CN115643067B - Lightweight Internet of things identity authentication and key negotiation method and device based on blockchain and electronic equipment - Google Patents

Lightweight Internet of things identity authentication and key negotiation method and device based on blockchain and electronic equipment Download PDF

Info

Publication number
CN115643067B
CN115643067B CN202211252752.8A CN202211252752A CN115643067B CN 115643067 B CN115643067 B CN 115643067B CN 202211252752 A CN202211252752 A CN 202211252752A CN 115643067 B CN115643067 B CN 115643067B
Authority
CN
China
Prior art keywords
authentication
node
user
blockchain
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211252752.8A
Other languages
Chinese (zh)
Other versions
CN115643067A (en
Inventor
苏红
吴锡
彭静
廖春梅
罗阳
张海川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu University of Information Technology
Original Assignee
Chengdu University of Information Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu University of Information Technology filed Critical Chengdu University of Information Technology
Priority to CN202211252752.8A priority Critical patent/CN115643067B/en
Publication of CN115643067A publication Critical patent/CN115643067A/en
Application granted granted Critical
Publication of CN115643067B publication Critical patent/CN115643067B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The application provides a blockchain-based lightweight Internet of things identity authentication and key negotiation method, which comprises the following steps: detecting whether authentication performed by a user at a node of a blockchain authentication network is first authentication; under the condition that authentication performed by a user at a node of a blockchain authentication network is first authentication, performing identity authentication on the user by adopting a full-magnitude authentication mode, wherein the full-magnitude authentication mode is ECC biological characteristics plus password authentication; and under the condition that the authentication performed by the user at the node of the blockchain authentication network is not the first authentication and the interval time between the current authentication start time and the last authentication does not exceed a threshold value, performing identity authentication on the user by adopting a lightweight authentication mode, wherein the lightweight authentication mode is password authentication. The method realizes the safety and high efficiency of the identity authentication of the Internet of things by selecting the authentication mode of the user on the node of the blockchain authentication network.

Description

Lightweight Internet of things identity authentication and key negotiation method and device based on blockchain and electronic equipment
Technical Field
The application relates to the technical field of the internet of things, in particular to a lightweight internet of things identity authentication and key negotiation method and device based on a blockchain, and electronic equipment.
Background
With the development of the internet of things, the number of users is increased, a large number of users need to perform identity authentication every day to judge the legal identity of the users and the authority of some processes or data use, however, the identity authentication of the users always has some problems.
In the prior art, some users are authenticated by adopting a mode of mobile phone verification codes and static passwords, but when the mobile phone number is replaced or the short message of the user is stolen, problems in flow or safety are easily caused; some of the data are feature-authenticated by collecting a plurality of information features of the user, however, the privacy and security of the user data cannot be effectively ensured. After the user performs identity authentication, the user can keep active in general, and performs operations of some services or data, and still needs to perform next authentication on the user, so that the time required to be consumed is relatively longer, the efficiency is relatively low, and the experience of the user is poor.
Disclosure of Invention
In view of the above problems, the application provides a blockchain-based lightweight internet of things identity authentication and key negotiation method, a blockchain-based lightweight internet of things identity authentication and key negotiation device and electronic equipment, which aim to solve the safety and efficiency problems during user identity authentication.
In order to achieve the above object, in a first aspect, the present application provides a blockchain-based lightweight internet of things identity authentication and key agreement method, including:
detecting whether authentication performed by a user at a node of a blockchain authentication network is first authentication; under the condition that authentication of a user at a node of a blockchain authentication network is first authentication, performing identity authentication on the user by adopting a full-magnitude authentication mode, wherein the full-magnitude authentication mode is ECC biological characteristics plus password authentication; and under the condition that the authentication performed by the user at the node of the blockchain authentication network is not the first authentication and the interval time between the current authentication start time and the last authentication does not exceed a threshold value, performing identity authentication on the user by adopting a lightweight authentication mode, wherein the lightweight authentication mode is password authentication.
Further, the method comprises: the authentication method for authenticating the identity of the user by adopting a lightweight authentication mode comprises the following steps:
carrying out identity authentication on a user by adopting a lightweight authentication mode on any node of a blockchain authentication network;
when the node which adopts the lightweight authentication mode to carry out identity authentication on the user does not respond to the lightweight authentication, carrying out the identity authentication on the user by adopting the lightweight authentication mode on other nodes of the blockchain authentication network;
and storing the authentication result and the authentication time of the current authentication on the node which completes the identity authentication by adopting a lightweight authentication mode.
Further, the method comprises: the method for authenticating the identity of the user by adopting the full-magnitude authentication mode comprises the following steps:
acquiring biological characteristic data of a user uploaded by the Internet of things equipment; the biological characteristic data are collected by the Internet of things equipment for multiple times and then fused, and the biological characteristic data are uploaded after being processed by using an ECC algorithm;
the node of the block chain authentication network for current authentication signs the biological characteristic data by adopting a private key of the node; performing identity authentication on the signed biometric data through a biometric identification program arranged at each node of a blockchain authentication network;
uploading the signed biometric data to each node of the blockchain authentication network; after the authentication is completed by adopting the full-magnitude authentication mode, the authentication result and the authentication time of the current authentication are linked.
Further, the method comprises: identity authentication of the signed biometric data by a biometric identification program disposed at each node of a blockchain authentication network, comprising:
identity authentication is carried out on the signed biological characteristic data through a similarity threshold value and a pre-trained neural network model arranged at each node of a blockchain authentication network; the similarity threshold is used for controlling the accuracy of identity authentication.
Further, the method comprises: each node of the blockchain network signs the biological characteristic data obtained by each node by adopting each private key, and the method is realized by adopting the following expression:
wherein, data auth Representing the number provided to the biometric programAccording to d 1 ,d 2 ,…,d m Representing the acquired m-th biometric data, ts representing the timestamp, id of the signature i Identifier representing node i, sign i priv Indicating that node i signs using its private key.
Further, the method comprises: after the first authentication, all nodes of the blockchain authentication network store information of the first authentication, wherein the information at least comprises: biometric data for which the first authentication is directed, authentication time, and authentication result.
Further, the method further comprises: the authentication of the user at the node of the blockchain authentication network is not the first authentication, and the user is authenticated by adopting an all-level authentication mode under the condition that the interval time between the time of the start of the current authentication and the time of the last authentication exceeds a threshold value.
Further, the method further comprises:
nodes of the blockchain authentication network have respective corresponding points, and an integral system is adopted to reward honest nodes and punish malicious nodes;
the honest nodes are as follows: the block chain with correct authentication result authenticates the nodes of the network; the malicious node is: and authenticating nodes of the blockchain authentication network with errors in the authentication result.
In a second aspect, the present application provides a blockchain-based device for identity authentication and key agreement of the internet of things, comprising:
a detection unit for detecting whether authentication performed by a user at a node of a blockchain authentication network is first authentication;
the first authentication unit is used for carrying out identity authentication on the user by adopting an all-magnitude authentication mode under the condition that the authentication carried out by the user on the node of the blockchain authentication network is the first authentication; the full-magnitude authentication mode is ECC biological characteristics plus password authentication;
and the second authentication unit is used for carrying out identity authentication on the user by adopting a lightweight authentication mode under the condition that the authentication carried out by the user at the node of the blockchain authentication network is not the first authentication and the interval time between the current authentication start time and the last authentication does not exceed a threshold value, wherein the lightweight authentication mode is password authentication.
In a third aspect, the present application provides an electronic device comprising one or more processors; and a storage device having one or more programs stored thereon, which when executed by the one or more processors, cause the one or more processors to implement the blockchain-based lightweight internet of things identity authentication and key agreement method described in the first aspect above.
The identity authentication and key negotiation method of the lightweight Internet of things based on the blockchain provided by the application is characterized in that whether authentication performed by a user at a node of a blockchain authentication network is first authentication or not is detected; under the condition that authentication of a user at a node of a blockchain authentication network is first authentication, performing identity authentication on the user by adopting an all-magnitude authentication mode, wherein the all-magnitude authentication mode refers to ECC biological characteristics plus password authentication; thus, the safety and privacy of the user data can be ensured; when the authentication performed by the user at the node of the blockchain authentication network is not the first authentication and the interval time between the current authentication start time and the last authentication does not exceed a threshold value, a lightweight authentication mode is adopted to perform identity authentication on the user, wherein the lightweight authentication mode is password authentication, so that the authentication process is simplified; and under the condition of last authentication endorsement, the safety and the efficiency can be ensured simultaneously.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments of the present application will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart for determining whether a user performs full-scale authentication or is lightweight according to one embodiment of the blockchain-based lightweight Internet of things identity authentication and key agreement method provided by the application;
FIG. 2 is a flow chart of an overall level of authentication of a user in one embodiment of the application;
FIG. 3 is a flow chart of authentication of a user in a lightweight manner in one embodiment of the application.
Detailed Description
The application is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the application and are not limiting of the application. It should be noted that, for convenience of description, only the portions related to the present application are shown in the drawings.
It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other. The application will be described in detail below with reference to the drawings in connection with embodiments.
FIG. 1 is a flow chart of one embodiment of a blockchain-based lightweight Internet of things identity authentication and key agreement method provided by the application, showing how to determine lightweight authentication of a user in one implementation of the application.
As shown in fig. 1, detecting whether authentication of a user at a node of a blockchain authentication network is first authentication; under the condition that authentication of a user at a node of a blockchain authentication network is first authentication, performing identity authentication on the user by adopting an all-magnitude authentication mode, wherein the all-magnitude authentication mode is ECC biological characteristics plus password authentication;
when the authentication of the user at the node of the blockchain authentication network is not the first authentication, and the interval time between the current authentication start time and the last authentication does not exceed a threshold value, adopting a lightweight authentication mode to carry out identity authentication on the user; the lightweight authentication mode is password authentication.
In one embodiment of the present application, a lightweight authentication method is used to authenticate a user, including:
carrying out identity authentication on a user by adopting a lightweight authentication mode on any node of a blockchain authentication network; when the node which adopts the lightweight authentication mode to carry out identity authentication on the user does not respond to the lightweight authentication, carrying out the identity authentication on the user by adopting the lightweight authentication mode on other nodes of the blockchain authentication network;
and storing the authentication result and the authentication time of the current authentication on the node which completes the identity authentication by adopting a lightweight authentication mode. Here, the authentication time refers to the time when authentication is completed. And after the node of the blockchain authentication network completes lightweight authentication on the user, the authentication information (comprising authentication completion time and authentication result) is stored in a uplink manner.
When a user selects a node of the blockchain authentication network to perform lightweight authentication, but the node is in an unexpected situation such as downtime or the like, or the node is in a busy state and cannot perform authentication, the user can perform lightweight authentication on other nodes of the blockchain authentication network.
After the first authentication, the authentication can be performed in a password mode within a certain time, and the authentication process is performed on the nodes of the corresponding blockchain authentication network without the need of the whole network node consensus. The corresponding node only needs to record the authentication result on the blockchain for later audit.
In this embodiment, the lightweight authentication mode is that the previous full-scale authentication is endorsed, so that the security can be guaranteed. In practice, after the user performs identity authentication, the user needs to perform the next process, flow into business, or call data, etc., and is active in a certain period of time. If there is a more confidential need, the user still performs multiple authentications. Each time an all-level authentication is performed, unnecessary time is incurred.
Therefore, under the condition that the time interval between the ending time of the last full-order authentication and the starting time of the current authentication does not exceed the threshold value, the lightweight authentication is performed, and the efficiency of identity authentication can be improved under the guarantee of safety.
In one embodiment of the present application, an all-level authentication method is used to authenticate the identity of the user, including:
acquiring biological characteristic data of a user uploaded by the Internet of things equipment; the biological characteristic data are collected by the Internet of things equipment for multiple times and then fused, and the biological characteristic data are uploaded after being processed by using an ECC algorithm;
the node of the block chain authentication network for current authentication signs the biological characteristic data by adopting a private key of the node; performing identity authentication on the signed biometric data through a biometric identification program arranged at each node of a blockchain authentication network;
uploading the signed biometric data to each node of the blockchain authentication network; and after the authentication is completed by adopting the full-magnitude authentication mode, the authentication result and the authentication time of the current authentication are linked. Here, the authentication time refers to the time when authentication is completed. That is, after full-scale identity authentication, the authentication information (including the biometric data, authentication time, and authentication result for which authentication is performed) is stored in the uplink.
All the nodes are connected with the Internet of things equipment through a network, authentication is carried out after data uploaded by the Internet of things equipment connected with the nodes are obtained, the characteristics of high blockchain computing load are utilized to authenticate a user, and then authentication results are fed back to the Internet of things equipment. The method has the advantages of small calculation amount requirement on the equipment of the Internet of things, simple algorithm and capability of reducing the burden of the equipment of the Internet of things.
For example, in the embodiment, a fingerprint is used as unique and unique biometric information of the user, and the internet of things device is connected with a fingerprint collector, so as to avoid the problems of unclear fingerprint, incomplete data and the like in the process of collecting the fingerprint of the user, and collect the fingerprint information of the user for multiple times to obtain the biometric data of the user. The internet of things equipment also adopts an ECC algorithm to encrypt the biological characteristic data of the user and transmits the encrypted biological characteristic data to the nodes of the blockchain authentication network connected with the internet of things equipment.
Before the node authenticates the obtained biological characteristic data, the node private key is adopted to sign the obtained biological characteristic data, namely endorsement is carried out on the biological characteristic data, and the characteristic of the biological characteristic data is obtained through the node.
In one embodiment of the present application, if the data uploaded to the blockchain authentication network node by an internet of things device is the original fingerprint data of the user, and ECC encryption is not performed, it is understood that the device is not acknowledged by the blockchain authentication network, that is, the biometric data of the user collected by the device cannot be authenticated by the node of the blockchain network. The collected biometric data is subjected to ECC encryption, and can be used as a judgment standard for judging whether the Internet of things equipment is approved by the nodes of the blockchain authentication network.
Or, the special identification added to the Internet of things equipment approved by the node of the blockchain authentication network is associated with the collected biological characteristic data so as to realize unified management of the Internet of things equipment approved by the node of the blockchain authentication network.
The nodes of each block chain authentication network are provided with a biological characteristic recognition program, and the identity authentication process of the biological characteristic data signed by a certain node on the node is as follows: the biometric data encrypted by ECC is first decrypted by ECC and then authenticated by a biometric identification program disposed on the node.
In one embodiment of the present application, authenticating the signed biometric data by a biometric identification program disposed at each node of a blockchain authentication network includes:
identity authentication is carried out on the signed biological characteristic data through a similarity threshold value and a pre-trained neural network model arranged at each node of a blockchain authentication network; the similarity threshold is used for controlling the accuracy of identity authentication.
The biometric identification program is obtained after a certain number of samples are trained, and is used for matching the biometric information with the biometric information corresponding to the user identity information, if the similarity of the biometric information and the user identity information exceeds a preset similarity threshold, authentication is successful, and the user performing identity authentication is a legal user acknowledged by the blockchain authentication network.
For example, the preset similarity threshold is eighty-five percent, and the similarity between the fingerprint collected by the user and the fingerprint corresponding to the identity of the user is only sixty percent at this time, i.e. the user is an illegal user, and the next flow or data processing operation can not be performed.
Generally, the higher the preset similarity threshold, the higher the biometric information obtained by the node of the blockchain authentication network needs to be matched with the biometric information corresponding to the user identity information, so as to determine that the authentication is successful, and therefore the higher the authentication accuracy is.
In one embodiment of the present application, each node of the blockchain authentication network signs the biometric data acquired by each node with each private key, and is implemented with the following expression (1):
wherein, data auth Representing data provided to a biometric program, d 1 ,d 2 ,…,d m Representing the acquired m-th biometric data, ts representing the timestamp, id of the signature i Identifier representing node i, sign i priv Indicating that node i signs using its private key.
In the blockchain authentication network, all nodes are mutually trusted, namely all nodes are responsible for and endorse the data uploaded by themselves. After the user authentication is completed, each node transmits the authenticated information to other nodes, and the other nodes can confirm the correctness of the authenticated information when receiving the authenticated information. When the biological characteristic information is uploaded to other nodes, the signature of the uploading node is carried, the acquired biological characteristic information is endorsed in such a way, and the authentication result of the node is responsible.
In one embodiment of the present application, if the current authentication is a first authentication of a user on a node of a blockchain authentication network, after the first authentication, all nodes of the blockchain authentication network store information of the first authentication, the information at least including: biometric data for which the first authentication is directed, authentication time, and authentication result.
In the blockchain authentication network, all nodes of the blockchain authentication network are based on a consensus mechanism, and data uploaded by each node are confirmed and stored in other nodes. When the user is authenticated for the first time, after the nodes of the blockchain authentication network performing the first authentication complete authentication, the information of the first authentication of the user is transmitted to other nodes, and all the nodes of the blockchain authentication network can perform identity authentication, including full-scale authentication and lightweight authentication, on the user.
In one embodiment of the application, the authentication performed by the user at the node of the blockchain authentication network is not the first authentication, and the user is authenticated by adopting an all-level authentication mode under the condition that the interval time between the time of the start of the current authentication and the time of the last authentication exceeds a threshold value.
In fact, under the condition of first authentication or long-time non-authentication, the way of adopting ECC biometric authentication and password authentication, namely full-order authentication, is studied, and the security guarantee is provided for subsequent lightweight authentication.
In one embodiment of the application, the nodes of the blockchain authentication network have respective corresponding points, and an integral system is adopted to reward honest nodes and punish malicious nodes; the honest node is a node of the blockchain authentication network with correct authentication result; the malicious node is the node of the blockchain authentication network with the authentication result in error.
Based on the endorsement strategy, a corresponding integration mechanism is introduced. Calculation of the score for the blockchain authentication network node takes into account a number of factors, including the amount n of correct data submitted by the node of the blockchain authentication network correct Quantity n of error data error Time e of last occurrence of error data last The nodeNumber of users of agent n user As shown in formula (2). When the verification node finds that the authentication data submitted by a certain node i has errors, the verification node calculates according to a formula (2), and a negative integral is obtained, which indicates that the corresponding integral of the node i should be subtracted; in case the data is correct, equation (2) will give a positive score, indicating an increase in the integral of node i.
score=fun score (n correct ,n error ,e last ,n user ) (2)
Wherein fun score For the integral calculation function, different linear or nonlinear functions are selected according to practical situations.
When the integral score of a node is negative, discarding the authentication data of the node, and discarding the probability p discard As shown in formula (3); if the node is still transmitting erroneous data, the score is caused to be less than the set threshold score low (e.g. score) low Taken-10), the node is removed from the blockchain authentication network.
p discard =1+1/(k*score) if score<0 (3)
Where k is an integer greater than 1, the value of k is set smaller in the event that a node of the blockchain authentication network is prone to error, otherwise k is set to a larger value.
In one embodiment of the application, integration is used for managing each Internet of things device connected with each node of the blockchain authentication network. And the ID number is set as a unique identifier for the Internet of things equipment, and the identifier of the Internet of things equipment is associated before the acquired biological characteristic information is uploaded. The Internet of things equipment capable of uploading the user biological characteristic data is also authorized and legal Internet of things equipment by the blockchain authentication network, so that the nodes of the blockchain authentication network and the authentication security are further ensured.
The integration of the internet of things device can take into consideration various factors, including the qualification rate of the collected user biological characteristic information in the same times, or the frequency of the user in a preset time range. Through integration, the efficiency and the accuracy of information acquisition of each Internet of things device in the use process can be known, and the Internet of things device is convenient to maintain and replace.
In one embodiment of the application, the time interval between the lightweight authentication and the previous authentication is calculated based on the end time of the previous authentication and the start time of the current authentication.
For example, the user performs full-magnitude authentication on the node A of the blockchain authentication network last time, the authentication end time is 2022-01-01-13:23, and the current authentication start time is 2022-01-02-09:30; and the preset time interval threshold value is 72 hours, the current authentication can carry out lightweight authentication without inputting fingerprints on the Internet of things equipment for multiple times by a user, and only password authentication is needed. Generally, password authentication is static password authentication, which requires a shorter waiting time but is not high in security. In the application, the lightweight mode is performed under the security guarantee based on full-scale authentication, so that the effects of safety and high efficiency can be achieved.
Figure 2 is a flow chart of an overall level of authentication of a user in one embodiment of the application. As shown in fig. 2, the user performs authentication again after one month has elapsed from the previous authentication, the threshold value of the preset time interval is 72 hours, and the user starts full-magnitude authentication in the internet of things device connected with one node of the blockchain authentication network, and may be as follows:
in step 201, the user inputs identity information to start authentication.
The Internet of things equipment can adopt a PC end connected with the biological characteristic collector, and a user inputs identity information, such as data of an identity card number, a mobile phone number or an employee number, and the like, based on the requirement setting of the service.
Step 202, inquiring authentication information of last authentication of the user, and determining interval time. The time interval between two authentications exceeds a preset interval threshold of 72 hours.
Starting from the first authentication of the user, each node of the blockchain authentication network stores the biometric data and authentication time and authentication result of the first authentication, and the authentication time and authentication result of the full-scale or lightweight authentication.
Therefore, when a user authenticates on a certain node of the blockchain authentication network, the authentication record of the user is queried, the authentication time of the last authentication closest to the current authentication is retrieved, calculation is carried out, and the time interval is compared with the preset interval time.
Step 203, password authentication is performed on the user.
In fact, in the full-scale authentication method, the order of the password authentication and the ECC biometric authentication is not limited to this, and the password authentication may be performed first and then the ECC biometric authentication may be performed, or the ECC biometric authentication may be performed first and then the password authentication may be performed.
And 204, after the password authentication is passed, prompting a user to input fingerprints on a fingerprint collector connected with the Internet of things device until the device collects a certain number of qualified fingerprints.
After the password authentication is passed, the user can be prompted to input fingerprints on the fingerprint collector connected with the Internet of things device in a voice instruction mode, and generally speaking, the user needs to be collected three times at least to prevent accidental errors.
In step 205, after the internet of things device performs ECC encryption on the fingerprint, the fingerprint is uploaded to a node of a blockchain authentication network connected to the internet of things device.
The internet of things equipment collects biological characteristics and performs ECC encryption, and the internet of things equipment is only used for an all-level authentication mode, so that a biological characteristic recognition program on a node of a subsequent blockchain authentication network performs ECC biological characteristic authentication.
In step 206, the node of the blockchain authentication network signs the fingerprint information by using a private key, and after the ECC decryption, the node is authenticated by a biometric identification program on the node.
The ECC biometric authentication process is performed on a node of the blockchain authentication network, and after biometric information is transmitted, the internet of things equipment does not need to store the biometric data, does not need to perform authentication any more, and only needs to wait for an authentication result to be returned for the next operation.
Each node of the blockchain authentication network has a private key, when a user selects one node for authentication, the node needs to be responsible for the biometric data and authentication result of the authentication, so that the biometric information is signed by the private key of the user, and subsequent tracking, checking and tracing and integral evaluation of each node are facilitated.
Step 207, after the authentication is passed, the node of the blockchain authentication network transmits the current authentication information, including the authenticated fingerprint data, the authenticated time and the authenticated result, to other nodes, and the current authentication information is stored after verification.
Each node of the blockchain authentication network is a mutually trusted node based on a consensus mechanism. When authentication information transmitted from another node is stored, if the authentication information includes authentication data, the authentication data is verified as a verification node, and the result of the verification corresponds to a plurality of acknowledgements.
And step 208, returning the authentication result to the Internet of things equipment, and enabling the user to perform the next operation.
The above steps record the authentication flow when the user passes the authentication, and in the actual authentication, the authentication may not pass. In the case that the user does not pass the authentication, the authentication information that the authentication does not pass may not be transmitted to other nodes of the blockchain authentication network. Thus, when the user authenticates, the record passing the user authentication is inquired.
For example, the password authentication of the user is not passed, and the next ECC biometric authentication cannot be performed directly; or, the ECC biometric authentication of the user is not passed, and the user is possibly not matched with the identity information and is impersonated; it is also possible that an internet of things device or a node of some blockchain authentication network has failed.
At this time, the user may perform authentication through other nodes or, in order to prevent the user from being maliciously masqueraded, set a threshold value of the number of authentication errors of the user to perform restricted re-authentication, and transmit security prompt information to the user.
In the embodiment, an all-level authentication mode is adopted for authentication, and the security of authentication of a user is ensured through ECC (error correction code) biological characteristics and password authentication. Meanwhile, the biological characteristic data of the user is stored in the nodes of the blockchain authentication network, and the privacy is guaranteed.
FIG. 3 is a flow chart of authentication of a user in a lightweight manner in one embodiment of the application. After the user is authenticated for one day, the user can perform authentication again, and the last authentication can be full-scale authentication or lightweight authentication, and the preset time interval is 72 hours. The user performs lightweight authentication in the internet of things device connected with one node of the blockchain authentication network, and may follow the following steps:
step 301, the user inputs identity information to start authentication.
Step 302, inquiring authentication information of the last authentication of the user, wherein the time interval between the last authentication and the authentication does not exceed a preset interval threshold value for 72 hours.
Step 303, password authentication is performed on the user.
Step 304, after the authentication is passed, the node of the blockchain authentication network stores the current authentication result and authentication time in the blockchain.
And step 305, returning the authentication result to the internet of things equipment, and enabling the user to perform the next operation.
In this embodiment, the user is in the active period, and the time interval between the user and the last authentication does not exceed the threshold value, i.e. the lightweight authentication is performed. By the method, the user authentication efficiency is improved, and the waiting time of the user is reduced. Whereas previous full-magnitude authentications may provide security support for the current authentication.
Of course, there may be multiple consecutive lightweight authentications after a full-level authentication at times.
In one embodiment of the application, the user starts a full-magnitude authentication at node A at 2022-01-10-11:30:50, and the authentication pass time is 2022-01-10-11:31:20. The preset time interval threshold is 72 hours.
The user continues to authenticate at node B at 2022-01-12-16:00:40, this time for lightweight authentication, with time 2022-01-12-16:00:48 passed.
The user continues to authenticate at node C at 2022-01-14-13:00:10, again this time as lightweight authentication, with the time passed by 2022-01-14-13:00:15.
The user continues to authenticate at node a beginning at 2022-01-15-15:30:40, this time as lightweight authentication, with the time passed by 2022-01-15-15:30:48. At this time, although 5 days have elapsed from the last full-scale authentication, the user is more active in this period of time and passes the multiple times of lightweight authentication, so that the lightweight authentication mode is still adopted, and the authentication time of the user is reduced.
The user starts to authenticate again at the node B at 2022-01-24-09-09:30:10, the time spent on inquiring the last authentication is 2022-01-15-15:30:48, and the time interval from the last authentication exceeds 72 hours, so that the user is authenticated in full magnitude.
The application also provides an embodiment of a device for identity authentication and key negotiation of the lightweight internet of things based on the blockchain, which comprises:
a detection unit for detecting whether authentication performed by a user at a node of a blockchain authentication network is first authentication;
the first authentication unit is used for carrying out identity authentication on the user by adopting an all-magnitude authentication mode under the condition that the authentication carried out by the user on the node of the blockchain authentication network is the first authentication; the full-magnitude authentication mode is ECC biological characteristics plus password authentication;
and the second authentication unit is used for carrying out identity authentication on the user by adopting a lightweight authentication mode under the condition that the authentication carried out by the user at the node of the blockchain authentication network is not the first authentication and the interval time between the current authentication start time and the last authentication does not exceed a threshold value, wherein the lightweight authentication mode is password authentication.
The detection unit detects whether the authentication of the user at the node of the blockchain authentication network is the first authentication by inquiring the authentication record of the user, and if the authentication is not the first authentication, further detects the authentication completion time of the last authentication of the user so as to determine whether the current authentication performed at the node in the blockchain authentication network adopts a full-order authentication mode or a lightweight authentication mode. When the user is authenticated for the first time, determining to adopt an all-level authentication mode for the user; when the user is not authenticated for the first time, further judging whether the time interval between the last authentication and the current authentication of the user exceeds a threshold value; under the condition that the user is not authenticated for the first time and the time interval of the current authentication distance from the last authentication does not exceed a threshold value, determining to adopt a lightweight authentication mode; and under the condition that the user is not authenticated for the first time and the time interval between the current authentication and the last authentication exceeds a threshold value, determining to adopt an all-level authentication mode.
The first authentication unit is further configured to perform authentication on the user at the node of the blockchain authentication network, where the authentication is not a first authentication, and if an interval time between a current authentication start time and a last authentication has exceeded a threshold value, perform identity authentication on the user by using an all-level authentication method.
In one embodiment of the present application, the apparatus further includes a sending unit, configured to send a result of authentication to an internet of things device connected to a node of the blockchain authentication network that completes the current authentication; and the current authentication information comprises an authentication result and an authentication time, or comprises authentication data, an authentication result and an authentication time, and is stored in a uplink. The authentication time here refers to the time when authentication is completed.
In this embodiment, before authentication, the authentication method of the current authentication to the user is determined by querying the authentication record of the user; if the user is authenticated in an all-level mode, security of user authentication is ensured by adopting an ECC (error correction code) biological feature and password authentication mode; if the authentication is light-weight, the authentication efficiency is improved by adopting a password authentication mode. The combination of the two authentication modes gives consideration to the safety and efficiency of authentication.
The application also provides an embodiment of an electronic device comprising one or more processors; and the storage device is used for storing one or more programs, and when the one or more programs are executed by the one or more processors, the one or more processors realize the lightweight internet of things identity authentication and key negotiation method based on the blockchain.
The above description is only illustrative of the preferred embodiments of the present application and of the principles of the technology employed. It will be appreciated by persons skilled in the art that the scope of the application referred to in the present application is not limited to the specific combinations of the technical features described above, but also covers other technical features formed by any combination of the technical features described above or their equivalents without departing from the inventive concept described above. Such as the above-mentioned features and the technical features disclosed in the present application (but not limited to) having similar functions are replaced with each other.

Claims (10)

1. The identity authentication and key negotiation method of the lightweight Internet of things based on the blockchain is characterized by comprising the following steps of:
detecting whether authentication performed by a user at a node of a blockchain authentication network is first authentication;
under the condition that authentication of a user at a node of a blockchain authentication network is first authentication, performing identity authentication on the user by adopting a full-magnitude authentication mode, wherein the full-magnitude authentication mode is ECC biological characteristics plus password authentication; after the full-magnitude authentication mode is finished, the current authentication node transmits authentication information of the full-magnitude authentication mode to other nodes of a block chain authentication network, and uplink storage is performed after verification is completed; the authentication information of the full-scale authentication mode at least comprises: biometric data, authentication time, and authentication result;
when authentication performed by a user at a node of a blockchain authentication network is not first authentication, and the interval time between the current authentication start time and the last authentication does not exceed a threshold value, performing identity authentication on the user by adopting a lightweight authentication mode, wherein the lightweight authentication mode is password authentication; after the lightweight authentication mode is finished, the current authentication node records authentication information of the lightweight authentication mode on a blockchain without the need of the blockchain authentication network node to realize consensus; the authentication information of the lightweight authentication mode at least comprises: authentication time and authentication result;
the system comprises a block chain authentication network, an Internet of things device, an ECC encryption device and a user authentication network, wherein the node of the block chain authentication network is connected with the Internet of things device, the Internet of things device is used for collecting biological characteristics of a user and conducting ECC encryption, and the ECC encryption device is used for judging whether the Internet of things device is approved by the node of the block chain authentication network or not.
2. The method of claim 1, wherein authenticating the user using a lightweight authentication method comprises:
carrying out identity authentication on a user by adopting a lightweight authentication mode on any node of a blockchain authentication network;
when the node which adopts the lightweight authentication mode to carry out identity authentication on the user does not respond to the lightweight authentication, carrying out the identity authentication on the user by adopting the lightweight authentication mode on other nodes of the blockchain authentication network;
and storing the authentication result and authentication time of the current authentication on a node which completes identity authentication by adopting a lightweight authentication mode, and storing the authentication result and the authentication time in a uplink manner.
3. The method of claim 1, wherein authenticating the user using an all-magnitude authentication method comprises:
acquiring biological characteristic data of a user uploaded by the Internet of things equipment;
the biological characteristic data are collected by the Internet of things equipment for multiple times and then fused, and the biological characteristic data are uploaded after being processed by using an ECC algorithm;
the node of the block chain authentication network for current authentication signs the biological characteristic data by adopting a private key of the node;
performing identity authentication on the signed biometric data through a biometric identification program arranged at each node of a blockchain authentication network;
uploading the signed biometric data to each node of the blockchain authentication network;
and after the authentication is completed by adopting the full-magnitude authentication mode, the authentication result and the authentication time of the current authentication are linked.
4. A method according to claim 3, wherein authenticating the signed biometric data by a biometric identification program disposed at each node of a blockchain authentication network comprises:
identity authentication is carried out on the signed biological characteristic data through a similarity threshold value and a pre-trained neural network model arranged at each node of a blockchain authentication network; the similarity threshold is used for controlling the accuracy of identity authentication.
5. A method according to claim 3, wherein signing the biometric data obtained by each node of the blockchain authentication network with each private key is accomplished using the expression:
wherein, data auth Representing data provided to the biometric program, d 1 ,d 2 ,…,d m Representing the acquired m-th biometric data, ts representing the timestamp, id of the signature i Identifier representing node i, sign i priv Indicating that node i signs using its private key.
6. The method according to claim 1, characterized in that it comprises:
after the first authentication, all nodes of the blockchain authentication network store information of the first authentication, wherein the information at least comprises: biometric data for which the first authentication is directed, authentication time, and authentication result.
7. The method according to claim 1, wherein the method further comprises:
and the authentication of the user at the node of the blockchain authentication network is not the first authentication, and the user is authenticated by adopting an all-level authentication mode under the condition that the interval time between the time of starting the current authentication and the time of last authentication exceeds a threshold value.
8. The method according to claim 1, wherein the method further comprises:
nodes of the blockchain authentication network have respective corresponding points, and an integral system is adopted to reward honest nodes and punish malicious nodes;
the honest node is a node of the blockchain authentication network with correct authentication result;
the malicious node is the node of the blockchain authentication network with the authentication result in error.
9. The utility model provides a thing networking identity authentication and key agreement's device based on blockchain which characterized in that includes:
a detection unit for detecting whether authentication performed by a user at a node of a blockchain authentication network is first authentication;
the first authentication unit is used for carrying out identity authentication on the user by adopting an all-magnitude authentication mode under the condition that the authentication carried out by the user on the node of the blockchain authentication network is the first authentication; the full-magnitude authentication mode is ECC biological characteristics plus password authentication; after the full-magnitude authentication mode is finished, the current authentication node transmits authentication information of the full-magnitude authentication mode to other nodes of a block chain authentication network, and uplink storage is performed after verification is completed; the authentication information of the full-scale authentication mode at least comprises: biometric data, authentication time, and authentication result;
the second authentication unit is used for carrying out identity authentication on the user by adopting a lightweight authentication mode under the condition that authentication carried out by the user on a node of the blockchain authentication network is not first authentication and the interval time between the current authentication start time and the last authentication does not exceed a threshold value, wherein the lightweight authentication mode is password authentication; after the lightweight authentication mode is finished, the current authentication node records authentication information of the lightweight authentication mode on a blockchain without the need of the blockchain authentication network node to realize consensus; the authentication information of the lightweight authentication mode at least comprises: authentication time and authentication result;
the system comprises a block chain authentication network, an Internet of things device, an ECC encryption device and a user authentication network, wherein the node of the block chain authentication network is connected with the Internet of things device, the Internet of things device is used for collecting biological characteristics of a user and conducting ECC encryption, and the ECC encryption device is used for judging whether the Internet of things device is approved by the node of the block chain authentication network or not.
10. An electronic device, comprising:
one or more processors;
a storage device having one or more programs stored thereon, which when executed by the one or more processors, cause the one or more processors to implement the blockchain-based lightweight internet of things identity authentication and key agreement method as recited in any one of claims 1-8.
CN202211252752.8A 2022-10-13 2022-10-13 Lightweight Internet of things identity authentication and key negotiation method and device based on blockchain and electronic equipment Active CN115643067B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211252752.8A CN115643067B (en) 2022-10-13 2022-10-13 Lightweight Internet of things identity authentication and key negotiation method and device based on blockchain and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211252752.8A CN115643067B (en) 2022-10-13 2022-10-13 Lightweight Internet of things identity authentication and key negotiation method and device based on blockchain and electronic equipment

Publications (2)

Publication Number Publication Date
CN115643067A CN115643067A (en) 2023-01-24
CN115643067B true CN115643067B (en) 2023-09-29

Family

ID=84944081

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211252752.8A Active CN115643067B (en) 2022-10-13 2022-10-13 Lightweight Internet of things identity authentication and key negotiation method and device based on blockchain and electronic equipment

Country Status (1)

Country Link
CN (1) CN115643067B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109981582A (en) * 2019-02-26 2019-07-05 重庆邮电大学 A kind of internet of things equipment identity identifying method based on block chain
CN111818056A (en) * 2020-07-09 2020-10-23 重庆邮电大学 Industrial Internet identity authentication method based on block chain
CN112287393A (en) * 2020-11-24 2021-01-29 国网新疆电力有限公司信息通信公司 Credible identity authentication method and device based on Internet of things and block chain
CN112532655A (en) * 2021-02-07 2021-03-19 北京英迈琪科技有限公司 Login method and system
CN113824732A (en) * 2021-10-13 2021-12-21 成都安恒信息技术有限公司 Zero trust-based multi-factor authentication method
CN114900316A (en) * 2022-05-05 2022-08-12 深圳市合创智能信息有限公司 Block chain-based rapid identity authentication method and system for Internet of things equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190268159A1 (en) * 2018-02-28 2019-08-29 Walmart Apollo, Llc System and method for a digital identity system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109981582A (en) * 2019-02-26 2019-07-05 重庆邮电大学 A kind of internet of things equipment identity identifying method based on block chain
CN111818056A (en) * 2020-07-09 2020-10-23 重庆邮电大学 Industrial Internet identity authentication method based on block chain
CN112287393A (en) * 2020-11-24 2021-01-29 国网新疆电力有限公司信息通信公司 Credible identity authentication method and device based on Internet of things and block chain
CN112532655A (en) * 2021-02-07 2021-03-19 北京英迈琪科技有限公司 Login method and system
CN113824732A (en) * 2021-10-13 2021-12-21 成都安恒信息技术有限公司 Zero trust-based multi-factor authentication method
CN114900316A (en) * 2022-05-05 2022-08-12 深圳市合创智能信息有限公司 Block chain-based rapid identity authentication method and system for Internet of things equipment

Also Published As

Publication number Publication date
CN115643067A (en) 2023-01-24

Similar Documents

Publication Publication Date Title
US11811936B2 (en) Public/private key biometric authentication system
CN107079034B (en) Identity authentication method, terminal equipment, authentication server and electronic equipment
EP3343831B1 (en) Identity authentication method and apparatus
CN101051908B (en) Dynamic cipher certifying system and method
Xi et al. A fingerprint based bio‐cryptographic security protocol designed for client/server authentication in mobile computing environment
US20190280863A1 (en) Recovery of secret data in a distributed system
US8838990B2 (en) Bio-cryptography: secure cryptographic protocols with bipartite biotokens
US7623659B2 (en) Biometric non-repudiation network security systems and methods
US6167518A (en) Digital signature providing non-repudiation based on biological indicia
US8670562B2 (en) Generation and use of a biometric key
US11811754B2 (en) Authenticating devices via tokens and verification computing devices
CN103679436A (en) Electronic contract security system and method based on biological information identification
US20230050280A1 (en) Computer-implemented user identity verification method
US20200295948A1 (en) System for generation and verification of identity and a method thereof
JP4426030B2 (en) Authentication apparatus and method using biometric information
JP2006155547A (en) Individual authentication system, terminal device and server
US9413533B1 (en) System and method for authorizing a new authenticator
CN115643067B (en) Lightweight Internet of things identity authentication and key negotiation method and device based on blockchain and electronic equipment
AnilKumar Secure I-voting system using QR code and biometric authentication.
CN103248629B (en) Identity registration system
Garba A new secured application based mobile banking model for Nigeria
TWI684884B (en) Identity authentication method and device
WO2023239760A1 (en) Computer-implemented user identity verification method
WO2021028705A1 (en) Recovery of secret data in a distributed system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant