CN116980228A - Method and system for realizing anonymous identity login in Internet environment - Google Patents
Method and system for realizing anonymous identity login in Internet environment Download PDFInfo
- Publication number
- CN116980228A CN116980228A CN202311117918.XA CN202311117918A CN116980228A CN 116980228 A CN116980228 A CN 116980228A CN 202311117918 A CN202311117918 A CN 202311117918A CN 116980228 A CN116980228 A CN 116980228A
- Authority
- CN
- China
- Prior art keywords
- key
- user
- data
- signature
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 238000012795 verification Methods 0.000 claims abstract description 69
- 230000005540 biological transmission Effects 0.000 description 5
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 235000013372 meat Nutrition 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/53—Network services using third party service providers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The application belongs to the technical field of electronic information, and discloses a method and a system for realizing anonymous identity login in an internet environment: after receiving a login request of a user terminal, a third party service system sends a verification code to the user terminal; the user terminal signs the verification code by using a first private key to generate first signature data, encrypts the user identifier and the first signature data by using a group signature key to generate second encrypted data, and sends the second encrypted data to a third party service system; the third party service system decrypts the second encrypted data by using the group verification key and sends the decrypted data to the virtual identity service cloud platform; the virtual identity service cloud platform searches a first public key corresponding to the user identifier, verifies the first signature data by using the first public key, and sends a verification result to the third party service system; and if the verification is successful, allowing login. The application solves the problems of low security, heavy network load and large workload of authentication equipment in anonymous login authentication.
Description
Technical Field
The application belongs to the technical field of electronic information, and particularly relates to a method and a system for realizing anonymous identity login in an Internet environment.
Background
Information data gradually becomes a medium strength for promoting the development of social market economy in the current age, and the status of data information in social activities and production learning is more prominent and obvious. However, in the course of the formation and development of big data technology, personal information security and privacy security problems are particularly serious, which threatens personal safety and property safety of citizens.
In order to reduce the risk of the user, the real identity of the user is converted into the virtual identity, the user information is anonymously verified, and the leakage of the user identity information is avoided. In the prior art, for example, chinese patent CN113837848A, a method and apparatus for obtaining a transaction offer based on a group signature are disclosed, and a target group signature corresponding to the login information of a target user is generated based on the login information of the target user, a private key and an identity certificate; and sending the login information of the target user and the target group signature to the transaction server so that the transaction server performs group signature verification on the login information of the target user. When the user identity information is revoked, the transaction server continues to use the group signature to anonymously authenticate the user, so that illegal login is caused. For example, chinese patent CN108809953B discloses a method and apparatus for anonymous identity authentication based on blockchain, when a third party application receives a login request of a user, the third party application obtains an anonymous authentication address through the user, and then sends an authentication request containing the anonymous authentication address to an authentication service system; the client generates a message value, signs the message value by using a sub private key corresponding to the anonymous authentication address to obtain a signature value, generates authentication data according to the signature value and the anonymous authentication address, and broadcasts the authentication data to the network; the authentication server monitors the network according to the anonymous authentication address in the authentication request, and when the authentication data containing the anonymous authentication address is monitored, the authentication server acquires a signature value from the authentication data, and uses the anonymous authentication address to check the signature value. According to the method, the client broadcasts authentication data to the network, the network burden is increased, and the authentication server needs to analyze the authentication data to judge whether the authentication data contains an anonymous authentication address, so that the task amount of the authentication server is increased.
Therefore, the method and the system for realizing anonymous identity login in the internet environment are provided to improve the security of anonymous login authentication, reduce the network load and reduce the task amount of authentication equipment, and are the problems to be solved urgently.
Disclosure of Invention
Aiming at the technical problems, the application provides a method and a system for realizing anonymous identity login in an Internet environment.
In a first aspect, the present application provides a method for implementing anonymous identity login in an internet environment, where the method includes:
step 1, when a user logs in a third party service system, a login request is sent to the third party service system through a user terminal;
step 2, after receiving the login request, the third party service system sends a verification code to the user terminal;
step 3, the user terminal signs the verification code by using a first private key to generate first signature data, then encrypts the user identifier and the first signature data by using a group signature key to generate second encryption data, and sends the second encryption data to a third party service system;
step 4, the third party service system decrypts the second encrypted data by using the group verification key, and if the second encrypted data can be decrypted, the decrypted data is sent to the virtual identity service cloud platform;
step 5, the virtual identity service cloud platform searches whether the user identifier exists in a first storage unit of the virtual identity service cloud platform based on the user identifier, if so, the first signature data is verified by using a first public key corresponding to the user identifier, and then a verification result is sent to a third party service system;
step 6, if the verification is successful, allowing the user to log in; if the verification is unsuccessful, the login is refused.
Specifically, step 1 is preceded by:
step 11, a user terminal generates a first private key and a first public key, and sends an authentication request to a virtual identity service cloud platform, wherein the authentication request comprises the first public key and user identity information;
step 12, the virtual identity service cloud platform performs identity authentication on the user, generates a user identifier and a group signature key after the authentication is passed, and correspondingly stores the user identifier, the group signature key and the first public key in a first storage unit;
and step 13, the user identification and the group signature key are sent to the user terminal, and the user terminal correspondingly stores the user identification, the group signature key and the first private key in a second storage unit of the user terminal.
Specifically, the step 3 is preceded by:
step 311, the user terminal divides the first private key into a first signature private key and a second signature private key according to a preset division rule, distributes a first identifier for the first signature private key and the second signature private key, and then correspondingly stores the first identifier, the first signature private key, the second signature private key and the preset division rule in a second storage module of the user terminal;
step 312, the first identifier and the second signature private key are sent to the first terminal equipment within a preset distance, and the second signature private key is deleted from the second storage module;
step 313, the first terminal device stores the first identity and the second signature private key.
Specifically, in step 3, the user terminal signs the verification code by using the first private key to generate first signature data, which includes: when the verification code is required to be signed, the user terminal acquires a second signature private key from the first terminal equipment based on the first identifier, restores the first signature private key and the second signature private key according to a preset dividing rule to generate a first private key, and then signs the verification code by using the first private key to generate first signature data.
Specifically, step 11 includes:
step 111, the user terminal sends a connection request to the virtual identity service cloud platform, wherein the connection request comprises a user identification code;
step 112, after receiving the connection request, the virtual identity service cloud platform generates first connection data and second connection data for the user, correspondingly stores the user identification code, the first connection data and the second connection data in a third storage unit of the virtual identity service cloud platform, and then sends the first connection data to the user terminal, wherein the product of the first connection data and the second connection data is K;
step 113, the user terminal generates a third key, encrypts the first public key and the user identity information by using the third key, and obtains fifth encrypted data;
step 114, the user terminal multiplies the third key with the first connection data to obtain a fourth key, and then sends the user identification code, the fifth encryption data and the fourth key to the virtual identity service cloud platform.
Specifically, step 12 includes:
the virtual identity service cloud platform searches a third storage unit based on the user identification code to obtain second connection data, and then multiplies the second connection data by a fourth key to obtain a third key;
and decrypting the fifth encrypted data by using the third key to acquire the first public key and the user identity information.
In a second aspect, the present application also provides a system for implementing anonymous identity login in an internet environment, where the system includes: the system comprises a user terminal, a third party service system and a virtual identity service cloud platform;
the user terminal comprises a first sending module and a first encrypting module, and the third party service system comprises a first receiving module, a first verifying module and a login module;
the first sending module is used for sending a login request to the third party service system when the user logs in the third party service system;
the first receiving module is used for sending a verification code to the user terminal after receiving the login request;
the first encryption module is used for signing the verification code by using a first private key to generate first signature data, then encrypting the user identification and the first signature data by using a group signature key to generate second encryption data, and transmitting the second encryption data to the third party service system;
the first verification module is used for decrypting the second encrypted data by using the group verification key, and if the second encrypted data can be decrypted, the decrypted data is sent to the virtual identity service cloud platform;
the virtual identity service cloud platform is used for searching whether the user identifier exists in the first storage module of the virtual identity service cloud platform according to the user identifier, if so, verifying the first signature data by using a first public key corresponding to the user identifier, and then sending a verification result to the third party service system;
the login module is also used for allowing the user to login if the verification is successful; if the verification is unsuccessful, the login is refused.
The application discloses a method and a system for realizing anonymous identity login in an Internet environment, wherein a user uses a group signature key to encrypt a user identifier and first signature data to generate second encrypted data, a third party service system uses a group verification key corresponding to the group signature key to decrypt (i.e. verify) the second encrypted data, the user sending a login request can be one member of the group after decryption, the user is judged by a virtual identity service platform to be a legal user if the user identifier is stored, and then the first signature data is verified by using a first public key corresponding to the user identifier, and the user is allowed to login after verification is successful.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method for implementing anonymous identity registration in an Internet environment according to the present application;
fig. 2 is a schematic structural diagram of a system for implementing anonymous identity registration in an internet environment according to the present application.
Description of the embodiments
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be apparent that the particular embodiments described herein are merely illustrative of the present application and are some, but not all embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden on the person of ordinary skill in the art based on embodiments of the present application, are within the scope of the present application.
It should be noted that, if there is a description of "first", "second", etc. in the embodiments of the present application, the description of "first", "second", etc. is only for descriptive purposes, and is not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In addition, the technical solutions of the embodiments may be combined with each other, but it is necessary to base that the technical solutions can be realized by those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the combination of the technical solutions should be considered to be absent and not within the scope of protection claimed in the present application.
Fig. 1 is a flowchart of an embodiment of a method for implementing anonymous identity registration in an internet environment according to the present application, where the flowchart specifically includes:
and step 1, when a user logs in a third party service system, a login request is sent to the third party service system through a user terminal.
Specifically, step 1 is preceded by:
and 11, the user terminal generates a first private key and a first public key, and sends an authentication request to the virtual identity service cloud platform, wherein the authentication request comprises the first public key and user identity information.
And step 12, the virtual identity service cloud platform performs identity authentication on the user, generates a user identifier and a group signature key after the authentication is passed, and correspondingly stores the user identifier, the group signature key and the first public key in the first storage unit.
And step 13, the user identification and the group signature key are sent to the user terminal, and the user terminal correspondingly stores the user identification, the group signature key and the first private key in a second storage unit of the user terminal.
Preferably, the user identity information includes information for identity authentication such as name, sex, address, etc.
The virtual identity service cloud platform based on the trusted identity data source and the group signature technology is created, the real identity of the user is converted into the virtual identity, the binding relation between the virtual identity and the real identity, the behavior data of the virtual identity and the like can only be queried through the supervision account controlled by the relevant authorities, the risks of the user being searched by human meat, network violence and consumption discrimination are greatly reduced, the normal use of identity information of the user is not influenced, the security and the reliability of identity authentication are not reduced, the personal information of the user can be desensitized and protected, and the fact that the data source platform, the identity authentication platform and the Internet service platform are close to zero sensitive information identity authentication, trusted identity authentication sources, wide application scenes and the like is realized on the basis of realizing 'foreground anonymity and background real name'.
Specifically, step 11 includes:
step 111, the user terminal sends a connection request to the virtual identity service cloud platform, wherein the connection request comprises a user identification code.
Step 112, after receiving the connection request, the virtual identity service cloud platform generates first connection data and second connection data for the user, correspondingly stores the user identification code, the first connection data and the second connection data in a third storage unit of the virtual identity service cloud platform, and then sends the first connection data to the user terminal, wherein the product of the first connection data and the second connection data is K.
And 113, the user terminal generates a third key, encrypts the first public key and the user identity information by using the third key, and obtains fifth encrypted data.
Step 114, the user terminal multiplies the third key with the first connection data to obtain a fourth key, and then sends the user identification code, the fifth encryption data and the fourth key to the virtual identity service cloud platform.
Specifically, step 12 includes:
the virtual identity service cloud platform searches a third storage unit based on the user identification code to obtain second connection data, and then multiplies the second connection data by a fourth key to obtain a third key;
and decrypting the fifth encrypted data by using the third key to acquire the first public key and the user identity information.
When a user requests to register the virtual identity service cloud platform, the virtual identity service cloud platform distributes a connection data pair for transmitting identity information for the user, and the product of first connection data and second connection data in the connection data pair is a fixed value K. After receiving the first connection data, the user generates a third key for encrypting the data to be transmitted, encrypts the first public key and the user identity information to be transmitted by using the third key, and generates a fourth key by multiplying the first connection data by the third key. After the virtual identity service cloud platform obtains the first connection data, the third key can be obtained by multiplying the second connection data by the fourth key, and the fifth encrypted data is decrypted by the third key to obtain the first public key and the user identity information. Based on the method, the risk that the first public key and the user identity information are revealed in the transmission process is reduced, and in the data transmission process, even if the fourth secret key and the fifth encrypted data are stolen, an attacker cannot acquire the user identity information according to the fourth secret key, so that the safety of data transmission is improved.
Preferably, K has a value of 1. The third key is obtained by multiplying the third key by the first connection data, the second connection data is obtained by multiplying the fourth key, that is, the second connection data is multiplied by the third key by the first connection data, and the product of the first connection data and the second connection data is 1, and the result of multiplying the second connection data by the third key by the first connection data is the third key, that is, the third key may be obtained by multiplying the second connection data by the fourth key.
And step 2, after receiving the login request, the third party service system sends a verification code to the user terminal.
And step 3, the user terminal signs the verification code by using a first private key to generate first signature data, then encrypts the user identifier and the first signature data by using a group signature key to generate second encryption data, and sends the second encryption data to a third party service system.
Specifically, the step 3 is preceded by:
step 311, the user terminal divides the first private key into a first signature private key and a second signature private key according to a preset division rule, distributes a first identifier for the first signature private key and the second signature private key, and then correspondingly stores the first identifier, the first signature private key, the second signature private key and the preset division rule in a second storage module of the user terminal;
step 312, the first identifier and the second signature private key are sent to the first terminal equipment within a preset distance, and the second signature private key is deleted from the second storage module;
step 313, the first terminal device stores the first identity and the second signature private key.
Specifically, in step 3, the user terminal signs the verification code by using the first private key to generate first signature data, which includes: when the verification code is required to be signed, the user terminal acquires a second signature private key from the first terminal equipment based on the first identifier, restores the first signature private key and the second signature private key according to a preset dividing rule to generate a first private key, and then signs the verification code by using the first private key to generate first signature data.
Preferably, the user terminal and the first terminal device are connected through a communication path with high security, such as wifi, bluetooth, and the like.
The user terminal will generate a first signature private key and a second signature private key based on the first private key and store the first signature private key and the second signature private key on different terminal devices. When the verification code is signed by using the first private key, the second signature private key is obtained from the first terminal equipment, the first signature private key and the second signature private key are restored to the first private key according to a preset dividing rule, and the verification code is stored separately when the verification code is signed without using the first private key, so that the risk of stealing the first private key is reduced.
Preferably, the user terminal generates a second private key and a second public key, when the user terminal sends the first identifier and the second signature private key to the first terminal equipment within a preset distance, the second public key is used for encrypting the second signature private key, and the first terminal equipment stores the first identifier and the encrypted second signature private key; when the verification code needs to be signed, the user terminal obtains an encrypted second signature private key from the first terminal device based on the first identifier, and then decrypts the encrypted first signature private key by using the second private key to obtain the second signature private key.
As a technical solution of another embodiment of the present application, a user terminal generates a second private key and a second public key, and in step 3, the user terminal signs a verification code by using a first private key to generate first signature data, including the following steps:
step 321, the user terminal encrypts the verification code by using the second public key to generate third encrypted data, and then sends the third encrypted data to the first terminal device.
And step 322, the first terminal device signs the third encrypted data by using the second signature private key, and sends the signed third encrypted data to the user terminal.
Step 323, the user terminal decrypts the signed third encrypted data by using the second private key to obtain second signed data, and then signs the second signed data by using the first private key to generate the first signed data.
The user terminal uses the second private key to decrypt the signed third encrypted data to obtain second signature data, and the second signature data comprises a digital signature signed by using the second signature private key.
The encryption is carried out when the data transmission is carried out between the user terminal and the first terminal equipment, so that the safety of the data transmission is improved.
And 4, the third party service system decrypts the second encrypted data by using the group verification key, and if the second encrypted data can be decrypted, the decrypted data is sent to the virtual identity service cloud platform.
And the third party service system decrypts the second encrypted data by using the group verification key, if the second encrypted data can be decrypted, the user sending the login request can be a member of the group, the decrypted data is sent to the virtual identity service cloud platform for further verification, and if the second encrypted data cannot be decrypted, the login is refused.
And 5, the virtual identity service cloud platform searches whether the user identifier exists in a first storage unit of the virtual identity service cloud platform based on the user identifier, if so, the first signature data is verified by using a first public key corresponding to the user identifier, and then a verification result is sent to a third party service system.
Preferably, the verification result is verification success or verification failure.
And if the user identification is stored in the first storage unit of the virtual identity service cloud platform, the user is a legal user, then the first signature data is verified by using a first public key corresponding to the user identification, and if the verification is successful, the user identity is correct. After the user identity is verified by using the group verification key, the first signature data is further verified by using the first public key corresponding to the user identifier, so that the user identity is prevented from being stolen by other users in the group, and the security of anonymous identity login is improved.
Step 6, if the verification is successful, allowing the user to log in; if the verification is unsuccessful, the login is refused.
Fig. 2 is a schematic structural diagram of an embodiment of a system for implementing anonymous identity registration in an internet environment according to the present application. As shown in fig. 2, the system includes: a user terminal 10, a third party business system 20 and a virtual identity service cloud platform 30.
The user terminal 10 comprises a first sending module 101 and a first encrypting module 102, and the third party service system comprises a first receiving module 201, a first verifying module 202 and a logging-in module 203.
The first sending module 101 is configured to send a login request to the third party service system 20 when the user logs in to the third party service system 20.
The first receiving module 201 is configured to send a verification code to the user terminal 10 after receiving the login request.
The first encryption module 102 is configured to sign the verification code using the first private key to generate first signature data, then encrypt the user identifier and the first signature data using the group signature key to generate second encrypted data, and send the second encrypted data to the third party service system 20.
The first verification module 201 is configured to decrypt the second encrypted data using the group verification key, and if the second encrypted data can be decrypted, send the decrypted data to the virtual identity service cloud platform 30.
The virtual identity service cloud platform 30 is configured to search whether a user identifier exists in the first storage module 301 of the virtual identity service cloud platform according to the user identifier, if so, verify the first signature data by using a first public key corresponding to the user identifier, and then send a verification result to the third party service system 20.
The login module 203 is further configured to allow the user to login if the verification is successful; if the verification is unsuccessful, the login is refused.
It should be understood that, although the steps in the flowcharts of the embodiments of the present application are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in various embodiments may include multiple sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor do the order in which the sub-steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with at least a portion of the sub-steps or stages of other steps or other steps.
Those skilled in the art will appreciate that implementing all or part of the above-described methods may be accomplished by way of computer programs, which may be stored on a non-transitory computer readable storage medium, and which, when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
The foregoing examples have shown only the preferred embodiments of the application, which are described in more detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.
Claims (7)
1. A method for realizing anonymous identity login in an Internet environment is characterized by comprising the following steps:
step 1, when a user logs in a third party service system, a login request is sent to the third party service system through a user terminal;
step 2, after receiving the login request, the third party service system sends a verification code to the user terminal;
step 3, the user terminal signs the verification code by using a first private key to generate first signature data, then encrypts a user identifier and the first signature data by using a group signature key to generate second encryption data, and sends the second encryption data to the third party service system;
step 4, the third party service system decrypts the second encrypted data by using the group verification key, and if the second encrypted data can be decrypted, the decrypted data is sent to the virtual identity service cloud platform;
step 5, the virtual identity service cloud platform searches whether the user identifier exists in a first storage module of the virtual identity service cloud platform based on the user identifier, if so, the first signature data is verified by using a first public key corresponding to the user identifier, and then a verification result is sent to the third party service system;
step 6, if the verification is successful, allowing the user to log in; if the verification is unsuccessful, the login is refused.
2. The method for implementing anonymous identity login in an internet environment according to claim 1, wherein the step 1 comprises:
step 11, the user terminal generates the first private key and the first public key, and sends an authentication request to the virtual identity service cloud platform, wherein the authentication request comprises the first public key and user identity information;
step 12, the virtual identity service cloud platform performs identity authentication on a user, generates the user identifier and the group signature key after the authentication is passed, and correspondingly stores the user identifier, the group signature key and the first public key in the first storage module;
and step 13, the user identifier and the group signature key are sent to the user terminal, and the user terminal correspondingly stores the user identifier, the group signature key and the first private key in a second storage module of the user terminal.
3. The method for implementing anonymous identity registration in an internet environment according to claim 1, wherein said step 3 comprises, before:
step 311, the user terminal divides the first private key into a first signature private key and a second signature private key according to a preset division rule, allocates a first identifier for the first signature private key and the second signature private key, and then correspondingly stores the first identifier, the first signature private key, the second signature private key and the preset division rule in a second storage module of the user terminal;
step 312, the first identifier and the second signature private key are sent to a first terminal device within a preset distance, and the second signature private key is deleted from the second storage module;
step 313, the first terminal device stores the first identity and the second signature private key.
4. The method for implementing anonymous identity registration in an internet environment according to claim 3, wherein in step 3, the user terminal signs the verification code using a first private key to generate first signature data, comprising: when the verification code needs to be signed, the user terminal obtains the second signature private key from the first terminal device based on the first identifier, restores the first signature private key and the second signature private key according to the preset dividing rule to generate the first private key, and then signs the verification code by using the first private key to generate the first signature data.
5. The method for implementing anonymous identity registration in an internet environment according to claim 2, wherein said step 11 comprises:
step 111, the user terminal sends a connection request to the virtual identity service cloud platform, wherein the connection request comprises a user identification code;
step 112, after the virtual identity service cloud platform receives the connection request, generating first connection data and second connection data for the user, and correspondingly storing the user identification code, the first connection data and the second connection data in a third storage module of the virtual identity service cloud platform, and then sending the first connection data to the user terminal, wherein a product of the first connection data and the second connection data is K;
step 113, the user terminal generates a third key, encrypts the first public key and the user identity information by using the third key, and obtains fifth encrypted data;
step 114, the user terminal multiplies the third key with the first connection data to obtain a fourth key, and then sends the user identification code, the fifth encryption data and the fourth key to the virtual identity service cloud platform.
6. The method for implementing anonymous identity registration in an internet environment according to claim 5, wherein said step 12 comprises:
the virtual identity service cloud platform searches the third storage module based on the user identification code to acquire the second connection data, and then multiplies the fourth key by the second connection data to acquire the third key;
and decrypting the fifth encrypted data by using the third key to acquire the first public key and the user identity information.
7. A system for implementing anonymous identity login in an internet environment, for implementing a method for implementing anonymous identity login in an internet environment as defined in any one of claims 1 to 6, comprising: the system comprises a user terminal, a third party service system and a virtual identity service cloud platform;
the user terminal comprises a first sending module and a first encrypting module, and the third party service system comprises a first receiving module, a first verifying module and a login module;
the first sending module is used for sending a login request to the third party service system when a user logs in the third party service system;
the first receiving module is used for sending a verification code to the user terminal after receiving the login request;
the first encryption module is used for signing the verification code by using a first private key to generate first signature data, then encrypting the user identifier and the first signature data by using a group signature key to generate second encryption data, and transmitting the second encryption data to the third party service system;
the first verification module is configured to decrypt the second encrypted data using a group verification key, and if the second encrypted data can be decrypted, send the decrypted data to the virtual identity service cloud platform;
the virtual identity service cloud platform is used for searching whether the user identifier exists in a first storage module of the virtual identity service cloud platform according to the user identifier, if so, verifying the first signature data by using a first public key corresponding to the user identifier, and then sending a verification result to the third party service system;
the login module is further used for allowing the user to login if the verification is successful; if the verification is unsuccessful, the login is refused.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311117918.XA CN116980228B (en) | 2023-09-01 | 2023-09-01 | Method and system for realizing anonymous identity login in Internet environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311117918.XA CN116980228B (en) | 2023-09-01 | 2023-09-01 | Method and system for realizing anonymous identity login in Internet environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116980228A true CN116980228A (en) | 2023-10-31 |
| CN116980228B CN116980228B (en) | 2024-03-08 |
Family
ID=88476729
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311117918.XA Active CN116980228B (en) | 2023-09-01 | 2023-09-01 | Method and system for realizing anonymous identity login in Internet environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116980228B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103795548A (en) * | 2014-02-28 | 2014-05-14 | Tcl集团股份有限公司 | Distributed database system based on group signature algorithm and implementation method thereof |
| CN104219051A (en) * | 2014-08-20 | 2014-12-17 | 北京奇艺世纪科技有限公司 | In-group message communication method and system |
| CN109600233A (en) * | 2019-01-15 | 2019-04-09 | 西安电子科技大学 | Group ranking mark based on SM2 Digital Signature Algorithm signs and issues method |
| WO2022143030A1 (en) * | 2020-12-31 | 2022-07-07 | 天翼数字生活科技有限公司 | National key identification cryptographic algorithm-based private key distribution system |
| CN115618399A (en) * | 2021-07-15 | 2023-01-17 | 腾讯科技(深圳)有限公司 | Identity authentication method and device based on block chain, electronic equipment and readable medium |
-
2023
- 2023-09-01 CN CN202311117918.XA patent/CN116980228B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103795548A (en) * | 2014-02-28 | 2014-05-14 | Tcl集团股份有限公司 | Distributed database system based on group signature algorithm and implementation method thereof |
| CN104219051A (en) * | 2014-08-20 | 2014-12-17 | 北京奇艺世纪科技有限公司 | In-group message communication method and system |
| CN109600233A (en) * | 2019-01-15 | 2019-04-09 | 西安电子科技大学 | Group ranking mark based on SM2 Digital Signature Algorithm signs and issues method |
| WO2022143030A1 (en) * | 2020-12-31 | 2022-07-07 | 天翼数字生活科技有限公司 | National key identification cryptographic algorithm-based private key distribution system |
| CN115618399A (en) * | 2021-07-15 | 2023-01-17 | 腾讯科技(深圳)有限公司 | Identity authentication method and device based on block chain, electronic equipment and readable medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116980228B (en) | 2024-03-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108768664B (en) | Key management method, device, system, storage medium and computer equipment | |
| CN109471844B (en) | File sharing method and device, computer equipment and storage medium | |
| CN114726643B (en) | Data storage and access methods and devices on cloud platform | |
| CN108111497B (en) | Mutual authentication method and device for camera and server | |
| CN113067699B (en) | Data sharing method and device based on quantum key and computer equipment | |
| CN110677382A (en) | Data security processing method, device, computer system and storage medium | |
| CN108809633B (en) | Identity authentication method, device and system | |
| CN102946392A (en) | URL (Uniform Resource Locator) data encrypted transmission method and system | |
| CN109347813B (en) | Internet of things equipment login method and system, computer equipment and storage medium | |
| CN108200014B (en) | Method, device and system for accessing server by using intelligent key device | |
| CN106470103B (en) | Method and system for sending encrypted URL request by client | |
| CN102404337A (en) | Data encryption method and device | |
| CN112257093B (en) | Authentication method, terminal and storage medium for data object | |
| CN117155549A (en) | Key distribution method, key distribution device, computer equipment and storage medium | |
| CN110098925B (en) | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and random number | |
| CN104935608A (en) | Identity authentication method in cloud computing network | |
| CN116049802B (en) | Application single sign-on method, system, computer equipment and storage medium | |
| CN115001864B (en) | Communication authentication method and device for intelligent furniture, computer equipment and storage medium | |
| CN116980228B (en) | Method and system for realizing anonymous identity login in Internet environment | |
| CN104935606A (en) | Terminal login method in cloud computing network | |
| CN114745115A (en) | Information transmission method and device, computer equipment and storage medium | |
| CN111541708B (en) | Identity authentication method based on power distribution | |
| CN114553557A (en) | Key calling method, key calling device, computer equipment and storage medium | |
| CN114117471A (en) | Confidential data management method, electronic device, storage medium, and program product | |
| CN110113152B (en) | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and digital signature |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |