CN115549958A - Method, device, equipment and medium for replacing secret key - Google Patents
Method, device, equipment and medium for replacing secret key Download PDFInfo
- Publication number
- CN115549958A CN115549958A CN202210993344.1A CN202210993344A CN115549958A CN 115549958 A CN115549958 A CN 115549958A CN 202210993344 A CN202210993344 A CN 202210993344A CN 115549958 A CN115549958 A CN 115549958A
- Authority
- CN
- China
- Prior art keywords
- information
- user
- key
- verification
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Abstract
The embodiment of the specification discloses a method for replacing a secret key, which comprises the following steps: acquiring a key replacement operation input by a user; the key exchange operation is used for requesting to exchange a first key pair with a second key pair; sending first information to a service system based on the key exchange operation; the first information is input by the user based on pre-verification information in a user identity verification page; the verification passing information corresponding to the verification preposition information is preset second information; the second information has no semantic relation with the pre-verification information; acquiring first key change result feedback information fed back by the service system; the first key change result feedback information is used for representing a user identity verification result which is sent to the service system by the block chain system and is generated based on the first information; and if the first key change result feedback information shows that the first information is verified, determining that the second key pair is in an enabled state.
Description
Technical Field
The present application relates to the field of computer information processing technologies, and in particular, to a method, an apparatus, a device, and a medium for key replacement.
Background
Digital identity is the most important basis for association of everything and has evolved over the years. The most common way is to assert ownership of a digital identity based on the Public Key Infrastructure (PKI) system. In general, a private key is kept by a user, and a public key is disclosed to the outside. Any instruction signed based on the private key may represent the true intent of the digital identity user. The key is kept by the client, which means that there is a great risk of loss or leakage, and when the private key of the user is lost or omitted, data communication cannot be performed under the PKI platform.
Based on this, how to replace the key quickly and safely is a technical problem which needs to be solved urgently.
Disclosure of Invention
The embodiment of the specification provides a method, a device, equipment and a medium for replacing a secret key, so as to solve the problem that the existing secret key cannot be made up after being lost.
In order to solve the above technical problem, the embodiments of the present specification are implemented as follows:
the method for replacing the key provided by the embodiment of the specification is applied to the client and comprises the following steps:
acquiring a key replacement operation input by a user; the key exchange operation is used for requesting to exchange a first key pair with a second key pair;
sending first information to a service system based on the key exchange operation; the first information is input by the user based on pre-verification information in a user identity verification page; the verification passing information corresponding to the verification preposition information is preset second information; the second information has no semantic relation with the pre-verification information;
acquiring first key change result feedback information fed back by the service system; the first key change result feedback information is used for representing a user identity verification result which is sent to the service system by the block chain system and is generated based on the first information;
and if the first key change result feedback information shows that the first information is verified, determining that the second key pair is in an enabled state.
An embodiment of the present specification further provides a method for replacing a secret key, where the method is applied to a service system, and includes:
acquiring first information sent by a client based on a key exchange operation input by a user; the first information is input by the user based on pre-authentication information in a user authentication page; the verification passing information corresponding to the verification pre-position information is preset second information; the second information has no semantic relation with the pre-verification information;
sending the first information to a blockchain system so that the blockchain system can generate a user identity authentication result based on the first information;
receiving feedback information which is sent by the block chain system and represents a user identity authentication result;
sending first key change result feedback information to the client based on the feedback information; the first key change result feedback information is used for representing a user identity verification result which is sent to the service system by the block chain system and is generated based on the first information;
and if the first key change result feedback information shows that the first information is verified, determining that the second key pair is in an enabled state.
The embodiment of the present specification further provides a method for replacing a secret key, where the method is applied to a blockchain system, and includes:
acquiring first information which is sent by a service system and input by a user based on pre-verification information in a user identity verification page; the verification passing information corresponding to the verification preposition information is preset second information; the second information has no semantic relation with the pre-verification information; the user identity authentication page is generated based on a key exchange operation input by a user; the key exchange operation is used for requesting to exchange a first key pair with a second key pair;
based on the first information, carrying out user identity authentication on the user to obtain a user identity authentication result;
and sending the identity verification result to the service system.
An apparatus for replacing a secret key provided in an embodiment of the present specification includes:
the operation acquisition module is used for acquiring the key replacement operation input by a user; the key exchange operation is used for requesting to exchange a first key pair with a second key pair;
the first information sending module is used for sending first information to a service system based on the key replacement operation; the first information is input by the user based on pre-verification information in a user identity verification page; the verification passing information corresponding to the verification pre-position information is preset second information; the second information has no semantic relation with the pre-verification information;
the feedback information acquisition module is used for acquiring feedback information of a first key change result fed back by the service system; the first key change result feedback information is used for representing a user identity verification result which is sent to the service system by the block chain system and is generated based on the first information;
and the enabled key module is used for determining that the second key pair is in an enabled state if the first key change result feedback information indicates that the first information is verified to be passed.
An embodiment of the present specification further provides a device for replacing a secret key, including:
the first information acquisition module is used for acquiring first information sent by the client based on key replacement operation input by a user; the first information is input by the user based on pre-authentication information in a user authentication page; the verification passing information corresponding to the verification preposition information is preset second information; the second information has no semantic relation with the pre-verification information;
a first information sending module, configured to send the first information to a blockchain system, so that the blockchain system generates a user authentication result based on the first information;
the feedback information receiving module is used for receiving feedback information which is sent by the block chain system and represents a user identity authentication result;
a result information sending module, configured to send first key change result feedback information to the client based on the feedback information; the first key change result feedback information is used for representing a user identity verification result which is sent to the service system by the block chain system and is generated based on the first information;
and the key enabling module is used for determining that the second key pair is in an enabling state if the first key change result feedback information shows that the first information is verified to be passed.
An embodiment of the present specification further provides a device for replacing a secret key, including:
the information acquisition module is used for acquiring first information which is sent by a service system and input by a user based on authentication preposition information in a user identity authentication page; the verification passing information corresponding to the verification pre-position information is preset second information; the second information has no semantic relation with the pre-verification information; the user identity authentication page is generated based on a key exchange operation input by a user; the key exchange operation is used for requesting to exchange a first key pair with a second key pair;
the identity authentication module is used for carrying out user identity authentication on the user based on the first information to obtain a user identity authentication result;
and the result sending module is used for sending the identity verification result to the service system.
An apparatus for replacing a key provided in an embodiment of the present specification includes:
at least one processor; and (c) a second step of,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform any of the rekeying methods described above.
Embodiments of the present specification provide a computer readable medium having stored thereon computer readable instructions executable by a processor to implement a method of rekeying.
One embodiment of the present description achieves the following advantageous effects:
after the key replacement operation input by the user is obtained, the client sends first information to the service system, the service system further sends the first information to the block chain system, the block chain system can verify the first information, the replacement operation of the user key is realized when the first information is verified, the first key pair is replaced by a second key pair, and the second key pair is determined to be in the starting state. The method for replacing the key provided by the embodiment of the specification can realize the replacement of the user key. In addition, the preset second information does not have semantic relation with the pre-verification position information in the user identity verification page, so that the safety of key replacement can be improved.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.
Fig. 1 is a schematic view of a scenario of a method for replacing a key in an embodiment of the present specification;
fig. 2 is a schematic flowchart of a method for replacing a key according to an embodiment of the present disclosure;
fig. 3 is a schematic flowchart of another method for replacing a key according to an embodiment of the present disclosure;
fig. 4 is a schematic flowchart of another method for replacing a key according to an embodiment of the present disclosure;
FIG. 5 is a swim lane diagram of a method for key exchange provided in an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of a key exchange device corresponding to fig. 2 provided in an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of a key exchange device corresponding to fig. 3 provided in an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of a key exchange device corresponding to fig. 4 provided in an embodiment of the present disclosure;
fig. 9 is a schematic structural diagram of a key exchange device according to an embodiment of the present disclosure.
Detailed Description
To make the objects, technical solutions and advantages of one or more embodiments of the present disclosure more apparent, the technical solutions of one or more embodiments of the present disclosure will be described in detail and completely with reference to the specific embodiments of the present disclosure and the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present disclosure, and not all embodiments. All other embodiments that can be derived by a person skilled in the art from the embodiments given herein without making any creative effort fall within the scope of protection of one or more embodiments of the present specification.
The technical solutions provided by the embodiments of the present description are described in detail below with reference to the accompanying drawings.
With the development of technology, digital identities have served as the most important basis for the association of everything, most commonly by claiming ownership of digital identities based on the Public Key Infrastructure (PKI) system. PKI is a collection of hardware, software, personnel, policies and procedures that are used to implement the functions of generating, managing, storing, distributing and revoking keys and certificates based on a public key cryptosystem. Under the platform, each user has a pair of public key and private key, wherein the public key is public in the network and is used for encrypting information when a file is sent; the private key is secret and is owned by the user only and is used for decrypting and signing file information. When preparing to send a message, a sender encrypts data to be transmitted by using a public key of a receiver, and the receiver decrypts the data by using a private key held by the receiver after obtaining the data, so that a user can safely communicate on a PKI service platform. The key is kept by the client, which means that there is a great risk of loss or leakage, and data communication cannot be performed under the PKI platform.
In order to solve the defects in the prior art, the scheme provides the following embodiments:
fig. 1 is a schematic view of a scenario of a method for replacing a key in an embodiment of the present specification. As shown in fig. 1, the architecture includes: client 10, business system 20, and blockchain system 30. The user may execute a key exchange operation through the client 10, the client 10 may send a key exchange request to the service system 20 based on the key exchange operation input by the user, and the service system 20 may respond to the key exchange request sent by the client 10, and implement the key exchange after the user identity verification is passed through by the blockchain system 30.
Next, a method for replacing a key provided in an embodiment of the specification will be specifically described with reference to the accompanying drawings:
fig. 2 is a flowchart of a method for replacing a key according to an embodiment of the present disclosure. From the viewpoint of the program, the execution subject of the flow may be a program installed in the application server or an application client, and the following description will be given with the execution subject as the client.
As shown in fig. 2, the process may include the following steps:
step 202: acquiring a key replacement operation input by a user; the rekey operation is to request a change of the first key pair to a second key pair.
In practical applications, the key pair may include a public key and a private key, and may be issued by a certificate authority in the PKI platform for performing authentication during data transmission and ensuring security of data exchange. A certificate is a digitally signed assertion that binds the value of a public key to the identity of the principal holding the corresponding private key.
The key may be generated using an asymmetric algorithm, which may include: the RSA encryption algorithm (Ron Rivest-Adi Shamir-Leonard Adleman, RSA algorithm for short), the Elliptic encryption algorithm (ECC for short) and the SM2 encryption algorithm. It should be understood that other asymmetric algorithms may also be employed with embodiments of the present description.
In this embodiment, the user client may also locally include a program or a plug-in for generating the key pair, and the key pair may be locally generated at the user client according to a user requirement.
The first key pair may be understood as a key pair currently used by the user, or may be understood as a key pair in an enabled state before the key exchange operation is initiated or before the key exchange process is completed; the second key pair may be understood as a key pair to be enabled by the user, or may be understood as a key pair enabled after the key exchange procedure is successfully performed.
Step 204: sending first information to a service system based on the key exchange operation; the first information is input by the user based on pre-verification information in a user identity verification page; the verification passing information corresponding to the verification pre-position information is preset second information; the second information has no semantic relation with the pre-verification information.
In this embodiment of the present specification, a user triggers a key exchange operation, a service system may send a user authentication page or page data for generating the user authentication page to a client in response to the key exchange operation, and the client may display the user authentication page. The user authentication page may include pre-authentication information, and the user may input the first information according to the pre-authentication information. The first information may be understood as information to be authenticated, and the rekeying user may be authenticated by the first information.
It should be noted that the pre-verification information may include any one or more of a verification information number or a question number or prompt information of the verification information, where the verification information number or the question number may indicate a user-defined question number in a page where the authentication information is set, and the prompt information of the verification information may be non-sensitive prompt content set by the user for the user-defined verification information in the page where the authentication information is set, and the prompt content may not have semantic relation with the user-defined verification information or may have semantic relation with the user-defined verification information, as long as the real user can provide correct verification information according to the prompt information. The verification passing information corresponding to the verification pre-information may be preset second information, and the second information may be verification information which is set by the user in a page where the user sets the identity verification information and is used for verifying the user identity, and may also be understood as information which needs to be accurately provided by the user when the user identity is required to be verified, for example, in the process of replacing the key by the user, the user needs to provide verification information which is consistent with the preset verification information.
The business system may represent a system capable of providing business services to users, such as: digital asset transaction systems, systems capable of providing metastic services, e-commerce systems, payment systems, and the like. The business system can provide a registration process for the users, and issue an account number in the system for each user, so that the subsequent users can transact business based on the account number.
Step 206: acquiring first key change result feedback information fed back by the service system; and the first key change result feedback information is used for representing a user identity verification result which is sent to the service system by the block chain system and is generated based on the first information.
Step 208: and if the first key change result feedback information shows that the first information is verified, determining that the second key pair is in an enabled state.
After the service system acquires the first information, the first information may be submitted to the blockchain system, the blockchain system may verify the user identity based on the first information, generate a verification result, and may feed back information indicating the verification result to the service system, and then the service system may determine that the second key pair is in the enabled state after the verification is passed, and may process a service related to the user in the service system using the second key pair in the enabled state.
In practical application, the private key in the key pair can be kept by the user, and when performing business processing, the user needs to perform business processing through the private key, for example, performing transaction of digital collections in a private key signature manner, and the like. The second key pair being in the enabled state may indicate that the user may utilize the private key of the second key pair for business processes.
In this embodiment, the blockchain system may store the certificate storing information for performing the identity authentication on the user, and may verify the first information provided by the user according to the certificate storing information in the blockchain system.
It should be understood that the order of some steps in the method described in one or more embodiments of the present disclosure may be interchanged according to actual needs, or some steps may be omitted or deleted.
In the method for replacing a key provided in the embodiment of the present specification, through a key replacement operation initiated by a user, a service system may send first information input by the user based on a user authentication page to a blockchain system, so that the blockchain system can authenticate the user, and the key pair is replaced after the authentication passes.
Based on the method of fig. 2, the present specification also provides some specific embodiments of the method, which are described below.
To further explain the operation of user key exchange, in this embodiment of the present specification, optionally, the sending the first information to the service system based on the key exchange operation may specifically include:
sending a key exchange request to the service system based on the key exchange operation;
acquiring the user identity verification page fed back by the service system;
acquiring first information input by the user based on the user identity authentication page;
and sending the first information to the service system.
In practical applications, when a user performs key exchange, the user may log in the client first, and perform the key exchange operation in the client, for example, a terminal page of the client may include a "key exchange" control, and the user may start a key exchange process by clicking the control.
In this embodiment, the key exchange request may include a user identifier of the user, where the user identifier may include an account ID of the user. The account ID may represent an identifier that is generated by the user in the service system for the registered user and has a unique correspondence with the registered user, and different users correspond to different account IDs. The service system can establish the corresponding relation between the service data related to the user and the account ID of the user, and the service system can search the service data related to the user according to the account ID of the user.
The service system can send a user authentication page corresponding to the user to the client based on the key exchange request sent by the client, so that the user authentication page used for the user to input the information to be authenticated is displayed in the client. The user authentication page may include authentication pre-information, such as the number, type, prompt, etc. of the authentication information. In practical applications, the verification information may also be understood as a user-defined question answer, and the pre-verification information may include a question number, a question type, a question prompt, and the like.
The first information may represent information to be verified, and may be used to verify the identity of the user.
Through the steps, the first information can be sent to the service system based on the key exchange operation of the user.
Optionally, the obtaining the user authentication page fed back by the service system may specifically include:
acquiring acceptance information sent by the service system; wherein the acceptance information may include third information; and generating the user identity verification page based on the third information.
The third information in this embodiment may be used to generate the verification pre-information of the user authentication page. The acceptance information may be fed back to the service system when the blockchain system determines that the key change acceptance request sent by the service system based on the key change request is a valid acceptance request; the valid acceptance request may be an unexecuted or unexecuted rekey acceptance request.
In practical application, the third information may include information indicating content such as an account ID, an information number, and an information prompt of the user, and the service server may generate the user authentication page or the page information of the user authentication page according to the third information, so that the user authentication page corresponding to the user may be displayed in the client.
In order to avoid malicious attack or malicious key exchange operation in this embodiment of the present specification, before performing authentication of key exchange, the blockchain system needs to determine validity of the key exchange request, where after receiving the key exchange request, the service server may generate a key exchange acceptance request and send the key exchange acceptance request to the blockchain system, and when the blockchain system determines that the key exchange acceptance request is a valid acceptance request, the blockchain system may send acceptance information including the third information to the service system.
In this embodiment of the present specification, the key exchange acceptance request may include a user identifier, and the blockchain system may determine, according to the user identifier, whether a key exchange process corresponding to the same user identifier is currently executed, or whether a key exchange process corresponding to the user identifier has been executed, where if there is a key exchange process corresponding to the user identifier being executed in the current blockchain system or a key exchange process corresponding to the user identifier has been executed, it indicates that the key exchange process of the current request is a repeated or executed exchange process, and cannot be repeatedly executed, it may be considered that the key exchange acceptance request is an invalid acceptance request, and the blockchain system may terminate or suspend the current key exchange acceptance request, and feed back information indicating that the key exchange process cannot be executed to the service system. If the key exchange process corresponding to the user identifier is not currently executed in the blockchain system and the same key exchange request is not executed, the blockchain system may accept the key exchange request and may execute a subsequent verification process for the key exchange request. On the other hand, repeated authentication of the key exchange request can be avoided, and system resources can be saved.
In practical applications, the acceptance information may further include a third public key, where the third public key may be generated by the blockchain system based on the received key exchange acceptance request, and the key exchange acceptance request is sent to the blockchain system by the service system based on the key exchange request.
Optionally, the step 204 of sending the first information to the service system may specifically include:
and encrypting the third information by adopting the third public key to obtain the encrypted third information.
And sending the encrypted third information to the service system.
After the third information is encrypted by adopting the third public key, the data leakage of the third information in the transmission process can be effectively prevented, and the security of key change is improved.
In this embodiment, after the user inputs a key exchange operation, the client may further generate the second key pair based on the key exchange operation. The second key pair may be generated locally by the client, which also avoids excessive transmission of the key pair and ensures the security of the newly generated key pair.
It is understood that the client may include a program or a plug-in for generating the key pair, and the key pair may be generated by the client; in practical applications, the user may also generate the key pair in other manners, as long as the user can provide the required key pair to the client, and the specific generation manner is not limited herein.
In this embodiment of the present description, the second key pair may be generated after the first key change result feedback information indicates that the first information is verified, so as to avoid generating a key pair that is not really used, reduce unnecessary operations, and save resources.
In order to more accurately authenticate a user, second information preset by the user for authentication in the embodiment of the present specification may be diversified information, and optionally, the second information may include at least one type of information of numbers, characters, pictures, audios, and videos;
and/or the presence of a gas in the gas,
the verification preposition information comprises information representing at least one of a number corresponding to the second information, prompt information corresponding to the second information and an information type corresponding to the second information.
The number corresponding to the second information may represent a number of the verification information set by the user, the prompt information corresponding to the second information may be prompt information set by the user, the prompt information includes non-sensitive prompt content, the user can be helped to determine the verification information required to be provided through the prompt information, but the correct verification information cannot be directly determined according to the prompt information. In the embodiment of the description, when the user self-defines the verification information, the user may not set the question stem, the page where the verification information is set may not include the question stem, the user may only set the answer, and also may understand that the verification information set by the user is a secret number without any semantic association, and the user knows the secret number by himself, and other people cannot know the verification information of the user according to a search rule or a manner of answering the question, thereby ensuring the security of the user key.
In practical application, a user can customize a plurality of pieces of information for identity authentication, and optionally, the second information may include a first number of pieces of preset authentication sub-information; during the rekeying process, the first information provided by the user may include a second number of sub-information to be authenticated.
In this embodiment, the user may also customize a rule indicating that the verification passes, where the verification may be performed based on the verification passing rule when the blockchain system verifies the first information. As an implementation manner, if the first key change result feedback information indicates that the first information is verified, determining that the second key pair is in the enabled state may specifically include:
and if the first key change result feedback information shows that the number of the sub-information to be verified in the first information is more than or equal to the preset number of the sub-information to be verified in the second information, determining that the second key pair is in an enabled state.
In practical applications, the verification passing rule may include information indicating the number of pieces of information that pass verification, and the specific information content and/or the first number of the preset verification sub-information may be determined by a user, for example: the user sets 3 pieces of authentication information on the page where the identity authentication information is set, and sets that the information to be authenticated is consistent with 2 pieces of authentication information, that is, the authentication is passed. The passing condition set by the user can be understood as a verification passing rule.
It is understood that, in practical applications, the client or the service system may also provide optional validation passing rules for the user to select according to the system settings, and the user may determine the validation passing rules in the optional rules or may customize the validation passing rules, which is not specifically limited herein.
In order to facilitate subsequent users to perform key replacement, in this embodiment of the present description, the user may further provide new verification information as the certificate storage information, and store the certificate storage information in the blockchain system, so that the subsequent blockchain system performs identity verification according to the new verification information. Optionally, after the key replacement operation input by the user is acquired, the method may further include:
acquiring fourth information input by the user on the basis of the first verification information setting page; the fourth information is used for verifying the user identity after the second key pair is in the enabled state; the first authentication information setting page is generated based on a key exchange operation input by a user;
generating a first zero knowledge proof by using a zero knowledge proof algorithm based on the fourth information;
generating first evidence storage information based on the first zero knowledge proof;
sending first certificate storing information to the block chain system; the first proof of deposit information comprises the first zero knowledge proof.
The fourth information may represent authentication information for authenticating the user, and may also be understood as a basis for authentication. In practical applications, after the key exchange operation input by the user is obtained, the method may further include:
and generating a first verification information setting page.
The first verification information setting page can include one or more information input boxes for the user to input fourth information, the user can input one or more pieces of verification information according to self requirements or system requirements, and identity verification can be performed on the user when key replacement is subsequently performed.
The first authentication information setting page may be located on the same page as the user authentication page, or may be a page displayed after the user authentication is passed. The first verification information setting page may also include an information input item for a user to set a verification passing rule, and the user may select or customize the verification passing rule.
Zero-knowledge proofs (ZKPs) are proofers that can still prove the correctness of a certain statement without providing any useful information to the verifier. In a blockchain application scenario, zero knowledge proof may address the verification requirements for encrypted data.
In practical applications, information provided by a user can be processed through an application in a client. For example: the first verification information setting page may be generated using a password generator, and the corresponding zero knowledge proof may be generated from fourth information provided by the user through processing by the password generator.
The fourth information may include at least one type of information of numbers, characters, pictures, audio and video; the verification-prior information corresponding to the fourth information may include at least one of a number indicating that the fourth information corresponds to, hint information corresponding to the fourth information, and an information type corresponding to the fourth information. The fourth information may be authentication information for changing the second key pair.
It should be noted that the fourth information may be information customized by the user. Similar to the second information, the fourth information may not include a question stem, may include a question number and an answer, and the answer may be information content without any rule or law.
Optionally, the first certificate information may further include at least one of a second public key in the second key pair, digest information of the fourth information, and generation time information of the first zero-knowledge certificate.
And/or the fourth information may include verification information, and at least one of an information number, an information type, an information prompt, and a first verification passing rule corresponding to the verification information. The summary information of the fourth information may include a number, a question type, a question prompt, and other information corresponding to the verification information. In the embodiments of the present specification, the verification information may be understood as a question answer. The password generator may transmit the answers to the questions in a HEX format (16 in stream) of a digital stream.
In practical applications, the service system may request the blockchain system to perform identity authentication, wherein a verification request may be sent to any node in the blockchain. The block chain system for verification can have a business relationship with the business system, the block chain system can process the information sent by the business system with the business relationship, and the information sent by other business systems without the business relationship can not be processed. In the embodiment of the present specification, a service system identifier corresponding to a service system may be stored in advance in a block chain system.
The information interaction between the client and the block chain system can be forwarded or processed through the middle of the service system. The sending of the first certificate information to the blockchain system may be that the client sends the first certificate information to the service system, and the service system sends the first certificate information to the blockchain system. When the service system sends the first certificate storing information to the blockchain system, the service system identifier of the service system can be carried in the first certificate storing information, that is, the first certificate storing information can also include the service system identifier, after the blockchain system obtains the first certificate storing information sent by the service system, the service system can be confirmed to be the service system with a service relationship according to the service system identifier, the information sent by the service system can be processed, and the first certificate storing information sent by the service system can be stored in the blockchain system.
When the second key pair needs to be replaced subsequently, the user identity can be verified by inputting verification information by the user. The summary information user of the fourth information can be self-defined, and can include information such as information number, information type, information prompt and the like, and the verification prepositive information of the identity verification page can be generated according to the summary information and can be displayed in the verification page.
In this embodiment, the key pair may be used to process a service in a service system, a user may be a user of the service system, and the information for authenticating the user may be information provided when the user registers as a user of the service system.
Optionally, before the key replacing operation that obtains the user input, the method may further include:
acquiring service registration operation input by a user;
generating a second verification information setting page based on the service registration operation;
acquiring the second information input by a user based on the second verification information setting page;
generating a second zero knowledge proof by using a zero knowledge proof algorithm based on the second information;
generating the second evidence storing information based on the second zero knowledge proof; the second certificate storage information comprises the second zero knowledge certificate;
and sending the second certificate storing information to the block chain system.
In practical application, when a user registers as a user of the service system, the service system may generate a user account ID corresponding to the user for the user, the client may locally generate a first key pair, a private key of the first key pair is kept by the user, a public key of the first key pair may be provided to the service system by the client, and the service system may establish a correspondence between the public key of the user and the user account ID. In order to enable the user to implement the key change, in this embodiment of the present specification, the authentication information provided after the user registers may be saved in the blockchain system as the certificate storage information.
The second verification information setting page can be used for setting second information by a user, and the second verification information setting page can further comprise at least one of a verification rule setting item and a preposition information setting item; the verification rule setting item is used for inputting a second verification passing rule by the user, and the second verification passing rule is used for expressing the condition that the user identity passes verification; the prepositive information setting item is used for setting the verification prepositive information by a user; the verification preposition information comprises at least one of a number corresponding to the second information, prompt information corresponding to the second information and an information type corresponding to the second information.
In practical application, the content of the preposition information setting item can be displayed in a user authentication page when the user performs key exchange, so as to prompt the user to provide correct authentication information.
In the example of this specification, the user may set the second information by himself, and specifically, the second information may include content, number, type, prompt, verification passing rule, and the like of the verification information. The client can generate a second zero-knowledge proof according to second information provided by the user, and send the second zero-knowledge proof to the blockchain system as a part of second proof storage information.
The method in the embodiment of the present specification may further include:
acquiring a second verification passing rule input by the user based on the verification rule setting item; the second verification passing rule is used for representing the condition that the user identity passes verification; the generating, based on the second information, a second zero-knowledge proof by using a zero-knowledge proof algorithm may specifically include:
generating the second zero knowledge proof using a zero knowledge proof algorithm based on the second information and the second validation pass rule.
The second verification information setting page also comprises an information setting item for setting the verification pre-information; the generating, based on the second information, a second zero-knowledge proof by using a zero-knowledge proof algorithm may specifically include:
and generating the second zero-knowledge proof by using a zero-knowledge proof algorithm based on the second information, the second verification passing rule and the verification pre-information.
The verification preposition information comprises at least one of a number corresponding to the second information, prompt information corresponding to the second information and an information type corresponding to the second information. In practical application, the information before verification can be customized by a user, so that the autonomy of the user is increased.
In this embodiment of the present specification, the client may generate a corresponding rule identifier provekey according to a second verification passing rule provided by the user, and the provekey may be understood as a pre-compiled product of the zero knowledge compiler based on the verification logic represented by the second verification passing rule. For example, assuming that the second verification pass rule is that all questions are considered to pass at least for 1, the logic of the corresponding proveykey may be the answer e { question N correct answer }, where the answer may be understood as the first information provided by the user, and the question N correct answer may be understood as N pieces of verification information set by the user in the second verification information setting page.
In practical applications, after the rule is determined, the corresponding zkp proof, that is, the second zero-knowledge proof, may be generated by using the second information and the rule identifier provekey based on the zk-SNARK engine. The client side can send the zkp certificate, the first public key, the zkp certificate generation time point, the summary description of the second information and other information to the service system after being signed by the client private key.
In this embodiment of the present disclosure, the sending the second license information to the blockchain system may specifically include:
and sending the second authentication information to the service system so that the service system can forward the second authentication information to the block chain system.
When the service system forwards the second certificate storing information, the system identifier of the service system may also be sent to the blockchain system, so that the blockchain system verifies the identity of the service system according to the system identifier, and determines whether the service system is a system having a service relationship with the blockchain system. And further, the block chain system is prevented from being disturbed by information sent by other non-business-related business systems.
In this embodiment of the present specification, the client may also locally generate a first key pair at the client according to a registration event of the user, and optionally, after the operation of acquiring the service registration input by the user, the method may further include: generating the first key pair.
Wherein the second certificate information further includes a first public key of the first key pair. After the service system acquires the second certificate storing information, the corresponding relation between the first public key and the user account ID can be established, and then a subsequent user can handle services in the service system by using the first private key.
In order to ensure the safety and the effectiveness of the information, the client in this embodiment of the specification may use the first private key to sign the first authentication information and then send the first authentication information. Optionally, the sending the second license information to the blockchain system may specifically include:
signing the second certificate storing information by using a first private key in the first key pair to obtain signed second certificate storing information;
and sending the signed second certificate storing information to the block chain system.
In practical application, the blockchain system can judge validity of the received second certificate-storing information based on the signature, and after signature verification can be performed on the second certificate-storing information by adopting the first public key, the second certificate-storing information can be stored in the blockchain system. The block chain system can also judge whether the second evidence storage information contains ZKP evidence or not, and whether the second evidence storage information contains information such as rule identification, generation time and the like to determine the validity of the second evidence storage information. The problem of request replay attacks can also be solved by generating the time.
The blockchain system is used for information storage, which can be understood as that transaction of stored information is executed in the blockchain system, and after the blockchain system stores the second authentication information in the blockchain system through processes such as node consensus and the like, a transaction ID can be generated, and the transaction ID can represent a storage address of the information. The blockchain system may feed back the credentialing result information including the transaction ID to the business system. The business system can establish the mapping relation of the transaction ID, the user account ID and the user public key. In practical application, if the blockchain system determines that the second certificate information is invalid information, if the second certificate information is not information sent by a service system with service contact, and the signature verification cannot be performed through a user private key, the second certificate may not be stored, and information indicating storage failure may also be generated to the service system.
The service system can also generate registration feedback information based on the evidence storing result information fed back by the block chain system, and the registration feedback information is sent to the client so that a user of the client can know the registration result.
Optionally, the client in this embodiment may further obtain registration feedback information sent by the service system; the registration feedback information is generated by the service system based on the evidence storing result information fed back by the block chain system; the evidence storing result information is used for representing a processing result of the block chain system aiming at the second evidence storing information.
The storage result information may include information indicating successful storage or failed storage.
Fig. 3 is a flowchart of another method for replacing a key according to an embodiment of the present disclosure. From the viewpoint of a program, the main body of execution of the flow may be a program installed in an application server, and specifically, may be a business system.
As shown in fig. 3, the process includes the following steps:
step 302: acquiring first information sent by a client based on a key replacement operation input by a user; the first information is input by the user based on pre-authentication information in a user authentication page; the verification passing information corresponding to the verification pre-position information is preset second information; the second information has no semantic relation with the pre-verification information;
step 304: sending the first information to a blockchain system so that the blockchain system can generate a user identity authentication result based on the first information;
step 306: receiving feedback information which is sent by the block chain system and represents a user identity authentication result;
step 308: sending first key change result feedback information to the client based on the feedback information; the first key change result feedback information is used for representing a user identity verification result which is sent to the service system by the block chain system and is generated based on the first information;
step 310: and if the first key change result feedback information shows that the first information is verified, determining that the second key pair is in an enabled state.
In the embodiment of the present description, the service system may be a service system corresponding to a client, and a user may interact with the service system through the client to perform related service processing in the service system. A business system may also be understood as a server having business processing capabilities. It is understood that the service system in this embodiment is consistent with the service system involved in the method for performing rekeying on the client side, and some concepts in this embodiment are consistent with what has been described above, and therefore, description is not repeated here.
In this embodiment, the service server may send, to the blockchain system, the first information sent by the client based on the key exchange operation input by the user, and the blockchain system may complete authentication on the user, so as to meet the key exchange requirement of the user.
Based on the method of fig. 3, the present specification also provides some specific embodiments of the method, which are described below.
Optionally, the obtaining first information sent by the client based on the key exchange operation input by the user specifically includes:
acquiring a key replacement request sent by the client; the key exchange request is generated by the key exchange operation input by the client user;
generating a key exchange acceptance request based on the key exchange request;
sending the key change acceptance request to the block chain system;
acquiring acceptance information sent by the block chain system; the acceptance information includes third information; the acceptance information is fed back to the service system when the block chain system determines that the key replacement acceptance request sent by the service system is a valid acceptance request; the valid acceptance request is a key exchange acceptance request which is not executed or is not in execution;
sending the acceptance information to the client so that the client can generate the user identity verification page based on the third information; the third information is used for generating verification prepositive information of the user identity verification page;
and acquiring first information which is sent by the client and is input by the user based on the user identity authentication page.
The key exchange acceptance request may include information such as the user identifier, the transaction ID, and the first public key of the first key pair. The blockchain system can judge whether the key exchange acceptance request is a valid acceptance request according to the transaction ID and the first public key. When the key exchange acceptance request is a valid acceptance request, the blockchain system can generate acceptance information and send the acceptance information to the service system.
In practical applications, when the blockchain system determines that the key exchange acceptance request is a valid acceptance request, a task ID corresponding to the key exchange acceptance request may be generated, which may indicate that the key exchange service submitted by the user may be executed, and the user may perform key exchange. The blockchain system can also acquire the stored certificate information corresponding to the user from the blockchain system according to the information such as the user identifier, the transaction ID, the first public key and the like contained in the key replacement acceptance request, and send the acceptance information to the service system by including the third information such as the information prompt, the information abstract and the like in the certificate information. The service system can accept the information and send the information to the client, and then the client can generate a user identity verification page according to the received third information, so that the user can input the first information to be verified. Optionally, the acceptance information further includes a third public key; the third public key is generated by the blockchain system based on the received key replacement acceptance request;
the acquiring first information sent by the client based on the key exchange operation input by the user specifically includes:
acquiring encrypted first information sent by the client; the encrypted first information is obtained by encrypting the first information input by the user based on the user authentication page by the client side by using the third public key.
In order to ensure the security of the information, the blockchain system may also generate a key pair, send a public key in the key pair to the client while carrying the public key in the accepted information, and the client may encrypt the first information input by the user with the public key provided by the blockchain system and then send the encrypted first information.
In this embodiment of the present specification, the client may also generate a second key pair according to a key exchange operation input by a user, and may transmit the second public key to the business system, the key exchange acceptance request transmitted by the business system may also include the second public key, and the acceptance information transmitted by the blockchain system may also be information that is reinforced by using the second public key as a digital envelope. In practical applications, after determining that the blockchain system can process the current rekeying request, the service server may request the blockchain system to perform user authentication. Optionally, after acquiring the acceptance information sent by the blockchain system, the method may further include:
generating an identity verification request based on the first information; the identity verification request comprises the first information;
sending the identity verification request to the blockchain system;
obtaining a user identity authentication result fed back by the block chain system; and the user identity verification result represents a result of verifying the first information by the block chain system according to second pre-stored certificate storage information.
The second authentication information may be information stored in the blockchain system based on authentication information provided when the user enables the first key pair.
In the embodiment of the description, a user has a digital asset in a service system or a system associated with the service system, and a key of the user performs asset interaction on the user. Optionally, the determining that the second key pair is in the enabled state may specifically include:
establishing a corresponding relation between a second public key in the second key pair and the target asset; before a key replacement request sent by a client is obtained, the target asset and a first public key in the first key pair have a corresponding relation.
Before the key exchange, the target asset of the user in the business system is in a corresponding relation with the first public key, and the user can manage the target asset through the first private key, for example, conduct asset transaction and the like. After the user performs key exchange, the service system may establish a correspondence between the newly generated second public key and the target asset in the user account, and in subsequent asset management, the user may use the newly generated second private key to perform service transaction smoothly. Wherein the target asset may comprise a digital asset.
In this embodiment of the present specification, in the process of replacing the key, the user may further provide new authentication information, so that the user performs identity authentication when performing key replacement again, and the service system may send new information for identity authentication and the like provided by the user to the blockchain system for storage, and optionally, the method may further include:
acquiring fourth information sent by the client; the fourth information is input by the user based on the first authentication information setting page; the first verification information setting page is generated after the client acquires the key replacement operation input by the user; the fourth information is used for verifying the identity of the user after the second key pair is in the enabling state;
and sending the fourth information to the block chain system.
The first verification information setting page may be generated based on a key exchange operation provided by the user, or may be generated after the user passes the authentication, and the specific page generation time is not specifically limited here. Description of features of the fourth information, the first authentication information setting page, and the like has been described in the section of the above description of the rekeying method with the client as the execution subject, and will not be repeated here.
In order to ensure the security of the user information, in the embodiment of the present specification, a zero-knowledge proof algorithm may be used to process information provided by the user, generate the certificate-storing information, and store the certificate-storing information in the block chain system. Optionally, the method may further include:
acquiring first certificate storing information sent by the client; the first evidence storing information comprises a first zero knowledge proof generated by a zero knowledge proof algorithm based on fourth information; the fourth information is input by the user on the basis of the first authentication information setting page; the fourth information is used for verifying the user identity after the second key pair is in the enabled state;
and sending the first certificate information to the block chain system.
In practical application, the first key pair may be a key pair generated when the user registers as a user of the service system, and after the user becomes a user of the service system, the service system may establish a corresponding relationship between the first public key and the user identifier. Optionally, before obtaining the first information sent by the client based on the key exchange operation input by the user, the method further includes:
acquiring a service registration request sent by the client; the service registration request is generated by the client based on the service registration operation input by the user;
generating a user identifier based on the service registration request;
acquiring a first public key in a first key pair sent by the client; .
And establishing a corresponding relation between the user identification and the first public key.
It should be noted that the first public key may also be included in the service registration request.
Optionally, after obtaining the service registration request sent by the client, the method may further include:
acquiring second certificate storing information sent by the client; the second certificate storing information comprises the first public key; the second certificate storing information is generated by the client according to second information input by a user based on a second verification information setting page; the second verification information setting page is generated by the client according to the service registration operation input by the user;
and sending the second certificate storing information to the block chain system.
Fig. 4 is a flowchart of another method for replacing a key according to an embodiment of the present disclosure. From the program perspective, the execution subject of the flow may be a program installed in the blockchain server, and specifically may be a blockchain system.
As shown in fig. 4, the process includes the following steps:
step 402: acquiring first information which is sent by a service system and input by a user based on pre-verification information in a user identity verification page; the verification passing information corresponding to the verification pre-position information is preset second information; the second information has no semantic relation with the pre-verification information; the user identity authentication page is generated based on a key exchange operation input by a user; the key exchange operation is used for requesting to exchange a first key pair with a second key pair;
step 404: based on the first information, carrying out user identity authentication on the user to obtain a user identity authentication result;
step 406: and sending the identity verification result to the service system.
In this embodiment, the block chain system may obtain the first information sent by the service system, perform user identity authentication on the user who performs the key replacement based on the first information, and feed back an authentication result to the service system, so that the user at the client may implement the key replacement.
In practical application, the frequency of key replacement by a normal user with a need for key replacement is not very high, and multiple key replacement requests cannot be initiated simultaneously or in a short time, so that in order to effectively avoid an illegal user from performing key replacement, the block chain system in the embodiment of the specification can judge the validity of key replacement and process effective key replacement. Optionally, the method may further include:
acquiring a key exchange acceptance request sent by the service system; the key replacement acceptance request is generated by the service system according to the key replacement request sent by the client; the key exchange acceptance request includes a first public key in the first key pair; the key exchange acceptance request may further include a certificate storage identifier.
Judging whether the key replacement acceptance request is a valid acceptance request or not based on the first public key; the valid acceptance request is a key exchange acceptance request which is not executed or is not in execution;
if the key exchange acceptance request is valid, generating acceptance information;
sending the acceptance information to the service system; the acceptance information includes third information of authentication pre-information used for generating the user authentication page.
The acceptance information may be used to indicate that the blockchain system agrees to accept user authentication corresponding to the key exchange acceptance request. The blockchain system may further lock the key exchange acceptance request after generating the acceptance information, and may not process a subsequently received request if the blockchain system subsequently receives an exchange request corresponding to the same user identifier and the same public key.
The acceptance information may include a third public key; the third public key is generated by the blockchain system based on the received key exchange acceptance request; the third information is the third information encrypted by the third public key.
Optionally, the obtaining of the first information sent by the service system and input by the user based on the user authentication page may specifically include:
acquiring an identity verification request sent by the service system; the identity verification request includes the first information.
Optionally, the performing, based on the first information, user identity authentication on the user to obtain a user identity authentication result specifically includes:
acquiring second certificate storing information; the second certificate storing information is generated by the client based on second information; the second certificate storing information comprises a zero knowledge certificate corresponding to the second information; the blockchain system can also determine corresponding second evidence storing information according to the user identification.
And verifying the first information by using a zero-knowledge proof algorithm according to the second certificate storage information to obtain a user identity verification result.
Optionally, the method further includes:
acquiring first certificate storing information sent by the service system; the first evidence storing information comprises a first zero knowledge proof generated by a zero knowledge proof algorithm based on fourth information; the fourth information is input by the user based on the first authentication information setting page; the first verification information setting page is generated after the client acquires the key replacement operation input by the user;
and saving the first certificate information to the block chain system.
Optionally, before acquiring the first information input by the user based on the pre-authentication information in the user identity authentication page, the method further includes:
acquiring second certificate storing information sent by the service system; the second certificate storing information is sent by the client to the service system, and is generated by the client according to the second information input by the user based on a second verification information setting page; the second verification information setting page is generated by the client according to the service registration operation input by the user;
and executing the security contract, and storing the second security information into the block chain system.
The blockchain system can save and verify information based on the intelligent contract, wherein the second evidence information can be saved in the blockchain system by executing the evidence contract.
In an embodiment of this specification, after the second license information is saved in the blockchain system, the method may further include:
and sending the evidence storing result information to the service system.
It can be understood that the key exchange method shown in fig. 2 is described by using a client as an execution subject, the key exchange method shown in fig. 3 is described by using a service system as an execution subject, and the key exchange method shown in fig. 4 is described by using a blockchain system as an execution subject, and the descriptions of the three embodiments correspond to the same subject, and the contents of the three embodiments can be mutually referred to, and the same features are not repeatedly described.
To more clearly illustrate the method of rekeying provided in the embodiments of the present specification, fig. 5 is a swim lane diagram of a method of rekeying provided in the embodiments of the present specification. As shown in fig. 5, the method may include a user registration phase and a key exchange phase, and specifically may include:
a user corresponding to a client needs to perform a registration operation on a service system, that is, a user registration stage, which may include the following steps:
step 501: the client side obtains the business registration operation input by the user.
In practical applications, the client may also generate the first key pair before or after the registration operation input by the user. The first key pair comprises a first public key and a first private key, the client can send the first public key to the business system and the blockchain system, and the first private key is kept by the user. The user transacts business in the business system, namely, the first private key is used for signing business data. For example, when a user conducts a transaction of a digital collection, the transaction can be conducted through the first private key.
Step 503: and the service system generates a second verification information setting page based on the service registration operation.
Step 505: and acquiring second information input by the user based on the second verification information setting page.
The user can set the verification information, the verification passing rule and other information in the second verification information setting page. The second authentication information setting page may include at least one of an authentication rule setting item and a previous information setting item. The verification rule setting item is used for inputting a second verification passing rule by the user, and the second verification passing rule is used for expressing the condition that the user identity passes verification; the prefix information setting item is used for setting the verification prefix information by a user.
The verification preposition information comprises at least one of a number corresponding to the second information, prompt information corresponding to the second information and an information type corresponding to the second information. The second information may include at least one type of information among numbers, text, pictures, audio, and video.
Step 507: and generating a second zero knowledge proof by using a zero knowledge proof algorithm based on the second information.
The generating of the second zero knowledge proof may be performed by using a zero knowledge algorithm based on the second information and the second validation pass rule and the validation preamble information.
Step 509: and generating the second evidence storing information based on the second zero knowledge proof.
Step 511: and sending the second certificate storing information to the service system.
Step 513: and the service system sends the second certificate storing information to a block chain system. The client can sign the second certificate storing information by using a first private key in the first key pair to obtain signed second certificate storing information, and sends the signed second certificate storing information to the block chain system. And after the block chain system acquires the second certificate information, the second certificate information is stored in the block chain system by executing the certificate storage contract.
Step 515: and the block chain system receives and stores the second certificate information.
The block chain system can also feed back information representing the evidence storing result to the service system. The information fed back may include a transaction ID.
At this point, the user has completed the registration operation on the business system.
When a key of a user is lost or leaked and a key exchange operation needs to be performed, the embodiment of the present specification enters a key exchange stage, which includes the following steps:
517: the client obtains the key replacement operation input by the user.
The key exchange operation is used to request a change of the first key pair to a second key pair, i.e., a change of a key pair that the user has lost to a new key pair.
Step 519: and sending a key replacing request to the service system.
The key exchange request includes information such as the user identifier and the public key in the first key pair.
Step 521: and the service system generates a key replacement acceptance request based on the key replacement request and sends the key replacement acceptance request to the block chain system.
Step 523: the blockchain system determines whether the rekey acceptance request is a valid acceptance request.
The valid acceptance request is a key exchange acceptance request that has not been executed or is not being executed.
Step 525: if the key exchange acceptance request is a valid acceptance request, the blockchain system can generate acceptance information and send the acceptance information to the service system.
The acceptance information includes third information of the pre-authentication information for generating the user authentication page, which is acquired from the second deposit information by the blockchain system, for example: the number of the first information input by the user, or the prompt information of the first information. The acceptance information further includes third information and a third public key.
If the key exchange acceptance request is determined to be an invalid acceptance request, the blockchain system may end the current flow and not perform subsequent processing.
Step 527: and the business system acquires the acceptance information sent by the block chain system and sends the acceptance information to the client.
Step 529: and the client generates a user identity authentication page according to the acceptance information fed back by the service system and displays the user identity authentication page to the user.
Step 531: the client acquires first information input by a user based on authentication preposition information in a user authentication page.
The first information is information to be verified input by a user in a user identity verification page and is used for verifying the identity of the user.
Step 533: the client displays the first verification information setting page, acquires fourth information input by the user on the first verification information setting page, and generates first evidence storage information based on the fourth information.
The fourth information is used for verifying the user identity after the second key pair is in the enabled state. The first certificate storing information further comprises at least one of a second public key in the second key pair, digest information of the fourth information, and generation time information of the first zero-knowledge certificate.
Step 535: sending the first information and the first certificate storing information to a service system;
step 537: and the service system sends the first information and the first evidence storing information to a block chain system.
In practical applications, the service system may further send the first information and the first certificate storing information to the blockchain system, for example, the service system sends the first information to the blockchain system for verification, and after the verification is passed, the service system sends the first certificate storing information to the blockchain system.
Step 539: and the block chain system verifies the first information based on the second certificate storing information to obtain a verification result and sends the verification result to the service system.
Wherein the first information may be verified using a zero-knowledge proof algorithm.
Step 541: when the first information passes the verification, the blockchain system service system can also store the first authentication information in the blockchain system.
Step 543: the blockchain system sends information representing the verification result to the business system.
Step 545: if the verification result is a result indicating that the verification is passed, the service system determines the second key pair as an enabling state, and establishes a corresponding relation between the second public key and the target asset of the user.
At this point, the user's rekeying operation is completed.
Based on the same idea, the embodiment of the present specification further provides a device corresponding to the above method. Fig. 6 is a schematic structural diagram of a key exchange device corresponding to fig. 2 provided in an embodiment of the present disclosure. As shown in fig. 6, the apparatus may include:
an operation obtaining module 601, configured to obtain a key replacement operation input by a user; the key exchange operation is used for requesting to exchange a first key pair with a second key pair;
a first information sending module 603, configured to send first information to a service system based on the key change operation; the first information is input by the user based on pre-verification information in a user identity verification page; the verification passing information corresponding to the verification preposition information is preset second information; the second information has no semantic relation with the pre-verification information;
a feedback information obtaining module 605, configured to obtain feedback information of a first key change result fed back by the service system; the first key change result feedback information is used for representing a user identity verification result which is sent to the service system by the block chain system and is generated based on the first information;
the key enabling module 607 is configured to determine that the second key pair is in an enabled state if the first key change result feedback information indicates that the first information is verified.
Based on the same idea, the embodiment of the present specification further provides a device corresponding to the above method. Fig. 7 is a schematic structural diagram of a key exchange device corresponding to fig. 3 provided in an embodiment of the present disclosure. As shown in fig. 7, the apparatus may include:
a first information obtaining module 701, configured to obtain first information sent by a client based on a key exchange operation input by a user; the first information is input by the user based on pre-authentication information in a user authentication page; the verification passing information corresponding to the verification pre-position information is preset second information; the second information has no semantic relation with the pre-verification information;
a first information sending module 703, configured to send the first information to a blockchain system, so that the blockchain system generates a user identity authentication result based on the first information;
a feedback information receiving module 705, configured to receive feedback information indicating a user authentication result sent by the blockchain system;
a result information sending module 707, configured to send first key change result feedback information to the client based on the feedback information; the first key change result feedback information is used for representing a user identity verification result which is sent to the service system by the block chain system and is generated based on the first information;
a key enabling module 709, configured to determine that the second key pair is in an enabled state if the first key change result feedback information indicates that the first information is verified.
Based on the same idea, the embodiment of the present specification further provides a device corresponding to the method. Fig. 8 is a schematic structural diagram of a key exchange device corresponding to fig. 4 provided in an embodiment of the present specification. As shown in fig. 8, the apparatus may include:
an information obtaining module 801, configured to obtain first information that is sent by a service system and is input by a user based on pre-verification information in a user identity verification page; the verification passing information corresponding to the verification preposition information is preset second information; the second information has no semantic relation with the pre-verification information; the user identity authentication page is generated based on a key exchange operation input by a user; the key exchange operation is used for requesting to exchange the first key pair with the second key pair;
an identity authentication module 803, configured to perform user identity authentication on the user based on the first information, to obtain a user identity authentication result;
a result sending module 805, configured to send the authentication result to the service system.
Based on the same idea, the embodiment of the present specification further provides a device corresponding to the method.
Fig. 9 is a schematic structural diagram of a key exchange device provided in an embodiment of this specification. As shown in fig. 9, device 900 may include:
at least one processor 910; and the number of the first and second groups,
a memory 930 communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory 930 stores instructions 920 executable by the at least one processor 910 to be executed by the at least one processor 910 to enable the at least one processor 910 to perform a rekeying method.
Based on the same idea, the embodiment of the present specification further provides a computer-readable medium corresponding to the above method. The computer readable medium has stored thereon computer readable instructions executable by a processor to implement the rekeying method described above.
All the embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, as for the apparatus shown in fig. 9, since it is substantially similar to the method embodiment, the description is simple, and the relevant points can be referred to the partial description of the method embodiment.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital symbol system is "integrated" onto a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate a dedicated integrated circuit chip. Furthermore, nowadays, instead of manually manufacturing an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as ABEL (Advanced Boolean Expression Language), AHDL (alternate Hardware Description Language), traffic, CUPL (core universal Programming Language), HDCal, jhddl (Java Hardware Description Language), lava, lola, HDL, PALASM, rhyd (Hardware Description Language), and vhigh-Language (Hardware Description Language), which is currently used in most popular applications. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller in purely computer readable program code means, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be regarded as a hardware component and the means for performing the various functions included therein may also be regarded as structures within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, respectively. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic tape storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information and/or data which can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of other like elements in a process, method, article, or apparatus comprising the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (25)
1. A method for replacing a key, which is applied to a client, comprises the following steps:
acquiring a key replacement operation input by a user; the key exchange operation is used for requesting to exchange the first key pair with the second key pair;
sending first information to a service system based on the key exchange operation; the first information is input by the user based on pre-verification information in a user identity verification page; the verification passing information corresponding to the verification preposition information is preset second information; the second information has no semantic relation with the pre-verification information;
acquiring first key change result feedback information fed back by the service system; the first key change result feedback information is used for representing a user identity verification result which is sent to the service system by the block chain system and is generated based on the first information;
and if the first key change result feedback information shows that the first information is verified, determining that the second key pair is in an enabled state.
2. The method according to claim 1, wherein the sending the first information to the service system based on the rekeying operation specifically includes:
sending a key exchange request to the service system based on the key exchange operation;
acquiring the user identity verification page fed back by the service system;
acquiring first information input by the user based on the user identity authentication page;
and sending the first information to the service system.
3. The method according to claim 2, wherein the obtaining of the user authentication page fed back by the service system specifically includes:
acquiring acceptance information sent by the service system; the acceptance information includes third information; the acceptance information is fed back to the service system when the block chain system determines that a key replacement acceptance request sent by the service system based on the key replacement request is an effective acceptance request; the valid acceptance request is a key exchange acceptance request which is not executed or is not in execution;
generating the user identity verification page based on the third information; the third information is used for generating verification front information of the user identity verification page.
4. The method of claim 1, the second information comprising at least one type of information from the group consisting of numbers, text, pictures, audio, and video;
and/or the presence of a gas in the gas,
the verification pre-position information comprises information representing at least one of a number corresponding to the second information, prompt information corresponding to the second information and an information type corresponding to the second information.
5. The method of claim 1, after the obtaining the user-entered rekeying operation, further comprising:
acquiring fourth information input by the user on the basis of the first verification information setting page; the fourth information is used for verifying the user identity after the second key pair is in the enabled state; the first authentication information setting page is generated based on a key exchange operation input by a user;
generating a first zero knowledge proof by using a zero knowledge proof algorithm based on the fourth information;
generating first evidence storage information based on the first zero knowledge proof;
sending first certificate storing information to the block chain system; the first proof of deposit information comprises the first zero knowledge proof.
6. The method of claim 5, wherein the first certificate information further comprises at least one of a second public key of the second key pair, digest information of the fourth information, and generation time information of the first zero-knowledge certificate;
and/or the presence of a gas in the atmosphere,
the fourth information comprises verification information and at least one of an information number, an information type, an information prompt and a first verification passing rule corresponding to the verification information.
7. The method of claim 1, prior to obtaining the user-entered rekeying operation, further comprising:
acquiring a service registration operation input by a user;
generating a second verification information setting page based on the service registration operation;
acquiring the second information input by a user based on the second verification information setting page;
generating a second zero knowledge proof by using a zero knowledge proof algorithm based on the second information;
generating the second evidence storing information based on the second zero knowledge proof; the second certificate information comprises the second zero knowledge certificate;
and sending the second certificate information to the block chain system.
8. The method of claim 7, the second verification information setting page further comprising at least one of a verification rule setting item, a previous information setting item; the verification rule setting item is used for inputting a second verification passing rule by the user, and the second verification passing rule is used for expressing the condition that the user identity passes verification; the prepositive information setting item is used for setting the verification prepositive information by a user; the verification preposition information comprises at least one of a number corresponding to the second information, prompt information corresponding to the second information and an information type corresponding to the second information.
9. A method for replacing a key is applied to a service system and comprises the following steps:
acquiring first information sent by a client based on a key replacement operation input by a user; the first information is input by the user based on pre-authentication information in a user authentication page; the verification passing information corresponding to the verification pre-position information is preset second information; the second information has no semantic relation with the pre-verification information;
sending the first information to a block chain system so that the block chain system can generate a user identity verification result based on the first information;
receiving feedback information which is sent by the block chain system and represents a user identity authentication result;
sending first key change result feedback information to the client based on the feedback information; the first key change result feedback information is used for representing a user identity verification result which is sent to the service system by the block chain system and is generated based on the first information;
and if the first key change result feedback information shows that the first information is verified, determining that the second key pair is in an enabled state.
10. The method according to claim 9, wherein the acquiring first information sent by the client based on the key exchange operation input by the user specifically includes:
acquiring a key replacement request sent by the client; the key replacing request is generated by the key replacing operation input by the client user;
generating a key exchange acceptance request based on the key exchange request;
sending the key change acceptance request to the block chain system;
acquiring acceptance information sent by the block chain system; the acceptance information includes third information; the acceptance information is fed back to the service system when the block chain system determines that the key replacement acceptance request sent by the service system is a valid acceptance request; the valid acceptance request is a key exchange acceptance request which is not executed or is not in execution;
sending the acceptance information to the client so that the client can generate the user identity verification page based on the third information; the third information is used for generating verification prepositive information of the user identity verification page;
and acquiring first information which is sent by the client and is input by the user based on the user identity authentication page.
11. The method of claim 10, wherein said acceptance information further comprises a third public key; the third public key is generated by the blockchain system based on the received key replacement acceptance request;
the acquiring of the first information sent by the client based on the key exchange operation input by the user specifically includes:
acquiring encrypted first information sent by the client; the encrypted first information is obtained by encrypting the first information input by the user based on the user authentication page by the client side by using the third public key.
12. The method according to claim 9, wherein the determining that the second key pair is in the enabled state specifically comprises:
establishing a corresponding relation between a second public key in the second key pair and the target asset; before a key exchange request sent by a client is obtained, the target asset and a first public key in the first key pair have a corresponding relation.
13. The method of claim 9, further comprising:
acquiring first certificate storing information sent by the client; the first evidence storing information comprises a first zero knowledge proof generated by a zero knowledge proof algorithm based on fourth information; the fourth information is input by the user based on the first authentication information setting page; the fourth information is used for verifying the user identity after the second key pair is in the enabled state;
and sending the first certificate information to the block chain system.
14. The method of claim 9, wherein before obtaining the first information sent by the client based on the rekeying operation input by the user, the method further comprises:
acquiring a service registration request sent by the client; the service registration request is generated by the client based on the service registration operation input by the user;
generating a user identifier based on the service registration request;
acquiring a first public key in a first key pair sent by the client;
and establishing a corresponding relation between the user identification and the first public key.
15. The method of claim 14, after obtaining the service registration request sent by the client, further comprising:
acquiring second certificate storing information sent by the client; the second certificate storing information comprises the first public key; the second authentication information is generated by the client according to second information input by a user based on a second authentication information setting page; the second verification information setting page is generated by the client according to the service registration operation input by the user;
and sending the second certificate information to the block chain system.
16. A method of rekeying, the method applied to a blockchain system, comprising:
acquiring first information which is sent by a service system and input by a user based on pre-verification information in a user identity verification page; the verification passing information corresponding to the verification pre-position information is preset second information; the second information has no semantic relation with the pre-verification information; the user identity authentication page is generated based on a key exchange operation input by a user; the key exchange operation is used for requesting to exchange a first key pair with a second key pair;
based on the first information, carrying out user identity authentication on the user to obtain a user identity authentication result;
and sending the identity verification result to the service system.
17. The method of claim 16, further comprising:
acquiring a key exchange acceptance request sent by the service system; the key exchange acceptance request is generated by the service system according to the key exchange request sent by the client; the key exchange acceptance request includes a first public key in the first key pair;
judging whether the key replacement acceptance request is a valid acceptance request or not based on the first public key; the valid acceptance request is a key exchange acceptance request which is not executed or is not in execution;
if the key exchange acceptance request is valid, generating acceptance information;
sending the acceptance information to the service system; the acceptance information includes third information for generating authentication prefix information of the user authentication page.
18. The method according to claim 16, wherein the performing user authentication on the user based on the first information to obtain a user authentication result specifically includes:
acquiring second certificate storing information; the second certificate storing information is generated by the client based on second information; the second certificate storing information comprises a zero knowledge certificate corresponding to the second information;
and verifying the first information by using a zero-knowledge proof algorithm according to the second certificate storage information to obtain a user identity verification result.
19. The method of claim 16, further comprising:
acquiring first certificate storing information sent by the service system; the first evidence storing information comprises a first zero knowledge proof generated by a zero knowledge proof algorithm based on fourth information; the fourth information is input by the user based on the first authentication information setting page; the first verification information setting page is generated after the client acquires a key exchange operation input by a user;
and saving the first evidence storing information to the block chain system.
20. The method of claim 19, wherein before acquiring the first information input by the user based on the pre-authentication information in the user authentication page, the method further comprises:
acquiring second certificate storing information sent by the service system; the second certificate storing information is sent by the client to the service system, and is generated by the client according to the second information input by the user based on a second verification information setting page; the second verification information setting page is generated by the client according to the service registration operation input by the user;
and executing the security contract, and storing the second security information into the block chain system.
21. An apparatus for rekeying comprising:
the operation acquisition module is used for acquiring the key replacement operation input by a user; the key exchange operation is used for requesting to exchange a first key pair with a second key pair;
the first information sending module is used for sending first information to a service system based on the key replacement operation; the first information is input by the user based on pre-verification information in a user identity verification page; the verification passing information corresponding to the verification preposition information is preset second information; the second information has no semantic relation with the pre-verification information;
the feedback information acquisition module is used for acquiring feedback information of a first key change result fed back by the service system; the first key change result feedback information is used for representing a user identity verification result which is sent to the service system by the block chain system and is generated based on the first information;
and the enabled key module is used for determining that the second key pair is in an enabled state if the first key change result feedback information indicates that the first information is verified to be passed.
22. An apparatus for rekeying comprising:
the first information acquisition module is used for acquiring first information sent by a client based on key replacement operation input by a user; the first information is input by the user based on pre-authentication information in a user authentication page; the verification passing information corresponding to the verification preposition information is preset second information; the second information has no semantic relation with the pre-verification information;
a first information sending module, configured to send the first information to a blockchain system, so that the blockchain system generates a user authentication result based on the first information;
a feedback information receiving module, configured to receive feedback information indicating a user authentication result sent by the block chain system;
a result information sending module, configured to send first key change result feedback information to the client based on the feedback information; the first key change result feedback information is used for representing a user identity verification result which is sent to the service system by the block chain system and is generated based on the first information;
and the key enabling module is used for determining that the second key pair is in an enabling state if the first key change result feedback information indicates that the first information is verified to be passed.
23. An apparatus for rekeying comprising:
the information acquisition module is used for acquiring first information which is sent by a service system and input by a user based on pre-verification information in a user identity verification page; the verification passing information corresponding to the verification preposition information is preset second information; the second information has no semantic relation with the pre-verification information; the user identity authentication page is generated based on a key exchange operation input by a user; the key exchange operation is used for requesting to exchange the first key pair with the second key pair;
the identity authentication module is used for carrying out user identity authentication on the user based on the first information to obtain a user identity authentication result;
and the result sending module is used for sending the identity verification result to the service system.
24. A rekeying apparatus comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of rekeying of any one of claims 1 to 8 or any one of claims 9 to 15 or any one of claims 16 to 20.
25. A computer readable medium having computer readable instructions stored thereon which are executable by a processor to implement the method of rekeying of any one of claims 1 to 8 or any one of claims 9 to 15 or any one of claims 16 to 20.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210993344.1A CN115549958A (en) | 2022-08-18 | 2022-08-18 | Method, device, equipment and medium for replacing secret key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210993344.1A CN115549958A (en) | 2022-08-18 | 2022-08-18 | Method, device, equipment and medium for replacing secret key |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115549958A true CN115549958A (en) | 2022-12-30 |
Family
ID=84724788
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210993344.1A Pending CN115549958A (en) | 2022-08-18 | 2022-08-18 | Method, device, equipment and medium for replacing secret key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115549958A (en) |
-
2022
- 2022-08-18 CN CN202210993344.1A patent/CN115549958A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11711219B1 (en) | PKI-based user authentication for web services using blockchain | |
| CN109714167B (en) | Identity authentication and key agreement method and equipment suitable for mobile application signature | |
| JP6547079B1 (en) | Registration / authorization method, device and system | |
| US10027670B2 (en) | Distributed authentication | |
| CN112887338B (en) | Identity authentication method and system based on IBC identification password | |
| CN110750803B (en) | Method and device for providing and fusing data | |
| CN110299996B (en) | Authentication method, equipment and system | |
| WO2019127278A1 (en) | Safe access blockchain method, apparatus, system, storage medium, and electronic device | |
| KR101985179B1 (en) | Blockchain based id as a service | |
| US20110293098A1 (en) | Key recovery mechanism | |
| CN108769010B (en) | Method and device for node invited registration | |
| CN110958209B (en) | Bidirectional authentication method, system and terminal based on shared secret key | |
| JP2018517367A (en) | Service provider certificate management | |
| CN112910660B (en) | Certificate issuing method, adding method and transaction processing method of blockchain system | |
| CN112766962A (en) | Method for receiving and sending certificate, transaction system, storage medium and electronic device | |
| CN109005032B (en) | Routing method and device | |
| US8260721B2 (en) | Network resource access control methods and systems using transactional artifacts | |
| CN114978635B (en) | Cross-domain authentication method and device, user registration method and device | |
| CN113312664B (en) | User data authorization method and user data authorization system | |
| CN116458117A (en) | Secure digital signatures | |
| CN114218548B (en) | Identity verification certificate generation method, authentication method, device, equipment and medium | |
| CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
| KR102157695B1 (en) | Method for Establishing Anonymous Digital Identity | |
| CN111245594B (en) | Homomorphic operation-based collaborative signature method and system | |
| CN113704734A (en) | Distributed digital identity-based method for realizing certificate verification and related device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |