CN115396087A

CN115396087A - Identity authentication method, device, equipment and medium based on temporary identity certificate

Info

Publication number: CN115396087A
Application number: CN202210700339.7A
Authority: CN
Inventors: 李朝霞
Original assignee: China United Network Communications Group Co Ltd; Unicom Digital Technology Co Ltd; Unicom Cloud Data Co Ltd
Current assignee: China United Network Communications Group Co Ltd; Unicom Digital Technology Co Ltd; Unicom Cloud Data Co Ltd
Priority date: 2022-06-20
Filing date: 2022-06-20
Publication date: 2022-11-25
Anticipated expiration: 2042-06-20
Also published as: CN115396087B

Abstract

The application provides an identity authentication method, an identity authentication device, identity authentication equipment and an identity authentication medium based on a temporary identity certificate, wherein the method is applied to a first block chain participation node and comprises the following steps: responding to an authentication request sent by a second blockchain participation node, and acquiring a first biological characteristic of a first user; generating a temporary encryption key; performing third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first blockchain participation node identifier, the second blockchain participation node identifier and the first biological characteristic to obtain authentication information, and sending the authentication information to a third-party blockchain node so that the third-party blockchain node signs a temporary identity certificate for the first blockchain participation node and broadcasts the temporary identity certificate to a blockchain; and acquiring a temporary identity certificate, and sending the temporary identity certificate to the second blockchain participating node so that the second blockchain participating node performs identity authentication on the first blockchain participating node according to the temporary identity certificate.

Description

Identity authentication method, device, equipment and medium based on temporary identity certificate

Technical Field

The present application relates to the field of communications technologies, and in particular, to an identity authentication method, apparatus, device, and medium based on a temporary identity certificate.

Background

The block chain is a chain formed by blocks. Each block holds certain information, which are linked in a chain according to a respective generated time sequence. This chain is maintained in all servers, and as long as one server can work in the entire system, the entire blockchain is secure. These servers, referred to as nodes in the blockchain system, provide storage space and computational support for the entire blockchain system.

When the user authentication in the block chain depends on the private key of the user, who has the private key corresponding to the public key of the claimed user identity and who is the correct user, the user must strictly protect the security of the private key, and once the private key is lost or leaked, all assets in the block chain cannot be retrieved. Currently, the identity authentication method in the blockchain is usually to authenticate a password as a private key.

However, the password as the private key is easy to be leaked or cracked, and the authentication method in the prior art has the technical problem of low security.

Disclosure of Invention

The application provides an identity authentication method, an identity authentication device, identity authentication equipment and an identity authentication medium based on a temporary identity certificate, and aims to solve the technical problems that in the prior art, a password is used as a private key and is easy to leak or crack, and the authentication mode is low in safety.

In a first aspect, the present application provides an identity authentication method based on a temporary identity certificate, which is applied to a first blockchain participating node, and includes:

responding to an authentication request sent by a second blockchain participation node, and acquiring a first biological characteristic of a first user;

generating a temporary encryption key;

carrying out third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first block chain participation node identifier, the second block chain participation node identifier and the first biological feature to obtain authentication information, sending the authentication information to a third-party block chain node to enable the third-party block chain node to decrypt the authentication information through a third-party private key after successfully verifying the first private key signature to obtain a first block chain participation node identifier and a first biological feature, comparing the first biological feature according to a preset biological feature library, if the comparison is successful, signing a temporary identity certificate for the first block chain participation node, and broadcasting the temporary identity certificate to a block chain;

and acquiring the temporary identity certificate, and sending the temporary identity certificate to the second blockchain participation node so that the second blockchain participation node performs identity authentication on the first blockchain participation node according to the temporary identity certificate.

The method for authenticating the identity based on the temporary identity certificate is characterized in that an authoritative and credible third party is adopted for participating in authentication aiming at the nodes in the block chain, the temporary identity certificate can be issued to provide safe and reliable authentication for other nodes, and if the second block chain participating node needs to authenticate the first block chain participating node, the private key of the first block chain participating node does not need to be mastered, so that the security is improved. Specifically, if the second blockchain participant node needs to authenticate the first blockchain participant node, the second blockchain participant node initiates an authentication request to the first blockchain participant node, the first blockchain participant node can request a temporary identity certificate from an authoritative third party, namely, a third-party blockchain link node, based on the authentication request, the third-party blockchain participant node can issue the temporary identity certificate based on information such as a temporary encryption key, a first blockchain participant node identifier, a second blockchain participant node identifier, a first biological characteristic and the like sent by the first blockchain participant node, and the first blockchain participant node can acquire the temporary identity certificate on the blockchain and send the temporary identity certificate to the second blockchain participant node to implement authentication, so that the method for implementing identity authentication without having a private key is completed, and the security of identity authentication of participants in the blockchain is improved.

Optionally, before the obtaining the temporary identity certificate, the method further includes:

initiating a request for payment of the inquiry fee in the block chain;

correspondingly, after the sending the temporary identity certificate to the second blockchain participating node, the method further includes:

and acquiring query cost in the block chain, and performing payment processing according to the query cost.

The block chain participant can initiate a query fee payment application in the block chain in the authentication request process so as to realize automatic payment of identity authentication and improve user experience.

Optionally, before the acquiring the first biometric characteristic of the first user in response to the authentication request sent by the second blockchain participant node, the method further includes:

and performing verification information registration at a third-party block link node, wherein the verification information comprises the corresponding relation between the biological characteristic data of the first user and the identity information.

Before identity authentication, each blockchain participant may first register a corresponding relationship between its own biometric data (such as a fingerprint, an iris) and identity information (the identity information may be a virtual identity on a blockchain, such as a blockchain identifier and a public key to represent the blockchain participant) in an authoritative and trusted third party (a third party blockchain node), so that the third party blockchain node performs authentication according to the registered information.

Optionally, after the registration of the verification information at the third party blockchain node, the method further includes:

and receiving a third party block chain identifier and a third party public key which are sent by the third party block chain node.

In a second aspect, the present application provides an identity authentication method based on a temporary identity certificate, which is applied to a third-party blockchain node, and includes:

receiving authentication information sent by a first blockchain participation node, wherein the authentication information is an authentication request sent by the first blockchain participation node in response to a second blockchain participation node, and acquiring a first biological characteristic of a first user; generating a temporary encryption key; the temporary encryption key, the first block chain participation node identifier, the second block chain participation node identifier and the first biological characteristic are subjected to third party public key encryption processing and first private key signature processing to obtain the temporary encryption key;

after the signature of the first private key is successfully verified, decrypting the authentication information through a third-party private key to obtain a first block chain participation node identifier and a first biological characteristic;

comparing the first biological characteristics according to a preset biological characteristic library;

if the comparison is successful, a temporary identity certificate is issued to the first blockchain participant node, and the temporary identity certificate is broadcasted to the blockchain, so that the first blockchain participant node obtains the temporary identity certificate, and sends the temporary identity certificate to the second blockchain participant node, wherein the temporary identity certificate is used for the second blockchain participant node to perform identity authentication on the first blockchain participant node.

The identity authentication method based on the temporary identity certificate is applied to a third-party block chain node, namely an authoritative third party, the third-party block chain node performs centralized storage on biological characteristics, provides biological characteristic comparison service for all users, and issues the temporary identity certificate for other block chain participating nodes after comparison is successful, so that identity authentication is completed without a private key, and the accuracy and the safety of identity authentication in a block chain are improved.

Optionally, the comparing the first biometric characteristic according to a preset biometric characteristic library includes:

inquiring in a preset biological feature library according to a first block chain participation node identifier in the authentication information, and determining a preset biological feature corresponding to the first block chain participation node identifier;

and comparing the preset biological characteristics with the first biological characteristics.

The third-party blockchain participation node in the application can determine the preset biological characteristics corresponding to the first blockchain participation node in the preset biological characteristic library based on the first blockchain participation node identification in the authentication information, so that the identity of the first blockchain participation node is identified, accurate and efficient identity identification and authentication are realized, the safety and stability of identity authentication are further improved, and the safety of blockchain information transmission is improved.

Optionally, the issuing a temporary identity certificate to the first blockchain participating node includes:

and issuing a temporary identity certificate signed by the third-party blockchain participant node to the first blockchain participant node, wherein the temporary identity certificate comprises the first blockchain participant node identification, the second blockchain participant node identification, current time information, a random number and an encryption result obtained by encrypting the random number through the temporary encryption key.

Here, when the third party blockchain node issues the temporary identity certificate for the first blockchain participating node, the temporary identity certificate includes the first blockchain participating node identifier, the second blockchain participating node identifier, the current time information, the random number and the encryption result obtained by encrypting the random number by using the temporary encryption key, which is convenient for the second blockchain participating node to perform accurate and safe authentication.

In a third aspect, the present application provides an identity authentication method based on a temporary identity certificate, which is applied to a second blockchain participating node, and includes:

sending an authentication request to a first blockchain participating node so that the first blockchain participating node acquires a first biological characteristic of a first user in response to the authentication request; generating a temporary encryption key; performing third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first blockchain participation node identifier, the second blockchain participation node identifier and the first biological feature to obtain authentication information, and sending the authentication information to a third-party blockchain node; the method comprises the steps of obtaining a temporary identity certificate, sending the temporary identity certificate to a second block chain participation node, wherein the authentication information is used for decrypting the authentication information through a third-party private key after a first private key signature is successfully verified by the third-party block chain node to obtain a first block chain participation node identifier and a first biological characteristic, comparing the first biological characteristic according to a preset biological characteristic library, if the comparison is successful, signing the temporary identity certificate for the first block chain participation node, and broadcasting the temporary identity certificate to a block chain;

receiving a temporary identity certificate sent by the first blockchain participating node;

and performing identity authentication on the first block chain participation node according to the temporary identity certificate.

Here, the identity authentication method based on the temporary identity certificate is applied to a second blockchain participant node initiating authentication, when the second blockchain participant node needs to initiate identity authentication to other nodes, namely, a first blockchain participant node, an authentication request is sent to the first blockchain participant node, the first blockchain participant node can request the temporary identity certificate from a third-party blockchain link node according to the authentication request, the second blockchain participant node can perform identity authentication on the first blockchain participant node according to the temporary identity certificate, identity authentication can be achieved without a private key of the first blockchain participant node, and the safety and reliability of the identity authentication are improved.

Optionally, the temporary identity certificate includes the first blockchain participant node identifier, the second blockchain participant node identifier, current time information, a random number, and an encryption result obtained by encrypting the random number by using the temporary encryption key;

correspondingly, receiving the temporary identity certificate sent by the first blockchain participant node includes:

receiving a temporary identity certificate and the temporary encryption key sent by the first blockchain participating node;

the performing identity authentication on the first blockchain participating node according to the temporary identity certificate includes:

encrypting the random number in the temporary identity certificate according to the temporary encryption key to obtain an authentication encryption result;

and performing identity authentication on the first block chain participation node according to an encryption result obtained by encrypting the random number by the authentication encryption result and the temporary encryption key.

Here, the second blockchain participation node provided by the application may authenticate the temporary identity certificate, so that identity authentication of the first blockchain participation node is achieved, an encryption result obtained by encrypting a random number through the temporary encryption key in the temporary identity certificate is compared with the temporary encryption key, a private key of the first blockchain participation node does not need to be obtained, and security of identity authentication is further improved.

In a fourth aspect, the present application provides an identity authentication method based on a temporary identity certificate, which is applied to an identity authentication system including a first blockchain participant node, a second blockchain participant node, and a third-party blockchain node, and the method includes:

the second blockchain participating node sends an authentication request to the first blockchain participating node;

the first blockchain participating node responds to an authentication request sent by the second blockchain participating node, and obtains a first biological characteristic of a first user;

the first blockchain participating node generates a temporary encryption key;

the first blockchain participating node performs third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first blockchain participating node identifier, the second blockchain participating node identifier and the first biological feature to obtain authentication information;

the first block chain participation node sends the authentication information to a third-party block chain node;

after the signature of the first private key is successfully verified, the third-party blockchain node decrypts the authentication information through the third-party private key to obtain a first blockchain participation node identifier and a first biological characteristic;

comparing the first biological characteristics by the third-party block link node according to a preset biological characteristic library;

if the comparison of the third-party blockchain nodes is successful, a temporary identity certificate is issued to the first blockchain participating node, and the temporary identity certificate is broadcasted to the blockchain;

the first blockchain participating node acquires the temporary identity certificate and sends the temporary identity certificate to the second blockchain participating node;

a second blockchain participant node receives a temporary identity certificate sent by the first blockchain participant node;

and the second blockchain participation node performs identity authentication on the first blockchain participation node according to the temporary identity certificate.

In a fifth aspect, the present application provides an identity authentication apparatus based on a temporary identity certificate, which is applied to a first blockchain participating node, and includes:

the first acquisition module is used for responding to an authentication request sent by the second blockchain participation node and acquiring a first biological characteristic of a first user;

a generation module for generating a temporary encryption key;

the first processing module is used for carrying out third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first block chain participation node identifier, the second block chain participation node identifier and the first biological feature to obtain authentication information, sending the authentication information to a third-party block chain node to enable the third-party block chain node to decrypt the authentication information through a third-party private key after successfully verifying the first private key signature to obtain a first block chain participation node identifier and a first biological feature, comparing the first biological feature according to a preset biological feature library, and if the comparison is successful, signing a temporary identity certificate for the first block chain participation node and broadcasting the temporary identity certificate to a block chain;

and the second processing module is used for acquiring the temporary identity certificate and sending the temporary identity certificate to the second blockchain participating node so that the second blockchain participating node performs identity authentication on the first blockchain participating node according to the temporary identity certificate.

Optionally, before the second processing module obtains the temporary identity certificate, the apparatus further includes:

the payment initiating module is used for initiating a request for payment of the inquiry fee in the block chain;

correspondingly, after the second processing module sends the temporary identity certificate to the second blockchain participating node, the apparatus further includes:

and the payment processing module is used for acquiring the query expense in the block chain and performing payment processing according to the query expense.

Optionally, before the first obtaining module obtains the first biometric characteristic of the first user in response to the authentication request sent by the second blockchain participating node, the apparatus further includes:

and the registration module is used for registering verification information at a third-party block link node, wherein the verification information comprises the corresponding relation between the biological characteristic data of the first user and the identity information.

Optionally, after the registration module performs verification information registration at the third-party blockchain node, the method further includes:

and the first receiving module is used for receiving the third party block chain identifier and the third party public key which are sent by the third party block chain node.

In a sixth aspect, the present application provides an identity authentication apparatus based on a temporary identity certificate, which is applied to a third-party block chain node, and includes:

the second receiving module is used for receiving authentication information sent by a first blockchain participation node, wherein the authentication information is an authentication request sent by the first blockchain participation node in response to a second blockchain participation node, and a first biological characteristic of a first user is acquired; generating a temporary encryption key; the temporary encryption key, the first block chain participation node identifier, the second block chain participation node identifier and the first biological feature are subjected to third party public key encryption processing and first private key signature processing to obtain the temporary encryption key;

the third processing module is used for decrypting the authentication information through a third-party private key after the signature of the first private key is successfully verified to obtain a first block chain participation node identifier and a first biological characteristic;

the comparison module is used for comparing the first biological characteristics according to a preset biological characteristic library;

and if the comparison is successful, the fourth processing module is configured to issue a temporary identity certificate to the first blockchain participant node, broadcast the temporary identity certificate to a blockchain, so that the first blockchain participant node obtains the temporary identity certificate, and send the temporary identity certificate to the second blockchain participant node, where the temporary identity certificate is used by the second blockchain participant node to perform identity authentication on the first blockchain participant node.

Optionally, the alignment module is specifically configured to:

and comparing the preset biological characteristic with the first biological characteristic.

Optionally, the fourth processing module is specifically configured to:

In a seventh aspect, the present application provides an identity authentication apparatus based on a temporary identity certificate, which is applied to a second blockchain participating node, and includes:

the first sending module is used for sending an authentication request to a first blockchain participation node so that the first blockchain participation node can respond to the authentication request to obtain a first biological characteristic of a first user; generating a temporary encryption key; performing third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first block chain participation node identifier, the second block chain participation node identifier and the first biological characteristic to obtain authentication information, and sending the authentication information to a third-party block chain node; the method comprises the steps of obtaining a temporary identity certificate, sending the temporary identity certificate to a second block chain participation node, wherein the authentication information is used for decrypting the authentication information through a third-party private key after a first private key signature is successfully verified by the third-party block chain node to obtain a first block chain participation node identifier and a first biological characteristic, comparing the first biological characteristic according to a preset biological characteristic library, if the comparison is successful, signing the temporary identity certificate for the first block chain participation node, and broadcasting the temporary identity certificate to a block chain;

a third receiving module, configured to receive a temporary identity certificate sent by the first blockchain participating node;

and the authentication module is used for performing identity authentication on the first block chain participation node according to the temporary identity certificate.

Optionally, the temporary identity certificate includes the first blockchain participating node identifier, the second blockchain participating node identifier, current time information, a random number, and an encryption result obtained by encrypting the random number by the temporary encryption key;

correspondingly, the third receiving module is specifically configured to:

the authentication module is specifically configured to:

and performing identity authentication on the first block chain participation node according to the authentication encryption result and the encryption result obtained by encrypting the random number by the temporary encryption key.

In an eighth aspect, the present application provides an identity authentication device based on a temporary identity certificate, including: at least one processor and memory;

the memory stores computer execution instructions;

the at least one processor executing the computer-executable instructions stored by the memory causes the at least one processor to perform the method for temporary identity certificate-based identity authentication as described above in the first aspect and in various possible designs of the first aspect.

In a ninth aspect, the present application provides an identity authentication device based on a temporary identity certificate, including: at least one processor and memory;

the memory stores computer-executable instructions;

the at least one processor executing the computer-executable instructions stored by the memory causes the at least one processor to perform the method for temporary identity certificate-based identity authentication as set forth in the second aspect above and in various possible designs of the second aspect.

In a tenth aspect, the present application provides an identity authentication apparatus based on a temporary identity certificate, including: at least one processor and memory;

the memory stores computer execution instructions;

the at least one processor executing the computer-executable instructions stored by the memory causes the at least one processor to perform the method for temporary identity certificate-based identity authentication as described in the third aspect above and in various possible designs of the third aspect.

In an eleventh aspect, the present application provides a computer-readable storage medium, which stores computer-executable instructions that, when executed by a processor, implement a method for authenticating an identity based on a temporary identity certificate as set forth in the first aspect and various possible designs of the first aspect.

In a twelfth aspect, the present application provides a computer-readable storage medium, in which computer-executable instructions are stored, and when a processor executes the computer-executable instructions, the method for authenticating identity based on a temporary identity certificate according to the second aspect and various possible designs of the second aspect is implemented.

In a thirteenth aspect, the present application provides a computer-readable storage medium, which stores computer-executable instructions, and when a processor executes the computer-executable instructions, the method for authenticating an identity based on a temporary identity certificate as described in the third aspect and various possible designs of the third aspect is implemented.

In a fourteenth aspect, the present application provides a computer program product comprising a computer program that, when executed by a processor, implements the method for temporary identity certificate-based identity authentication as described above in the first aspect and in various possible designs of the first aspect.

In a fifteenth aspect, the present application provides a computer program product comprising a computer program that, when executed by a processor, implements the method for temporary identity certificate based identity authentication as described in the second aspect above and in various possible designs of the second aspect.

In a sixteenth aspect, the present application provides a computer program product comprising a computer program which, when executed by a processor, implements the method for temporary identity certificate based identity authentication as described in the third aspect and various possible designs of the third aspect.

The method comprises the steps that an authorized third party participates in authentication aiming at nodes in a block chain, safe and reliable authentication can be provided, specifically, if a second block chain participating node needs to authenticate a first block chain participating node, the second block chain participating node initiates an authentication request to the first block chain participating node, the first block chain participating node can request a temporary identity certificate from an authorized third party, namely a third-party block chain link point, based on the authentication request, the third-party block chain participating node can obtain the temporary identity certificate on the block chain and send the temporary identity certificate to the second block chain participating node to achieve the purpose of achieving the identity authentication under the condition that a private key is not needed, and the safety of the identity authentication in the block chain is improved.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.

Fig. 1 is a schematic diagram of an identity authentication system architecture based on a temporary identity certificate according to an embodiment of the present application;

fig. 2 is a schematic flowchart of an identity authentication method based on a temporary identity certificate according to an embodiment of the present application;

fig. 3 is a schematic flowchart of another identity authentication method based on a temporary identity certificate according to an embodiment of the present application;

fig. 4 is a schematic flowchart of another identity authentication method based on a temporary identity certificate according to an embodiment of the present application;

fig. 5 is a schematic flowchart of another identity authentication method based on a temporary identity certificate according to an embodiment of the present application;

fig. 6 is a schematic structural diagram of an identity authentication apparatus based on a temporary identity certificate according to an embodiment of the present application;

fig. 7 is a schematic structural diagram of an identity authentication apparatus based on a temporary identity certificate according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of another identity authentication apparatus based on a temporary identity certificate according to an embodiment of the present application;

fig. 9 is a schematic structural diagram of another identity authentication apparatus based on a temporary identity certificate according to an embodiment of the present application.

Specific embodiments of the present disclosure have been shown by way of example in the drawings and will be described in more detail below. The drawings and written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the disclosed concepts to those skilled in the art by reference to specific embodiments.

Detailed Description

Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. The following description refers to the accompanying drawings in which the same numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the disclosure, as detailed in the appended claims.

The terms "first," "second," "third," and "fourth," if any, in the description and claims of this application and the above-described figures are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

In the technical scheme of the application, the collection, storage, use, processing, transmission, provision, disclosure and other processing of the related user data and other information all accord with the regulations of related laws and regulations and do not violate the good customs of the public order.

A blockchain is a special kind of distributed database. The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm, and is essentially a decentralized database. Firstly, the block chain is mainly used for storing information, and any information needing to be stored can be written into the block chain and also can be read from the block chain, so that the block chain is a database; secondly, anyone can set up a server and join the block chain network to form a node. In the world of the block chain, there is no central node, each node is equal, the whole database is stored, data can be written in/read from any node, and all nodes are synchronous finally, so that the block chain is consistent. The block chain is a series of data blocks which are associated by using a cryptographic method, and each data block contains information of one network transaction, so that the validity (anti-counterfeiting) of the information is verified and a next block is generated. In a narrow sense, the blockchain is a distributed account book which is a chained data structure formed by combining data blocks in a sequential connection mode according to a time sequence and is guaranteed to be not falsified and not forged in a cryptographic mode. Broadly speaking, the blockchain technique is a completely new distributed infrastructure and computing paradigm that utilizes blockchain data structures to verify and store data, utilizes distributed node consensus algorithms to generate and update data, cryptographically secure data transmission and access, and utilizes intelligent contracts composed of automated script code to program and manipulate data. The design of blockchains is a protective measure, such as (applied to) highly fault-tolerant distributed computing systems. Block chains enable mixed consistency. This makes the blockchain suitable for recording events, titles, medical records and other activities requiring the inclusion of data, identification management, transaction flow management and provenance management.

The user authentication in the current block chain depends on the private key of the user, and who owns the private key corresponding to the public key of the claimed user identity is the correct user. But requires that the user must be particularly tight in protecting the private key, and once the private key is lost or compromised, all assets in the blockchain cannot be retrieved any more. The traditional common password mode is easy to memorize and easy to crack, and a mode based on biological characteristics such as fingerprints/irises and the like is expected, but the biological characteristics are only suitable for local authentication, once the biological characteristics are sent to an authenticator, the biological characteristics are mastered by the other party, and the biological characteristics are easily used maliciously, so that the biological characteristics are leaked.

In order to solve the above technical problem, embodiments of the present application provide an identity authentication method, an identity authentication device, a server, and a storage medium based on a temporary identity certificate, where, for a node in a block chain, an authoritative and trusted third party is used to participate in authentication, and a secure and reliable authentication may be provided for other nodes by issuing the temporary identity certificate, and if a second block chain participating node needs to authenticate a first block chain participating node, it is not necessary to master a private key of the first block chain participating node, so as to improve security.

Optionally, fig. 1 is a schematic diagram of an identity authentication system architecture based on a temporary identity certificate according to an embodiment of the present application. As shown in fig. 1, the architecture includes a first blockchain participating node 101, a third party blockchain node 102, and a second blockchain participating node 103.

It is to be understood that the number of the first blockchain participating node 101, the third-party blockchain node 102, and the second blockchain participating node 103 may be determined according to actual situations, and fig. 1 is only an illustration, and the number of the nodes is not particularly limited in the embodiment of the present application.

The first blockchain participating node 101, the third-party blockchain node 102, and the second blockchain participating node 103 are all nodes in a blockchain, and communication can be implemented between any two nodes (in the present application, communication connection needs to be implemented between nodes with different properties, for example, the third-party blockchain node broadcasts information to the first blockchain participating node and the second blockchain participating node, and fig. 1 shows communication connection between nodes with different properties only by using a connection line).

The user can realize information interaction with the first blockchain participating node, the third-party blockchain node or the second blockchain participating node through input/output equipment.

It is to be understood that the schematic structure in the embodiment of the present application does not form a specific limitation to the architecture of the identity authentication system based on the temporary identity certificate. In other possible embodiments of the present application, the foregoing architecture may include more or less components than those shown in the drawings, or combine some components, or split some components, or arrange different components, which may be determined according to practical application scenarios, and is not limited herein. The components shown in fig. 1 may be implemented in hardware, software, or a combination of software and hardware.

In addition, the network architecture and the service scenario described in the embodiment of the present application are for more clearly illustrating the technical solution of the embodiment of the present application, and do not constitute a limitation to the technical solution provided in the embodiment of the present application, and it can be known by a person skilled in the art that along with the evolution of the network architecture and the appearance of a new service scenario, the technical solution provided in the embodiment of the present application is also applicable to similar technical problems.

The technical solutions of the present application are described below with several embodiments as examples, and the same or similar concepts or processes may not be described in detail in some embodiments.

Fig. 2 is a schematic flowchart of an identity authentication method based on a temporary identity certificate according to an embodiment of the present application, where the embodiment of the present application may be applied to the first blockchain participant node 101 in fig. 1, where the first blockchain participant node 101 may be a server, and a specific execution subject may be determined according to an actual application scenario. As shown in fig. 2, the method comprises the steps of:

s201: and acquiring the first biological characteristics of the first user in response to the authentication request sent by the second blockchain participating node.

In the embodiment of the present application, for the sake of example, the second blockchain participant node may also be referred to as blockchain participant B, and the first blockchain participant node may also be referred to as blockchain participant a.

In one possible implementation, the second blockchain participant node is blockchain participant B, and the first blockchain participant node is blockchain participant a, and when blockchain participant B needs to authenticate blockchain participant a, blockchain participant B initiates an authentication request to blockchain participant a.

Optionally, the first user is a home subscriber of the first blockchain participating node, for example, the first blockchain participating node is a user of the terminal if the first blockchain participating node is the terminal, and the first user is a server operator if the first blockchain node is the server.

Optionally, the first biometric feature here is a biometric feature of the first user acquired by the first blockchain participating node, and may be a fingerprint feature or an iris feature, or may be a facial image, or the like.

Alternatively, the biometric characteristic of the first user may be acquired through a terminal or a collection device, and specifically, the biometric characteristic may be collected through a camera, a sensor, or the like.

In one possible implementation, if blockchain participant a is the first blockchain participant node, blockchain participant a collects its own biometric, such as FingerPrintA'.

Optionally, before acquiring the first biometric characteristic of the first user in response to the authentication request sent by the second blockchain participating node, the method further includes:

and performing verification information registration at a third-party block chain node, wherein the verification information comprises the corresponding relation between the biological characteristic data of the first user and the identity information.

Before identity authentication, each blockchain participant may first register a corresponding relationship between its own biometric data (such as a fingerprint, an iris) and identity information (the identity information may be a virtual identity on a blockchain, such as a blockchain identifier and a public key, to represent the blockchain participant) in an authoritative and trusted third party (a third party blockchain node), so that the third party blockchain node performs authentication according to the registered information.

The verification information comprises the corresponding relation between the biological characteristic data of the first user and the identity information.

In one possible implementation, each blockchain participant first registers a correspondence between its own biometric data (e.g., fingerprint, iris) and identity information (which may be a virtual identity on the blockchain, such as a blockchain identification and a public key, to represent the blockchain participant) with an authoritative trusted third party.

Alternatively, the registration may be performed offline or online, and for the sake of security, it is preferable that the biometric data (e.g., fingerprint, iris) is acquired offline.

Optionally, after the registration of the verification information at the third-party blockchain node, the method further includes:

and receiving a third party block chain identifier and a third party public key sent by the third party block chain node.

S202: a temporary encryption key is generated.

Optionally, the first blockchain participating node randomly generates the temporary encryption Key.

S201: the temporary encryption key, the first block chain participation node identification, the second block chain participation node identification and the first biological feature are subjected to third-party public key encryption processing and first private key signature processing to obtain authentication information, the authentication information is sent to the third-party block chain nodes, so that after the first private key signature verification of the third-party block chain nodes is successful, the authentication information is decrypted through the third-party private key to obtain the first block chain participation node identification and the first biological feature, the first biological feature is compared according to a preset biological feature library, if the comparison is successful, a temporary identity certificate is signed for the first block chain participation node, and the temporary identity certificate is broadcast to the block chain.

In a possible implementation manner, the blockchain participant a encrypts the Key and IDa, IDb, fingerPrintA 'with the public Key of the authoritative third party, and then sends the encrypted Key, IDa, IDb, fingerPrintA' to the authoritative third party after signing with the private Key (first private Key) of the blockchain participant a. Wherein IDa and IDb are identifiers in the blockchain corresponding to the blockchain participant a and the blockchain participant B, that is, a first blockchain participation node identifier and a second blockchain participation node identifier.

S204: and acquiring a temporary identity certificate, and sending the temporary identity certificate to the second blockchain participation node so that the second blockchain participation node performs identity authentication on the first blockchain participation node according to the temporary identity certificate.

Optionally, the temporary identity certificate may be sent to the second blockchain participant node, or the address of the second blockchain participant node may be sent to the second blockchain participant node.

In a possible implementation manner, the blockchain participant a obtains the temporary identity certificate from the blockchain and sends the temporary identity certificate and the Key to the blockchain participant B, or sends the address of the temporary identity certificate issued on the blockchain by the authoritative third party to the blockchain participant B, and the blockchain participant B performs self-fetching.

Optionally, before obtaining the temporary identity certificate, the method further includes:

initiating a request for payment of the inquiry fee in the block chain;

correspondingly, after sending the temporary identity certificate to the second blockchain participating node, the method further includes:

and acquiring the query cost in the block chain, and performing payment processing according to the query cost.

In one possible implementation, blockchain participant a initiates a query fee payment application in the blockchain. And after the third-party blockchain participation node signs the temporary identity certificate, performing third-party blockchain participation node signature confirmation on the temporary identity certificate on the blockchain, and if the verification is passed, writing the inquiry cost of the blockchain participant A to an authoritative third party into the blockchain, and successfully paying.

Optionally, fig. 3 is a schematic flowchart of another identity authentication method based on a temporary identity certificate according to an embodiment of the present application. The execution subject of the embodiment of the present application is the third-party blockchain node 102 in fig. 1, and the specific execution subject may be determined according to an actual application scenario. As shown in fig. 3, the method comprises the steps of:

s301: and receiving authentication information sent by the first blockchain participating node.

The authentication information is an authentication request sent by the first blockchain participating node in response to the second blockchain participating node, and a first biological characteristic of a first user is obtained; generating a temporary encryption key; and performing third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first blockchain participation node identifier, the second blockchain participation node identifier and the first biological characteristic to obtain the temporary encryption key.

S302: and after the signature of the first private key is successfully verified, decrypting the authentication information through a third-party private key to obtain the first block chain participation node identifier and the first biological characteristic.

Optionally, the third party blockchain node may publish its own blockchain identification and third party public key (the public key of the third party blockchain node) in the form of a broadcast message signed by a private key on the blockchain. Anyone on the blockchain can use his public key to validate the identity certificate he issued.

In a possible implementation manner, after receiving the information, the third-party blockchain node verifies the private key signature of the blockchain participant a, and if the verification is passed, the encrypted information is decrypted by using the own private key (third-party private key) of the authoritative third party, and after decryption, the FingerPrintA is obtained in the biological characteristic library by indexing through IDa, and then the FingerPrintA' is compared with the FingerPrintA in the biological characteristic library.

S303: and comparing the first biological characteristics according to a preset biological characteristic library.

Optionally, comparing the first biometric characteristic according to a preset biometric characteristic library, including:

inquiring in a preset biological feature library according to a first block chain participation node identifier in the authentication information, and determining a preset biological feature corresponding to the first block chain participation node identifier; the preset biological characteristics are compared with the first biological characteristics.

The third-party blockchain participating node in the embodiment of the present application may determine, based on the first blockchain participating node identifier in the authentication information, the preset biological feature corresponding to the first blockchain participating node in the preset biological feature library, so as to identify the identity of the first blockchain participating node, implement accurate and efficient identity identification and authentication, further improve the security and stability of identity authentication, and improve the security of blockchain information transmission.

S304: if the comparison is successful, a temporary identity certificate is issued to the first blockchain participant node, and the temporary identity certificate is broadcasted to the blockchain, so that the first blockchain participant node obtains the temporary identity certificate, and the temporary identity certificate is sent to the second blockchain participant node, wherein the temporary identity certificate is used for the second blockchain participant node to perform identity authentication on the first blockchain participant node.

Optionally, issuing a temporary identity certificate to the first blockchain participating node includes:

and issuing a temporary identity certificate signed by a third-party blockchain participation node to the first blockchain participation node, wherein the temporary identity certificate comprises a first blockchain participation node identifier, a second blockchain participation node identifier, current time information, a random number and an encryption result obtained by encrypting the random number through a temporary encryption key.

In one possible implementation, once the comparison is passed, the authoritative third party issues to the blockchain participant a temporary identity certificate signed by the authoritative third party, including the information of IDa, IDb, current time, and confirms the identity of IDa to IDb, and issues the above information in the blockchain by including a Random number Random and encrypting the encryption result 1 obtained by encrypting the Random number Random with Key, and then by the authoritative third party, using the broadcast message signed by the private Key.

Here, when the third party blockchain node issues the temporary identity certificate for the first blockchain participating node, the temporary identity certificate includes the first blockchain participating node identifier, the second blockchain participating node identifier, the current time information, the random number, and the encryption result obtained by encrypting the random number by using the temporary encryption key, which is convenient for the second blockchain participating node to perform accurate and secure authentication.

The identity authentication method based on the temporary identity certificate is applied to a third-party block chain node, namely an authoritative third party, the third-party block chain node performs centralized storage on biological characteristics, provides biological characteristic comparison service for all users, and issues the temporary identity certificate for other block chain participating nodes after comparison is successful, so that identity authentication is completed without possessing a private key, and the accuracy and the safety of identity authentication in a block chain are improved.

Optionally, fig. 4 is a schematic flowchart of another identity authentication method based on a temporary identity certificate according to an embodiment of the present application. The execution subject of the embodiment of the present application is the second blockchain participating node 103 in fig. 1, and may be a server, and the specific execution subject may be determined according to an actual application scenario. As shown in fig. 4, the method includes the steps of:

s401: sending an authentication request to a first blockchain participation node so that the first blockchain participation node responds to the authentication request and acquires a first biological characteristic of a first user; generating a temporary encryption key; performing third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first blockchain participation node identification, the second blockchain participation node identification and the first biological characteristic to obtain authentication information, and sending the authentication information to a third-party blockchain node; and acquiring a temporary identity certificate, and sending the temporary identity certificate to the second blockchain participation node.

The authentication information is used for decrypting the authentication information through the third-party private key after the third-party blockchain node successfully verifies the signature of the first private key, so that a first blockchain participation node identifier and a first biological characteristic are obtained, the first biological characteristic is compared according to a preset biological characteristic library, if the comparison is successful, a temporary identity certificate is signed for the first blockchain participation node, and the temporary identity certificate is broadcasted to the blockchain.

S402: and receiving a temporary identity certificate sent by the first blockchain participating node.

S403: and performing identity authentication on the first blockchain participation node according to the temporary identity certificate.

Optionally, the temporary identity certificate includes a first blockchain participant node identifier, a second blockchain participant node identifier, current time information, a random number, and an encryption result obtained by encrypting the random number by using the temporary encryption key.

Correspondingly, receiving the temporary identity certificate sent by the first blockchain participant node includes: and receiving the temporary identity certificate and the temporary encryption key sent by the first blockchain participating node.

According to the temporary identity certificate, performing identity authentication on the first blockchain participating node, including: encrypting the random number in the temporary identity certificate according to the temporary encryption key to obtain an authentication encryption result; and performing identity authentication on the first block chain participation node according to an encryption result obtained by encrypting the random number by the authentication encryption result and the temporary encryption key.

Here, the second blockchain participating node provided in the embodiment of the present application may authenticate the temporary identity certificate, so as to implement identity authentication of the first blockchain participating node, and an encryption result obtained by encrypting a random number with the temporary encryption key in the temporary identity certificate is compared with the temporary encryption key, so that it is not necessary to obtain a private key of the first blockchain participating node, thereby further improving security of identity authentication.

In one possible implementation, blockchain participant B encrypts Random in the certificate through Key, and if the calculated result is the same as the information in the temporary identity certificate, confirms the identity of blockchain participant a. And finishing the authentication.

The identity authentication method based on the temporary identity certificate is applied to a second block chain participating node initiating authentication, when the second block chain participating node needs to initiate identity authentication to other nodes, namely a first block chain participating node, an authentication request is sent to the first block chain participating node, the first block chain participating node can request the temporary identity certificate from a third-party block chain node according to the authentication request, the second block chain participating node can perform identity authentication on the first block chain participating node according to the temporary identity certificate, identity authentication can be achieved without a private key of the first block chain participating node, and safety and reliability of identity authentication are improved.

Optionally, fig. 5 is a schematic flowchart of another identity authentication method based on a temporary identity certificate according to an embodiment of the present application. The execution subject of the embodiment of the present application is a system including a first blockchain participating node, a second blockchain participating node, and a third-party blockchain node, and may be a server, and the specific execution subject may be determined according to an actual application scenario. As shown in fig. 5, the method includes the steps of:

s501: the second blockchain participant node sends an authentication request to the first blockchain participant node.

S502: the first blockchain participating node acquires a first biological characteristic of the first user in response to the authentication request sent by the second blockchain participating node.

S503: the first blockchain participating node generates a temporary encryption key.

S504: and the first blockchain participating node performs third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first blockchain participating node identifier, the second blockchain participating node identifier and the first biological characteristic to obtain authentication information.

S505: the first blockchain participating node sends the authentication information to the third party blockchain node.

S506: and after the signature of the first private key is successfully verified by the third-party blockchain node, decrypting the authentication information through the third-party private key to obtain the first blockchain participation node identifier and the first biological characteristic.

S507: and the third-party block link node compares the first biological characteristics according to a preset biological characteristic library.

S508: and if the third-party blockchain nodes are successfully compared, the temporary identity certificate is issued to the first blockchain participating node, and the temporary identity certificate is broadcasted to the blockchain.

S509: and the first blockchain participation node acquires the temporary identity certificate and sends the temporary identity certificate to the second blockchain participation node.

S510: the second blockchain participant node receives the temporary identity certificate sent by the first blockchain participant node.

S511: and the second blockchain participating node performs identity authentication on the first blockchain participating node according to the temporary identity certificate.

One possible specific authentication method is as follows:

when the blockchain participant B needs to authenticate the identity of the blockchain participant A, the blockchain participant B initiates an authentication request to the blockchain participant A; a block chain participant A acquires the biological characteristics of the participant A, such as fingerprintA', and randomly generates a temporary encryption Key; and the same-time zone blockchain participant A encrypts the Key, IDa, IDb and fingerPrint A' by the public Key of the authoritative third party, signs by using the private Key of the blockchain participant A and sends the signed result to the authoritative third party. A block chain participant A initiates a query fee payment application in a block chain; after receiving the information, the authoritative third party verifies the private key signature of the block chain participant A, if the information passes the verification, the encrypted information is decrypted by using the private key of the authoritative third party, and the encrypted information is indexed in the biological feature library through IDa and finger print A' to be compared; once the comparison is passed, the authoritative third party issues to the blockchain participant a temporary identity certificate signed by the authoritative third party, including the information of IDa, IDb, current time, and confirms the identity of IDa to IDb, and issues the above information in the blockchain by including a Random number Random and encrypting the encryption result 1 obtained by encrypting the Random number Random with Key, and then by using the broadcast message signed by the authoritative third party with the private Key. And the blockchain miners carry out authority third party signature confirmation on the temporary certificate on the blockchain, and if the temporary certificate passes the verification, the inquiry fee of the blockchain participant A to the authority third party is written into the blockchain, and the payment is successful. The block chain participant A obtains the temporary certificate from the block chain and sends the temporary certificate and the Key to the block chain participant B, or sends an address of an authoritative third party for issuing the temporary certificate on the block chain to the block chain participant B, and the block chain participant B performs self-fetching. And the block chain participant B encrypts the Random in the certificate through Key, and if the calculation result is the same as the information in the temporary identity certificate, the identity of the block chain participant A is confirmed. And finishing the authentication.

Fig. 6 is a schematic structural diagram of an identity authentication apparatus based on a temporary identity certificate according to an embodiment of the present application, which is applied to a first blockchain participating node, as shown in fig. 6, the apparatus according to the embodiment of the present application includes: the system comprises a first obtaining module 601, a generating module 602, a first processing module 603 and a second processing module 604. The identity authentication device based on the temporary identity certificate can be a server of a block chain, or a chip or an integrated circuit for realizing the functions of the server. Here, the division of the first obtaining module 601, the generating module 602, the first processing module 603, and the second processing module 604 is only a division of logic functions, and the two may be integrated or independent physically.

The first obtaining module is used for responding to an authentication request sent by the second blockchain participation node and obtaining a first biological characteristic of a first user;

a generation module for generating a temporary encryption key;

the first processing module is used for carrying out third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first block chain participation node identification, the second block chain participation node identification and the first biological feature to obtain authentication information, and sending the authentication information to the third-party block chain nodes, so that the third-party block chain nodes decrypt the authentication information through a third-party private key after successfully verifying the first private key signature to obtain the first block chain participation node identification and the first biological feature, comparing the first biological feature according to a preset biological feature library, if the comparison is successful, issuing a temporary identity certificate to the first block chain participation node, and broadcasting the temporary identity certificate to the block chain;

and the payment processing module is used for acquiring the query cost in the block chain and performing payment processing according to the query cost.

Optionally, after the registration module performs the registration of the verification information at the third-party blockchain node, the method further includes:

Fig. 7 is a schematic structural diagram of an identity authentication apparatus based on a temporary identity certificate according to an embodiment of the present application. The apparatus may be a server, applied to a first blockchain participating node, the components shown herein, their connections and relationships, and their functions are meant to be examples only, and are not limiting implementations of the present application described and/or claimed herein.

As shown in fig. 7, the identity authentication apparatus based on a temporary identity certificate includes: a processor 701 and a memory 702, the various components being interconnected using different buses, and may be mounted on a common motherboard or in other manners as desired. The processor 701 may process instructions for execution within the terminal, including instructions for graphical information stored in or on a memory for display on an external input/output device (such as a display device coupled to an interface). In other embodiments, multiple processors and/or multiple buses may be used, along with multiple memories and multiple memories, if desired. In fig. 7, one processor 701 is taken as an example.

The memory 702, which is a non-transitory computer-readable storage medium, may be used to store non-transitory software programs, non-transitory computer-executable programs, and modules, such as program instructions/modules corresponding to the method for the temporary identity certificate-based identity authentication apparatus in the embodiments of the present application (for example, the first obtaining module 601, the generating module 602, the first processing module 603, and the second processing module 604 shown in fig. 6). The processor 701 executes various functional applications and data processing of the identity authentication apparatus based on the temporary identity certificate by running non-transitory software programs, instructions and modules stored in the memory 702, so as to implement the method for the identity authentication apparatus based on the temporary identity certificate in the above method embodiments.

The identity authentication apparatus based on the temporary identity certificate may further include: an input device 703 and an output device 704. The processor 701, the memory 702, the input device 703 and the output device 704 may be connected by a bus or other means, as exemplified by a bus connection in fig. 7.

The input device 703 may receive input numeric or character information and generate key signal inputs related to user settings and function control of the authentication apparatus based on the temporary identity certificate, such as a touch screen, a keypad, a mouse, or a plurality of mouse buttons, a trackball, a joystick, or the like. The output means 704 may be an output device such as a display device of the authentication device based on the temporary identity certificate. The display device may include, but is not limited to, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display, and a plasma display. In some implementations, the display device can be a touch screen.

The identity authentication device based on the temporary identity certificate in the embodiment of the present application may be configured to execute the technical solutions in the method embodiments of the present application, and the implementation principle and the technical effect are similar, which are not described herein again.

The embodiment of the present application further provides a computer-readable storage medium, in which computer-executable instructions are stored, and when the computer-executable instructions are executed by a processor, the computer-executable instructions are used to implement any one of the above identity authentication methods based on a temporary identity certificate.

An embodiment of the present application further provides a computer program product, which includes a computer program, and when the computer program is executed by a processor, the computer program is configured to implement any one of the above identity authentication methods based on a temporary identity certificate.

Fig. 8 is a schematic structural diagram of another identity authentication apparatus based on a temporary identity certificate according to an embodiment of the present application, and is applied to a third-party block chain node, as shown in fig. 8, the apparatus according to the embodiment of the present application includes: a second receiving module 801, a third processing module 802, a comparison module 803 and a fourth processing module 804. The identity authentication device based on the temporary identity certificate can be a server of a block chain, or a chip or an integrated circuit for realizing the functions of the server. It should be noted here that the division of the second receiving module 801, the third processing module 802, the comparing module 803, and the fourth processing module 804 is only a division of logical functions, and the two may be integrated or may be independent physically.

The second receiving module is configured to receive authentication information sent by the first blockchain participating node, where the authentication information is an authentication request sent by the first blockchain participating node in response to the second blockchain participating node, and is used to obtain a first biological characteristic of the first user; generating a temporary encryption key; the temporary encryption key, the first blockchain participation node identification, the second blockchain participation node identification and the first biological characteristic are subjected to third-party public key encryption processing and first private key signature processing to obtain the temporary encryption key;

and the fourth processing module is used for issuing a temporary identity certificate to the first blockchain participating node if the comparison is successful, broadcasting the temporary identity certificate to the blockchain so that the first blockchain participating node acquires the temporary identity certificate, and sending the temporary identity certificate to the second blockchain participating node, wherein the temporary identity certificate is used for the second blockchain participating node to perform identity authentication on the first blockchain participating node.

Optionally, the alignment module is specifically configured to:

inquiring in a preset biological feature library according to the first block chain participation node identification in the authentication information, and determining a preset biological feature corresponding to the first block chain participation node identification;

Optionally, the fourth processing module is specifically configured to:

and issuing a temporary identity certificate signed by a third-party blockchain participant node to the first blockchain participant node, wherein the temporary identity certificate comprises a first blockchain participant node identifier, a second blockchain participant node identifier, current time information, a random number and an encryption result obtained by encrypting the random number through a temporary encryption key.

The embodiment of the application further provides identity authentication equipment based on the temporary identity certificate, which is applied to a third-party block chain node, and the identity authentication equipment based on the temporary identity certificate can be a server. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not limiting to the implementations of the application described and/or claimed herein.

The identity authentication device based on the temporary identity certificate comprises: a processor and memory, the various components being interconnected using different buses, and may be mounted on a common motherboard or in other manners as desired. The processor may process instructions for execution within the temporary identity certificate based identity authentication apparatus, including instructions for graphical information stored in or on the memory for display on an external input/output device (such as a display device coupled to the interface). In other embodiments, multiple processors and/or multiple buses may be used, along with multiple memories and multiple memories, if desired.

The memory, as a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the method of the identity authentication apparatus based on the temporary identity certificate in the embodiment of the present application (for example, as shown in fig. 8, the second receiving module 801, the third processing module 802, the comparing module 803, and the fourth processing module 804). The processor executes various functional applications and the identity authentication method based on the temporary identity certificate by running the non-transitory software program, the instructions and the modules stored in the memory, namely, the method for implementing the identity authentication device based on the temporary identity certificate in the above method embodiments.

The identity authentication apparatus based on the temporary identity certificate may further include: an input device and an output device. The processor, memory, input device, and output device may be connected by a bus or other means.

The input means may receive input numeric or character information and generate key signal inputs related to user settings and function control of the authentication apparatus based on the temporary identity certificate, such as a touch screen, a keypad, a mouse, or a plurality of mouse buttons, a trackball, a joystick, or the like. The output device may be an output device such as a display device of the authentication device based on the temporary identity certificate. The display device may include, but is not limited to, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display, and a plasma display. In some implementations, the display device can be a touch screen.

The identity authentication device based on the temporary identity certificate in the embodiment of the present application may be used to implement the technical solutions in the method embodiments of the present application, and the implementation principle and the technical effect are similar, which are not described herein again.

An embodiment of the present application further provides a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and when the computer-executable instructions are executed by a processor, the computer-executable instructions are used to implement any one of the above identity authentication methods based on a temporary identity certificate.

Fig. 9 is a schematic structural diagram of another identity authentication apparatus based on a temporary identity certificate according to an embodiment of the present application, which is applied to a second blockchain participating node, as shown in fig. 9, the apparatus according to the embodiment of the present application includes: a first sending module 901, a third receiving module 902 and an authentication module 903. The identity authentication device based on the temporary identity certificate can be a server of a block chain, or a chip or an integrated circuit for realizing the functions of the server. It should be noted here that the division of the first sending module 901, the third receiving module 902, and the authentication module 903 is only a division of a logic function, and the two modules may be integrated physically or may be independent.

The first sending module is configured to send an authentication request to the first blockchain participating node, so that the first blockchain participating node obtains a first biological characteristic of a first user in response to the authentication request; generating a temporary encryption key; performing third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first block chain participation node identifier, the second block chain participation node identifier and the first biological characteristic to obtain authentication information, and sending the authentication information to a third-party block chain node; the method comprises the steps of obtaining a temporary identity certificate, sending the temporary identity certificate to a second block chain participation node, wherein authentication information is used for decrypting the authentication information through a third-party private key after a first private key signature is successfully verified by a third-party block chain node, obtaining a first block chain participation node identifier and a first biological characteristic, comparing the first biological characteristic according to a preset biological characteristic library, if the comparison is successful, issuing the temporary identity certificate to the first block chain participation node, and broadcasting the temporary identity certificate to a block chain;

a third receiving module, configured to receive a temporary identity certificate sent by the first blockchain participant node;

Optionally, the temporary identity certificate includes a first blockchain participant node identifier, a second blockchain participant node identifier, current time information, a random number, and an encryption result obtained by encrypting the random number by using the temporary encryption key;

correspondingly, the third receiving module is specifically configured to:

receiving a temporary identity certificate and a temporary encryption key sent by a first blockchain participating node;

the authentication module is specifically configured to:

The embodiment of the present application further provides an identity authentication device based on a temporary identity certificate, which is applied to the second blockchain participating node, and the identity authentication device based on the temporary identity certificate may be a server. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not limiting to the implementations of the application described and/or claimed herein.

The identity authentication device based on the temporary identity certificate comprises: a processor and memory, the various components being interconnected using different buses, and may be mounted on a common motherboard or in other manners as desired. The processor may process instructions for execution within the temporary identity certificate based identity authentication apparatus, including instructions for graphical information stored in or on the memory for display on an external input/output device (such as a display device coupled to the interface). In other embodiments, multiple processors and/or multiple buses may be used, along with multiple memories and multiple memories, as desired.

The memory, as a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the method of the temporary identity certificate based identity authentication apparatus in the embodiments of the present application (for example, as shown in fig. 9, the first sending module 901, the third receiving module 902, and the authentication module 903). The processor executes various functional applications and the identity authentication method based on the temporary identity certificate by running the non-transitory software program, the instructions and the modules stored in the memory, namely, the method for implementing the identity authentication device based on the temporary identity certificate in the above method embodiments.

In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a unit is merely a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

Other embodiments of the present disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the application disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims

1. An identity authentication method based on a temporary identity certificate is applied to a first blockchain participating node, and comprises the following steps:

generating a temporary encryption key;

and acquiring the temporary identity certificate, and sending the temporary identity certificate to the second blockchain participating node so that the second blockchain participating node performs identity authentication on the first blockchain participating node according to the temporary identity certificate.

2. The method according to claim 1, further comprising, before said obtaining the temporary identity certificate:

initiating a request for payment of the inquiry fee in the block chain;

3. The method according to claim 1 or 2, prior to said obtaining the first biometric characteristic of the first user in response to the authentication request sent by the second blockchain participant node, further comprising:

4. The method of claim 3, further comprising, after the registering of the authentication information at the third party blockchain node:

5. An identity authentication method based on a temporary identity certificate is applied to a third-party block chain node, and comprises the following steps:

6. The method of claim 5, wherein the comparing the first biometric characteristic according to a predetermined biometric characteristic library comprises:

7. The method according to claim 5 or 6, wherein said issuing a temporary identity certificate to the first blockchain participating node comprises:

and issuing a temporary identity certificate signed by the third-party blockchain participant node to the first blockchain participant node, wherein the temporary identity certificate comprises the first blockchain participant node identifier, the second blockchain participant node identifier, current time information, a random number and an encryption result obtained by encrypting the random number through the temporary encryption key.

8. An identity authentication method based on a temporary identity certificate is applied to a second blockchain participating node, and comprises the following steps:

sending an authentication request to a first blockchain participating node so that the first blockchain participating node can respond to the authentication request to acquire a first biological characteristic of a first user; generating a temporary encryption key; performing third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first blockchain participation node identifier, the second blockchain participation node identifier and the first biological feature to obtain authentication information, and sending the authentication information to a third-party blockchain node; acquiring a temporary identity certificate, and sending the temporary identity certificate to a second block chain participation node, wherein the authentication information is used for decrypting the authentication information through a third-party private key after a first private key signature is successfully verified by the third-party block chain node to obtain a first block chain participation node identifier and a first biological characteristic, comparing the first biological characteristic according to a preset biological characteristic library, if the comparison is successful, signing and issuing the temporary identity certificate to the first block chain participation node, and broadcasting the temporary identity certificate to a block chain;

and performing identity authentication on the first blockchain participation node according to the temporary identity certificate.

9. The method according to claim 8, wherein the temporary identity certificate comprises the first blockchain participating node identifier, the second blockchain participating node identifier, current time information, a random number, and an encryption result obtained by encrypting the random number by the temporary encryption key;

correspondingly, receiving the temporary identity certificate sent by the first blockchain participating node includes:

10. An identity authentication method based on a temporary identity certificate is applied to an identity authentication system comprising a first blockchain participating node, a second blockchain participating node and a third-party blockchain node, and the method comprises the following steps:

the first blockchain participating node generates a temporary encryption key;

the first blockchain participation node carries out third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first blockchain participation node identification, the second blockchain participation node identification and the first biological feature to obtain authentication information;

the first block chain participating node sends the authentication information to a third-party block chain node;

if the third-party block chain nodes are successfully compared, a temporary identity certificate is issued to the first block chain participation node, and the temporary identity certificate is broadcasted to the block chain;

11. An identity authentication apparatus based on a temporary identity certificate, comprising:

at least one processor; and

a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform any one of claims 1 to 4, to perform any one of claims 5 to 7, or to perform any one of the methods of claims 8 or 9.

12. A computer-readable storage medium having stored thereon computer-executable instructions for implementing, when executed by a processor, the method for temporary identity certificate based identity authentication as claimed in any one of claims 1 to 4, 5 to 7 or 8 or 9.

13. A computer program product comprising a computer program, characterized in that the computer program, when executed by a processor, implements the method of any one of claims 1 to 4, any one of claims 5 to 7, or any one of claims 8 or 9.