CN116827520A - Distributed identity authentication system based on WEB3 technology - Google Patents
Distributed identity authentication system based on WEB3 technology Download PDFInfo
- Publication number
- CN116827520A CN116827520A CN202311099963.7A CN202311099963A CN116827520A CN 116827520 A CN116827520 A CN 116827520A CN 202311099963 A CN202311099963 A CN 202311099963A CN 116827520 A CN116827520 A CN 116827520A
- Authority
- CN
- China
- Prior art keywords
- authentication
- nodes
- user
- node
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000005516 engineering process Methods 0.000 title claims abstract description 23
- 238000012545 processing Methods 0.000 claims abstract description 19
- 238000004364 calculation method Methods 0.000 claims abstract description 9
- 239000012634 fragment Substances 0.000 claims description 30
- 238000000034 method Methods 0.000 claims description 16
- 238000004891 communication Methods 0.000 claims description 8
- 238000012937 correction Methods 0.000 claims description 4
- 238000012795 verification Methods 0.000 claims description 4
- 230000006835 compression Effects 0.000 claims description 3
- 238000007906 compression Methods 0.000 claims description 3
- 238000010606 normalization Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 claims description 3
- 238000012163 sequencing technique Methods 0.000 claims 1
- 238000010187 selection method Methods 0.000 abstract description 2
- 230000007246 mechanism Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000013468 resource allocation Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000001815 facial effect Effects 0.000 description 1
- 230000002068 genetic effect Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0464—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
- H04L67/1008—Server selection for load balancing based on parameters of servers, e.g. available memory or workload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a distributed identity authentication system based on WEB3 technology, which comprises a plurality of authentication nodes connected to a distributed blockchain network, wherein each authentication node can be used for registering a user, receiving an authentication request and processing the authentication request; the authentication system comprises the steps of processing authentication information of a first user, generating n pieces of information, respectively transmitting the n pieces of information to n authentication nodes and establishing authentication indexes; after receiving authentication requests of other users to the first user, the authentication system selects m authentication nodes as selected authentication nodes, wherein the selection method comprises the steps of extracting operation resource load conditions of the authentication nodes from the blockchain network, calculating candidate indexes based on a specific calculation formula, and sorting the candidate indexes from high to low according to the candidate indexes so as to select proper authentication nodes.
Description
Technical Field
The invention relates to the field of electric digital processing. In particular to a distributed identity authentication system based on WEB3 technology.
Background
With the rapid popularization of digital technology in the current society and the gradual push of WEB3 technology in the use of the Internet, the identity authentication of users in the Internet has become a crucial technology. Whether shopping on the internet, accessing sensitive personal information, or performing various business operations, authentication is required to ensure security. Conventional authentication systems typically rely on a centralized server to store and verify the identity information of the user. However, there are a number of problems with this approach: once a centralized server is attacked or fails, it may result in the leakage or loss of large amounts of user data.
With the development of blockchain and distributed network technologies, new solutions are provided. Blockchain technology is a decentralized distributed database in which all transactions are validated by nodes in the network and transaction records cannot be altered once they are stored in the blockchain, providing a highly secure and reliable system. By utilizing the technology, a novel distributed identity authentication system can be designed, so that the identity information of the user is stored on a plurality of scattered nodes, and the system is not just a centralized server, thereby greatly improving the security of data. However, it is a challenging task to design such a system such that it can both guarantee a high degree of security and achieve an effective load balancing to guarantee stability and efficiency of the system.
According to the disclosed technical scheme, the bulletin number CN111935753B provides a user association and resource allocation method for load balancing, which establishes a random game model by considering the influence of the current network state on the user income, and performs user association and resource allocation based on a multi-agent Q learning algorithm, thereby realizing the load balancing of the network and improving the network throughput on the premise of ensuring the service quality of the user; the technical solution of publication No. JP2014016998A proposes an authentication device capable of preventing information leakage for authentication, which is generally implemented as a tablet computer, by storing authentication information in a plurality of locations inside and outside the device, respectively, so as to protect the authentication information from being easily broken; the technical scheme with the publication number of KR1020140088396A provides a system and a method for preventing the distributed denial of service attack, which are used for preventing traffic from abnormal users according to the authentication result of an authentication processing unit, so that the distributed denial of service attack consuming network bandwidth is effectively prevented as a technical effect.
The technical proposal provides a plurality of authentication means or authentication system structures based on the distributed storage system; however, the technical schemes of access, storage, registration and authentication based on a large amount of user data under the WEB3 technology are not mentioned at present.
The foregoing discussion of the background art is intended to facilitate an understanding of the present invention only. This discussion is not an admission or admission that any of the material referred to was common general knowledge.
Disclosure of Invention
The invention aims at providing a distributed identity authentication system based on WEB3 technology, which comprises a plurality of authentication nodes connected to a distributed blockchain network, wherein each authentication node can be used for registering a user, receiving an authentication request and processing the authentication request; the authentication system comprises the steps of processing authentication information of a first user, generating n pieces of information, respectively transmitting the n pieces of information to n authentication nodes and establishing authentication indexes; after receiving authentication requests of other users to the first user, the authentication system selects m authentication nodes as selected authentication nodes, wherein the selection method comprises the steps of extracting operation resource load conditions of the authentication nodes from the blockchain network, calculating candidate indexes based on a specific calculation formula, and sorting the candidate indexes from high to low according to the candidate indexes so as to select proper authentication nodes.
The invention adopts the following technical scheme: a distributed identity authentication system based on WEB3 technology, the authentication system comprising a plurality of authentication nodes; a plurality of the authentication nodes are based on distributed network communication connection, and each authentication node maintains communication connection with other authentication nodes;
each authentication node comprises a processor and a communication module; any of the authentication nodes includes means for performing the following:
broadcasting the self operation resource load condition to the distributed network periodically or aperiodically;
and also comprises
State 1, the authentication node is used as a registration authentication node:
receiving identity authentication information from a first user; and
splitting the identity authentication information of the first user into n fragments, and randomly distributing the split identity authentication information fragments to n authentication nodes for storage;
further comprises:
state 2, the authentication node acts as a receiving authentication node:
receiving an identity authentication request from a second user to a first user and authentication information related to the first user to be verified; and is also provided with
Selecting m authentication nodes as selected authentication nodes, wherein m < n;
receiving the identity authentication information fragments belonging to the first user and sent by m selected authentication nodes, verifying the identity of the first user based on the received m identity authentication information fragments, and feeding back an authentication result to the second user;
further comprises:
state 3, the authentication node acting as the selected authentication node, comprising performing the following services:
sending the encrypted identity authentication information fragments to the receiving authentication node;
preferably, the distributed network connection form adopted by the plurality of authentication nodes is a blockchain network, namely, one blockchain is commonly maintained by the plurality of authentication nodes; the authentication nodes can directly transmit data through a distributed network, and can selectively store the data in a blockchain;
preferably, the authentication nodes comprise establishing an authentication index between a first user and the corresponding n authentication nodes, and broadcasting the authentication index to a blockchain network;
preferably, the authentication information from the first user includes: literal information, image information, biological information;
preferably, the authentication node, after receiving the identity authentication information from the first user, comprises the following processing steps for the identity authentication information: normalization processing, compression processing, and encryption processing;
preferably, the receiving authentication node performs the following steps for selecting m authentication nodes as the selected authentication nodes:
s100: extracting the current operation resource load conditions of n authentication nodes storing the identity authentication information fragments of the first user from the blockchain network, and marking the current operation resource load conditions as candidate authentication nodes;
s200: calculating a candidate index s for each of n candidate authentication nodes based on the following calculation formula:
;
wherein wl is the current load percentage of the candidate authentication node, λ is the load correction coefficient and λ >1, e is the natural logarithm; sp is the average verification time of the candidate authentication node; lag is the network delay of the receiving authentication node and the candidate authentication node; ran is a random number and 0< ran is less than or equal to 1;
k 1 、k 2 、k 3 、k 4 for the weight coefficients of the above items, the related technicians perform specific setting according to the actual running condition and authentication condition of the distributed network;
s300: sorting the candidate indexes s of n candidate authentication nodes from high to low, and selecting m candidate authentication nodes with top ranking as the selected authentication nodes;
preferably, the encryption processing of the authentication information of the first user is a hash algorithm, so as to obtain a hash value HS of the authentication information of the first user.
The beneficial effects obtained by the invention are as follows:
the authentication system of the invention improves the security of data by splitting the identity authentication information of the user into fragments and distributing the fragments to a plurality of authentication nodes; when a single node is attacked or fails, the whole information cannot be leaked or lost.
The authentication system adopts a block chain network connection form, and ensures the authenticity and traceability of the identity authentication information by utilizing the non-tamperability and decentralization characteristics of the block chain; meanwhile, the authentication index is broadcast to the block chain network, so that the transparency of the whole process is improved;
according to the authentication system, the operation resource load condition of each authentication node is broadcasted periodically, then the candidate index is calculated based on a specific calculation formula, and the nodes with sufficient operation resources are selected for identity authentication, so that effective load balance is realized, the stability and the high efficiency of the system are ensured, and meanwhile, the user experience is improved;
the authentication system adopts modularized design for each software and hardware part, thereby being convenient for upgrading or replacing related software and hardware environments in the future and reducing the use cost.
Drawings
The invention will be further understood from the following description taken in conjunction with the accompanying drawings. The components in the figures are not necessarily to scale, emphasis instead being placed upon illustrating the principles of the embodiments. Like reference numerals designate corresponding parts throughout the different views.
Reference numerals illustrate: 10-a distributed network; 100-authenticating a node; 201-registering an authentication node; 202-receiving an authentication node; 210-a first user; 220-a second user;
FIG. 1 is a schematic diagram of an analysis system according to the present invention;
FIG. 2 is a schematic diagram of an embodiment of the present invention in which a first user accesses the analysis system;
FIG. 3 is a schematic diagram of an embodiment of the present invention in which a second user accesses the analysis system;
fig. 4 is a schematic diagram of steps for implementing identity authentication information of a first user according to an embodiment of the present invention.
Detailed Description
In order to make the technical scheme and advantages of the present invention more apparent, the present invention will be further described in detail with reference to the following examples thereof; it should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention. Other systems, methods, and/or features of the present embodiments will be or become apparent to one with skill in the art upon examination of the following detailed description. It is intended that all such additional systems, methods, features and advantages be included within this description. Included within the scope of the invention and protected by the accompanying claims. Additional features of the disclosed embodiments are described in, and will be apparent from, the following detailed description.
The same or similar reference numbers in the drawings of embodiments of the invention correspond to the same or similar components; in the description of the present invention, it should be understood that, if any, the terms "upper," "lower," "left," "right," and the like indicate an orientation or a positional relationship based on the orientation or the positional relationship shown in the drawings, this is for convenience of description and simplification of the description, and does not indicate or imply that the apparatus or component to be referred to must have a specific orientation. The terms describing the positional relationship in the drawings are merely for illustrative purposes and are not to be construed as limiting the present patent, and specific meanings of the terms are understood by those of ordinary skill in the art according to specific circumstances.
Embodiment one: a distributed identity authentication system based on WEB3 technology is exemplarily proposed, and as shown in fig. 1, the authentication system includes a plurality of authentication nodes 100; a plurality of the authentication nodes 100 are communicatively connected based on the distributed network 10, and each of the authentication nodes 100 maintains a communication connection with other authentication nodes;
each of the authentication nodes 100 includes a processor and a communication module; any of the authentication nodes 100 comprises means for performing the following services:
broadcasting the self operation resource load condition to the distributed network periodically or aperiodically;
and also comprises
State 1, the authentication node is used as a registration authentication node:
receiving identity authentication information from a first user; and
splitting the identity authentication information of the first user into n fragments, and randomly distributing the split identity authentication information fragments to n authentication nodes for storage;
further comprises:
state 2, the authentication node acts as a receiving authentication node:
receiving an identity authentication request from a second user to a first user and authentication information related to the first user to be verified; and is also provided with
Selecting m authentication nodes as selected authentication nodes, wherein m < n;
receiving the identity authentication information fragments belonging to the first user and sent by m selected authentication nodes, verifying the identity of the first user based on the received m identity authentication information fragments, and feeding back an authentication result to the second user;
further comprises:
state 3, the authentication node acting as the selected authentication node, comprising performing the following services:
sending the encrypted identity authentication information fragments to the receiving authentication node;
preferably, the distributed network connection form adopted by the plurality of authentication nodes 100 is a blockchain network, namely, one blockchain 101 is commonly maintained by the plurality of authentication nodes 100; the authentication nodes 100 may directly transmit data through the distributed network 10, or may selectively store data in the blockchain 101;
preferably, the authentication nodes comprise establishing an authentication index between a first user and the corresponding n authentication nodes, and broadcasting the authentication index to a blockchain network;
preferably, the authentication information from the first user includes: literal information, image information, biological information;
preferably, the authentication node, after receiving the identity authentication information from the first user, comprises the following processing steps for the identity authentication information: normalization processing, compression processing, and encryption processing;
preferably, the receiving authentication node performs the following steps for selecting m authentication nodes as the selected authentication nodes:
s100: extracting the current operation resource load conditions of n authentication nodes storing the identity authentication information fragments of the first user from the blockchain network, and marking the current operation resource load conditions as candidate authentication nodes;
s200: calculating a candidate index s for each of n candidate authentication nodes based on the following calculation formula:
;
wherein wl is the current load percentage of the candidate authentication node, λ is the load correction coefficient and λ >1, e is the natural logarithm; sp is the average verification time of the candidate authentication node; lag is the network delay of the receiving authentication node and the candidate authentication node; ran is a random number and 0< ran is less than or equal to 1;
k 1 、k 2 、k 3 、k 4 for the weight coefficients of the above items, the related technicians perform specific setting according to the actual running condition and authentication condition of the distributed network;
s300: sorting the candidate indexes s of n candidate authentication nodes from high to low, and selecting m candidate authentication nodes with top ranking as the selected authentication nodes;
preferably, the encryption processing of the identity authentication information of the first user is a hash algorithm, so as to obtain a hash value HS of the identity authentication information of the first user;
wherein a distributed network refers to a computer network, which may include two or more computing units, also referred to as nodes; each node can independently run programs which have the capability of interacting and communicating with programs of other nodes; the main aim of the network structure is to realize resource sharing, improve the reliability and availability of the system, and improve the performance and efficiency of the system by distributing tasks to each node;
in a distributed network, no central server or master control node exists, all nodes are equal, and any node can directly communicate with any other node; the structure enables the system to resist single-point faults better, because even if one node has a problem, other nodes can still operate;
in the authentication system described herein, for clarity of description, each node in the distributed network is referred to as an authentication node; in an exemplary embodiment, each node may refer to a separate entity that participates in the operation of the network; while a node may have different specific forms under different application conditions; the specific entity of the authentication node may be, for example:
a single computer, each node being a separate computer running an application program that participates in the distributed network; the computer may be a desktop computer, a laptop computer, a palmtop computer, a tablet computer, a mobile phone, or other computing device, or may be a server; the computer may be running in a home, office, or data center;
alternatively, the authentication node may be a cluster of servers, such as in a large data center or cloud computing environment, one authentication node may be made up of multiple servers working together to provide services to a distributed network; such "nodes" can handle more workload, providing higher performance;
alternatively, the authentication node may be a virtual machine or container; in a cloud computing or virtualized environment, an authentication node may be a virtual machine or a container; virtual machines or containers run on physical hardware, but they provide an isolated environment that can run their own operating systems and software;
optionally, the authentication node may be an internet of things device, in an internet of things (IoT) application, the authentication node may be a smart device, such as a smart home appliance, a sensor or an embedded system; these devices typically have limited computing power, but they can be connected to larger systems via networks, sharing data and resources;
further, the distributed network on which the authentication system is based is a blockchain-based distributed network;
a blockchain-based distributed network is a special type of distributed network that uses blockchains as its primary data structure and consensus mechanism; in a blockchain network, information is organized into a series of "blocks," each containing a batch of transactions or other types of data; each new chunk contains the hash value of the previous chunk and is added to the end of the chain; this way a continuous, unchangeable recording chain is formed;
wherein, the block chain has the advantages of a decentralization and consensus mechanism; the blockchain network is completely decentralised, and no central node or mechanism controls and maintains the whole network; instead, all network participants, i.e., the nodes described herein or more specifically the authentication nodes, collectively maintain a copy of the entire blockchain and verify and record newly stored data information, such as the first user's body authentication information;
also, to agree without a centralized authority, the blockchain network uses special consensus mechanisms, such as a Proof of Work (PoW) mechanism, proof of equity (PoS), delegate equity (Delegated Proof of Stake, DPoS), etc., so that individual authentication nodes in the blockchain network can have a high degree of consistency on the recorded data;
therefore, in the distributed network based on the WEB3 technology, the data attribution of the user is different from the network environment of the conventional centralized storage, so that the authentication node can exist in various forms to authenticate the identity of the user at any time and authenticate the data attribution of the user, and the description is not repeated here;
further, in the internet environment based on the Web3 technology, the personal information and the data control right of the user are enhanced unprecedentedly; under the new internet technology system, all data of the user, including text content, pictures, sound, biological characteristic information and the like, can be digitized and directly related with the identity of the user, so that the user becomes the true owner of the data of the user;
in a Web3 environment, all types of user data can be digitized; the text content and the pictures can be converted into digital codes through hashing or encryption technology; sound and biometric information, such as facial recognition data, fingerprints, or genetic information, may also be converted to digital format by special algorithms; such digitized data may be stored in a de-centralized storage network, such as IPFS (InterPlanetary File System, distributed file system), to ensure persistence and accessibility of the data; meanwhile, by using encryption technology, the data can be highly secured against unauthorized access;
further, in the Web3 environment, the data ownership of the user is strengthened; the data of each user is directly associated with the digital identity thereof; meanwhile, by using the blockchain technology, the data ownership of the user can be recorded on a public, non-tamperable distributed ledger; this means that anyone can verify the ownership of a certain data, but cannot tamper with it; this approach not only protects the user's data privacy, but also allows the user to freely control his own data, such as sharing data, selling data, or using data for various applications;
based on the above settings, in an exemplary case, as shown in FIG. 2, when a user connects to the authentication system and makes an identity authentication, the user is considered to be the first user 210 described herein; the authentication node to which the first user 210 is connected is regarded as the registration authentication node 201, and the above-mentioned working steps of registering the authentication node are started;
in an exemplary case, as shown in fig. 3, when another user obtains data information, such as an article, a picture, a piece of music, etc., of which a nominal attribution is the first user 210, on a network based on the WEB3 technology, the other user may initiate an authentication request to the authentication system as the identity of the second user 220; when the second user 220 connects to the authentication system, the node to which it connects is then considered to be the receiving authentication node 202 and begins the working steps of receiving authentication nodes as mentioned above;
it should be noted that, in fig. 2 and fig. 3, the identity of each authentication node may be changed; that is, as an authentication node that registers the authentication node 201, after the step of registering authentication is completed, it will resume to be a general authentication node, and may be a reception authentication node when the second user 220 is connected to itself; alternatively, each arbitrary authentication node may become the candidate authentication node or the selected authentication node when the second user 220 connects to other authentication nodes as the receiving authentication node 202; the retention in fig. 3 indicates that the registration authentication node 201 is for clarity of presentation only and does not represent that the receiving authentication node cannot be coincident with the identity of the registration authentication node.
Embodiment two: this embodiment should be understood to include at least all of the features of any one of the preceding embodiments, and be further modified based thereon;
in an exemplary embodiment, after performing hash operation on the related identity authentication information of the first user, obtaining a hash value HS; the hash value HS is further split into n fragments, and after the n authentication nodes are respectively stored, the difficulty of damaging an authentication system by the outside is further improved;
meanwhile, the method based on secret sharing is used for dividing data, namely a hash value HS, into a plurality of fragments, and setting that at least m fragments (called threshold values) are needed to restore original data, wherein m is less than n, and the authentication system can still keep providing service redundancy for authentication service after part of authentication nodes crash;
in an exemplary embodiment, the dispensing step consists of the steps of:
e100: taking a prime number p larger than the hash value HS;
e200: taking the value m as a threshold value;
e300: creating a polynomial F of degree m-1, namely:;
setting a function F (x) to represent the remainder of the remainder operation of taking the remainder of the polynomial F on the prime number p, namely:
;
in the above formula, f (0) is made equal to the hash value HS; randomly selecting the remaining coefficients of the polynomial, namely a 1 ,a 2 ……a m-1 Ensuring that they are both less than prime number p; wherein mod is a remainder operation;
e400: assigning a random x value (x noteq 0) to each of the n authentication nodes, and calculating the value of f (x) in the above calculation formula to generate n fragments, wherein each fragment is a numerical value pair of (x, f (x));
e500: distributing the segments: respectively transmitting the generated n fragments to n authentication nodes;
the above distribution method has a key property that any m pieces can be used to recover the hash value HS, but m-1 pieces or less cannot provide any information about the hash value HS; this is achieved by lagrangian interpolation or similar interpolation techniques; by the method, sensitive data (such as hash value HS) can be safely segmented and distributed to a plurality of nodes, and the original data can be restored only by nodes with enough fragments;
it should be noted that, the value of m may be set by the related manager based on the number of nodes in the distributed network and the data security consideration; the numerical value of m which is too small has lower safety but occupies less operation resources, and the numerical value of m which is too large necessarily needs more nodes to participate in authentication, but the safety degree is improved; a balance of the relevant technician is required.
Embodiment III: this embodiment should be understood to include at least all of the features of any one of the preceding embodiments, and be further modified based thereon;
in some embodiments, the distributed network 10 and blockchain 101 may be compatible with other applications; for example, the distributed network 10 may accept remotely submitted operational requirements as part of a cloud computing platform; or the distributed network 10 and the blockchain 101 may together be the bottom layer of operation of a metauniverse running system; the individual nodes in the distributed network 10 are thus not all loaded solely on the operation of the authentication system, i.e. the authentication node itself may be responsible for other application operations;
for the authentication system described herein, when the need of a fast-acting user is required, in particular when a large number of second users may initiate identity authentication requests to a first user, the fast-acting on these requests is required, and multiple nodes are required to simultaneously effect;
thus, in some preferred embodiments, it is desirable to select an appropriate authentication as the selected authentication node based on the load conditions in the plurality of authentication nodes;
calculating a candidate index s for each of n candidate authentication nodes based on the following calculation formula:
;
wherein wl is the current load percentage of the candidate authentication node, λ is the load correction coefficient and λ >1, e is the natural logarithm; sp is the average verification time of the candidate authentication node; lag is the network delay of the receiving authentication node and the candidate authentication node; ran is a random number and 0< ran is less than or equal to 1;
in the above formula, the load condition of an authentication node is considered, and the load condition is calculated in an exponential form, and when the load is lower, the candidate index s is obviously improved;
in other aspects, the average authentication time of the authentication node and the network delay with the receiving authentication node are also considered;
and, add the random number ran, make when choosing the authentication node, introduce certain randomness, in order to avoid repeating the authentication at identical authentication node and producing the fixed law that can be pushed back.
While the invention has been described above with reference to various embodiments, it should be understood that many changes and modifications can be made without departing from the scope of the invention. That is, the methods, systems and devices discussed above are examples. Various configurations may omit, replace, or add various procedures or components as appropriate. For example, in alternative configurations, the methods may be performed in a different order than described, and/or various components may be added, omitted, and/or combined. Moreover, features described with respect to certain configurations may be combined in various other configurations, such as different aspects and elements of the configurations may be combined in a similar manner. Furthermore, as the technology evolves, elements therein may be updated, i.e., many of the elements are examples, and do not limit the scope of the disclosure or the claims.
Specific details are given in the description to provide a thorough understanding of exemplary configurations involving implementations. However, configurations may be practiced without these specific details, e.g., well-known circuits, processes, algorithms, structures, and techniques have been shown without unnecessary detail in order to avoid obscuring configurations. This description provides only an example configuration and does not limit the scope, applicability, or configuration of the claims. Rather, the foregoing description of the configuration will provide those skilled in the art with an enabling description for implementing the described techniques. Various changes may be made in the function and arrangement of elements without departing from the spirit or scope of the disclosure.
It is intended that the foregoing detailed description be regarded as illustrative rather than limiting, and that it be understood that it is intended that it be regarded as illustrative rather than limiting. Various changes and modifications to the present invention may be made by one skilled in the art after reading the teachings herein, and such equivalent changes and modifications are intended to fall within the scope of the invention as defined in the appended claims.
Claims (8)
1. A distributed identity authentication system based on WEB3 technology, which is characterized by comprising a plurality of authentication nodes; a plurality of the authentication nodes are based on distributed network communication connection, and each authentication node maintains communication connection with other authentication nodes;
each authentication node comprises a processor and a communication module; any of the authentication nodes includes means for performing the following:
broadcasting the self operation resource load condition to the distributed network periodically or aperiodically;
and also comprises
State 1, the authentication node is used as a registration authentication node:
receiving identity authentication information from a first user; and
splitting the identity authentication information of the first user into n fragments, and randomly distributing the split identity authentication information fragments to n authentication nodes for storage;
further comprises:
state 2, the authentication node acts as a receiving authentication node:
receiving an identity authentication request from a second user to a first user and authentication information related to the first user to be verified; and is also provided with
Selecting m authentication nodes as selected authentication nodes, wherein m < n;
receiving the identity authentication information fragments belonging to the first user and sent by m selected authentication nodes, verifying the identity of the first user based on the received m identity authentication information fragments, and feeding back an authentication result to the second user;
further comprises:
state 3, the authentication node acting as the selected authentication node, comprising performing the following services:
and sending the encrypted identity authentication information fragments to the receiving authentication node.
2. The authentication system of claim 1, wherein the distributed network connection employed by the plurality of authentication nodes is in the form of a blockchain network.
3. The authentication system of claim 2, wherein the authentication nodes include establishing an authentication index for a first user with corresponding n authentication nodes, and broadcasting the authentication index to a blockchain network.
4. The authentication system of claim 3, wherein the identity authentication information from the first user comprises: literal information, image information, biological information.
5. The authentication system of claim 4, wherein the authentication node, upon receiving the identity authentication information from the first user, comprises: normalization processing, compression processing, and encryption processing.
6. The authentication system of claim 5, wherein the receiving authentication node performs the steps of selecting m authentication nodes as the selected authentication nodes:
s100: extracting the current operation resource load conditions of n authentication nodes storing the identity authentication information fragments of the first user from the blockchain network, and marking the current operation resource load conditions as candidate authentication nodes;
s200: calculating a candidate index s for each of n candidate authentication nodes based on the following calculation formula:
;
wherein wl is the current load percentage of the candidate authentication node, λ is the load correction coefficient and λ >1, e is the natural logarithm; sp is the average verification time of the candidate authentication node; lag is the network delay of the receiving authentication node and the candidate authentication node; ran is a random number and 0< ran is less than or equal to 1;
k 1 、k 2 、k 3 、k 4 for the weight coefficients of the above items, the related technicians perform specific setting according to the actual running condition and authentication condition of the distributed network;
s300: and sequencing the candidate indexes s of the n candidate authentication nodes from high to low, and selecting m candidate authentication nodes with the top ranking as the selected authentication nodes.
7. The authentication system of claim 6, wherein the encryption process of the authentication information of the first user is a hash algorithm, thereby obtaining a hash value HS of the authentication information of the first user.
8. The authentication system of claim 7, wherein the steps of splitting the identity authentication information of the first user into n pieces and randomly distributing the split pieces of identity authentication information to the n authentication nodes for storage comprise:
e100: taking a prime number p larger than the hash value HS;
e200: taking the value m as a threshold value;
e300: creating a polynomial F of degree m-1, namely:;
setting a function F (x) to represent the remainder of the remainder operation of taking the remainder of the polynomial F on the prime number p, namely:
;
in the above formula, f (0) is made equal to the hash value HS; randomly selecting the remaining coefficients of the polynomial, namely a 1 ,a 2 ……a m-1 Ensuring that they are both less than prime number p; wherein mod is a remainder operation;
e400: assigning a random x value (x noteq 0) to each of the n authentication nodes, and calculating the value of f (x) in the above calculation formula to generate n fragments, wherein each fragment is a numerical value pair of (x, f (x));
e500: distributing the segments: and respectively transmitting the generated n fragments to n authentication nodes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311099963.7A CN116827520B (en) | 2023-08-30 | 2023-08-30 | Distributed identity authentication system based on WEB3 technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311099963.7A CN116827520B (en) | 2023-08-30 | 2023-08-30 | Distributed identity authentication system based on WEB3 technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116827520A true CN116827520A (en) | 2023-09-29 |
| CN116827520B CN116827520B (en) | 2023-10-27 |
Family
ID=88116992
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311099963.7A Active CN116827520B (en) | 2023-08-30 | 2023-08-30 | Distributed identity authentication system based on WEB3 technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116827520B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105071941A (en) * | 2015-07-31 | 2015-11-18 | 华为技术有限公司 | Method and device for identity authentication of nodes of distributed system |
| CN111324885A (en) * | 2020-02-17 | 2020-06-23 | 蒋子杰 | Distributed identity authentication method |
| CN112953981A (en) * | 2019-11-26 | 2021-06-11 | 北京沃东天骏信息技术有限公司 | Node selection method, block chain consensus method, device, system and equipment |
| CN115208669A (en) * | 2022-07-16 | 2022-10-18 | 中软航科数据科技(珠海横琴)有限公司 | Distributed identity authentication method and system based on block chain technology |
| CN115643047A (en) * | 2022-09-19 | 2023-01-24 | 杭州云象网络技术有限公司 | Block chain identity authentication method based on honest rewards |
| WO2023072959A1 (en) * | 2021-10-28 | 2023-05-04 | Nchain Licensing Ag | Methods and systems for distributed blockchain functionalities |
-
2023
- 2023-08-30 CN CN202311099963.7A patent/CN116827520B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105071941A (en) * | 2015-07-31 | 2015-11-18 | 华为技术有限公司 | Method and device for identity authentication of nodes of distributed system |
| CN112953981A (en) * | 2019-11-26 | 2021-06-11 | 北京沃东天骏信息技术有限公司 | Node selection method, block chain consensus method, device, system and equipment |
| CN111324885A (en) * | 2020-02-17 | 2020-06-23 | 蒋子杰 | Distributed identity authentication method |
| WO2023072959A1 (en) * | 2021-10-28 | 2023-05-04 | Nchain Licensing Ag | Methods and systems for distributed blockchain functionalities |
| CN115208669A (en) * | 2022-07-16 | 2022-10-18 | 中软航科数据科技(珠海横琴)有限公司 | Distributed identity authentication method and system based on block chain technology |
| CN115643047A (en) * | 2022-09-19 | 2023-01-24 | 杭州云象网络技术有限公司 | Block chain identity authentication method based on honest rewards |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116827520B (en) | 2023-10-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3673620B1 (en) | Shared blockchain data storage | |
| CN113711536B (en) | Extracting data from a blockchain network | |
| CN103039057B (en) | To moving medial according to the system and method protected | |
| CN107948152B (en) | Information storage method, information acquisition method, information storage device, information acquisition device and information acquisition equipment | |
| JP2018166000A (en) | Hierarchical network system, and node and program used in the same | |
| US20050240749A1 (en) | Secure storage of data in a network | |
| CN110602147B (en) | Data encryption safe storage method, system and storage medium based on cloud platform | |
| US10474831B1 (en) | Large network attached storage encryption | |
| CN103238305A (en) | Accelerator system for use with secure data storage | |
| CN103959302A (en) | Systems and methods for secure distributed storage | |
| CN103229165A (en) | Systems and methods for secure remote storage | |
| CN105071936A (en) | Systems and methods for secure data sharing | |
| EP3777022B1 (en) | Distributed access control | |
| CN103636160A (en) | Secure file sharing method and system | |
| CN105007302B (en) | A kind of mobile terminal data storage method | |
| CN111476572A (en) | Data processing method and device based on block chain, storage medium and equipment | |
| CN116249999A (en) | Consensus service for blockchain networks | |
| CN111353172B (en) | Hadoop cluster big data access method and system based on block chain | |
| CN116405929B (en) | Secure access processing method and system suitable for cluster communication | |
| Fu et al. | Searchable encryption scheme for multiple cloud storage using double‐layer blockchain | |
| CN111698198A (en) | Secret generation and share distribution | |
| CN111756684A (en) | System and method for transmitting confidential data | |
| US10348705B1 (en) | Autonomous communication protocol for large network attached storage | |
| CN112541820B (en) | Digital asset management method, device, computer equipment and readable storage medium | |
| CN116827520B (en) | Distributed identity authentication system based on WEB3 technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |