CN117254947A - Decentralized account management method - Google Patents

Decentralized account management method Download PDF

Info

Publication number
CN117254947A
CN117254947A CN202311162561.7A CN202311162561A CN117254947A CN 117254947 A CN117254947 A CN 117254947A CN 202311162561 A CN202311162561 A CN 202311162561A CN 117254947 A CN117254947 A CN 117254947A
Authority
CN
China
Prior art keywords
chainname
account
user
value
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311162561.7A
Other languages
Chinese (zh)
Inventor
杨山河
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Yuezhi Computer Co ltd
Original Assignee
Guangzhou Yuezhi Computer Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Yuezhi Computer Co ltd filed Critical Guangzhou Yuezhi Computer Co ltd
Priority to CN202311162561.7A priority Critical patent/CN117254947A/en
Publication of CN117254947A publication Critical patent/CN117254947A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a decentralizing on-chain account management method, which is characterized in that an account of a digital encryption client is provided for a user, so that the digital encryption client achieves user experience close to an Internet product, a social platform of the traditional Internet known by the user such as a mobile phone number, an email and the like is organically bound with the account, a private key managed by the social authentication ID is decoupled with the account of the digital client to a certain extent, and a blockchain threshold used by the user is reduced; the method solves the problem that after the traditional digital encryption client loses the private key, the original digital asset controlled by the private key is almost not possible to be obtained.

Description

Decentralized account management method
Technical Field
The invention relates to the technical field of digital encryption and blockchain, in particular to a decentralization on-chain account management method.
Background
The digital encryption client is mainly used as software for managing a private key of a user, and is used for helping the user to generate the private key, deduce the public key and even generate or register an account number on a client chain, and interact with a specific blockchain on behalf of the user. The core function of the digital encryption client is used in the management and maintenance of the private key, once the user loses the private key or leaks the private key, the assets of the current user are threatened, the new public key and the new address can be obtained by replacing the new private key, but the assets bound with the previous private key need to be transferred or discarded, and the activity records and reputation accumulation on the blockchain bound on the user address or related to the user are abandoned.
Because the private key used in the blockchain technology has a longer length, generally 256 bits or longer, and usually has enough randomness, the private key is difficult to accurately memorize for a long time, and once lost, the private key cannot be retrieved, so that the private key is mainly encrypted and stored through client software (also called a wallet), and the private key is also used through a digital encryption client. However, the wallet only simplifies the operation of signing by using the private key, but does not help solve the problem of losing the private key, and when the user forgets the password of the wallet, the private key in the wallet cannot be used because the private key is encrypted; when the wallet file is damaged or deleted by mistake, the private key is lost thoroughly.
Currently, a blockchain account number recovery method exists in the industry, most of the methods are based on a centralized verification scheme, and a certain centralized risk and security hole are usually provided.
Disclosure of Invention
The invention aims to realize management and control of a user on an intelligent contract account by introducing social factors such as social authentication ID and the like by using a blockchain intelligent contract technology.
In order to achieve the above object, the present invention provides a method for managing an account number on a chain by decentralizing, which is characterized by comprising the following steps:
1. deploying intelligent contracts on the blockchain, wherein the intelligent contracts have the functions of creating account numbers representing user identities, registering user identity verification information, maintaining intelligent contract account numbers and also have the functions of user asset management and reputation value maintenance;
2. a user independently inputs and confirms a local login password LPwd, an account name is selected in advance as ChainName locally at the client through the digital encryption client, a private key PrvKey is randomly generated for the account name, the generated private key PrvKey is symmetrically encrypted by using the password LPwd, and ciphertext is stored locally at the digital encryption client;
3. deriving a public key from a private key PrvKey and marking the public key as an actPubKey, inputting and confirming a random secret rndSecret for protecting data stored in the on-chain intelligent contract by a user again, carrying out hash operation on a social authentication ID, an account name ChainName and a current timestamp curTime to obtain a hash value, submitting the hash value to the intelligent contract application to confirm the availability of the account name ChainName, and storing the following information on the chain:
(1) the account name ChainName has uniqueness in the intelligent contract, and the account serving as the digital encryption client performs registration in the intelligent contract and is successfully registered;
(2) the public key actPubKey of the account name ChainName is used as the basis for controlling the account by the private key PrvKey stored by the encryption client;
(3) carrying out hash operation on the social authentication ID, the account name ChainName and the current timestamp curTime to obtain a hash value;
4. when a user uses an account name ChainName as an account to log in a client, a local login password LPwd is input to decrypt a locally stored private key ciphertext to obtain a private key plaintext PrvKey ', a public key actPubKey ' is obtained by deduction, and if the actPubKey stored in the intelligent contract is queried and the actPubKey stored in the account name ChainName is the same as the actPubKey ', the account is allowed to log in the digital encryption client.
Further, the social authentication ID is held by a user person and can uniquely identify the user, and is one or more of a mobile phone number, email and a login account of a centralized platform.
Further, the account related information stored in the chain further includes:
(1) A random secret rndSecret which is autonomously input by a user or enables a client program to generate a sequence containing lower case characters and numbers exceeding a certain number of bits;
(2) The public key deduced by the private key for managing the account is denoted as actPubKey;
(3) The actHashKey is obtained by carrying out hash operation on a social authentication ID of a user and a random secret rndSecret, and then carrying out a second hash operation by utilizing a hash 1+account name ChainName;
(4) actAdminLogTime, which is used for recording the field of the account which is related to the operation time of the social authentication ID reset control information recently;
(5) LogTimeHash1, a hash value obtained by actAdminLogTime and random secret rndSecret hash operation;
(6) LogTimeHash is obtained by calculating the hash value of the TimeHash1+ account name ChainName;
(7) Under the account name ChainName storage area on the blockchain, the attribute actHashKey is used for storing the actHashKey, and the LogTimeHash is stored by using the LogTimeKey.
Further, when the private key PrvKey corresponding to the attribute actPubKey under the account name ChainName is lost and the mnemonic mode backup is not performed, the user re-realizes the control of the account through the social authentication ID, and specifically realizes the following steps:
(1) Confirming that the social authentication ID belongs to the current user, receiving the social authentication ID by sending a temporary verification code with expiration time limit, and inputting the temporary verification code by the user to verify that the social authentication ID belongs to the current user;
(2) Generating a new private key newPrikey for replacing the old private key and resetting the intelligent contract account, deriving a new public key newPK, and simultaneously using a local login password LPwd to symmetrically encrypt and store the new private key newPrikey in the local of the encryption client; the LPwd is replaced;
(3) Inputting a new random secret newRndSecret, newRndSecret meeting the length and complexity requirements by a user, or inputting an old random secret rndSecret, reading whether the value of actAdminLogTime under the account name ChainName is lastTime, recording the value of lastTime+the random secret rndSecret as timeLogHash1, recording the value of timeLogHash1+ChainName as LogTimeKey', reading whether the LogTimeKey under the ChainName is equal to the LogTime key, if so, continuing to compare, and if not, exiting the current operation;
(4) The hash value after the hash calculation of the social authentication ID+the random secret rndSecret is recorded as hash1, the hash value after the hash calculation of the hash 1+the ChainName is recorded as actHashKey ', the account name ChainName on the query chain is matched, if the fact that the actHashKey is consistent with the actHashKey' is queried, the current user is the true owner of the account ChainName is indicated;
(5) Calculating a social authentication ID+a new random secret newRndSecret hash value as newHash1, and obtaining a new hash value newActHashKey by hash operation of a newHash1+an account name ChainName;
(6) Recording a current timestamp as curTime, obtaining a hash value newHash1 after Hash operation of the current timestamp curTime and a new random secret newRndSecret, and carrying out hash calculation to obtain a hash value newHash1+ChainName as newTimeLogHash;
(7) Submitting hash1, timeLogHash1, chainName, newPK, newActHashKey, curTime to the smart contract;
(8) The intelligent contract executes comparison to determine whether the hash value of the hash1 plus the ChainName is consistent with the actHashKey value of the ChainName, and if not, the operation is terminated; if the hash value of the timeLogHash1+ChainName is consistent with the LogTimeKey value of the ChainName, the execution is stopped if the hash value is inconsistent with the LogTimeKey value of the ChainName; if the two comparisons are consistent, the user of the current social authentication ID can be confirmed to submit the verified evidence;
(9) The intelligent contract updates the actHashKey of a contract account in the intelligent contract into a newActHashKey by using the function of maintaining the intelligent contract account, and the specific steps are as follows:
(1) submitting hash1, timeLogHash1, chainName, newPK, newActHashKey, curTime, logTimeHash to the smart contract;
(2) the intelligent contract executes hash value actHashKey of Hash1+ChainName and compares the actHashKey value under ChainName; calculating a hash value of timeLogHash1+ChainName, comparing whether the LogTimeKey values under the ChainName are consistent, if both comparison are consistent, executing the following updating step, otherwise, terminating execution;
(3) updating the actPubKey value of the ChainName into newPK;
(4) updating the acthashKey value of the ChainName to be newActHashKey;
(5) updating the LogTimeKey value of the ChainName to curTime;
(6) updating actAdminLogTime value of ChainName to curTime;
(10) And after the updating is finished, the user can select to log in and verify the account again.
Further, when the user has a private key capable of controlling the client account, the private key signature of the client account can be utilized to call the function of maintaining the intelligent contract account of the intelligent contract, and after the identity is checked and verified safely, the client account information in the intelligent contract is updated, which specifically comprises the following steps:
(1) Verifying that the input social authentication ID belongs to the current user in use;
(2) The user enters a new random secret rndSecretNew, rndSecretNew satisfying the length and composition character rules as rndSecret;
(3) Decrypting the private key ciphertext stored in the client by using the client password LPwd of the current account mastered by the user to obtain a private key plaintext;
(4) The hash operation value of the social authentication ID+the New random secret rndSecretNew is recorded as hash1New, and the hash operation value of the hash1New+ChainName is recorded as actHashKeyNew;
(5) Marking the current time stamp as curTime;
(6) The value of the hash operation of the new random secret rndSecretNew+CurTime is recorded as timeLogHashNew;
(7) Submitting actHashKeyNew, timeLogHashNew, a current timestamp curTime and an account name ChainName to the intelligent contract through the intelligent contract maintenance intelligent contract account function;
(8) The intelligent contract updates the acthashKey of the account name ChainName to acthashKeyNew, and updates actTimeLogKey to timeLogHashNew, actAdminLogTime to curTime;
(9) And (5) re-logging and verifying the account.
Further, the social authentication ID input by verification belongs to the current user, the current user can control the intelligent contract account, and the account name ChainName on the current chain is proved to belong to the current user through a random secret rndSecret which is mastered by the user, and the specific verification process is as follows:
(1) Sending a short message verification code with a time effective period, verifying a mail and verifying information log-in of a centralized platform to realize the verification that the current user uses the social authentication ID; after confirmation, the user inputs the social authentication ID bound by the client account and the password rndSecret grasped by the user, and hash calculation is carried out to obtain a hash value;
(2) Carrying out hash calculation on the hashold value and the client account to obtain an actHashKey', and continuing to confirm that the user owns ownership of the client account if the actHashKey is matched and consistent with the actHashKey of the client account in the intelligent contract;
(3) The value of the actAdminLogTime+password rndSecret hash operation of the ChainName is recorded as timeHash1, the hash operation value of timeHash1+ChainName is recorded as timeLogHash ', the timeLogHash' is compared with the actTimeLogKey of the ChainName, if the values are consistent, the current user with the rndSecret and the social authentication ID is confirmed to be legal with the ChainName, and if the values are inconsistent, the current comparison is terminated;
the beneficial effects of the invention are as follows: the digital encryption client is enabled to achieve user experience close to that of an Internet product by providing an account number of the digital encryption client for a user, social platforms of the traditional Internet, such as mobile phone numbers, emails and the like, which are well known by the user are organically bound with the account number, and a private key managed by the social authentication ID is decoupled from the account number of the digital client to a certain extent, so that the blockchain threshold used by the user is reduced; the method solves the problem that after the traditional digital encryption client loses the private key, the digital asset controlled by the original private key is almost not possible to be obtained;
the intelligent contract account can replace the user address to perform operation on the chain, and other addresses/accounts can initiate contract interaction operation, which is equivalent to realizing the substitute payment function of other people for the block chain gas cost of the contract account, thereby avoiding the beginner dilemma that a new user cannot operate the block chain without gas cost.
Drawings
For ease of illustration, the invention is described in detail by the following preferred embodiments and the accompanying drawings.
FIG. 1 is a flow chart of a digital encryption client account registration process of the present invention;
FIG. 2 is a flow chart of a social authentication recovery process using a digitally encrypted client account in accordance with the present invention;
fig. 3 is a digital encryption client account private key recovery flow of the present invention.
Detailed Description
In order to make the implementation purposes, technical solutions and features of the present application more clear, the technical solutions implemented in the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some examples of the present application, but not all the embodiments. The embodiments of the present application, as generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
In the description of the present application, it should also be noted that, unless explicitly specified and limited otherwise, the terms "set up", "mounted", "connected", "asymmetrically encrypted" are to be understood in a broad sense, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the terms in this application will be understood by those of ordinary skill in the art in a specific context.
Because the blockchain is a public distributed account book technology in nature, information recorded on the blockchain is generally public, all blockchain link points can obtain information recorded by a certain blockchain, each account number participating in blockchain transaction records does not need to know where the other party is, information exchange and transmission can be carried out through the blockchain without a centralized server, and on-chain interaction information between any two accounts is public and visible after being up-linked; in addition, the private key of the account is managed and stored through the wallet DAPP, and the wallet simplifies the operation of signing and transacting by using the private key.
In view of this, the present embodiment provides a method for decentralized account management, and the following details the scheme provided by the embodiment of the present invention:
as shown in fig. 1, the following is considered to be implemented by using a mobile phone as a requirement of social authentication:
1. the digital client operator deploys an intelligent contract WalletNameSC on a blockchain, wherein the intelligent contract has the functions of creating an account number representing the identity of a user, registering user identity verification information, maintaining the intelligent contract account number, and also has the functions of user asset management and reputation value maintenance;
2. the user uses the digital encryption client for the first time, registers an account number, the user inputs and confirms a local login password LPwd independently, then the digital encryption client locally preselects an account name as ChainName, a 256-bit random number is randomly generated for the account name as a private key PrvKey, the user can backup a mnemonic or the private key, the generated private key PrvKey is symmetrically encrypted by using the password LPwd, and ciphertext is stored locally in the digital encryption client;
in this embodiment, the social authentication ID takes mobile phone number as an example, and sends a mobile phone verification code with timeliness limitation through the client operating body to confirm that the current user controls the current mobile phone number, the verification process can also filter the user to repeatedly register account number behaviors under the condition of the mobile phone number, the social authentication ID is held by the user individual and can uniquely identify the user, and can be a login account number of a mobile phone number, email or a centralized platform,
3. deriving the public key from the private key PrvKey, denoted PubKey, again entered by the user and validating a random secret rndSecret for protecting the data stored in the on-chain smart contract,
carrying out hash operation on the mobile phone number, the account name ChainName and the current timestamp curTime to obtain a hash value, submitting the hash value to an intelligent contract application to confirm the availability of the account name ChainName, and if the mobile phone number, the account name ChainName and the current timestamp curTime are registered, selecting the account again until the account can be registered; the following information is stored on the chain:
(1) the account name ChainName has uniqueness in the intelligent contract, and the account serving as the digital encryption client performs registration in the intelligent contract and is successfully registered;
(2) the public key actPubKey of the account name ChainName is used as the basis for controlling the account by the private key PrvKey stored by the encryption client;
(3) carrying out hash operation on the mobile phone number, the account name ChainName and the current timestamp curTime to obtain a hash value;
when a user uses an account name ChainName as an account login client, a local login password LPwd is input to decrypt a locally stored private key ciphertext to obtain a private key plaintext PrvKey ', a public key actPubKey ' is obtained by deduction, and if the actPubKey stored in the intelligent contract is queried and the actPubKey stored in the account name ChainName is the same as the actPubKey ', the account login digital encryption client is allowed;
the account related information stored on the chain further includes: preparing a random secret rndSecret which is mastered by a user and has a length not less than 8 bits for an account number on a chain to be registered, wherein the password is required to be easily remembered and has the requirements of letter and number case sensitivity and the like, so that the password is not easy to be cracked by violent guessing;
the public key deduced by the private key for managing the account is denoted as actPubKey;
the hash value after the mobile+rndSecret hash operation is recorded as hash1, and hash operation is carried out on the hash1+ChainName to obtain the value as actHashKey;
acttimelog key, which is used for recording the field of the account which is related to the operation time of the social authentication ID reset control information recently;
LogTimeHash1, a hash value obtained by actAdminLogTime and random secret rndSecret hash operation;
LogTimeHash is obtained by calculating the hash value of the TimeHash1+ account name ChainName;
under an account name ChainName storage area on a blockchain, storing an actHashKey by using an attribute actHashKey, and storing a LogTimeHash by using a LogTimeKey;
the data structure of the last account on the chain is {
ChainName:ChainName,
actPubKey:PubKey,
actHashKey:actHashKey,
LogTimeKey:LogTimeKey,
actAdminLogTime:curTime
};
As shown in fig. 2, when the private key of the user is lost and no backup of the mnemonic mode is performed, but the mobile phone number and the login password are still remembered, the user can generate and generate a new private key to perform recovery account checking control through a step of social authentication factors, and the social authentication factors in this embodiment take the mobile phone number as an example:
(1) Confirming that the mobile phone number belongs to the current user, receiving the mobile phone number by the user by sending a temporary verification code with failure time limit, and inputting the temporary verification code by the user to verify that the mobile phone number belongs to the current user;
(2) Generating a new private key newPrikey for replacing the old private key and resetting the intelligent contract account, deriving a new public key newPK, and simultaneously using a local login password LPwd to symmetrically encrypt and store the new private key newPrikey in the local of the encryption client; the LPwd may be replaced;
(3) Inputting a new random secret newRndSecret, newRndSecret meeting the length and complexity requirements by a user, or inputting an old random secret rndSecret, reading whether the value of actAdminLogTime under the account name ChainName is lastTime, recording the value of lastTime+the random secret rndSecret as timeLogHash1, recording the value of timeLogHash1+ChainName as LogTimeKey', reading whether the LogTimeKey under the ChainName is equal to the LogTime key, if so, continuing to compare, and if not, exiting the current operation;
(4) The hash value after hash calculation of the mobile phone number and the random secret rndSecret is recorded as hash1, the hash value after hash calculation of the hash1 and the ChainName is recorded as actHashKey ', the account name ChainName on the query chain is matched, if the fact that the actHashKey is consistent with the actHashKey' is queried, the current user is the true owner of the account ChainName;
(5) Calculating a mobile phone number plus a new random secret newRndSecret hash value as newHash1, and obtaining a new hash value newActHashKey by hash operation of the newHash1+ account name ChainName;
(6) Recording a current timestamp as curTime, obtaining a hash value newHash1 after Hash operation of the current timestamp curTime and a new random secret newRndSecret, and carrying out hash calculation to obtain a hash value newHash1+ChainName as newTimeLogHash;
(7) Submitting hash1, timeLogHash1, chainName, newPK, newActHashKey, curTime to the smart contract;
(8) The intelligent contract executes comparison to determine whether the hash value of the hash1 plus the ChainName is consistent with the actHashKey value of the ChainName, and if not, the operation is terminated; if the hash value of the timeLogHash1+ChainName is consistent with the LogTimeKey value of the ChainName, the execution is stopped if the hash value is inconsistent with the LogTimeKey value of the ChainName; if the two comparison are consistent, the user of the current mobile phone number can be confirmed to submit the verified evidence;
(9) The intelligent contract updates the actHashKey of a contract account in the intelligent contract into a newActHashKey by using the function of maintaining the intelligent contract account, and the specific steps are as follows:
(1) submitting hash1, timeLogHash1, chainName, newPK, newActHashKey, curTime, logTimeHash to the smart contract;
(2) the intelligent contract executes hash value actHashKey of Hash1+ChainName and compares the actHashKey value under ChainName; calculating a hash value of timeLogHash1+ChainName, comparing whether the LogTimeKey values under the ChainName are consistent, if both comparison are consistent, executing the following updating step, otherwise, terminating execution;
(3) updating the actPubKey value of the ChainName into newPK;
(4) updating the acthashKey value of the ChainName to be newActHashKey;
(5) updating the LogTimeKey value of the ChainName to curTime;
(6) updating actAdminLogTime value of ChainName to curTime;
(10) And after the updating is finished, the user can select to log in and verify the account again.
As shown in fig. 3, when a user has a private key capable of controlling a client account, the private key signature of the client account can be used to invoke the function of maintaining the intelligent contract account of the intelligent contract, and after security checking and identity verification, the client account information in the intelligent contract is updated, which specifically comprises the following steps:
(1) Sending a short message verification code with a time effective period, a verification mail and a verification information log of a centralized platform to realize verification that the current user uses the mobile phone number; after confirmation, the user inputs the mobile phone number bound by the client account number and the password rndSecret grasped by the user, and hash calculation is carried out to obtain a hashald value;
(2) Hash calculation is carried out on the hashold value and the client account to obtain an actHashKey', and the actHashKey is matched and consistent with the actHashKey of the client account in the intelligent contract, so that the ownership of the client account can be confirmed to be owned by a user in the next step;
(3) The value of the actAdminLogTime+password rndSecret hash operation of the ChainName is recorded as timeHash1, the hash operation value of timeHash1+ChainName is recorded as timeLogHash ', the timeLogHash' is compared with the actTimeLogKey of the ChainName, if the values are consistent, the current user with the rndSecret and the mobile phone number is confirmed to be legal with the ChainName, and if the values are inconsistent, the current comparison can be terminated.
The stored control information of the account on the chain can be reset only by grasping the random secret of the mobile phone number and the account on the chain or grasping the private key of the account of the user of the digital encryption client. Thus, if the user can correctly store the private key, the updating operation of the account related attribute value on the intelligent contract chain can be realized according to the digital encryption client according to the intelligent contract calling mode of the blockchain; if the private key cannot be managed correctly, such as the APP intelligent device stored with the private key is lost, but the private key is not backed up or destroyed or revealed in time, the actPubKey can be replaced after the combination authentication of the mobile phone number and the random secret in time, so that the account number of the digital encryption client is controlled again; for security, we should strengthen the user's exact control of owning the on-chain account through attribute value verification of actHashKey and actTimeLogKey.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners as well. The apparatus embodiments described above are merely illustrative, for example, flow diagrams and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the square bar may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part. The blockchain in the invention is not limited to a certain blockchain, but includes all blockchains supporting intelligent contract functions, and the distributed storage network is not limited to a distributed storage network implemented by a certain technology, but supports a storage network which is stored in a file blocking mode and can be referred to by a unique hash value and can be used for accessing the file. The public key corresponding to the private key of the invention takes an asymmetric encryption algorithm such as an elliptic algorithm as an example of a deriving algorithm from the private key to the public key, and practically any algorithm meeting the following characteristics can be used:
1. the private key may derive the public key;
2. the public key cannot directly derive the private key, or the public key cannot derive the private key by cracking and deriving the computing power resources which cannot be satisfied by the actual production environment;
3. the ciphertext encrypted by the public key can be unwrapped by the private key, and if the private key is not right, the decryption operation can not be completed;
4. the submitted information can be signed by the private key, and the public key can be used for verifying that the information is indeed an operation performed by a person holding the private key;
5. the social authentication ID designed in the invention refers to a unique identifier which needs a platform or a public basic service organization to provide services, but each user is often authenticated by the platform or the organization to truly and uniquely identify the user, and the platform or the public service organization can uniquely send time-dependent messages to the user, and the social authentication ID comprises but is not limited to: a user's cell phone number in a telecommunications network, a user mailbox in an Email post office, a WeChat ID of a social network such as WeChat, etc., an apple ID of an apple cell phone user, etc.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one," "comprising," or "including" does not exclude the presence of other, like elements in a process, method, article, or apparatus that comprises the element.
The foregoing is merely various embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art who is skilled in the art can easily think about the changes or substitutions within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (6)

1. The method for managing the decentralized account is characterized by comprising the following steps of:
(1) Deploying intelligent contracts on the blockchain, wherein the intelligent contracts have the functions of creating account numbers representing user identities, registering user identity verification information, maintaining intelligent contract account numbers and also have the functions of user asset management and reputation value maintenance;
(2) A user independently inputs and confirms a local login password LPwd, an account name is selected in advance as ChainName locally at the client through the digital encryption client, a private key PrvKey is randomly generated for the account name, the generated private key PrvKey is symmetrically encrypted by using the password LPwd, and ciphertext is stored locally at the digital encryption client;
(3) Deriving a public key from a private key PrvKey and marking the public key as an actPubKey, inputting and confirming a random secret rndSecret for protecting data stored in the on-chain intelligent contract by a user again, carrying out hash operation on a social authentication ID, an account name ChainName and a current timestamp curTime to obtain a hash value, submitting the hash value to the intelligent contract application to confirm the availability of the account name ChainName, and storing the following information on the chain:
(1) the account name ChainName has uniqueness in the intelligent contract, and the account serving as the digital encryption client performs registration in the intelligent contract and is successfully registered;
(2) the public key actPubKey of the account name ChainName is used as the basis for controlling the account by the private key PrvKey stored by the encryption client;
(3) carrying out hash operation on the social authentication ID, the account name ChainName and the current timestamp curTime to obtain a hash value;
(4) When a user uses an account name ChainName as an account to log in a client, a local login password LPwd is input to decrypt a locally stored private key ciphertext to obtain a private key plaintext PrvKey ', a public key actPubKey ' is obtained by deduction, and if the actPubKey stored in the intelligent contract is queried and the actPubKey stored in the account name ChainName is the same as the actPubKey ', the account is allowed to log in the digital encryption client.
2. The method for decentralized account management according to claim 1, wherein: the social authentication ID is held by the user's individual and can uniquely identify the user.
3. The method for decentralized account management according to claim 2, wherein the account related information stored on the chain further comprises:
(1) A random secret rndSecret which is autonomously input by a user or enables a client program to generate a sequence containing lower case characters and numbers exceeding a certain number of bits;
(2) The public key deduced by the private key for managing the account is denoted as actPubKey;
(3) The actHashKey is obtained by carrying out hash operation on a social authentication ID of a user and a random secret rndSecret, and then carrying out a second hash operation by utilizing a hash 1+account name ChainName;
(4) actAdminLogTime, which is used for recording the field of the account which is related to the operation time of the social authentication ID reset control information recently;
(5) LogTimeHash1, a hash value obtained by actAdminLogTime and random secret rndSecret hash operation;
(6) LogTimeHash is obtained by calculating the hash value of the TimeHash1+ account name ChainName;
(7) Under the account name ChainName storage area on the blockchain, the attribute actHashKey is used for storing the actHashKey, and the LogTimeHash is stored by using the LogTimeKey.
4. A method of decentralized account management according to claim 3, wherein: when a private key PrvKey corresponding to an attribute actPubKey under the account name ChainName is lost and a mnemonic mode backup is not performed, the user realizes the control of the account again through the social authentication ID, and specifically realizes the following steps:
(1) Confirming that the social authentication ID belongs to the current user, receiving the social authentication ID by sending a temporary verification code with expiration time limit, and inputting the temporary verification code by the user to verify that the social authentication ID belongs to the current user;
(2) Generating a new private key newPrikey for replacing the old private key and resetting the intelligent contract account, deriving a new public key newPK, and simultaneously using a local login password LPwd to symmetrically encrypt and store the new private key newPrikey in the local of the encryption client; the LPwd is replaced;
(3) Inputting a new random secret newRndSecret, newRndSecret meeting the length and complexity requirements by a user, or inputting an old random secret rndSecret, reading whether the value of actAdminLogTime under the account name ChainName is lastTime, recording the value of lastTime+the random secret rndSecret as timeLogHash1, recording the value of timeLogHash1+ChainName as LogTimeKey', reading whether the LogTimeKey under the ChainName is equal to the LogTime key, if so, continuing to compare, and if not, exiting the current operation;
(4) The hash value after the hash calculation of the social authentication ID+the random secret rndSecret is recorded as hash1, the hash value after the hash calculation of the hash 1+the ChainName is recorded as actHashKey ', the account name ChainName on the query chain is matched, if the fact that the actHashKey is consistent with the actHashKey' is queried, the current user is the true owner of the account ChainName is indicated;
(5) Calculating a social authentication ID+a new random secret newRndSecret hash value as newHash1, and obtaining a new hash value newActHashKey by hash operation of a newHash1+an account name ChainName;
(6) Recording a current timestamp as curTime, obtaining a hash value newHash1 after Hash operation of the current timestamp curTime and a new random secret newRndSecret, and carrying out hash calculation to obtain a hash value newHash1+ChainName as newTimeLogHash;
(7) Submitting hash1, timeLogHash1, chainName, newPK, newActHashKey, curTime to the smart contract;
(8) The intelligent contract executes comparison to determine whether the hash value of the hash1 plus the ChainName is consistent with the actHashKey value of the ChainName, and if not, the operation is terminated; if the hash value of the timeLogHash1+ChainName is consistent with the LogTimeKey value of the ChainName, the execution is stopped if the hash value is inconsistent with the LogTimeKey value of the ChainName; if the two comparisons are consistent, the user of the current social authentication ID can be confirmed to submit the verified evidence;
(9) The intelligent contract updates the actHashKey of a contract account in the intelligent contract into a newActHashKey by using the function of maintaining the intelligent contract account, and the specific steps are as follows:
(1) submitting hash1, timeLogHash1, chainName, newPK, newActHashKey, curTime, logTimeHash to the smart contract;
(2) the intelligent contract executes hash value actHashKey of Hash1+ChainName and compares the actHashKey value under ChainName; calculating a hash value of timeLogHash1+ChainName, comparing whether the LogTimeKey values under the ChainName are consistent, if both comparison are consistent, executing the following updating step, otherwise, terminating execution;
(3) updating the actPubKey value of the ChainName into newPK;
(4) updating the acthashKey value of the ChainName to be newActHashKey;
(5) updating the LogTimeKey value of the ChainName to curTime;
(6) updating actAdminLogTime value of ChainName to curTime;
(10) And after the updating is finished, the user can select to log in and verify the account again.
5. A method of decentralized account management according to claim 3, wherein: when a user has a private key capable of controlling a client account, the private key signature of the client account can be utilized to call the intelligent contract maintenance account function of the intelligent contract, and after the identity is checked and verified safely, the client account information in the intelligent contract is updated, and the method specifically comprises the following steps:
(1) Verifying that the input social authentication ID belongs to the current user in use;
(2) The user enters a new random secret rndSecretNew, rndSecretNew satisfying the length and composition character rules as rndSecret;
(3) Decrypting the private key ciphertext stored in the client by using the client password LPwd of the current account mastered by the user to obtain a private key plaintext;
(4) The hash operation value of the social authentication ID+the New random secret rndSecretNew is recorded as hash1New, and the hash operation value of the hash1New+ChainName is recorded as actHashKeyNew;
(5) Marking the current time stamp as curTime;
(6) The value of the hash operation of the new random secret rndSecretNew+CurTime is recorded as timeLogHashNew;
(7) Submitting actHashKeyNew, timeLogHashNew, a current timestamp curTime and an account name ChainName to the intelligent contract through the intelligent contract maintenance intelligent contract account function;
(8) The intelligent contract updates the acthashKey of the account name ChainName to acthashKeyNew, and updates actTimeLogKey to timeLogHashNew, actAdminLogTime to curTime;
(9) And (5) re-logging and verifying the account.
6. The decentralized account management method according to claim 5, wherein: the verification input social authentication ID belongs to the current user, the current user can control an intelligent contract account, and the user can prove that the account name ChainName on the current chain belongs to the current user through a random secret rndSecret mastered by the user, and the specific verification process comprises the following steps of:
(1) Sending a short message verification code with a time effective period, verifying a mail and verifying information log-in of a centralized platform to realize the verification that the current user uses the social authentication ID; after confirmation, the user inputs the social authentication ID bound by the client account and the password rndSecret grasped by the user, and hash calculation is carried out to obtain a hash value;
(2) Carrying out hash calculation on the hashold value and the client account to obtain an actHashKey', and continuing to confirm that the user owns ownership of the client account if the actHashKey is matched and consistent with the actHashKey of the client account in the intelligent contract;
(3) And (3) recording the value of the actAdminLogTime+password rndSecret hash operation of the ChainName as timeHash1, recording the hash operation value of timeHash1+ChainName as timeLogHash ', comparing the timeLogHash' with the actTimeLogKey of the ChainName, if the values are consistent, confirming that the current user with the rndSecret and the social authentication ID is legal with the ChainName, and if the values are inconsistent, terminating the current comparison.
CN202311162561.7A 2023-09-11 2023-09-11 Decentralized account management method Pending CN117254947A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311162561.7A CN117254947A (en) 2023-09-11 2023-09-11 Decentralized account management method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311162561.7A CN117254947A (en) 2023-09-11 2023-09-11 Decentralized account management method

Publications (1)

Publication Number Publication Date
CN117254947A true CN117254947A (en) 2023-12-19

Family

ID=89134129

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311162561.7A Pending CN117254947A (en) 2023-09-11 2023-09-11 Decentralized account management method

Country Status (1)

Country Link
CN (1) CN117254947A (en)

Similar Documents

Publication Publication Date Title
CN107171794B (en) A kind of electronic document signature method based on block chain and intelligent contract
CN108768988B (en) Block chain access control method, block chain access control equipment and computer readable storage medium
CN108667612B (en) Trust service architecture and method based on block chain
CN105516195B (en) A kind of security certification system and its authentication method based on application platform login
CN104519066B (en) A kind of method for activating mobile terminal token
US8833648B1 (en) Dynamic credit card security code via mobile device
CN110060037B (en) Distributed digital identity system based on block chain
CN108876332A (en) A kind of block chain method for secure transactions and device based on biological characteristic label certification
CN108270551B (en) Security service construction system on block chain
CN109150539A (en) A kind of Distributed CA System based on block chain, method and device
US11057210B1 (en) Distribution and recovery of a user secret
CN1937498A (en) Dynamic cipher authentication method, system and device
CN109325342A (en) Identity information management method, apparatus, computer equipment and storage medium
EP3684005A1 (en) Method and system for recovering cryptographic keys of a blockchain network
CN107920052A (en) A kind of encryption method and intelligent apparatus
CN109831463A (en) Intelligent terminal security protection system for operating system login authentication
CN104333452B (en) A kind of method to the encryption of file data more accounts
CN111355591A (en) Block chain account safety management method based on real-name authentication technology
CN108650261A (en) Mobile terminal system software method for burn-recording based on remote encryption interaction
CN109872154A (en) A kind of identity real name Verification System based on block chain transaction data
CN104918241B (en) A kind of user authen method and system
CN114003959A (en) Decentralized identity information processing method, device and system
CN108768650A (en) A kind of short-message verification system based on biological characteristic
CN111711521B (en) Block chain account private key resetting method and system
CN107104792B (en) Portable mobile password management system and management method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination