Disclosure of Invention
Therefore, it is necessary to provide an identity registration method, an identity authentication method and an identity management system for overcoming the defects of the identity management of the user in the conventional scientific and technological service.
An identity registration method, comprising the steps of:
acquiring identity information of a user to be registered;
when the identity information is not checked, submitting the identity information to an identity verification node group of the block chain network to indicate the identity verification node group to assemble the identity information into transaction data and broadcast the transaction data to the block chain network so as to indicate the block chain network to perform consensus analysis on the identity information according to a consensus rule;
when the result of the consensus analysis is that consensus is achieved, indicating the identity verification node group to pack the identity information into blocks and uplink the blocks;
giving authority to the user to be registered to indicate the user to be registered to download the key generator to generate a public key and a private key and indicate the user to be registered to encrypt identity information according to the private key to obtain a digital signature;
and acquiring the public key and the digital signature and submitting the public key and the digital signature to the identity verification node group so as to complete identity registration of the user to be registered.
The identity registration method utilizes the consensus mechanism to perform multi-node consensus, completes the verification process of the user identity and avoids the problem that the authority management of the traditional identity registration mechanism is too centralized. Meanwhile, the key generator is used for carrying out a key distribution strategy of the public key and the private key, so that the self-management of the user on the key is realized, and the key loss and the leakage which are easy to occur in the identity registration process can be effectively avoided. Based on the method, the public key and the digital signature are stored in the identity verification node group of the block chain network, so that the safety and privacy of identity registration in scientific and technological services are improved.
In one embodiment, the process of generating a public key and a private key comprises the steps of:
the public key and the private key are generated according to an RSA asymmetric key algorithm.
In one embodiment, a process for encrypting identity information based on a private key to obtain a digital signature comprises the steps of:
carrying out Hash operation on the identity information to obtain an identity information abstract;
and encrypting the identity information digest according to the private key to obtain the digital signature.
In one embodiment, the consensus rules comprise PBFT consensus rules.
An identity authentication method comprising the steps of:
acquiring input identity information and an input public key of a registered user;
searching a public key correspondingly stored by a registered user through a block chain network;
when the input public key is consistent with the public key, selecting a nearby node of an identity verification node group in the block chain network to obtain a digital signature which is correspondingly stored by a registered user;
decrypting the digital signature according to the public key, and comparing the decryption result with the input identity information;
and when the comparison is consistent, judging that the identity authentication of the registered user is successful, otherwise, failing.
According to the identity authentication method, login information is acquired based on a secret key distribution strategy, and the public key and the digital signature are stored in the identity verification node group of the block chain network, so that the identity registration safety and privacy in scientific and technological services are improved.
In one embodiment, the process of decrypting the digital signature according to the public key and comparing the decrypted result with the input identity information includes the steps of:
decrypting the digital signature to obtain an identity information abstract;
carrying out Hash operation on the input identity information to obtain an input identity information abstract;
and comparing the input identity information abstract with the identity information abstract to realize the comparison of the decryption result and the input identity information.
In one embodiment, the method further comprises the following steps:
and after the identity authentication of the registered user is successful, feeding back an authentication success result.
An identity management system comprising:
a supervisory node;
a block chain network;
wherein the supervising node is configured to perform the identity registration method of any of the above embodiments.
An identity management system comprising:
a supervisory node;
a block chain network;
wherein the supervising node is configured to perform the identity authentication method of any of the above embodiments.
An identity management system comprising:
the scientific and technological service platform is used for acquiring identity information input by a user to be registered, input identity information of a registered user or an input public key;
a supervisory node;
a block chain network;
wherein the supervising node is configured to perform the identity registration method of any of the above embodiments or the identity authentication method of any of the above embodiments.
Detailed Description
For better understanding of the objects, technical solutions and effects of the present invention, the present invention will be further explained with reference to the accompanying drawings and examples. Meanwhile, the following described examples are only for explaining the present invention, and are not intended to limit the present invention.
The embodiment of the invention provides an identity management system.
Fig. 1 is a schematic diagram of information interaction of an identity management system according to an embodiment, and as shown in fig. 1, a user performs various information interactions with a block chain network through a supervisory node. Based on this, the identity management system of an embodiment includes:
a supervisory node;
a blockchain network.
In the stage that the identity is not registered, the user is a user to be registered, and the registration related to the scientific and technological service is executed through the identity management system; after registering as a registered user, the user may perform technical service related authentication (login) via the identity management system.
Based on the supervising node, the supervising node may be configured to perform the identity registration method of an embodiment. Fig. 2 is a flowchart of an embodiment of an identity registration method, and as shown in fig. 2, the identity registration method of an embodiment includes steps S100 to S104:
s100, acquiring identity information of a user to be registered;
s101, when the identity information is verified, submitting the identity information to an identity verification node group of a block chain network to indicate the identity verification node group to assemble the identity information into transaction data and broadcast the transaction data to the block chain network so as to indicate the block chain network to perform consensus analysis on the identity information according to a consensus rule;
s102, when the result of the consensus analysis is that consensus is achieved, the identity verification node group is indicated to pack the identity information into blocks and link the blocks;
s103, giving authority to the user to be registered to indicate the user to be registered to download the key generator to generate a public key and a private key and indicate the user to be registered to encrypt identity information according to the private key to obtain a digital signature;
and S104, acquiring the public key and the digital signature and submitting the public key and the digital signature to the identity verification node group to complete identity registration of the user to be registered.
In one embodiment, the identity management system further comprises a scientific and technological service platform.
The scientific and technological service platform is used as a user-oriented operation platform and is used for collecting identity information input by a user to be registered, input identity information of a registered user or an input public key. Namely, various users input corresponding information through the scientific and technological service platform, and interaction between the supervision node and the scientific and technological service platform is acquired.
In one embodiment, the supervisory node and the scientific and technical service platform perform data interaction through a secure channel to improve the security of the identity management system.
In one embodiment, the users to be registered or the registered users are both classified into individual users or enterprise users, and the identity information (input identity information) corresponding to different user types is different.
When the user to be registered or the registered user is an individual user, the identity information (input identity information) includes information such as a scholarly, a work experience, and a profession. When the user to be registered or the registered user is an enterprise user, the identity information (input identity information) includes information such as scale, registered fund, affiliated industry, and the like.
As shown in fig. 1, the supervisory node performs the step S100 of obtaining the identity information of the user to be registered, and verifies the identity information through a preset data rule at a supervisory node layer. In one embodiment, the supervisory node audits the identity information through the sensitive data identification rule.
As shown in fig. 1, after the audit is passed and the identity information is determined to be correct, the supervisory node submits the identity information to the identity verification node group of the block chain network. A safety channel also exists between the supervision node and the block chain network so as to ensure the safety of data interaction.
After the identity information is submitted to the authentication node groups of the blockchain network, the authentication node groups assemble the identity information into transaction data and broadcast the transaction data to the blockchain network.
In one embodiment, the group of identity verification nodes assembles the identity information into transaction data, which is broadcast with a transaction number attached.
As shown in fig. 1, a blockchain network includes a plurality of consensus nodes, and performs consensus analysis on identity information according to a consensus rule. And (4) scoring the transaction data according to a consensus mechanism by relying on a consensus rule of the block chain network, and judging whether the consensus rule is passed or not.
In one embodiment, the identity information is subjected to consensus analysis through a PBFT (practical Byzantine Fault Tolerance Byzantine consensus) rule, so as to realize consensus analysis consistency of all consensus nodes.
As shown in fig. 1, when the result of the consensus analysis indicates that consensus is achieved, the group of authentication nodes is instructed to pack the identity information into blocks and link the blocks to form a new block chain unit.
At this time, the block chain network feeds back the registration result to the supervisory node, and the supervisory node gives authority to the user to be registered. The authorized user to be registered can download the key generator to generate a public key and a private key, and encrypt the identity information according to the private key to obtain a digital signature.
And the self management of the user on the key is realized through the distribution strategy of the public and private key pair.
In one embodiment, the process of generating the public key and the private key in step S103 includes the steps of:
the public key and the private key are generated according to an RSA asymmetric key algorithm.
The transmission of keys in a blockchain network is facilitated by the RSA asymmetric key algorithm.
The process of generating a public-private key pair by the RSA asymmetric key algorithm proceeds as follows:
1) randomly selecting a group of different, sufficiently large indexes p, q;
2) calculating to obtain a product n which is p multiplied by q;
3) calculating to obtain f (n) × (p-1) (q-1), and keeping the p and q numbers secret;
4) randomly selecting an integer e that is coprime to f (n) such that e satisfies 1< e < f (n);
5) d is calculated, so that d.e ≡ 1mod f (n), wherein the left side of the ≡ symbol must be congruent to the right side of the symbol, i.e. the modulo operation result is the same on both sides, and no matter what value f (n) is taken on the right side of the equation is 1, the modulo operation result of the product of d and e on the left side of the visible symbol must also be equal to 1;
6) the public key KU ═ e, n; the private key KR is (d, n).
During encryption, a plaintext is first converted into an integer M from 0 to n-1. If the plaintext is longer, the data can be divided into appropriate groups and then exchanged. If the ciphertext is C, the encryption process is: c ≡ M e mod n, the decryption process is: m ≡ C d modn。
In one embodiment, fig. 3 is a flowchart of an identity registration method according to another embodiment, and as shown in fig. 3, the process of encrypting the identity information according to the private key in step S103 to obtain the digital signature includes step S200 and step S201:
s200, carrying out Hash operation on the identity information to obtain an identity information abstract;
s201, the identity information abstract is encrypted according to the private key to obtain a digital signature.
The user generates a public and private key pair (PRKi, PBKi) according to RSA asymmetric key algorithm, wherein PRKi is a private key, PBKi is a public key, and the user identifies information UAI i Performing Hash operation to obtain identity information abstract SM=H(UAIi) And the private key PRKi is used for encrypting the user identity information summary SM to generate a user digital signature SN i Submitting a digital signature SN i And the public key PBKi to the supervisory node. Then the monitoring node submits PBKi and digital signature SN i To a cluster of authentication nodes in a blockchain network.
Based on the method, identity registration of the user to be registered is achieved.
The identity registration method of any embodiment above uses a consensus mechanism to perform multi-node consensus, completes the verification process of the user identity, and avoids the problem of too centralized authority management of the traditional identity registration mechanism. Meanwhile, the key generator is used for carrying out a key distribution strategy of the public key and the private key, so that the self-management of the user on the key is realized, and the key loss and the leakage which are easy to occur in the identity registration process can be effectively avoided. Based on the method, the public key and the digital signature are stored in the identity verification node group of the block chain network, so that the safety and privacy of identity registration in scientific and technological services are improved.
Based on this, on the supervisory node side, the supervisory node is further configured to perform the identity authentication method of an embodiment.
Fig. 4 is a flowchart of an embodiment of an identity authentication method, and as shown in fig. 4, the identity authentication method of an embodiment includes steps S300 to S304:
s300, acquiring input identity information and an input public key of a registered user;
s301, searching a public key correspondingly stored by a registered user through a block chain network;
s302, when the input public key is consistent with the public key, selecting a nearby node of an identity verification node group in the block chain network to obtain a digital signature correspondingly stored by a registered user;
s303, decrypting the digital signature according to the public key, and comparing the decryption result with the input identity information;
s304, when the comparison is consistent, the identity authentication of the registered user is judged to be successful, otherwise, the identity authentication fails.
The registered user is a user to be registered through registration, and a public key of the registered user is stored in the blockchain network in advance. At the moment, the registered user can interactively input the identity information by operating the scientific and technological service platform, and simultaneously input the input public key of the registered user so as to initiate an identity authentication request.
The supervision node searches the public key stored by the registered user during registration in the blockchain network, and matches the public key with the input public key.
That is, the supervisory node searches the public key PBKi stored during registration through the block chain, and determines the input public key PBK * Whether consistent with PBKi:
if PBK * If the input public key is consistent with the public key, namely the identity authentication is successful;
if PBK * And if not, the authentication is judged to be failed, and the input identity information and the input public key of the registered user can be indicated to be acquired again.
In one embodiment, the identity authentication method of an embodiment further includes the steps of:
and after the identity authentication of the registered user is successful, feeding back the authentication success result.
As shown in fig. 1, the supervisory node feeds back the successful authentication result to the scientific and technological service platform to provide an authentication basic result for the corresponding service of the scientific and technological service platform, so as to provide a technical basis for identity management for the scientific and technological service platform.
The identity registration method of any embodiment above uses a consensus mechanism to perform multi-node consensus, completes the verification process of the user identity, and avoids the problem of too centralized authority management of the traditional identity registration mechanism. Meanwhile, the key generator is used for carrying out a key distribution strategy of the public key and the private key, so that the self-management of the user on the key is realized, and the key loss and the leakage which are easy to occur in the identity registration process can be effectively avoided. Based on the method, the public key and the digital signature are stored in the identity verification node group of the block chain network, so that the safety and privacy of identity registration in scientific and technological services are improved.
Based on this, on the side of the supervision node, the embodiment of the invention also provides an identity registration device.
Fig. 5 is a block diagram of an embodiment of an identity registration apparatus, and as shown in fig. 5, the identity registration apparatus of an embodiment includes:
a first information obtaining module 100, configured to obtain identity information of a user to be registered;
the information auditing module 101 is configured to submit the identity information to an identity authentication node group of the blockchain network when the identity information is not audited, so as to instruct the identity authentication node group to assemble the identity information into transaction data and broadcast the transaction data to the blockchain network, so as to instruct the blockchain network to perform consensus analysis on the identity information according to a consensus rule;
the information uploading module 102 is configured to instruct the identity verification node group to package the identity information into blocks and link the blocks when the result of the consensus analysis is that consensus is achieved;
the authority endowing module 103 is used for endowing the user to be registered with authority so as to indicate the user to be registered to download the key generator to generate a public key and a private key and indicate the user to be registered to encrypt the identity information according to the private key to obtain a digital signature;
and the node registration module 104 is configured to obtain a public key and a digital signature and submit the public key and the digital signature to the authentication node group, so as to complete identity registration of the user to be registered.
The identity registration device utilizes the consensus mechanism to perform multi-node consensus, completes the verification process of the user identity and avoids the problem that the authority management of the traditional identity registration mechanism is too concentrated. Meanwhile, the key generator is used for carrying out a key distribution strategy of the public key and the private key, so that the self-management of the user on the key is realized, and the key loss and the leakage which are easy to occur in the identity registration process can be effectively avoided. Based on the method, the public key and the digital signature are stored in the identity verification node group of the block chain network, so that the safety and privacy of identity registration in scientific and technological services are improved.
Meanwhile, on the side of the supervision node, the embodiment of the invention also provides an identity authentication device.
Fig. 6 is a block diagram of an embodiment of an authentication apparatus, and as shown in fig. 6, the authentication apparatus of an embodiment includes:
a second information obtaining module 200, configured to obtain input identity information and an input public key of a registered user;
the public key searching module 201 is used for searching a public key which is correspondingly stored by a registered user through a block chain network;
the signature searching module 202 is configured to select a nearby node of an authentication node group in a blockchain network when the input public key is consistent with the public key, so as to obtain a digital signature stored correspondingly by a registered user;
the information comparison module 203 is used for decrypting the digital signature according to the public key and comparing the decryption result with the input identity information;
and the authentication judgment module 204 is configured to judge that the identity authentication of the registered user is successful when the comparison is consistent, and otherwise, judge that the identity authentication of the registered user is failed.
The identity authentication device obtains login information based on a secret key distribution strategy, and the login information is stored in the identity verification node group of the block chain network through the public key and the digital signature, so that the security and the privacy of identity registration in scientific and technological services are improved.
The embodiment of the invention also provides a computer storage medium, on which computer instructions are stored, and when the instructions are executed by a processor, the computer storage medium implements the identity registration method or the identity authentication method of any one of the above embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware related to instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, the computer program can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
Alternatively, the integrated unit of the present invention may be stored in a computer-readable storage medium if it is implemented in the form of a software functional module and sold or used as a separate product. Based on such understanding, the technical solutions of the embodiments of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a terminal, or a network device) to execute all or part of the methods of the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage device, a RAM, a ROM, a magnetic or optical disk, or various other media that can store program code.
Corresponding to the computer storage medium, in an embodiment, there is also provided a computer device including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement any one of the identity registration method or the identity authentication method in the embodiments.
The computer device may be a terminal, and its internal structure diagram may be as shown in fig. 6. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement an identity registration method or an identity authentication method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
The computer equipment performs multi-node consensus by using a consensus mechanism, completes the verification process of the user identity and avoids the problem that the authority management of the traditional identity registration mechanism is too concentrated. Meanwhile, the key generator is used for carrying out a key distribution strategy of the public key and the private key, so that the self-management of the user on the key is realized, and the key loss and the leakage which are easy to occur in the identity registration process can be effectively avoided. Based on the method, the public key and the digital signature are stored in the identity verification node group of the block chain network, so that the safety and privacy of identity registration in scientific and technological services are improved.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above examples only show some embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.