting identity information based on a private key to obtain a digital signature comprises the steps of:
carrying out Hash operation on the identity information to obtain an identity information abstract;
and encrypting the identity information digest according to the private key to obtain the digital signature.
In one embodiment, the consensus rules comprise PBFT consensus rules.
An identity authentication method comprising the steps of:
acquiring input identity information and an input public key of a registered user;
searching a public key correspondingly stored by a registered user through a block chain network;
when the input public key is consistent with the public key, selecting a nearby node of an identity verification node group in the block chain network to obtain a digital signature which is correspondingly stored by a registered user;
decrypting the digital signature according to the public key, and comparing the decryption result with the input identity information;
and when the comparison is consistent, judging that the identity authentication of the registered user is successful, otherwise, failing.
According to the identity authentication method, login information is acquired based on a secret key distribution strategy, and the public key and the digital signature are stored in the identity verification node group of the block chain network, so that the identity registration safety and privacy in scientific and technological services are improved.
In one embodiment, the process of decrypting the digital signature according to the public key and comparing the decrypted result with the input identity information includes the steps of:
decrypting the digital signature to obtain an identity information abstract;
carrying out Hash operation on the input identity information to obtain an input identity information abstract;
and comparing the input identity information abstract with the identity information abstract to realize the comparison of the decryption result and the input identity information.
In one embodiment, the method further comprises the following steps:
and after the identity authentication of the registered user is successful, feeding back an authentication success result.
An identity management system comprising:
a supervisory node;
a block chain network;
wherein the supervising node is configured to perform the identity registration method of any of the above embodiments.
An identity management system comprising:
a supervisory node;
a block chain network;
wherein the supervising node is configured to perform the identity authentication method of any of the above embodiments.
An identity management system comprising:
the scientific and technological service platform is used for acquiring identity information input by a user to be registered, input identity information of a registered user or an input public key;
a supervisory node;
a block chain network;
wherein the supervising node is configured to perform the identity registration method of any of the above embodiments or the identity authentication method of any of the above embodiments.
Drawings
FIG. 1 is a schematic diagram of an identity management system information interaction according to an embodiment;
FIG. 2 is a flow diagram of an embodiment of a method for identity registration;
FIG. 3 is a flowchart of an identity registration method according to another embodiment;
FIG. 4 is a flow diagram of an embodiment of a method for identity authentication;
FIG. 5 is a block diagram of an embodiment of an identity registration apparatus;
FIG. 6 is a block diagram of an embodiment of an identity authentication device;
FIG. 7 is a schematic diagram of an internal structure of a computer according to an embodiment.
Detailed Description
For better understanding of the objects, technical solutions and effects of the present invention, the present invention will be further explained with reference to the accompanying drawings and examples. Meanwhile, the following described examples are only for explaining the present invention, and are not intended to limit the present invention.
The embodiment of the invention provides an identity management system.
Fig. 1 is a schematic diagram of information interaction of an identity management system according to an embodiment, and as shown in fig. 1, a user performs various information interactions with a block chain network through a supervisory node. Based on this, the identity management system of an embodiment includes:
a supervisory node;
a blockchain network.
In the stage that the identity is not registered, the user is a user to be registered, and the registration related to the scientific and technological service is executed through the identity management system; after registering as a registered user, the user may perform technical service related authentication (login) via the identity management system.
Based on the supervising node, the supervising node may be configured to perform the identity registration method of an embodiment. Fig. 2 is a flowchart of an embodiment of an identity registration method, and as shown in fig. 2, the identity registration method of an embodiment includes steps S100 to S104:
s100, acquiring identity information of a user to be registered;
s101, when the identity information is verified, submitting the identity information to an identity verification node group of a block chain network to indicate the identity verification node group to assemble the identity information into transaction data and broadcast the transaction data to the block chain network so as to indicate the block chain network to perform consensus analysis on the identity information according to a consensus rule;
s102, when the result of the consensus analysis is that consensus is achieved, the identity verification node group is indicated to pack the identity information into blocks and link the blocks;
s103, giving authority to the user to be registered to indicate the user to be registered to download the key generator to generate a public key and a private key and indicate the user to be registered to encrypt identity information according to the private key to obtain a digital signature;
and S104, acquiring the public key and the digital signature and submitting the public key and the digital signature to the identity verification node group to complete identity registration of the user to be registered.
In one embodiment, the identity management system further comprises a scientific and technological service platform.
The scientific and technological service platform is used as a user-oriented operation platform and is used for collecting identity information input by a user to be registered, input identity information of a registered user or an input public key. Namely, various users input corresponding information through the scientific and technological service platform, and interaction between the supervision node and the scientific and technological service platform is acquired.
In one embodiment, the supervisory node and the scientific and technical service platform perform data interaction through a secure channel to improve the security of the identity management system.
In one embodiment, the users to be registered or the registered users are both classified into individual users or enterprise users, and the identity information (input identity information) corresponding to different user types is different.
When the user to be registered or the registered user is an individual user, the identity information (input identity information) includes information such as a scholarly, a work experience, and a profession. When the user to be registered or the registered user is an enterprise user, the identity information (input identity information) includes information such as scale, registered fund, affiliated industry, and the like.
As shown in fig. 1, the supervisory node performs the step S100 of obtaining the identity information of the user to be registered, and verifies the identity information through a preset data rule at a supervisory node layer. In one embodiment, the supervisory node audits the identity information through the sensitive data identification rule.
As shown in fig. 1, after the audit is passed and the identity information is determined to be correct, the supervisory node submits the identity information to the identity verification node group of the block chain network. A safety channel also exists between the supervision node and the block chain network so as to ensure the safety of data interaction.
After the identity information is submitted to the authentication node groups of the blockchain network, the authentication node groups assemble the identity information into transaction data and broadcast the transaction data to the blockchain network.
In one embodiment, the group of identity verification nodes assembles the identity information into transaction data, which is broadcast with a transaction number attached.
As shown in fig. 1, a blockchain network includes a plurality of consensus nodes, and performs consensus analysis on identity information according to a consensus rule. And (4) scoring the transaction data according to a consensus mechanism by relying on a consensus rule of the block chain network, and judging whether the consensus rule is passed or not.
In one embodiment, the identity information is subjected to consensus analysis through a PBFT (practical Byzantine Fault Tolerance Byzantine consensus) rule, so as to realize consensus analysis consistency of all consensus nodes.
As shown in fig. 1, when the result of the consensus analysis indicates that consensus is achieved, the group of authentication nodes is instructed to pack the identity information into blocks and link the blocks to form a new block chain unit.
At this time, the block chain network feeds back the registration result to the supervisory node, and the supervisory node gives authority to the user to be registered. The authorized user to be registered can download the key generator to generate a public key and a private key, and encrypt the identity information according to the private key to obtain a digital signature.
And the self management of the user on the key is realized through the distribution strategy of the public and private key pair.
In one embodiment, the process of generating the public key and the private key in step S103 includes the steps of:
the public key and the private key are generated according to an RSA asymmetric key algorithm.
The transmission of keys in a blockchain network is facilitated by the RSA asymmetric key algorithm.
The process of generating a public-private key pair by the RSA asymmetric key algorithm proceeds as follows:
1) randomly selecting a group of different, sufficiently large indexes p, q;
2) calculating to obtain a product n which is p multiplied by q;
3) calculating to obtain f (n) × (p-1) (q-1), and keeping the p and q numbers secret;
4) randomly selecting an integer e that is coprime to f (n) such that e satisfies 1< e < f (n);
5) d is calculated, so that d.e ≡ 1mod f (n), wherein the left side of the ≡ symbol must be congruent to the right side of the symbol, i.e. the modulo operation result is the same on both sides, and no matter what value f (n) is taken on the right side of the equation is 1, the modulo operation result of the product of d and e on the left side of the visible symbol must also be equal to 1;
6) the public key KU ═ e, n; the private key KR is (d, n).
During encryption, a plaintext is first converted into an integer M from 0 to n-1. If the plaintext is longer, the data can be divided into appropriate groups and then exchanged. If the ciphertext is C, the encryption process is: c ≡ M e mod n, the decryption process is: m ≡ C d modn。
In one embodiment, fig. 3 is a flowchart of an identity registration method according to another embodiment, and as shown in fig. 3, the process of encrypting the identity information according to the private key in step S103 to obtain the digital signature includes step S200 and step S201:
s200, carrying out Hash operation on the identity information to obtain an identity information abstract;
s201, the identity information abstract is encrypted according to the private key to obtain a digital signature.
The user generates a public and private key pair (PRKi, PBKi) according to RSA asymmetric key algorithm, wherein PRKi is a private key, PBKi is a public key, and the user identifies information UAI i Performing Hash operation to obtain identity information abstract SM=H(UAIi) And the private key PRKi is used for encrypting the user identity information summary SM to generate a user digital signature SN i Submitting a digital signature SN i And the public key PBKi to the supervisory node. Then the monitoring node submits PBKi and digital signature SN i To a cluster of authentication nodes in a blockchain network.
Based on the method, identity registration of the user to be registered is achieved.
The identity registration method of any embodiment above uses a consensus mechanism to perform multi-node consensus, completes the verification process of the user identity, and avoids the problem of too centralized authority management of the traditional identity registration mechanism. Meanwhile, the key generator is used for carrying out a key distribution strategy of the public key and the private key, so that the self-management of the user on the key is realized, and the key loss and the leakage which are easy to occur in the identity registration process can be effectively avoided. Based on the method, the public key and the digital signature are stored in the identity verification node group of the block chain network, so that the safety and privacy of identity registration in scientific and technological services are improved.
Based on this, on the supervisory node side, the supervisory node is further configured to perform the identity authentication method of an embodiment.
Fig. 4 is a flowchart of an embodiment of an identity authentication method, and as shown in fig. 4, the identity authentication method of an embodiment includes steps S300 to S304:
s300, acquiring input identity information and an input public key of a registered user;
s301, searching a public key correspondingly stored by a registered user through a block chain network;
s302, when the input public key is consistent with the public key, selecting a nearby node of an identity verification node group in the block chain network to obtain a digital signature correspondingly stored by a registered user;
s303, decrypting the digital signature according to the public key, and comparing the decryption result with the input identity information;
s304, when the comparison is consistent, the identity authentication of the registered user is judged to be successful, otherwise, the identity authentication fails.
The registered user is a user to be registered through registration, and a public key of the registered user is stored in the blockchain network in advance. At the moment, the registered user can interactively input the identity information by operating the scientific and technological service platform, and simultaneously input the input public key of the registered user so as to initiate an identity authentication request.
The supervision node searches the public key stored by the registered user during registration in the blockchain network, and matches the public key with the input public key.
That is, the supervisory node searches the public key PBKi stored during registration through the block chain, and determines the input public key PBK * Whether consistent with PBKi:
if PBK * If the input public key is consistent with the public key, namely the identity authentication is successful;
if PBK * And if not, the authentication is judged to be failed, and the input identity information and the input public key of the registered user can be indicated to be acquired again.
In one embodiment, the identity authentication method of an embodiment further includes the steps of:
and after the identity authentication of the registered user is successful, feeding back the authentication success result.
As shown in fig. 1, the supervisory node feeds back the successful authentication result to the scientific and technological service platform to provide an authentication basic result for the corresponding service of the scientific and technological service platform, so as to provide a technical basis for identity management for the scientific and technological service platform.
The identity registration method of any embodiment above uses a consensus mechanism to perform multi-node consensus, completes the verification process of the user identity, and avoids the problem of too centralized authority management of the traditional identity registration mechanism. Meanwhile, the key generator is used for carrying out a key distribution strategy of the public key and the private key, so that the self-management of the user on the key is realized, and the key loss and the leakage which are easy to occur in the identity registration process can be effectively avoided. Based on the method, the public key and the digital signature are stored in the identity verification node group of the block chain network, so that the safety and privacy of identity registration in scientific and technological services are improved.
Based on this, on the side of the supervision node, the embodiment of the invention also provides an identity registration device.
Fig. 5 is a block diagram of an embodiment of an identity registration apparatus, and as shown in fig. 5, the identity registration apparatus of an embodiment includes:
a first information obtaining module 100, configured to obtain identity information of a user to be registered;
the information auditing module 101 is configured to submit the identity information to an identity authentication node group of the blockchain network when the identity information is not audited, so as to instruct the identity authentication node group to assemble the identity information into transaction data and broadcast the transaction data to the blockchain network, so as to instruct the blockchain network to perform consensus analysis on the identity information according to a consensus rule;
the information uploading module 102 is configured to instruct the identity verification node group to package the identity information into blocks and link the blocks when the result of the consensus analysis is that consensus is achieved;
the authority endowing module 103 is used for endowing the user to be registered with authority so as to indicate the user to be registered to download the key generator to generate a public key and a private key and indicate the user to be registered to encrypt the identity information according to the private key to obtain a digital signature;
and the node registration module 104 is configured to obtain a public key and a digital signature and submit the public key and the digital signature to the authentication node group, so as to complete identity registration of the user to be registered.
The identity registration device utilizes the consensus mechanism to perform multi-node consensus, completes the verification process of the user identity and avoids the problem that the authority management of the traditional identity registration mechanism is too concentrated. Meanwhile, the key generator is used for carrying out a key distribution strategy of the public key and the private key, so that the self-management of the user on the key is realized, and the key loss and the leakage which are easy to occur in the identity registration process can be effectively avoided. Based on the method, the public key and the digital signature are stored in the identity verification node group of the block chain network, so that the safety and privacy of identity registration in scientific and technological services are improved.
Meanwhile, on the side of the supervision node, the embodiment of the invention also provides an identity authentication device.
Fig. 6 is a block diagram of an embodiment of an authentication apparatus, and as shown in fig. 6, the authentication apparatus of an embodiment includes:
a second information obtaining module 200, configured to obtain input identity information and an input public key of a registered user;
the public key searching module 201 is used for searching a public key which is correspondingly stored by a registered user through a block chain network;
the signature searching module 202 is configured to select a nearby node of an authentication node group in a blockchain network when the input public key is consistent with the public key, so as to obtain a digital signature stored correspondingly by a registered user;
the information comparison module 203 is used for decrypting the digital signature according to the public key and comparing the decryption result with the input identity information;
and the authentication judgment module 204 is configured to judge that the identity authentication of the registered user is successful when the comparison is consistent, and otherwise, judge that the identity authentication of the registered user is failed.
The identity authentication device obtains login information based on a secret key distribution strategy, and the login information is stored in the identity verification node group of the block chain network through the public key and the digital signature, so that the security and the privacy of identity registration in scientific and technological services are improved.
The embodiment of the invention also provides a computer storage medium, on which computer instructions are stored, and when the instructions are executed by a processor, the computer storage medium implements the identity registration method or the identity authentication method of any one of the above embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware related to instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, the computer program can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
Alternatively, the integrated unit of the present invention may be stored in a computer-readable storage medium if it is implemented in the form of a software functional module and sold or used as a separate product. Based on such understanding, the technical solutions of the embodiments of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a terminal, or a network device) to execute all or part of the methods of the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage device, a RAM, a ROM, a magnetic or optical disk, or various other media that can store program code.
Corresponding to the computer storage medium, in an embodiment, there is also provided a computer device including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement any one of the identity registration method or the identity authentication method in the embodiments.
The computer device may be a terminal, and its internal structure diagram may be as shown in fig. 6. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement an identity registration method or an identity authentication method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
The computer equipment performs multi-node consensus by using a consensus mechanism, completes the verification process of the user identity and avoids the problem that the authority management of the traditional identity registration mechanism is too concentrated. Meanwhile, the key generator is used for carrying out a key distribution strategy of the public key and the private key, so that the self-management of the user on the key is realized, and the key loss and the leakage which are easy to occur in the identity registration process can be effectively avoided. Based on the method, the public key and the digital signature are stored in the identity verification node group of the block chain network, so that the safety and privacy of identity registration in scientific and technological services are improved.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above examples only show some embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. An identity registration method, comprising the steps of:
acquiring identity information of a user to be registered;
when the identity information is not checked, submitting the identity information to an identity verification node group of a block chain network to indicate the identity verification node group to assemble the identity information into transaction data and broadcast the transaction data to the block chain network so as to indicate the block chain network to perform consensus analysis on the identity information according to a consensus rule;
when the result of the consensus analysis is that consensus is achieved, the identity verification node group is indicated to pack the identity information into blocks and uplink the blocks;
giving authority to the user to be registered to indicate the user to be registered to download a key generator to generate a public key and a private key and indicate the user to be registered to encrypt the identity information according to the private key to obtain a digital signature;
and acquiring the public key and the digital signature and submitting the public key and the digital signature to the identity verification node group so as to complete identity registration of the user to be registered.
2. The identity registration method of claim 1, wherein the process of generating the public key and the private key comprises the steps of:
the public key and the private key are generated according to an RSA asymmetric key algorithm.
3. The identity registration method of claim 1, wherein the process of encrypting the identity information according to the private key to obtain a digital signature comprises the steps of:
carrying out Hash operation on the identity information to obtain an identity information abstract;
and encrypting the identity information digest according to the private key to obtain the digital signature.
4. An identity registration method according to any of claims 1 to 3, wherein the consensus rule comprises a PBFT consensus rule.
5. An identity authentication method, comprising the steps of:
acquiring input identity information and an input public key of a registered user;
searching a public key correspondingly stored by the registered user through a block chain network;
when the input public key is consistent with the public key, selecting a nearby node of an identity verification node group in a block chain network to obtain a digital signature which is correspondingly stored by the registered user;
decrypting the digital signature according to the public key and comparing a decryption result with the input identity information;
and when the comparison is consistent, judging that the identity authentication of the registered user is successful, otherwise, failing.
6. The identity authentication method according to claim 5, wherein the process of decrypting the digital signature according to the public key and comparing the decrypted result with the input identity information comprises the steps of:
decrypting the digital signature to obtain an identity information abstract;
performing hash operation on the input identity information to obtain an input identity information abstract;
and comparing the input identity information abstract with the identity information abstract to realize the comparison of the decryption result and the input identity information.
7. An identity authentication method according to claim 5 or 6, further comprising the steps of:
and after the identity authentication of the registered user is successful, feeding back an authentication success result.
8. An identity management system, comprising:
a supervisory node;
a block chain network;
wherein the supervising node is configured to perform the identity registration method of any of claims 1 to 4.
9. An identity management system, comprising:
a supervisory node;
a block chain network;
wherein the supervising node is configured to perform the identity authentication method of any of claims 5 to 7.
10. An identity management system, comprising:
the scientific and technological service platform is used for acquiring identity information input by a user to be registered, input identity information of a registered user or an input public key;
a supervisory node;
a block chain network;
wherein the supervising node is configured to perform the identity registration method of any of claims 1 to 4 or the identity authentication method of any of claims 5 to 7.
CN202210411586.5A 2022-04-19 2022-04-19 Identity registration method, identity authentication method and identity management system Pending CN114884702A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210411586.5A CN114884702A (en) 2022-04-19 2022-04-19 Identity registration method, identity authentication method and identity management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210411586.5A CN114884702A (en) 2022-04-19 2022-04-19 Identity registration method, identity authentication method and identity management system

Publications (1)

Publication Number Publication Date
CN114884702A true CN114884702A (en) 2022-08-09

Family

ID=82672163

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210411586.5A Pending CN114884702A (en) 2022-04-19 2022-04-19 Identity registration method, identity authentication method and identity management system

Country Status (1)

Country Link
CN (1) CN114884702A (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483198A (en) * 2017-09-25 2017-12-15 中国科学院信息工程研究所 A kind of block catenary system supervised and method
CN109639714A (en) * 2019-01-02 2019-04-16 浙江师范大学 A kind of Internet of Things identity registration and verification method based on block chain
WO2020061923A1 (en) * 2018-09-27 2020-04-02 区链通网络有限公司 Blockchain-based account management system and management method, and storage medium
CN111949953A (en) * 2020-06-23 2020-11-17 卓尔智联(武汉)研究院有限公司 Identity authentication method, system and device based on block chain and computer equipment
CN112688786A (en) * 2021-03-19 2021-04-20 中企链信(北京)科技有限公司 Evidence construction and real-name identity authentication method based on block chain
CN112702346A (en) * 2020-12-24 2021-04-23 国网浙江省电力有限公司电力科学研究院 Distributed identity authentication method and system based on alliance chain
US20210167972A1 (en) * 2019-01-09 2021-06-03 Tencent Technology (Shenzhen) Company Limited Method for issuing digital certificate, digital certificate issuing center, and medium
CN113255014A (en) * 2021-07-07 2021-08-13 腾讯科技(深圳)有限公司 Data processing method based on block chain and related equipment
CN114239072A (en) * 2021-12-28 2022-03-25 中国联合网络通信集团有限公司 Block chain node management method and block chain network

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483198A (en) * 2017-09-25 2017-12-15 中国科学院信息工程研究所 A kind of block catenary system supervised and method
WO2020061923A1 (en) * 2018-09-27 2020-04-02 区链通网络有限公司 Blockchain-based account management system and management method, and storage medium
CN109639714A (en) * 2019-01-02 2019-04-16 浙江师范大学 A kind of Internet of Things identity registration and verification method based on block chain
US20210167972A1 (en) * 2019-01-09 2021-06-03 Tencent Technology (Shenzhen) Company Limited Method for issuing digital certificate, digital certificate issuing center, and medium
CN111949953A (en) * 2020-06-23 2020-11-17 卓尔智联(武汉)研究院有限公司 Identity authentication method, system and device based on block chain and computer equipment
CN112702346A (en) * 2020-12-24 2021-04-23 国网浙江省电力有限公司电力科学研究院 Distributed identity authentication method and system based on alliance chain
CN112688786A (en) * 2021-03-19 2021-04-20 中企链信(北京)科技有限公司 Evidence construction and real-name identity authentication method based on block chain
CN113255014A (en) * 2021-07-07 2021-08-13 腾讯科技(深圳)有限公司 Data processing method based on block chain and related equipment
CN114239072A (en) * 2021-12-28 2022-03-25 中国联合网络通信集团有限公司 Block chain node management method and block chain network

Similar Documents

Publication Publication Date Title
CN110784491B (en) Internet of things safety management system
WO2021179449A1 (en) Mimic defense system based on certificate identity authentication, and certificate issuing method
JP6370722B2 (en) Inclusive verification of platform to data center
CN110750803B (en) Method and device for providing and fusing data
US20180034810A1 (en) A system and methods for protecting keys in computerized devices operating versus a server
US10348706B2 (en) Assuring external accessibility for devices on a network
CN107766724A (en) A kind of construction method of trusted computer platform software stack function structure
US8788836B1 (en) Method and apparatus for providing identity claim validation
US10652245B2 (en) External accessibility for network devices
JP6753403B2 (en) Information processing equipment, authentication systems, authentication methods, and computer programs
CN1879072A (en) System and method providing disconnected authentication
US20210143986A1 (en) Method for securely sharing data under certain conditions on a distributed ledger
CN111404896B (en) Non-central identity authentication method based on SGX
CN114692218A (en) Electronic signature method, equipment and system for individual user
KR102354758B1 (en) System and method for distributed autentication based on zero knowledge proof
CN110868415B (en) Remote identity verification method and device
US7073062B2 (en) Method and apparatus to mutually authentication software modules
WO2011150650A1 (en) Method and device for key authorization information management
CN113890768A (en) Equipment authentication method and system, Internet of things equipment and authentication server
CN101582765A (en) User bound portable trusted mobile device
CN100437422C (en) System and method for enciphering and protecting software using right
CN114697038A (en) Quantum attack resistant electronic signature method and system
Reedy et al. A Secure Framework for Ensuring EHR's Integrity Using Fine-Grained Auditing and CP-ABE
JP2004140636A (en) System, server, and program for sign entrustment of electronic document
CN114884702A (en) Identity registration method, identity authentication method and identity management system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information

Inventor after: Feng Wenlong

Inventor after: Zhu Jialin

Inventor after: Huang Mengxing

Inventor after: Feng Siling

Inventor after: Zhang Yu

Inventor before: Xiao Juanxiu

Inventor before: Han Caina

Inventor before: Shen Yijun

Inventor before: Wang Dong

Inventor before: Luo Wenqi

Inventor before: Guo Yang

Inventor before: Cai Dong

Inventor before: Zhao Pi

Inventor before: Feng Jianbo

Inventor before: Lv Rongxin

Inventor before: Li Guiqiu

Inventor before: Tan Linhui

CB03 Change of inventor or designer information