CN116132071B - Identity authentication method and device for identification analysis node based on blockchain - Google Patents
Identity authentication method and device for identification analysis node based on blockchain Download PDFInfo
- Publication number
- CN116132071B CN116132071B CN202310390639.4A CN202310390639A CN116132071B CN 116132071 B CN116132071 B CN 116132071B CN 202310390639 A CN202310390639 A CN 202310390639A CN 116132071 B CN116132071 B CN 116132071B
- Authority
- CN
- China
- Prior art keywords
- node
- identity
- qualification
- identification analysis
- analysis node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The embodiment of the disclosure discloses a blockchain-based identity analysis node identity authentication method and device, wherein the method comprises the following steps: when the identity authentication node receives an identity authentication request sent by the first identity analysis node, checking the identity information of the first identity analysis node in the identity authentication request; when the identity information passes the verification, the identity authentication node issues an identity credential for proving the identity of the first identity analysis node to the first identity analysis node; the qualification authentication node receives a qualification authentication request sent by the first identification analysis node, and checks qualification information and signature identity credentials of the first identification analysis node in the qualification authentication request; when the qualification information and the signature identity certificate of the first identification analysis node pass the auditing, the qualification authentication node issues a qualification certificate for proving the qualification of the first identification analysis node to the first identification analysis node.
Description
Technical Field
The disclosure relates to blockchain technology and identity authentication technology, in particular to a blockchain-based identity analysis node identity authentication method and device.
Background
The industrial Internet identification analysis system is a basic system of the industrial Internet, is an important component of the industrial Internet, and is also an important facility for constructing comprehensive interconnection of people, machines and objects. The industrial Internet identification system mainly comprises a plurality of nodes for analyzing industrial Internet identifications. The nodes in the industrial Internet identification system often need to carry out identity authentication before identification analysis, and a digital certificate for proving the identity of the nodes is obtained so as to ensure the data security in the industrial Internet identification system. However, the existing identity authentication system for the node has the problems of abusing and issuing the identity digital certificate of the node, falsifying the identity information used for generating the identity digital certificate and the like, so that the reliability of the identity certificate of the node is low.
Disclosure of Invention
The embodiment of the disclosure provides a blockchain-based identification analysis node identity authentication method and device, which are used for solving the technical problems.
In one aspect of the disclosed embodiments, a blockchain-based identity analysis node identity authentication method is provided, including: responding to an identity authentication request sent by a first identity analysis node received by an identity authentication node, and checking the identity information of the first identity analysis node in the identity authentication request, wherein the identity authentication node is a node in a blockchain network; in response to the identity information passing the audit, the identity authentication node issues an identity credential to the first identity resolution node that attests to the identity of the first identity resolution node; a qualification authentication node receives a qualification authentication request sent by a first identification analysis node and examines qualification information and signature identity credentials of the first identification analysis node in the qualification authentication request, wherein the qualification authentication node is a node in the blockchain network, and the signature identity credentials of the first identification analysis node are obtained by signing the identity credentials of the first identification analysis node by the first identification analysis node through a public key and a private key of the first identification analysis node; and responding to the qualification information and the signature identity certificate of the first identification analysis node to pass the verification, and issuing a qualification certificate for proving the qualification of the first identification analysis node to the first identification analysis node by the qualification authentication node.
Optionally, in the method of any one of the above embodiments of the present disclosure, before the identity authentication node issues an identity credential to the first identity resolution node to prove the identity of the first identity resolution node, the method further includes: the identity authentication node determines the validity period of the identity credentials of the first identity analysis node; the verifying the qualification information and the signature identity credential of the first identification analysis node in the qualification authentication request comprises the following steps: the qualification authentication node verifies the signature in the signature identity credential by using a public key in a public-private key pair of the first identification analysis node; responding to the signature in the signature identity credential to pass verification, and acquiring the identity credential of the first identification analysis node by the qualification authentication node according to the signature identity credential; the qualification authentication node acquires the validity period of the identity credential of the first identification analysis node; the qualification authentication node determines whether the identity credential of the first identification analysis node is valid according to the validity period; and responding to the fact that the identity certificate of the first identification analysis node is valid, and checking qualification information of the first identification analysis node by the qualification authentication node.
Optionally, in the method of any one of the above embodiments of the present disclosure, after the identity authentication node issues an identity credential to the first identity resolution node to prove the identity of the first identity resolution node, the method further includes: the identity authentication node generates identity credential thing information of the first identity analysis node and stores the identity credential thing information into the blockchain, wherein the identity credential thing information comprises: the first identifier analyzes identity credential generation information and identity credential information of an identity credential of a node;
after the qualification authentication node issues a qualification certificate for proving the qualification of the first identification analysis node to the first identification analysis node, the method further comprises: the qualification authentication node generates qualification certificate transaction information of the first identification analysis node and stores the qualification certificate transaction information to the blockchain, wherein the qualification certificate transaction information comprises: and the first identifier analyzes the qualification certificate generation information and the qualification certificate information of the qualification certificate of the node.
Optionally, in the method of any one of the foregoing embodiments of the present disclosure, after the qualification authentication node issues a qualification certificate to the first identity resolution node for proving the qualification of the first identity resolution node, the method further includes: the first identity resolution node stores the identity credential and qualification credentials of the first identity resolution node to the blockchain.
Optionally, in the method of any one of the foregoing embodiments of the present disclosure, after the qualification authentication node issues a qualification certificate to the first identity resolution node for proving the qualification of the first identity resolution node, the method further includes: a second identification analysis node receives a transaction request sent by the first identification analysis node, wherein the transaction request comprises: the signature qualification certificate of the first identification analysis node is obtained by signing the qualification certificate of the first identification analysis node by the first identification analysis node through a public key and private key pair private key of the first identification analysis node; the second identification analysis node verifies the signature of the signature qualification certificate of the first identification analysis node by using the public key of the public key pair of the first identification analysis node; responding to the signature of the signature qualification certificate of the first identification analysis node to pass verification, and feeding back a processing result of the information to be transacted and the signature qualification certificate of the second identification analysis node to the first identification analysis node by the second identification analysis node, wherein the signature qualification certificate of the second identification analysis node is obtained by signing the qualification certificate of the second identification analysis node by the second identification analysis node through a public-private key pair private key of the second identification analysis node; the first identification analysis node verifies the signature of the signature qualification certificate of the second identification analysis node by using the public key of the public key pair of the second identification analysis node; and responding to the signature of the signature qualification certificate of the second identification analysis node to pass verification, and processing the processing result of the information to be transacted by the first identification analysis node.
Optionally, in the method of any one of the foregoing embodiments of the present disclosure, the responding to the verification that the signature of the signature qualification certificate of the first identity resolution node passes, the second identity resolution node feeding back, to the first identity resolution node, the processing result of the information to be transacted and the signature qualification certificate of the second identity resolution node includes: responding to the verification that the signature of the signature qualification certificate of the first identification analysis node passes, and the second identification analysis node acquires qualification certificate thing information of the first identification analysis node; the second identification analysis node determines whether the qualification certificate of the first identification analysis node accords with a preset qualification certificate verification condition according to the qualification certificate thing information of the first identification analysis node; and responding to the qualification certificate of the first identification analysis node conforming to the preset qualification certificate verification condition, and feeding back the processing result of the information to be transacted and the signature qualification certificate of the second identification analysis node to the first identification analysis node by the second identification analysis node.
Optionally, in the method of any one of the foregoing embodiments of the present disclosure, the processing, by the first identity resolution node, the processing result of the information to be transacted in response to verification of the signature qualification certificate of the second identity resolution node includes: responding to the verification that the signature of the signature qualification certificate of the second identification analysis node passes, and the first identification analysis node acquires qualification certificate thing information of the second identification analysis node; the first identification analysis node determines whether the qualification certificate of the second identification analysis node accords with the preset qualification certificate verification condition according to the qualification certificate thing information of the second identification analysis node; and responding to the qualification certificate of the second identification analysis node conforming to the preset qualification certificate verification condition, and processing the processing result of the information to be transacted by the first identification analysis node.
In one aspect of the embodiments of the present disclosure, there is provided a blockchain-based identity authentication device of an identity resolution node, including: the identity verification module is used for responding to the identity authentication request sent by the first identity analysis node received by the identity authentication node and verifying the identity information of the first identity analysis node in the identity authentication request, wherein the identity authentication node is a node in a blockchain network; the first certificate issuing module is used for responding to the passing of the verification of the identity information, and the identity authentication node issues an identity certificate for proving the identity of the first identity analysis node to the first identity analysis node; the qualification auditing module is used for receiving a qualification authentication request sent by the first identification analysis node by a qualification authentication node, and auditing qualification information and signature identity credentials of the first identification analysis node in the qualification authentication request, wherein the qualification authentication node is a node in the blockchain network, and the signature identity credentials of the first identification analysis node are obtained by signing the identity credentials of the first identification analysis node by the first identification analysis node through a public key and a private key of the first identification analysis node; and the second certificate issuing module is used for responding to the qualification information and the signature identity certificate of the first identification analysis node to pass the verification, and the qualification authentication node issues a qualification certificate for proving the qualification of the first identification analysis node to the first identification analysis node.
In one aspect of the disclosed embodiments, there is provided an electronic device including: a memory for storing a computer program; and the processor is used for executing the computer program stored in the memory, and when the computer program is executed, the identity authentication method of the block chain-based identification analysis node is realized.
In one aspect of the disclosed embodiments, a computer readable storage medium is provided, on which a computer program is stored, which when executed by a processor, implements the blockchain-based identification resolution node identity authentication method described above.
Block chain-based identification analysis node identity authentication method and device in the embodiment of the disclosure. In the embodiment of the disclosure, an identity authentication node is firstly utilized to authenticate the identity of a first identity analysis node, and an identity certificate is issued to the first identity analysis node after the identity authentication is passed, and a qualification authentication node is used for checking the signature identity certificate and qualification information of the first identity analysis node, and issuing a qualification certificate to the first identity analysis node when the checking is passed. The identity and qualification of the first identification analysis node are respectively subjected to double authentication through the independent identity authentication node and qualification authentication node, so that the credibility of the identity certificate and qualification certificate of the first identification analysis node is improved, and the data security in an industrial Internet identification analysis system is further improved. Meanwhile, in the embodiment of the disclosure, the identity and qualification of the first identity analysis node are authenticated through the independent identity authentication node and the qualification authentication node, and the qualification authentication can be performed only after the identity authentication is obtained, so that the abusive sending of the qualification certificate is avoided, and the credibility of the qualification certificate of the first identity analysis node is further improved.
In addition, in the embodiment of the disclosure, the identity authentication node and the qualification authentication node arranged in the blockchain network are utilized to authenticate the identity and the qualification of the first identity analysis node, so that the characteristics of non-falsification and non-falsification of the blockchain can be effectively utilized, the risk that the identity information is falsified in the identity authentication process and the qualification information is falsified in the qualification authentication process is effectively reduced, and the credibility of the identity certificate and the qualification certificate is further improved.
The technical scheme of the present disclosure is described in further detail below through the accompanying drawings and examples.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The disclosure may be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings in which:
FIG. 1 illustrates a flow diagram of one embodiment of a blockchain-based identification resolution node identity authentication method in accordance with embodiments of the present disclosure;
FIG. 2 illustrates a flow chart of one embodiment of step S130 of an embodiment of the present disclosure;
FIG. 3 illustrates a flow chart of another embodiment of a blockchain-based identification resolution node identity authentication method of embodiments of the present disclosure;
FIG. 4 illustrates a flow chart of one embodiment of step S230 of an embodiment of the present disclosure;
FIG. 5 illustrates a flow chart of one embodiment of step S250 of an embodiment of the present disclosure;
FIG. 6 is a schematic diagram of a method of identity authentication and qualification of a first identity resolution node in an exemplary embodiment of the present disclosure;
FIG. 7 is a schematic diagram of a method for processing a transaction request by a first identity resolution node and a second identity resolution node in an exemplary embodiment of the present disclosure;
FIG. 8 is a schematic diagram illustrating an embodiment of a blockchain-based identification resolution node identity authentication device in accordance with embodiments of the present disclosure;
fig. 9 is a schematic structural diagram of an application embodiment of the electronic device of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless it is specifically stated otherwise.
It will be appreciated by those of skill in the art that the terms "first," "second," etc. in embodiments of the present disclosure are used merely to distinguish between different steps, devices or modules, etc., and do not represent any particular technical meaning nor necessarily logical order between them.
It should also be understood that in embodiments of the present disclosure, "plurality" may refer to two or more, and "at least one" may refer to one, two or more.
It should also be appreciated that any component, data, or structure referred to in the presently disclosed embodiments may be generally understood as one or more without explicit limitation or the contrary in the context.
In addition, the term "and/or" in this disclosure is merely an association relationship describing an association object, and indicates that three relationships may exist, for example, a and/or B may indicate: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" in the present disclosure generally indicates that the front and rear association objects are an or relationship.
It should also be understood that the description of the various embodiments of the present disclosure emphasizes the differences between the various embodiments, and that the same or similar features may be referred to each other, and for brevity, will not be described in detail.
Meanwhile, it should be understood that the sizes of the respective parts shown in the drawings are not drawn in actual scale for convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but are intended to be part of the specification where appropriate.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further discussion thereof is necessary in subsequent figures.
Embodiments of the present disclosure may be applicable to electronic devices such as terminal devices, computer systems, servers, etc., which may operate with numerous other general purpose or special purpose computing system environments or configurations. Examples of well known terminal devices, computing systems, environments, and/or configurations that may be suitable for use with the terminal device, computer system, server, or other electronic device include, but are not limited to: personal computer systems, server computer systems, thin clients, thick clients, hand-held or laptop devices, microprocessor-based systems, set-top boxes, programmable consumer electronics, network personal computers, small computer systems, mainframe computer systems, and distributed cloud computing technology environments that include any of the foregoing, and the like.
Electronic devices such as terminal devices, computer systems, servers, etc. may be described in the general context of computer system-executable instructions, such as program modules, being executed by a computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, etc., that perform particular tasks or implement particular abstract data types. The computer system/server may be implemented in a distributed cloud computing environment in which tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computing system storage media including memory storage devices.
The industrial internet (Industrial Internet) is a novel infrastructure, application mode and industrial ecology which are deeply fused with the new generation information communication technology and industrial economy, and a brand new manufacturing and service system which covers the whole industrial chain and the whole value chain is constructed by comprehensively connecting people, machines, objects, systems and the like. In the industrial internet, products or machines are identified using industrial internet identifications, each of which corresponds to information about the product or machine identified by the industrial internet identification. The industrial Internet identification analysis system is a basic system of the industrial Internet and is mainly used for analyzing the industrial Internet identification to obtain related information of products or machines identified by the industrial Internet identification. The industrial Internet identification system mainly comprises a plurality of nodes for analyzing industrial Internet identifications, and the nodes for analyzing the industrial Internet identifications can be computers or servers and the like. Specifically, the industrial internet identification system includes: international root node, national top level node, secondary identification resolution node, enterprise node, public recursive resolution node, other/enterprise information system. Wherein, international root node: is the highest-level service node of the industrial internet identification system, is not limited to a specific country or region, and provides public root zone data management and root resolution services to the global scope. National top level node: the key of the industrial Internet identification analysis system in China is an international gateway for external interconnection and a core hub for internal overall planning. The system can provide management capabilities of top-level identification code registration and identification analysis service for nationwide range, such as identification record, identification authentication and the like. The national top level node is communicated with the international root nodes of various identification systems and is communicated with various secondary and following other identification analysis service nodes in China. Secondary identity resolution node: the identification analysis public service node in the industry or the area can provide identification code registration and identification analysis service for the industry or the area, and complete related identification service management, identification application docking and the like. Each secondary node is assigned a unique secondary node identification prefix by the top level node of the country. Enterprise node: the identification analysis service node in the enterprise can provide identification code registration and identification analysis service for specific enterprises. The system can be deployed independently or used as a constituent element of an enterprise information system. Each enterprise node is assigned a unique enterprise node identification prefix by the secondary node, the content of the identification suffix is defined and assigned by the enterprise, and the enterprise node identification prefix plus the identification suffix form a complete industrial internet identification. Public recursive resolution node: the method is a key entry facility for providing the identification analysis service to the outside by the identification analysis system, receives an identification inquiry request of an external client, finds enterprise nodes in the identification analysis system in a stepwise recursion mode, and acquires detailed information of the identification. Other/enterprise information systems: the industrial Internet APP and the industrial Internet platform are widely used in industrial scenes by means of the identification capability of an industrial Internet identification analysis system, processing data and business logic.
A blockchain (blockchain) is a chained data structure in which data blocks are sequentially connected in time sequence, and cryptographically guarantees that the data is not tamperable and counterfeit. The blockchain technology is built on a blockchain network, and data transmission and processing are realized through each node in the blockchain network. Nodes (nodes) in a blockchain network are generally referred to as computers in the blockchain network, that is, any computer (including handsets, servers, etc.) connected to the blockchain network is referred to as a Node.
Fig. 1 is a flowchart illustrating a blockchain-based identification resolution node identity authentication method in an embodiment of the present disclosure. The embodiment can be applied to an electronic device, as shown in fig. 1, and the identification analysis node identity authentication method based on the blockchain includes the following steps:
step S110, in response to the identity authentication node receiving the identity authentication request sent by the first identity analysis node, the identity information of the first identity analysis node in the identity authentication request is checked.
Wherein the identity authentication node is a node in a blockchain network; the node in the blockchain network for authenticating the identity of the identity resolution node can be called an identity authentication node. The first identifier analysis node is used for analyzing the industrial internet identifier, and the first identifier analysis node can be any node or identifier analysis client in the industrial internet identifier system, for example, the first identifier analysis node can be an international root node, a country top node, a second-level identifier analysis node, an enterprise node, a public recursion analysis node or identifier analysis client and the like.
The identity authentication request includes identity information of the first identity resolution node, and identity information of a holder of the first identity resolution node, which may be an enterprise, an institution, an organization, a person, or the like, may be determined as the identity information of the first identity resolution node. For example, the identity information of the first identity resolution node may include: the first identity resolves the node's business license, organization code, identification information, etc. The identity authentication node can check the authenticity of the identity information of the first identity analysis node through manual work or a preset program.
Step S120, in response to the identity information passing the audit, the identity authentication node issues an identity credential to the first identity resolution node, which proves the identity of the first identity resolution node.
The identity credential may be any digital certificate or electronic certificate used for proving identity, etc. The identity credential of the first identity resolution section may include: the first identity resolves the name of the node, the number of the credential, the expiration date of the credential, the date of issuance of the credential, the name of the identity authentication node that issued the credential, etc.
In one embodiment, when the identity information of the first identity analysis node passes the verification of the identity authentication node, the identity authentication node generates an identity credential of the first identity analysis node and sends the identity credential to the first identity analysis node, and meanwhile, the identity authentication node stores the validity period of the identity credential of the first identity analysis node; and when the identity information of the first identity analysis node fails to pass the verification of the identity authentication node, the identity authentication node sends an identity authentication failure message to the first identity analysis node.
And step S130, the qualification authentication node receives a qualification authentication request sent by the first identification analysis node, and the qualification information and the signature identity credential of the first identification analysis node in the qualification authentication request are checked.
Wherein, the qualification authentication node is a node in the block chain network; the node for authenticating the qualification of the identification resolution node in the blockchain network can be called a qualification authentication node. The signature identity credential of the first identification analysis node is obtained by the first identification analysis node by signing the identity credential of the first identification analysis node with the public key and the private key of the first identification analysis node. The qualification information of the holder of the first resolution node may be determined as qualification information of the first identification resolution node, and the qualification information of the first identification resolution node may include: the qualification information of the first identity resolution node, e.g., high and new enterprise certificates of the first identity resolution node, identity management qualification certificates, etc.
The public-private key pair of the first identity resolution node includes a public key and a private key. The public key of the public-private key pair of the first identification analysis node is used for verifying a signature generated by the private key of the public-private key pair of the first identification analysis node, and the private key of the public-private key pair of the first identification analysis node is used for signing data or information.
In one embodiment, when the identity information of the first identity analysis node passes the audit, the identity authentication node generates a public-private key pair of the first identity analysis node by using a national secret (SM 2) algorithm, a symmetric encryption algorithm, an asymmetric encryption algorithm or the like, and transmits the public-private key pair of the first identity analysis node to the first identity analysis node.
In one embodiment, the first identity resolution node may sign the identity credential of the first identity resolution node using the public-private key of the first identity resolution node and the private key of the first identity resolution node to obtain a signed identity credential. The first identity resolution node generates a qualification request comprising the signed identity credential and qualification information of the first identity resolution node. The first identification analysis node sends a qualification authentication request to a qualification authentication node.
The qualification authentication node can acquire the public key in the public-private key pair of the first identification analysis node from the storage address of the public key in the public-private key pair of the first identification analysis node published by the first identification analysis node, and then verify the signature in the signature identity certificate of the first identification analysis node by using the public key in the public-private key pair of the first identification analysis node; the qualification authentication node can check the authenticity of the qualification information of the first identification analysis node through manual work or a preset program, and when the qualification information passes the check and the signature in the signature identity credential passes the verification, the qualification information and the signature identity credential of the first identification analysis node are determined to pass the check; and when the qualification information fails to pass the audit and/or the signature in the signature identity credential fails to pass the verification, determining that the qualification information of the first identification analysis node and the signature identity credential fail to pass the audit, and sending a qualification authentication failure message to the first identification analysis node by the qualification authentication node.
And step S140, in response to the qualification information and the signature identity credential of the first identification analysis node passing the audit, the qualification authentication node issues a qualification certificate for proving the qualification of the first identification analysis node to the first identification analysis node.
The qualification certificate can be any digital certificate or electronic certificate used for proving qualification, etc. The qualification certificate of the first identity resolution section may include: the name of the first identification analysis node, the qualification name of the qualification possessed by the first identification analysis node, the number of the certificate, the validity period of the certificate, the date of issuing the certificate, the name of the identity authentication node issuing the certificate, and the like.
In one embodiment, when both the qualification information and the signature identity credential of the first identity resolution node pass the audit, the qualification authentication node generates a qualification certificate of the first identity resolution node and sends the qualification certificate to the first identity resolution node, and at the same time, the qualification authentication node stores the validity period of the qualification certificate of the first identity resolution node.
In the embodiment of the disclosure, an identity authentication node is firstly utilized to authenticate the identity of a first identity analysis node, and an identity certificate is issued to the first identity analysis node after the identity authentication is passed, and a qualification authentication node is used for checking the signature identity certificate and qualification information of the first identity analysis node, and issuing a qualification certificate to the first identity analysis node when the checking is passed. The identity and qualification of the first identification analysis node are respectively subjected to double authentication through the independent identity authentication node and qualification authentication node, so that the credibility of the identity certificate and qualification certificate of the first identification analysis node is improved, and the data security in an industrial Internet identification analysis system is further improved. Meanwhile, in the embodiment of the disclosure, the identity and qualification of the first identity analysis node are authenticated through the independent identity authentication node and the qualification authentication node, and the qualification authentication can be performed only after the identity authentication is obtained, so that the abusive sending of the qualification certificate is avoided, and the credibility of the qualification certificate of the first identity analysis node is further improved.
In addition, in the embodiment of the disclosure, the identity authentication node and the qualification authentication node arranged in the blockchain network are utilized to authenticate the identity and the qualification of the first identity analysis node, so that the characteristics of non-falsification and non-falsification of the blockchain can be effectively utilized, the risk that the identity information is falsified in the identity authentication process and the qualification information is falsified in the qualification authentication process is effectively reduced, and the credibility of the identity certificate and the qualification certificate is further improved.
In an alternative embodiment, step S120 in the embodiment of the disclosure further includes: the identity authentication node determines a validity period of the identity credential of the first identity resolution node. In one embodiment, when the identity information passes the audit, the identity authentication node may set a valid period of the first identity resolution node according to a preset period setting rule, and then the identity authentication node issues an identity credential to the first identity resolution node to prove the identity of the first identity resolution node. The preset term setting rule may set the validity term of all the identity credentials to the same term, for example, the validity term of all the identity credentials may be 3 years, or the validity term of the identity credentials may be set according to the level of the first identifier resolution node, or the like.
As shown in fig. 2, step S130 in the embodiment of the present disclosure further includes the following steps:
step S131, the qualification authentication node verifies the signature in the signature identity credential by using the public key of the public-private key pair of the first identification resolution node.
In one embodiment, when the qualification node receives the qualification request sent by the first identity resolution node, the qualification node may obtain the public key of the public key pair of the first identity resolution node from the storage address of the public key pair of the first identity resolution node published by the first identity resolution node, or the qualification node may obtain the public key of the public key pair of the first identity resolution node from the first identity resolution node, and then verify the signature in the signature identity credential of the first identity resolution node by using the public key of the public key pair of the first identity resolution node.
And step S132, responding to the verification of the signature in the signature identity credential, and acquiring the identity credential of the first identification analysis node by the qualification authentication node according to the signature identity credential.
And the qualification authentication node verifies the signature of the signature identity certificate by using the public key of the public-private key pair of the first identification analysis node, and when the signature of the signature identity certificate passes the verification, the identity certificate of the first identification analysis node is obtained. The first identifier analysis node signs the identity certificate by using the public-private key pair private key of the first identifier analysis node to obtain a signed identity certificate, namely the signed identity certificate is encrypted by using the public-private key pair private key of the first identifier analysis node, the signed identity certificate is the encrypted identity certificate, the qualification authentication node verifies the signature of the signed identity certificate by using the public-private key pair public key of the first identifier analysis node, namely the signed identity certificate is decrypted by using the public-private key pair public key of the first identifier analysis node, and when the signature of the signed identity certificate passes verification, namely the decryption is successful, the identity certificate of the first identifier analysis node is obtained.
In one embodiment, the qualification node sends a qualification failure message to the first identity resolution node when the signature in the signed identity credential fails verification.
Step S133, the qualification authentication node obtains the validity period of the identity credential of the first identification analysis node.
The qualification node may obtain the validity period of the identity credential of the first identity resolution node from the identity authentication node.
Step S134, the qualification authentication node determines whether the identity credential of the first identification analysis node is valid according to the validity period of the identity credential of the first identification analysis node.
Wherein, whether the identity credential is valid or not can be determined according to the issue date of the identity credential of the first identification resolution node and the validity period of the identity credential. Illustratively, the identity credential of the first identity resolution node includes an issue date of the identity credential, where the issue date is 2021, 1 month, 1 day, the validity period of the identity credential is 2 years, and the current time is 2022, 12, 1 month, and the validity of the identity credential can be determined.
And step S135, in response to the fact that the identity credential of the first identification analysis node is valid, the qualification authentication node examines the qualification information of the first identification analysis node.
In one embodiment, upon determining that the identity credential of the first identity resolution node fails, the qualification node sends a qualification failure message to the first identity resolution node.
In an alternative embodiment, step S120 in the embodiment of the disclosure further includes: the identity authentication node generates identity credential thing information of the first identity resolution node and stores the identity credential thing information to the blockchain. The identity credential thing information of the first identification analysis node comprises: the first identity resolves identity credential generation information and identity credential information of an identity credential of the node. The identity credential generation information may include all identity credential generation events in generating the identity credential of the first identity resolution node, and a time corresponding to each identity credential generation event. The identity credential generation event may be an event in the identity credential generation process, for example, the identity credential generation event may be: an event of identity information audit, an event of creating identity credentials, etc. The identity credential information may include: the first identity resolves the certificate number, certificate name, date of issuance of the certificate, authority of issuance of the certificate, name of the first identity resolves the node, etc.
In an alternative embodiment, step S140 in the embodiment of the present disclosure further includes: the qualification authentication node generates qualification certificate transaction information of the first identification analysis node and stores the qualification certificate transaction information into the blockchain. Wherein, the qualification certificate transaction information of the first identification analysis node comprises: and the first identifier analyzes the qualification certificate generation information and the qualification certificate information of the qualification certificate of the node. The qualification certificate generation information may include all of the qualification certificate generation events in generating the qualification certificate of the first identity resolution node, and a time corresponding to each of the qualification certificate generation events. The qualification certificate generation event may be an event in the qualification certificate generation process, for example, the qualification certificate generation event may be: an event of qualification information audit, an event of signature verification of a signature identity credential, an event of verification of identity credential validity, an event of creating a qualification credential, and the like. The qualification certificate information may include: the first identity resolves a certificate number, a certificate name, an issue date of the certificate, an issuing authority of the certificate, etc. of a qualification certificate of the node.
In an alternative embodiment, step S140 in the embodiment of the present disclosure further includes: the first identity resolution node stores the identity credential and the qualification credential of the first identity resolution node to the blockchain.
The first identifier analysis node can sign the identity certificate and the qualification certificate of the first identifier analysis node by using the public and private key pair private key of the first identifier analysis node, and store the signed identity certificate and qualification certificate into the blockchain, and when the storage is successful, the blockchain feeds back the storage addresses of the signed identity certificate and qualification certificate to the first identifier analysis node.
In an alternative embodiment, as shown in fig. 3, step S140 in the embodiment of the disclosure further includes the following steps:
in step S210, the second identifier resolution node receives the transaction request sent by the first identifier resolution node.
Wherein the transaction request includes: the signature qualification certificate of the first identification analysis node is obtained by signing the qualification certificate of the first identification analysis node by the first identification analysis node through a public key and a private key of the first identification analysis node. The second identifier analysis node is configured to analyze the industrial internet identifier, where the second identifier analysis node may be any node or an identifier analysis client in the industrial internet identifier system, for example, the second identifier analysis node may be an international root node, a country top node, a second identifier analysis node, an enterprise node, a public recursion analysis node or an identifier analysis client, and so on. It should be noted that, the first identification analysis node and the second identification analysis node are different nodes in the industrial internet identification system.
In one embodiment, the transaction request may be a request for industrial internet identification resolution, and the information to be transacted may be the industrial internet identification to be resolved.
Step S220, the second identification analysis node verifies the signature of the signature qualification certificate of the first identification analysis node by using the public key pair public key of the first identification analysis node.
The second identifier analysis node may obtain the public key in the public key pair of the first identifier analysis node from the storage address of the public key in the public key pair of the first identifier analysis node published by the first identifier analysis node, or the second identifier analysis node may obtain the public key in the public key pair of the first identifier analysis node from the first identifier analysis node, and then the second identifier analysis node verifies the signature in the signature qualification certificate of the first identifier analysis node by using the public key in the public key pair of the first identifier analysis node.
Step S230, in response to the signature of the signature qualification certificate of the first identity resolution node passing the verification, the second identity resolution node feeds back the processing result of the information to be transacted and the signature qualification certificate of the second identity resolution node to the first identity resolution node.
The signature qualification certificate of the second identification analysis node is obtained by signing the qualification certificate of the second identification analysis node by the second identification analysis node through a public key and a private key of the second identification analysis node.
The public-private key pair of the second identity resolution node includes a public key and a private key. The public key of the public-private key pair of the second identification analysis node is used for verifying the signature generated by the private key of the public-private key pair of the second identification analysis node, and the private key of the public-private key pair of the second identification analysis node is used for signing data or information. In one embodiment, the identity authentication node generates a public-private key pair of the second identity resolution node using a national encryption (SM 2) algorithm, a symmetric encryption algorithm, an asymmetric encryption algorithm, or the like, and transmits the public-private key pair of the second identity resolution node to the second identity resolution node.
In one embodiment, before the first identity resolution node and the second identity resolution node trade, the second identity resolution node needs to pass through authentication of the identity authentication node and the qualification authentication node, obtain an identity credential of the second identity resolution node from the identity authentication node, and obtain a qualification credential of the second identity resolution node from the qualification authentication node, the second identity resolution node obtains the identity credential of the second identity resolution node from the identity authentication node, and a method for obtaining the qualification credential of the second identity resolution node from the qualification authentication node is the same as that of the first identity resolution node, and is not described herein.
In one embodiment, when the signature of the signature qualification certificate of the first identification analysis node passes the verification of the public key in the public-private key pair of the first identification analysis node, the second identification analysis node processes the information to be transacted in the transaction request to obtain a processing result of the information to be transacted, the second identification analysis node signs the qualification certificate of the second identification analysis node by using the public-private key pair private key of the second identification analysis node to obtain the signature qualification certificate of the second identification analysis node, and the second identification analysis node sends the processing result of the information to be transacted and the signature qualification certificate of the second identification analysis node to the first identification analysis node.
In one embodiment, the second identity resolution node feeds back a transaction failure message to the first identity resolution node when the signature of the signature qualification certificate of the first identity resolution node fails verification.
Step S240, the first identification analysis node verifies the signature of the signature qualification certificate of the second identification analysis node by using the public key pair public key of the second identification analysis node.
The first identifier analysis node may obtain the public key in the public-private key pair of the second identifier analysis node from the storage address of the public key in the public-private key pair of the second identifier analysis node published by the second identifier analysis node, or the first identifier analysis node may obtain the public key in the public-private key pair of the second identifier analysis node from the second identifier analysis node, and then the first identifier analysis node verifies the signature in the signature qualification certificate of the second identifier analysis node by using the public key in the public key pair of the second identifier analysis node.
Step S250, in response to the signature of the signature qualification certificate of the second identification analysis node passing verification, the first identification analysis node processes the processing result of the transaction information.
In one embodiment, when the signature of the signature qualification certificate of the second identification analysis node fails to pass verification, the first identification analysis node sends a qualification certificate verification failure message to the second identification analysis node, and the processing result of the transaction information is not processed; or the first identification analysis node sends a qualification certificate verification failure message to the second identification analysis node and refuses to receive the processing result of the information to be transacted; or the first identification analysis node sends a qualification certificate verification failure message to the second identification analysis node, and deletes the processing result of the information to be transacted and the like.
The transaction request is taken as an identification analysis request for example for explanation, wherein the information to be transacted is an industrial internet identification to be analyzed, the first identification analysis node is a recursion node, and the second identification analysis node is a country top node. The method specifically comprises the following steps:
the first identification analysis node signs a qualification certificate of the first identification analysis node by using a private key in a public-private key pair of the first identification analysis node to obtain a signature qualification certificate of the first identification analysis node, the first identification analysis node generates an identification analysis request, the identification analysis request comprises an industrial Internet identification to be analyzed and the signature qualification certificate of the first identification analysis node, and the first identification analysis node sends the identification analysis request to the second identification analysis node.
The second identification analysis node receives the identification analysis request, the second identification analysis node acquires a public key in a public key pair of the first identification analysis node from the first identification analysis node, the public key in the public key pair of the first identification analysis node is used for verifying the signature of the signature qualification certificate of the first identification analysis node, when the signature passes the verification, the second identification analysis node determines a secondary node analysis address (processing result of information to be transacted) of the industrial Internet identification to be analyzed, the second identification analysis node signs the qualification certificate of the second identification analysis node by using the private key in the public key pair of the second identification analysis node to obtain the signature qualification certificate of the second identification analysis node, and the second identification analysis node sends the secondary node analysis address and the signature qualification certificate of the second identification analysis node to the first identification analysis node.
The first identification analysis node receives the signature qualification certificate of the second identification analysis node, the first identification analysis node obtains a public key and a private key pair public key of the second identification analysis node from the second identification analysis node, the public key pair public key of the second identification analysis node is utilized to verify the signature of the signature qualification certificate of the second identification analysis node, when the signature passes the verification, the first identification analysis node receives the analysis address of the second identification analysis node, and the first identification analysis node sends an identification analysis request to the second identification analysis node according to the analysis address of the second identification analysis node, namely the first identification analysis node processes the processing result of the transaction information. And when the signature fails to pass verification, the first identification analysis node sends a qualification certificate verification failure message to the second identification analysis node and refuses to receive the analysis address of the second node.
In an alternative embodiment, as shown in fig. 4, step S230 in the embodiment of the present disclosure further includes the following steps:
in step S231, in response to the signature of the signature qualification certificate of the first identity resolution node passing the verification, the second identity resolution node obtains the qualification certificate transaction information of the first identity resolution node.
When the second identification analysis node verifies the signature of the signature qualification certificate of the first identification analysis node by using the public key pair public key of the first identification analysis node, and the signature of the signature qualification certificate of the first identification analysis node passes the verification, the second identification analysis node obtains the qualification certificate of the first identification analysis node. The second identity resolution node may obtain the asset certificate transaction information of the first identity resolution node from the blockchain.
Step S232, the second identification analysis node determines whether the qualification certificate of the first identification analysis node accords with a preset qualification certificate verification condition according to the qualification certificate object information of the first identification analysis node.
The preset qualification certificate verification conditions can be set according to actual requirements.
In one embodiment, the preset qualification certificate verification condition may include: whether the qualification certificate generation information in the qualification certificate object information comprises a key event or not, whether the qualification certificate information in the qualification certificate object information is consistent with the qualification certificate or not, and whether the time interval between the current time and the time corresponding to the event of creating the qualification certificate in the qualification certificate generation information in the qualification certificate object information is smaller than a preset duration or not. For example, the key events may be: an event of qualification information audit, an event of signature verification of a signature identity credential, an event of verification of identity credential validity, and the like. Verifying whether the qualification certificate information in the qualification certificate transaction information is consistent with the qualification certificate may include: and verifying whether the name, the qualification name, the certificate number, the issuing date and the like of the first identification analysis node in the qualification certificate are consistent with the record in the qualification certificate information in the qualification certificate transaction information. The preset time period can be set according to actual conditions.
When the fact that the qualification certificate generation information in the qualification certificate object information of the first identification analysis node comprises key events is determined, the qualification certificate information in the qualification certificate object information is consistent with the qualification certificate, the time interval between the current time and the time corresponding to the event of creating the qualification certificate in the qualification certificate generation information in the qualification certificate object information is smaller than the preset duration, and the fact that the qualification certificate of the first identification analysis node accords with the preset qualification certificate verification condition is determined. And when the at least one piece of information is determined to not pass the verification, determining that the qualification certificate of the first identification analysis node does not accord with the preset qualification certificate verification condition.
Step S233, in response to the qualification certificate of the first identification analysis node conforming to the preset qualification certificate verification condition, the second identification analysis node feeds back the processing result of the information to be transacted and the signature qualification certificate of the second identification analysis node to the first identification analysis node.
In one embodiment, when the qualification certificate of the first identity resolution node does not meet the preset qualification certificate verification condition, the second identity resolution node feeds back a transaction failure message to the first identity resolution node.
In an alternative embodiment, as shown in fig. 5, step S250 in the embodiment of the present disclosure further includes the following steps:
Step S251, the first identification analysis node obtains the qualification certificate thing information of the second identification analysis node in response to the signature of the signature qualification certificate of the second identification analysis node passing verification.
When the first identification analysis node verifies the signature of the signature qualification certificate of the second identification analysis node by using the public key pair public key of the second identification analysis node, and the signature of the signature qualification certificate of the second identification analysis node passes the verification, the first identification analysis node obtains the qualification certificate of the second identification analysis node. The first identity resolution node may obtain qualification certificate transaction information for the second identity resolution node from the blockchain.
In step S252, the first identifier resolution node determines whether the qualification certificate of the second identifier resolution node meets the preset qualification certificate verification condition according to the qualification certificate transaction information of the second identifier resolution node.
The method for determining, by the first identifier resolution node, whether the qualification certificate of the second identifier resolution node meets the preset qualification certificate verification condition according to the qualification certificate object information of the second identifier resolution node is the same as the method in step S232, and is not described herein.
Step S253, in response to the qualification certificate of the second identification resolution node conforming to the preset qualification certificate verification condition, the first identification resolution node processes the processing result of the transaction information.
In one embodiment, when the qualification certificate of the second identification analysis node does not meet the preset qualification certificate verification condition, the first identification analysis node sends a qualification certificate verification failure message to the second identification analysis node, and the processing result of the information to be transacted is not processed; or the first identification analysis node sends a qualification certificate verification failure message to the second identification analysis node and refuses to receive the processing result of the information to be transacted; or the first identification analysis node sends a qualification certificate verification failure message to the second identification analysis node, and deletes the processing result of the information to be transacted and the like.
The following is an application embodiment of the blockchain-based identification resolution node identity authentication method in the embodiments of the present disclosure.
As shown in fig. 6, the first identity resolution node identity authentication and qualification authentication includes the following steps:
s1, the first identification analysis node generates an identity authentication request and sends the identity authentication request to the identity authentication node, wherein the identity authentication request comprises identity information of the first identification analysis node.
S2, the identity authentication node checks the identity information of the first identification analysis node, and when the identity information passes the check, the identity authentication node generates an identity certificate of the first identification analysis node and a public-private key pair of the first identification analysis node to the first identification analysis node and sends the identity certificate of the first identification analysis node and the public-private key pair of the first identification analysis node to the first identification analysis node; the identity authentication node generates identity credential thing information of the first identity resolution node and stores the identity credential thing information to the blockchain.
S3, the first identification analysis node signs the identity certificate of the first identification analysis node by using the public and private key pair private key of the first identification analysis node to obtain a signed identity certificate; the first identification analysis node generates a qualification authentication request and sends the qualification authentication request to the qualification authentication node, wherein the qualification authentication request comprises: the first identity resolves qualification information of the node and signs identity credentials.
S4, the qualification authentication node requests public keys in public and private key pairs of the first identification analysis node from the first identification analysis node, and the first identification analysis node sends the qualification authentication node to the public keys in the public and private key pairs of the first identification analysis node; and the qualification authentication node verifies the signature in the signature identity credential by using the public key in the public-private key pair of the first identification analysis node.
S5, when the signature in the signature identity certificate passes verification, the qualification authentication node acquires the valid period of the identity certificate of the first identification analysis node from the identity authentication node; and the qualification authentication node determines whether the identity credential of the first identification analysis node is valid according to the validity period.
And S6, when the identity certificate of the first identification analysis node is determined to be effective, the qualification authentication node performs auditing on qualification information of the first identification analysis node.
S7, when the qualification information of the first identification analysis node passes the audit, the qualification authentication node generates a qualification certificate of the first identification analysis node to the first identification analysis node, and sends the qualification certificate of the first identification analysis node to the first identification analysis node; the qualification authentication node generates qualification certificate transaction information of the first identification analysis node and stores the qualification certificate transaction information into the blockchain.
As shown in fig. 7, the method for processing the transaction request by the first identification resolution node and the second identification resolution node includes the following steps:
s8, the first identification analysis node signs a qualification certificate of the first identification analysis node by using a public key and a private key of the first identification analysis node to obtain a signed qualification certificate of the first identification analysis node; the first identification analysis node generates a transaction request and sends the transaction request to the second identification analysis node, wherein the transaction request comprises a signature qualification certificate of the first identification analysis node and information to be transacted.
S9, the second identification analysis node requests the public key of the public-private key pair of the first identification analysis node from the first identification analysis node, and the first identification analysis node sends the public key of the public-private key pair of the first identification analysis node to the second identification analysis node; and the second identification analysis node verifies the signature of the signature qualification certificate of the first identification analysis node by using the public key in the public key pair of the first identification analysis node.
S10, when the signature of the signature qualification certificate of the first identification analysis node passes verification, the second identification analysis node acquires qualification certificate thing information of the first identification analysis node from the blockchain.
S11, the second identification analysis node determines whether the qualification certificate of the first identification analysis node accords with a preset qualification certificate verification condition according to the qualification certificate thing information of the first identification analysis node.
And S12, when the qualification certificate of the first identification analysis node accords with a preset qualification certificate verification condition, the second identification analysis node processes the information to be transacted to obtain a processing result of the information to be transacted, and the second identification analysis node signs the qualification certificate of the second identification analysis node by using the public and private key pair of the second identification analysis node to obtain a signature qualification certificate of the second identification analysis node.
S13, the second identification analysis node sends the processing result of the information to be transacted and the signature qualification certificate of the second identification analysis node to the first identification analysis node.
S14, the first identification analysis node requests a public key in a public-private key pair of the second identification analysis node from the second identification analysis node, the second identification analysis node sends the first identification analysis node to the public key in the public-private key pair of the second identification analysis node, and the first identification analysis node verifies the signature of the signature qualification certificate of the second identification analysis node by using the public key in the public-private key pair of the second identification analysis node.
And S15, when the signature of the signature qualification certificate of the second identification analysis node passes verification, the first identification analysis node acquires qualification certificate thing information of the second identification analysis node from the blockchain.
S16, the first identification analysis node determines whether the qualification certificate of the second identification analysis node accords with the preset qualification certificate verification condition according to the qualification certificate thing information of the second identification analysis node.
S17, when the qualification certificate of the second identification analysis node meets the preset qualification certificate verification condition, the first identification analysis node processes the processing result of the transaction information.
Fig. 8 illustrates a block diagram of a blockchain-based identity resolution node identity authentication device in an embodiment of the present disclosure. As shown in fig. 8, the identifying and resolving node identity authentication device based on the blockchain in this embodiment includes:
an identity auditing module 310, configured to audit identity information of a first identity analysis node in an identity authentication request in response to the identity authentication node receiving the identity authentication request sent by the first identity analysis node, where the identity authentication node is a node in a blockchain network;
a first certificate issuing module 320, configured to issue, to the first identity resolution node, an identity credential that proves the identity of the first identity resolution node in response to the identity information passing the audit;
a qualification auditing module 330, configured to receive a qualification request sent by the first identifier resolution node by a qualification authentication node, and audit qualification information and a signature identity credential of the first identifier resolution node in the qualification request, where the qualification authentication node is a node in the blockchain network, and the signature identity credential of the first identifier resolution node is obtained by signing an identity credential of the first identifier resolution node by the first identifier resolution node using a public-private key pair private key of the first identifier resolution node;
And the second certificate issuing module 340 is configured to issue, to the first identity resolution node, a qualification certificate for proving the qualification of the first identity resolution node, in response to the qualification information and the signature identity credential of the first identity resolution node passing the verification.
In an optional embodiment, the blockchain-based identification resolution node identity authentication device in the embodiment of the disclosure further includes: the identity authentication node determines the validity period of the identity credentials of the first identity analysis node; the qualification audit module 330 is further configured to:
the qualification authentication node verifies the signature in the signature identity credential by using a public key in a public-private key pair of the first identification analysis node;
responding to the signature in the signature identity credential to pass verification, and acquiring the identity credential of the first identification analysis node by the qualification authentication node according to the signature identity credential;
the qualification authentication node acquires the validity period of the identity credential of the first identification analysis node;
the qualification authentication node determines whether the identity credential of the first identification analysis node is valid according to the validity period;
And responding to the fact that the identity certificate of the first identification analysis node is valid, and checking qualification information of the first identification analysis node by the qualification authentication node.
In an optional embodiment, the blockchain-based identification resolution node identity authentication device in the embodiment of the disclosure further includes:
the first information generating module is configured to generate identity credential thing information of the first identity resolution node by using the identity authentication node, and store the identity credential thing information into the blockchain, where the identity credential thing information includes: the first identifier analyzes identity credential generation information and identity credential information of an identity credential of a node;
the second information generating module is configured to generate, by the qualification authentication node, qualification certificate transaction information of the first identifier resolution node, and store the qualification certificate transaction information to the blockchain, where the qualification certificate transaction information includes: and the first identifier analyzes the qualification certificate generation information and the qualification certificate information of the qualification certificate of the node.
In an optional embodiment, the blockchain-based identification resolution node identity authentication device in the embodiment of the disclosure further includes:
And the storage module is used for storing the identity certificate and the qualification certificate of the first identification analysis node to the blockchain by the first identification analysis node.
In an optional embodiment, the blockchain-based identification resolution node identity authentication device in the embodiment of the disclosure further includes:
the first sending module is configured to receive, by a second identifier resolution node, a transaction request sent by the first identifier resolution node, where the transaction request includes: the signature qualification certificate of the first identification analysis node is obtained by signing the qualification certificate of the first identification analysis node by the first identification analysis node through a public key and private key pair private key of the first identification analysis node;
the first verification module is used for verifying the signature of the signature qualification certificate of the first identification analysis node by the second identification analysis node through the public key and the private key pair of the first identification analysis node;
the second sending module is used for responding to the fact that the signature of the signature qualification certificate of the first identification analysis node passes verification, and the second identification analysis node feeds back the processing result of the information to be transacted and the signature qualification certificate of the second identification analysis node to the first identification analysis node, wherein the signature qualification certificate of the second identification analysis node is obtained by signing the qualification certificate of the second identification analysis node by the second identification analysis node through a public key and a private key of the second identification analysis node;
The second verification module is used for verifying the signature of the signature qualification certificate of the second identification analysis node by the first identification analysis node through the public key and the private key pair of the second identification analysis node;
and the processing module is used for responding to the signature passing of the signature qualification certificate of the second identification analysis node, and the first identification analysis node processes the processing result of the information to be transacted.
In an optional embodiment, the second sending module in the embodiment of the disclosure is further configured to:
responding to the verification that the signature of the signature qualification certificate of the first identification analysis node passes, and the second identification analysis node acquires qualification certificate thing information of the first identification analysis node;
the second identification analysis node determines whether the qualification certificate of the first identification analysis node accords with a preset qualification certificate verification condition according to the qualification certificate thing information of the first identification analysis node;
and responding to the qualification certificate of the first identification analysis node conforming to the preset qualification certificate verification condition, and feeding back the processing result of the information to be transacted and the signature qualification certificate of the second identification analysis node to the first identification analysis node by the second identification analysis node.
In an alternative embodiment, the processing module in the embodiments of the disclosure is further configured to:
the responding to the signature of the signature qualification certificate of the second identification analysis node passes verification, and the first identification analysis node processes the processing result of the information to be transacted, including:
responding to the verification that the signature of the signature qualification certificate of the second identification analysis node passes, and the first identification analysis node acquires qualification certificate thing information of the second identification analysis node;
the first identification analysis node determines whether the qualification certificate of the second identification analysis node accords with the preset qualification certificate verification condition according to the qualification certificate thing information of the second identification analysis node;
and responding to the qualification certificate of the second identification analysis node conforming to the preset qualification certificate verification condition, and processing the processing result of the information to be transacted by the first identification analysis node.
In addition, the embodiment of the disclosure also provides an electronic device, which comprises:
a memory for storing a computer program;
and the processor is used for executing the computer program stored in the memory, and when the computer program is executed, the identity authentication method of the block chain-based identification analysis node is realized.
Fig. 9 is a schematic structural diagram of an application embodiment of the electronic device of the present disclosure. Next, an electronic device according to an embodiment of the present disclosure is described with reference to fig. 9. The electronic device may be either or both of the first device and the second device, or a stand-alone device independent thereof, which may communicate with the first device and the second device to receive the acquired input signals therefrom.
As shown in fig. 9, the electronic device includes one or more processors and memory.
The processor may be a Central Processing Unit (CPU) or other form of processing unit having data processing and/or instruction execution capabilities, and may control other components in the electronic device to perform the desired functions.
The memory may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. The volatile memory may include, for example, random Access Memory (RAM) and/or cache memory (cache), and the like. The non-volatile memory may include, for example, read Only Memory (ROM), hard disk, flash memory, and the like. One or more computer program instructions may be stored on the computer readable storage medium that can be executed by a processor to implement the blockchain-based identification resolution node identity authentication method and/or other desired functions of the various embodiments of the present disclosure described above.
In one example, the electronic device may further include: input devices and output devices, which are interconnected by a bus system and/or other forms of connection mechanisms (not shown).
In addition, the input device may include, for example, a keyboard, a mouse, and the like.
The output device may output various information including the determined distance information, direction information, etc., to the outside. The output means may include, for example, a display, speakers, a printer, and a communication network and remote output devices connected thereto, etc.
Of course, only some of the components of the electronic device relevant to the present disclosure are shown in fig. 9 for simplicity, components such as buses, input/output interfaces, and the like being omitted. In addition, the electronic device may include any other suitable components depending on the particular application.
In addition to the methods and apparatus described above, embodiments of the present disclosure may also be a computer program product comprising computer program instructions which, when executed by a processor, cause the processor to perform the steps in a blockchain-based identification resolution node identity authentication method according to various embodiments of the present disclosure described in the above section of the present specification.
The computer program product may write program code for performing the operations of embodiments of the present disclosure in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server.
Further, embodiments of the present disclosure may also be a computer-readable storage medium having stored thereon computer program instructions that, when executed by a processor, cause the processor to perform the steps in a blockchain-based identification resolution node identity authentication method according to various embodiments of the present disclosure described in the above section of the present description.
The computer readable storage medium may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware associated with program instructions, where the foregoing program may be stored in a computer readable storage medium, and when executed, the program performs steps including the above method embodiments; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
The basic principles of the present disclosure have been described above in connection with specific embodiments, however, it should be noted that the advantages, benefits, effects, etc. mentioned in the present disclosure are merely examples and not limiting, and these advantages, benefits, effects, etc. are not to be considered as necessarily possessed by the various embodiments of the present disclosure. Furthermore, the specific details disclosed herein are for purposes of illustration and understanding only, and are not intended to be limiting, since the disclosure is not necessarily limited to practice with the specific details described.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different manner from other embodiments, so that the same or similar parts between the embodiments are mutually referred to. For system embodiments, the description is relatively simple as it essentially corresponds to method embodiments, and reference should be made to the description of method embodiments for relevant points.
The block diagrams of the devices, apparatuses, devices, systems referred to in this disclosure are merely illustrative examples and are not intended to require or imply that the connections, arrangements, configurations must be made in the manner shown in the block diagrams. As will be appreciated by one of skill in the art, the devices, apparatuses, devices, systems may be connected, arranged, configured in any manner. Words such as "including," "comprising," "having," and the like are words of openness and mean "including but not limited to," and are used interchangeably therewith. The terms "or" and "as used herein refer to and are used interchangeably with the term" and/or "unless the context clearly indicates otherwise. The term "such as" as used herein refers to, and is used interchangeably with, the phrase "such as, but not limited to.
The methods and apparatus of the present disclosure may be implemented in a number of ways. For example, the methods and apparatus of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, firmware. The above-described sequence of steps for the method is for illustration only, and the steps of the method of the present disclosure are not limited to the sequence specifically described above unless specifically stated otherwise. Furthermore, in some embodiments, the present disclosure may also be implemented as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
It is also noted that in the apparatus, devices and methods of the present disclosure, components or steps may be disassembled and/or assembled. Such decomposition and/or recombination should be considered equivalent to the present disclosure.
The previous description of the disclosed aspects is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these aspects will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other aspects without departing from the scope of the disclosure. Thus, the present disclosure is not intended to be limited to the aspects shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing description has been presented for purposes of illustration and description. Furthermore, this description is not intended to limit the embodiments of the disclosure to the form disclosed herein. Although a number of example aspects and embodiments have been discussed above, a person of ordinary skill in the art will recognize certain variations, modifications, alterations, additions, and subcombinations thereof.
Claims (10)
1. The identity authentication method of the identification analysis node based on the blockchain is characterized by comprising the following steps:
Responding to an identity authentication request sent by a first identity analysis node received by an identity authentication node, and checking the identity information of the first identity analysis node in the identity authentication request, wherein the identity authentication node is a node in a blockchain network;
in response to the identity information passing the audit, the identity authentication node issues an identity credential to the first identity resolution node that attests to the identity of the first identity resolution node;
a qualification authentication node receives a qualification authentication request sent by a first identification analysis node and examines qualification information and signature identity credentials of the first identification analysis node in the qualification authentication request, wherein the qualification authentication node is a node in the blockchain network, and the signature identity credentials of the first identification analysis node are obtained by signing the identity credentials of the first identification analysis node by the first identification analysis node through a public key and a private key of the first identification analysis node;
and responding to the qualification information and the signature identity certificate of the first identification analysis node to pass the verification, and issuing a qualification certificate for proving the qualification of the first identification analysis node to the first identification analysis node by the qualification authentication node.
2. The method of claim 1, wherein prior to the identity authentication node issuing an identity credential to the first identity resolution node that attests to the identity of the first identity resolution node, further comprising:
the identity authentication node determines the validity period of the identity credentials of the first identity analysis node;
the verifying the qualification information and the signature identity credential of the first identification analysis node in the qualification authentication request comprises the following steps:
the qualification authentication node verifies the signature in the signature identity credential by using a public key in a public-private key pair of the first identification analysis node;
responding to the signature in the signature identity credential to pass verification, and acquiring the identity credential of the first identification analysis node by the qualification authentication node according to the signature identity credential;
the qualification authentication node acquires the validity period of the identity credential of the first identification analysis node;
the qualification authentication node determines whether the identity credential of the first identification analysis node is valid according to the validity period;
and responding to the fact that the identity certificate of the first identification analysis node is valid, and checking qualification information of the first identification analysis node by the qualification authentication node.
3. The method of claim 1, wherein after the identity authentication node issues an identity credential to the first identity resolution node that attests to the identity of the first identity resolution node, further comprising:
the identity authentication node generates identity credential thing information of the first identity analysis node and stores the identity credential thing information into the blockchain, wherein the identity credential thing information comprises: the first identifier analyzes identity credential generation information and identity credential information of an identity credential of a node;
after the qualification authentication node issues a qualification certificate for proving the qualification of the first identification analysis node to the first identification analysis node, the method further comprises:
the qualification authentication node generates qualification certificate transaction information of the first identification analysis node and stores the qualification certificate transaction information to the blockchain, wherein the qualification certificate transaction information comprises: and the first identifier analyzes the qualification certificate generation information and the qualification certificate information of the qualification certificate of the node.
4. A method according to any of claims 1-3, wherein after the qualification node issues a qualification certificate to the first identity resolution node for certifying the qualification of the first identity resolution node, further comprising:
The first identity resolution node stores the identity credential and qualification credentials of the first identity resolution node to the blockchain.
5. A method according to any of claims 1-3, wherein after the qualification node issues a qualification certificate to the first identity resolution node for certifying the qualification of the first identity resolution node, further comprising:
a second identification analysis node receives a transaction request sent by the first identification analysis node, wherein the transaction request comprises: the signature qualification certificate of the first identification analysis node is obtained by signing the qualification certificate of the first identification analysis node by the first identification analysis node through a public key and private key pair private key of the first identification analysis node;
the second identification analysis node verifies the signature of the signature qualification certificate of the first identification analysis node by using the public key of the public key pair of the first identification analysis node;
responding to the signature of the signature qualification certificate of the first identification analysis node to pass verification, and feeding back a processing result of the information to be transacted and the signature qualification certificate of the second identification analysis node to the first identification analysis node by the second identification analysis node, wherein the signature qualification certificate of the second identification analysis node is obtained by signing the qualification certificate of the second identification analysis node by the second identification analysis node through a public-private key pair private key of the second identification analysis node;
The first identification analysis node verifies the signature of the signature qualification certificate of the second identification analysis node by using the public key of the public key pair of the second identification analysis node;
and responding to the signature of the signature qualification certificate of the second identification analysis node to pass verification, and processing the processing result of the information to be transacted by the first identification analysis node.
6. The method of claim 5, wherein the responding to the signature of the signature qualification certificate of the first identity resolution node passing verification, the second identity resolution node feeding back the processing result of the information to be transacted and the signature qualification certificate of the second identity resolution node to the first identity resolution node comprises:
responding to the verification that the signature of the signature qualification certificate of the first identification analysis node passes, and the second identification analysis node acquires qualification certificate thing information of the first identification analysis node;
the second identification analysis node determines whether the qualification certificate of the first identification analysis node accords with a preset qualification certificate verification condition according to the qualification certificate thing information of the first identification analysis node;
And responding to the qualification certificate of the first identification analysis node conforming to the preset qualification certificate verification condition, and feeding back the processing result of the information to be transacted and the signature qualification certificate of the second identification analysis node to the first identification analysis node by the second identification analysis node.
7. The method of claim 6, wherein the processing by the first identity resolution node of the processing result of the information to be transacted in response to the signature of the signature qualification certificate of the second identity resolution node being verified, comprises:
responding to the verification that the signature of the signature qualification certificate of the second identification analysis node passes, and the first identification analysis node acquires qualification certificate thing information of the second identification analysis node;
the first identification analysis node determines whether the qualification certificate of the second identification analysis node accords with the preset qualification certificate verification condition according to the qualification certificate thing information of the second identification analysis node;
and responding to the qualification certificate of the second identification analysis node conforming to the preset qualification certificate verification condition, and processing the processing result of the information to be transacted by the first identification analysis node.
8. The utility model provides a mark analysis node identity authentication device based on blockchain which characterized in that includes:
the identity verification module is used for responding to the identity authentication request sent by the first identity analysis node received by the identity authentication node and verifying the identity information of the first identity analysis node in the identity authentication request, wherein the identity authentication node is a node in a blockchain network;
the first certificate issuing module is used for responding to the passing of the verification of the identity information, and the identity authentication node issues an identity certificate for proving the identity of the first identity analysis node to the first identity analysis node;
the qualification auditing module is used for receiving a qualification authentication request sent by the first identification analysis node by a qualification authentication node, and auditing qualification information and signature identity credentials of the first identification analysis node in the qualification authentication request, wherein the qualification authentication node is a node in the blockchain network, and the signature identity credentials of the first identification analysis node are obtained by signing the identity credentials of the first identification analysis node by the first identification analysis node through a public key and a private key of the first identification analysis node;
And the second certificate issuing module is used for responding to the qualification information and the signature identity certificate of the first identification analysis node to pass the verification, and the qualification authentication node issues a qualification certificate for proving the qualification of the first identification analysis node to the first identification analysis node.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing a computer program stored in the memory and which, when executed, implements the blockchain-based identification resolution node identity authentication method of any of the preceding claims 1-7.
10. A computer readable storage medium having stored thereon a computer program, which when executed by a processor, implements the blockchain-based identity authentication method of identity resolution nodes of any of the preceding claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310390639.4A CN116132071B (en) | 2023-04-13 | 2023-04-13 | Identity authentication method and device for identification analysis node based on blockchain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310390639.4A CN116132071B (en) | 2023-04-13 | 2023-04-13 | Identity authentication method and device for identification analysis node based on blockchain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116132071A CN116132071A (en) | 2023-05-16 |
| CN116132071B true CN116132071B (en) | 2023-06-27 |
Family
ID=86295942
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310390639.4A Active CN116132071B (en) | 2023-04-13 | 2023-04-13 | Identity authentication method and device for identification analysis node based on blockchain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116132071B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116846908B (en) * | 2023-08-31 | 2023-10-27 | 北京大学 | Method and platform for sharing Handle identification data based on blockchain |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106899410A (en) * | 2016-09-13 | 2017-06-27 | 中国移动通信有限公司研究院 | A kind of method and device of equipment identities certification |
| CN115208698A (en) * | 2022-09-15 | 2022-10-18 | 中国信息通信研究院 | Block chain-based Internet of things identity authentication method and device |
| CN115618399A (en) * | 2021-07-15 | 2023-01-17 | 腾讯科技(深圳)有限公司 | Identity authentication method and device based on block chain, electronic equipment and readable medium |
-
2023
- 2023-04-13 CN CN202310390639.4A patent/CN116132071B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106899410A (en) * | 2016-09-13 | 2017-06-27 | 中国移动通信有限公司研究院 | A kind of method and device of equipment identities certification |
| WO2018050081A1 (en) * | 2016-09-13 | 2018-03-22 | 中国移动通信有限公司研究院 | Device identity authentication method and apparatus, electric device, and storage medium |
| CN115618399A (en) * | 2021-07-15 | 2023-01-17 | 腾讯科技(深圳)有限公司 | Identity authentication method and device based on block chain, electronic equipment and readable medium |
| CN115208698A (en) * | 2022-09-15 | 2022-10-18 | 中国信息通信研究院 | Block chain-based Internet of things identity authentication method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116132071A (en) | 2023-05-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101849917B1 (en) | Method for providing certificate service based on smart contract and server using the same | |
| JP2023106528A (en) | System and method for authenticating off-chain data based on proof verification | |
| US8898764B2 (en) | Authenticating user through web extension using token based authentication scheme | |
| CN112202705A (en) | Digital signature verification generation and verification method and system | |
| CN115361233B (en) | Block chain-based electronic document signing method, device, equipment and medium | |
| CN115460019B (en) | Method, apparatus, device and medium for providing digital identity-based target application | |
| CN115208698B (en) | Block chain-based Internet of things identity authentication method and device | |
| US9184919B2 (en) | Systems and methods for generating and using multiple pre-signed cryptographic responses | |
| CN112199721A (en) | Authentication information processing method, device, equipment and storage medium | |
| KR20220123642A (en) | Methods and devices for automated digital certificate verification | |
| CN116132071B (en) | Identity authentication method and device for identification analysis node based on blockchain | |
| CN111031074B (en) | Authentication method, server and client | |
| KR101849920B1 (en) | Method for providing certificate service based on m of n multiple signatures in use of merkle tree structure and server using the same | |
| CN115964733B (en) | Block chain-based data sharing method and device, electronic equipment and storage medium | |
| CN113221133A (en) | Data transmission method and device | |
| CN115982247B (en) | Block chain-based account information query method and device, equipment and medium | |
| KR20180041050A (en) | Method for providing certificate service based on m of n multiple signatures in use of merkle tree structure and server using the same | |
| WO2004012415A1 (en) | Electronic sealing for electronic transactions | |
| KR101890587B1 (en) | Method for providing certificate service based on m of n multiple signatures in use of merkle tree structure and server using the same | |
| CN115550060A (en) | Block chain based trusted certificate verification method, apparatus, device and medium | |
| CN113746916A (en) | Block chain-based third-party service providing method, system and related node | |
| CN114448729B (en) | Identity authentication method and device for client in industrial internet | |
| CN115664861B (en) | Identity information verification method and device based on block chain, equipment and medium | |
| CN116975937B (en) | Anonymous attestation method and anonymous verification method | |
| CN116975936B (en) | Finance qualification proving method and finance qualification verifying method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |