WO2019127530A1 - Account unifying method and device and storage medium - Google Patents

Account unifying method and device and storage medium Download PDF

Info

Publication number
WO2019127530A1
WO2019127530A1 PCT/CN2017/120263 CN2017120263W WO2019127530A1 WO 2019127530 A1 WO2019127530 A1 WO 2019127530A1 CN 2017120263 W CN2017120263 W CN 2017120263W WO 2019127530 A1 WO2019127530 A1 WO 2019127530A1
Authority
WO
WIPO (PCT)
Prior art keywords
identity contract
address
account
user entity
identity
Prior art date
Application number
PCT/CN2017/120263
Other languages
French (fr)
Chinese (zh)
Inventor
谢辉
王健
陈敏
Original Assignee
深圳前海达闼云端智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳前海达闼云端智能科技有限公司 filed Critical 深圳前海达闼云端智能科技有限公司
Priority to CN201780002514.2A priority Critical patent/CN108235805B/en
Priority to PCT/CN2017/120263 priority patent/WO2019127530A1/en
Publication of WO2019127530A1 publication Critical patent/WO2019127530A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present disclosure relates to the field of information technology, and in particular, to an account unified method, apparatus, and storage medium.
  • the main purpose of the present disclosure is to provide an account unified method, apparatus, and storage medium for solving the technical problem of inconvenience to users caused by using different accounts in different application servers in the prior art.
  • a first aspect of the present disclosure provides an account unification method, applied to a client, the method comprising: creating an identity contract and associating the identity contract with a user entity account; deploying the same on a blockchain An identity contract, obtaining an identity contract address of the identity contract; transmitting, to the application server, a registration request including the identity contract address, the identity contract address being used to instruct the application server to use the identity contract address as the user entity
  • the account ID of the account on the application server the method comprising: creating an identity contract and associating the identity contract with a user entity account; deploying the same on a blockchain An identity contract, obtaining an identity contract address of the identity contract; transmitting, to the application server, a registration request including the identity contract address, the identity contract address being used to instruct the application server to use the identity contract address as the user entity
  • the account ID of the account on the application server the method comprising: creating an identity contract and associating the identity contract with a user entity account; deploying the same on a blockchain An identity contract, obtaining an identity
  • a second aspect of the present disclosure provides a method for unifying an account, which is applied to a client, the method comprising: sending a registration request to an application server, where the registration request includes a blockchain address of a user entity account, and the blockchain address is used by the blockchain address And the application server deploys an identity contract associated with the user entity account according to the blockchain address; receiving a registration success response sent by the application server, where the registration request includes an identity contract associated with the user entity account address.
  • a third aspect of the present disclosure provides a method for unifying an account, which is applied to an application server, the method comprising: receiving a registration request sent by a client, where the registration request includes an identity contract address associated with a user entity account to be registered; The identity contract address is used as an account identifier of the user entity account on the application server.
  • a fourth aspect of the present disclosure provides a method for unifying an account, which is applied to an application server, the method comprising: receiving a registration request sent by a client, where the registration request includes a blockchain address of a user entity account to be registered; The blockchain address of the user entity account creates an identity contract and associates with the user entity account; deploying the identity contract on the blockchain to obtain an identity contract address of the identity contract; using the identity contract address as the The account identity of the user entity account on the application server and a registration success response including the identity contract address is sent to the client.
  • a fifth aspect of the present disclosure provides an account unification device, which is applied to a client, the device comprising: a first identity contract creation module, configured to create an identity contract and associate the identity contract with a user entity account; a deployment module, configured to deploy the identity contract on a blockchain, to obtain an identity contract address of the identity contract, and a first registration request sending module, configured to send, to the application server, a registration request including the identity contract address, where The identity contract address is used to instruct the application server to use the identity contract address as an account identifier of the user entity account on the application server.
  • a sixth aspect of the present disclosure provides an account unified apparatus, which is applied to a client, where the apparatus includes: a second registration request sending module, configured to send a registration request to an application server, where the registration request includes a blockchain of a user entity account.
  • An address the blockchain address is used by the application server to deploy an identity contract associated with the user entity account according to the blockchain address;
  • the registration success response receiving module is configured to receive the registration success sent by the application server
  • the registration request includes an identity contract address associated with the user entity account.
  • a seventh aspect of the present disclosure provides an account unified device, which is applied to an application server, where the device includes: a first registration request receiving module, configured to receive a registration request sent by a client, where the registration request includes an identity contract address; An account identifier determining module is configured to use the identity contract address as an account identifier of the user entity account on the application server.
  • An eighth aspect of the present disclosure provides an account unified device, which is applied to an application server, where the device includes: a second registration request receiving module, configured to receive a registration request sent by a client, where the registration request includes a user entity account to be registered a blockchain address; a second identity contract creation module, configured to create an identity contract according to a blockchain address of the user entity account and associated with the user entity account; and a second identity contract deployment module for use in the block Deploying the identity contract on the chain to obtain an identity contract address of the identity contract; a second account identifier determining module, configured to use the identity contract address as an account identifier of the user entity account on the application server and A registration success response including the identity contract address is sent to the client.
  • a second registration request receiving module configured to receive a registration request sent by a client, where the registration request includes a user entity account to be registered a blockchain address
  • a second identity contract creation module configured to create an identity contract according to a blockchain address of the user entity account and associated with the user entity account
  • a ninth aspect of the present disclosure provides a computer readable storage medium comprising one or more programs for performing the method of the first aspect.
  • a tenth aspect of the present disclosure provides an account unified device, which is applied to a client, comprising: the computer readable storage medium of the ninth aspect; and one or more processors for executing the computer readable storage medium program of.
  • An eleventh aspect of the present disclosure provides a computer readable storage medium comprising one or more programs for performing the method of the second aspect.
  • a twelfth aspect of the present disclosure provides an account unified device, which is applied to a client, comprising: the computer readable storage medium of the eleventh aspect; and one or more processors for executing the computer readable storage The program in the media.
  • a thirteenth aspect of the present disclosure provides a computer readable storage medium comprising one or more programs for performing the method of the third aspect.
  • a fourteenth aspect of the present disclosure provides an account unified apparatus, which is applied to an application server, comprising: the computer readable storage medium of the thirteenth aspect; and one or more processors for executing the computer readable storage The program in the media.
  • a fifteenth aspect of the present disclosure provides a computer readable storage medium, comprising one or more programs, the one or more programs for performing the method of the fourth aspect.
  • a sixteenth aspect of the present disclosure provides an account unified apparatus, applicable to an application server, comprising: the computer readable storage medium of the fifteenth aspect; and one or more processors for executing the computer readable storage The program in the media.
  • the client deploys an identity contract associated with the user entity account on the blockchain, and sends a registration request including the identity contract address to the application server to instruct the application server to use the identity contract address as
  • the account identifier of the user entity account can facilitate the user to uniformly use the identity contract address to participate in various application services, thereby fundamentally solving the problem that a large number of accounts bring inconvenience to the user.
  • the decentralization of the blockchain makes the relationship between the identity contract and the user entity account cannot be falsified and forged, which can ensure the security of using the identity contract as the account identifier on each application server, compared to the application server. Using the same account and password reduces the loss of lost or stolen accounts.
  • FIG. 1 is a flowchart of an account unification method according to an exemplary embodiment of the present disclosure, where the method is applied to a client;
  • FIG. 2 is a flowchart of an account unification method according to an exemplary embodiment of the present disclosure, where the method is applied to an application server;
  • FIG. 3 is a schematic diagram showing a relationship between a user entity account and an identity contract according to an exemplary embodiment of the present disclosure
  • FIG. 4 is a schematic diagram of signaling interaction of an account unification method according to an exemplary embodiment of the present disclosure
  • FIG. 5 is a schematic diagram of signaling interaction of an account unification method according to another exemplary embodiment of the present disclosure.
  • FIG. 6 is a schematic diagram showing an implementation environment according to an exemplary embodiment of the present disclosure.
  • FIG. 7 is a flowchart of a method for replacing a user entity account according to an exemplary embodiment of the present disclosure
  • FIG. 8 is a schematic diagram of signaling interaction of a single sign-on and logout method according to an exemplary embodiment of the present disclosure
  • FIG. 9 is a block diagram of an account unification apparatus according to an exemplary embodiment of the present disclosure, wherein the apparatus is applied to an application server;
  • FIG. 10 is a block diagram showing an account unification apparatus according to another exemplary embodiment of the present disclosure, wherein the apparatus is applied to an application server;
  • FIG. 11 is a block diagram of an account unification apparatus according to an exemplary embodiment of the present disclosure, where the apparatus is applied to a client;
  • FIG. 12 is a block diagram of an account unification apparatus according to another exemplary embodiment of the present disclosure, wherein the apparatus is applied to a client.
  • a blockchain is a decentralized distributed database system in which all nodes in a blockchain network participate in maintenance. It is composed of a series of data blocks generated by cryptography, and each block is a blockchain. One block. According to the order of the generation time, the blocks are linked together in an orderly manner to form a data chain, which is aptly called a blockchain.
  • the blockchain is generated and validated by its special blocks and transactions, with unchangeable, unforgeable and fully traceable security features.
  • Blockchain node The blockchain network is based on a P2P (Peer to Peer) network.
  • P2P Peer to Peer
  • Each P2P network node participating in transaction and block storage, verification, and forwarding is a node in a blockchain network.
  • the user identity in the blockchain is represented by a public key, and the public key and the private key appear in pairs, wherein the private key is mastered by the user and not posted to the above-mentioned blockchain network, and the public key passes through the specific The hash and encoding become the "address", the "address” represents the user, and the public key and "address” can be freely published in the blockchain network. It is worth mentioning that there is no one-to-one correspondence between user identity and blockchain nodes. Users can use their own private key on any blockchain node.
  • Blockchain data write The blockchain node writes data to the blockchain by issuing a "transaction" to the blockchain network.
  • the transaction contains the signature of the user using his or her private key to prove the identity of the user.
  • the transaction is recorded by the “miner” (block chain node that implements the blockchain consensus competition mechanism) into the generated new block, and then released to the blockchain network, and verified and passed by other blockchain nodes, the transaction data is Is written to the blockchain.
  • FIG. 1 is a flowchart of an account unification method according to an exemplary embodiment of the present disclosure. The method is applied to a client. As shown in FIG. 1, the method includes:
  • step S101 an identity contract is created and the identity contract is associated with the user entity account.
  • step S102 an identity contract is deployed on the blockchain to obtain an identity contract address of the identity contract.
  • the blockchain may be an Ethereum blockchain.
  • There are two kinds of physical accounts on the Ethereum blockchain one is a user entity account (corresponding to a person or a smart device), and the corresponding one has a pair of public and private keys, and the hash code of the public key (for example, The first 20 bytes of the hash value is the blockchain address of the user entity account; the other is the program entity, that is, the smart contract, which only has the address value of the preset number of bytes (for example, 20 bytes) Address value), does not have an associated private key.
  • the client can generate its own user entity account by running a blockchain program.
  • the client can also create an identity contract (ie a type of smart contract) and associate the identity contract with the user entity account (eg, write the blockchain address of the user entity account into the identity contract) and pass the block The identity contract is deployed on the chain to obtain the address of the identity contract.
  • an identity contract ie a type of smart contract
  • associate the identity contract with the user entity account eg, write the blockchain address of the user entity account into the identity contract
  • the identity contract is deployed on the chain to obtain the address of the identity contract.
  • step S103 a registration request including an identity contract address is transmitted to the application server.
  • the identity contract address is used to instruct the application server to use the identity contract address as the account identifier of the user entity account on the application server.
  • FIG. 2 is a flowchart of an account unification method according to an exemplary embodiment of the present disclosure, where the method is applied to an application server, as described in FIG. 2, the method includes:
  • step S201 a registration request sent by the client is received, and the registration request includes an identity contract address associated with the user entity account to be registered.
  • step S202 the identity contract address is used as the account identifier of the user entity account on the application server.
  • the application server may record the identity contract address into an account information contract in its account database or blockchain, wherein the account information contract may be pre-deployed on the blockchain and each registered identity contract is recorded.
  • the contract of the address may be recorded.
  • the application server can use the identity contract address as the account identifier of the user entity account on the application server. Therefore, after the user completes the registration on each application server through the client, the user can uniformly use the identity contract address to log in on each application server.
  • the client may create an identity contract and associate the user entity account with the identity contract, thereby using the identity contract address as the user.
  • the unique account identifier of the physical account so that the user can conveniently use the identity contract address on each application server.
  • the client may also create multiple identity contracts and associate the user entity accounts with multiple identity contracts, thereby allowing users to participate in different application services with different identity contract addresses (ie different account identifiers). And it is convenient to use only a single entity account.
  • the client deploys an identity contract associated with the user entity account on the blockchain and registers with the application server using the identity contract address, so that the application server uses the identity contract address as the user entity.
  • the account identifier of the account on the application server so that the user can conveniently use the identity contract address to participate in various application services, thereby fundamentally solving the problem that the complicated account brings inconvenience to the user.
  • the decentralization of the blockchain makes the relationship between the identity contract and the user entity account cannot be falsified and forged, which can ensure the security of using the identity contract as the account identifier on each application server, compared to the application server. Using the same account and password reduces the loss of lost or stolen accounts.
  • the client may send the application server to include other The account information and the identity contract address login request, the application server authenticates the other account information, and returns the login success response to the client after the identity authentication is passed.
  • the application server can also replace or associate the registered account information with other account information, so that the application server can migrate the identity contract address as the account identifier of the user entity account.
  • FIG. 4 is a schematic diagram of signaling interaction of an account unification method according to an exemplary embodiment of the present disclosure. As shown in FIG. 4, the method includes:
  • step S401 the client creates an identity contract and associates the identity contract with the user entity account.
  • step S402 the client deploys an identity contract on the blockchain to obtain the identity contract address of the identity contract.
  • step S403 the client sends a registration request including an identity contract address to the application server.
  • step S404 when receiving the registration request sent by the client, the application server uses the identity contract address as the account identifier of the user entity account on the application server.
  • step S405 the application server sends a registration success response to the client.
  • the client can generate a user entity account and deploy an identity contract on the blockchain, associate the user entity account with the identity contract, and can use the identity contract address.
  • the application server registers, and the application server can use the identity contract address as the account identifier of the user entity account when receiving the registration request sent by the client, thereby facilitating the user to uniformly use the identity contract address to participate in various application services, fundamentally Resolving a large number of accounts brings problems to users.
  • the decentralization of the blockchain makes the relationship between the identity contract and the user entity account cannot be falsified and forged, which can ensure the security of using the identity contract as the account identifier on each application server, compared to the application server. Using the same account and password reduces the loss of lost or stolen accounts.
  • the identity contract may also be created and deployed by the application server, in which case the client only needs to provide the blockchain address of the user entity account when registering with the application server.
  • the application server may create an identity contract according to the blockchain address of each user entity account and establish an association relationship between the identity contract and the user entity account.
  • the account unified method may include:
  • step S501 the client sends a registration request to the application server, the registration request including the blockchain address of the user entity account.
  • step S502 when receiving the registration request sent by the client, the application server creates an identity contract according to the blockchain address of the user entity account and associates the identity contract with the user entity account.
  • step S503 the application server deploys an identity contract on the blockchain to obtain an identity contract address of the identity contract.
  • step S504 the application server uses the identity contract address as the account identifier of the user entity account on the application server.
  • step S505 the application server sends a registration success response to the client, and the registration success response includes the identity contract address.
  • the application server may associate each user entity account to be registered with an identity contract to identify the identity contract address as a unique account of the user entity account, so that the user can conveniently use each application.
  • the identity contract address is used uniformly on the server.
  • the application server may also associate each user entity account with multiple identity contracts, thereby supporting the user to use different application servers with different identity contract addresses (ie different account identifiers), and internally It is convenient to use only a single physical account.
  • the application server may also associate multiple user entity accounts with the same identity contract.
  • the setting may be applicable to related business scenarios, such as a mobile device in which the user has multiple different preset or assigned user entity accounts.
  • the configuration allows the user entity accounts of these mobile devices to be associated with a same identity contract, in which case the user can participate in various application services with the identity of the same identity contract regardless of which mobile device is used. It can solve the problem that users cannot easily identify the same identity with different private keys.
  • the application server can also set a many-to-many relationship between the user entity account and the identity contract to support more complex or special business needs.
  • process of creating and deploying an identity contract by the application server may refer to the process of creating and deploying an identity contract by the client in the unified account method provided in FIG. 1 , and details are not described herein again.
  • the client may add a user entity account association management function in the identity contract.
  • the current user entity account associated with the identity contract has the right to specify, add a new user entity account to associate with the identity contract.
  • the client does not need to update the participating identity contract, only need to replace the user entity account associated with the identity contract, so as not to affect the application server data and logic.
  • the client may also add a user entity account association arbitration function in the identity contract, that is, the client may set multiple arbitration clients in the identity contract (such as the user's trusted friend client). End or third-party trusted authority, etc., through the program logic to give the arbitration client the function of managing the association relationship between the user entity account and the identity contract, and setting the arbitration rules.
  • a user entity account association arbitration function in the identity contract, that is, the client may set multiple arbitration clients in the identity contract (such as the user's trusted friend client). End or third-party trusted authority, etc., through the program logic to give the arbitration client the function of managing the association relationship between the user entity account and the identity contract, and setting the arbitration rules.
  • FIG. 6 is a schematic diagram showing an implementation environment according to an exemplary embodiment of the present disclosure.
  • the implementation environment includes a client 61, an identity contract created by the client 61, and a user entity associated with the identity contract.
  • FIG. 6 a method for replacing a user entity account provided by an embodiment of the present disclosure is as shown in FIG. 7, and includes:
  • step S701 the client 61 deploys an identity contract on the blockchain and sets account information and arbitration rules of the plurality of arbitration clients in the identity contract.
  • step S702 the client 61 creates a new user entity account.
  • step S703 the client 61 sends a physical account replacement request to a plurality of arbitration clients, respectively.
  • the physical account replacement request may include an identity contract address and a blockchain address of the new user entity account.
  • the client may separately send an entity account replacement request to each arbitration client by means of an unidentified identity outside the chain.
  • the client may send the entity account replacement to each arbitration client by using an email or the like.
  • the request and the physical account replacement request carry identification information indicating that it is associated with the identity contract.
  • each arbitration client 62 sends an arbitration result to the identity contract by calling the interface of the identity contract.
  • step S705 the identity contract associates the new user entity account with the identity contract according to the arbitration result sent by each arbitration client, the account information of each arbitration client, and the arbitration rule.
  • the arbitration rule may modify the user entity account associated with the identity contract for more than half of the arbitration client's consent.
  • the identity contract receives more than half of the arbitration clients confirming the arbitration result of associating the new user entity account with the identity contract, the new user entity account is associated with the new user entity account according to the blockchain address of the new user entity account. .
  • the technical solution provided by the foregoing embodiment can not only solve the problem that the user cannot easily replace the physical account, but at the same time, the identity contract and the new user can be managed through arbitration after the private key of the original user entity account is lost or stolen.
  • the entity account is associated, which solves the problem that the identity contract cannot be used after the private key is lost and the private key is stolen.
  • the private key is a vital information for the user entity account, and in addition to the case where the security hardware is not exportable, the private key is usually backed up for security purposes if possible. Users can choose to encrypt or clear offline backup, but considering this method still needs to consider the security of backup files and the problems of forgetting and losing backup files or encrypted passwords, users can also choose online encryption backup methods, such as through password technology.
  • the private key (or seed) of the user entity account is encrypted and saved to the blockchain and restored by appropriate decryption when appropriate. Loss of private keys can be avoided by using appropriate backup and recovery techniques.
  • the client may block the private key of the user entity account by using a preset algorithm (for example, Shamir's Secret Sharing algorithm) to obtain n (n).
  • a preset algorithm for example, Shamir's Secret Sharing algorithm
  • n (n) Data block
  • any k data blocks (n ⁇ k ⁇ 1) can recover the entire private key.
  • the client may separately hash the n data blocks, for example, use a hash algorithm to calculate the hash values of the n data blocks, and again use the hash algorithm to calculate the hash value of each data block hash value.
  • the fingerprint of each data block these fingerprints can be used as verification when restoring the private key.
  • the client can share s(k ⁇ s ⁇ n) data blocks to c (c ⁇ 1) buddy clients, and encrypt the s data blocks using the public keys of the c buddy clients (such as each buddy).
  • the client's public key encrypts one or more of the s data blocks to ensure that s data blocks are encrypted, and all the encrypted data blocks, the hash values corresponding to the encrypted data blocks, and the c friend clients.
  • the blockchain address is logged to the identity contract associated with the user entity account.
  • the k value, the s value, and the c value determine the strength of the key sharing backup, wherein the smaller the k value, the larger the s value and the c value, the less likely the private key is lost.
  • the client in order to indicate the association relationship between the user entity account and the identity contract to the friend account when the key is restored, the client can inform the friend client of the associated identity contract when sharing the encrypted data to the friend client, so as to make the friend client
  • the end records the association.
  • the client may also record challenge information (eg, questions and answers encrypted with the buddy client's public key) or record the identity of the user entity account (eg, the identity ID hash of the user entity account) in the identity contract associated with the user entity account. .
  • the client may query, from the identity contract, the blockchain address of the target friend account corresponding to the at least k encrypted data blocks, and send the private key to the at least k target friends according to the blockchain address. Restore the request.
  • Each target friend account verifies the identity of the client when receiving the private key recovery request, and after the verification is passed, accesses the identity contract according to the identity contract address and obtains the encrypted encrypted data block from the identity contract, and encrypts the data block. After decryption, it is stored in the identity contract by the public key specified by the user entity account.
  • the decrypted k data can be obtained by decrypting with the relevant private key, and verified by the hash value recorded in the identity contract.
  • Validity of k data, applying a preset algorithm after verification eg Shamir's The Secret Sharing algorithm can restore the original private key of the user entity account.
  • the user entity account association relationship management function, the user entity account association relationship arbitration function, the private key backup and recovery function, and the like provided by the foregoing embodiments are not limited to the program logic of joining the identity contract, and may also be extracted to other In the program entity, the disclosure does not limit this.
  • the user may log in to each application platform by using the associated identity contract address as the account identifier, and the specific login process may be
  • the user sends a login request to the server through the client, and queries and selects the identity contract address associated with the blockchain address of the entity account on the client.
  • the client responds to the login challenge of the application server, wherein the login challenge response may include challenge signature information and an identity contract address of the user entity account.
  • the application platform After receiving the login challenge response sent by the client, the application platform verifies whether the identity contract address is registered and verifies whether the user entity account is an associated account of the identity contract based on the challenge signature mechanism, if the identity contract address is registered and the user entity account is The associated account of the identity contract sends a login success response to the client; otherwise, the login request of the user entity account is rejected.
  • the above embodiment of the present disclosure logs in based on the challenge signature mechanism, and the application server needs the signature information of the user entity account sent by the client to verify the identity of the user entity account.
  • the client can also integrate technologies such as biometric authentication, such as iris unlocking, fingerprint unlocking, and face unlocking, to prevent users from entering passwords. After the biometric authentication succeeds, the client can use the private key of the user entity account to sign the relevant information of the application server and send it to the application server to provide the server with the challenge signature authentication.
  • FIG. 8 is a schematic diagram of signaling interaction of a single sign-on and logout method according to an exemplary embodiment of the present disclosure, the method includes:
  • step S801 the client sends a first login request to the first application server, where the first login request includes first signature information of the user entity account and an identity contract address associated with the user entity account.
  • the first signature information of the user entity account may be obtained by signing the domain name of the first application server and the current time of the private key of the user entity account.
  • step S802 when receiving the login request sent by the client, the first application server verifies whether the identity contract address has been logged in.
  • step S803 when the first application server verifies that the identity contract address is not logged in, the first application server queries the login information contract on the blockchain according to the identity contract address to determine the login status of the identity contract address on other trusted application servers.
  • the login information contract is a contract pre-deployed on the blockchain that records the login status of each identity contract address on each trusted application server.
  • step S804 if it is determined that the login status of the identity contract address on the other trusted application server is not logged in, the first application server verifies whether the user entity account is associated with the identity contract address according to the identity contract address and the first signature information.
  • step S805 the first application server sends a login challenge page to the client when determining that the user entity account is associated with the identity contract address.
  • step S806 the client responds to the challenge of the first application server using the identity contract address.
  • step S807 the first application server authenticates the challenge response of the client and marks the login status of the identity contract information on the login status as logged in after the authentication succeeds.
  • the identity contract has at least one specific interface that can be used to determine whether the user entity account is associated with the identity contract.
  • the first application server may use the public key of the user entity account to perform signature verification on the first signature information, and after the signature verification succeeds, query the corresponding identity contract according to the identity contract address and view through the interface of the identity contract.
  • step S808 the first application server records the logged-in status of the identity contract address thereon into the login information contract.
  • step S809 the first application server returns a first login success response to the client.
  • the first login success response may include a session ID of the first application server.
  • step S810 the client sends a second login request to the second application server, where the second login request includes the second signature information of the user entity account and the identity contract address associated with the user entity account.
  • the second signature information of the user entity account may be obtained by using the domain name of the second application server and the current time of the private key of the user entity account.
  • step S811 when receiving the login request sent by the client, the second application server verifies whether the identity contract address has been logged in.
  • step S812 the second application server, when verifying that the identity contract address is not logged in, queries the login information contract on the blockchain according to the identity contract address to determine the login status of the identity contract address on other trusted application servers.
  • step S813 the second application server queries whether the login status of the identity contract address on the first application server is logged in, and then verifies whether the user entity account is associated with the identity contract address according to the identity contract address and the second signature information.
  • the process of verifying, by the second application server, whether the user entity account is associated with the identity contract address according to the identity contract address and the second signature information may refer to the process of verifying, by the first application server, whether the user entity account is associated with the identity contract address in step S805. I won't go into details here.
  • step S814 when it is determined that the user entity account is associated with the identity contract address, the second application server marks the login status of the identity contract information as having been logged in.
  • step S815 the second application server returns a second login success response to the client.
  • the second login success response may include a session ID of the second application server.
  • step S816 the client sends a logout request to the second application server, the logout request including an identity contract address associated with the user entity account.
  • step S817 the second application server marks the login status of the identity contract information as not logged in.
  • step S818 the second application server records the unlogged-in status of the identity contract address thereon into the login information contract.
  • step S819 the second application server sends a login challenge interface to the client.
  • step S820 the first application server monitors or rotates the query login information contract.
  • step S821 when the first application server knows that the login status of the identity information contract on the second application server is not logged in, the login status of the identity contract is marked as not logged in.
  • the application server may be an application server on a blockchain or an application server outside the blockchain.
  • it can verify the association between the identity contract and the user entity account through the interface of the identity contract.
  • the application server outside the blockchain it can access, read, write or call the identity contract on the blockchain through the API interface of the blockchain to verify the association between the identity contract and the user entity account.
  • each application server can have its own login control, and the user does not need to perform the voucher delivery with other application platforms to be logged in after using the identity contract address to log in on any application server, and realize the decentralized login and logout.
  • the robustness of the single sign-on and log-out system consisting of client, multiple application platforms and blockchain is added.
  • any one of the mutually trusted application servers may become the certification authority in the related single sign-on and log-out system, and the mutually trusted application server may not be limited to the same enterprise.
  • FIG. 9 is a block diagram of an account unification device 900, which is applied to an application server, and the device 900 includes:
  • the first registration request receiving module 901 is configured to receive a registration request sent by the client, where the registration request includes an identity contract address;
  • the first account identifier determining module 902 is configured to use the identity contract address as an account identifier of the user entity account on the application server.
  • the device 900 further includes:
  • the first login request receiving module 903 is configured to receive a login request sent by the client, where the login request includes the identity contract address and challenge signature information of the user entity account;
  • the first association verification module 904 is configured to verify, according to the identity contract address and the challenge signature information, whether the user entity account is associated with the identity contract address;
  • the first login success response module 905 is configured to return a login success response to the client when it is determined that the user entity account is associated with the identity contract address and the challenge signature information is verified.
  • the device 900 further includes:
  • the second login request receiving module 906 is configured to receive a login request sent by the client, where the login request includes the identity contract address and signature information of the user entity account;
  • the login status determining module 907 is configured to query a login information contract on the blockchain according to the identity contract address, and determine a login status of the identity contract address on another trusted application server, where the login information contract Is a contract pre-deployed on the blockchain that records the login status of each identity contract address on each trusted application server;
  • the second association verification module 908 is configured to verify the user entity according to the identity contract address and the signature information when determining that the login status of the identity contract address on the other trusted application server is logged in. Whether the account is associated with the identity contract address;
  • the second login success response module 909 is configured to return a login success response to the client when determining that the user entity account is associated with the identity contract address.
  • the device 900 further includes:
  • the third association verification module 910 is configured to verify the user entity according to the identity contract address and the signature information when determining that the login status of the identity contract address on the other trusted application server is not logged in. Whether the account is associated with the identity contract address and signature verification of the signature information;
  • a first login status marking module 911 configured to perform challenge authentication on the user entity account when determining that the user entity account is associated with the identity contract address, and after the authentication is passed, the identity contract address is in the The login status on the application server is marked as logged in and recorded in the login information contract.
  • the device 900 further includes:
  • the logout request receiving module 912 is configured to receive a logout request sent by the client, where the logout request includes the identity contract address;
  • the second login status marking module 913 is configured to mark the login status of the identity contract address on the application server as not logged in and recorded in the login information contract.
  • an embodiment of the present disclosure further provides a computer readable storage medium, where the computer readable storage medium includes one or more programs, and the one or more programs are used to execute the foregoing.
  • the account uniform method shown in the example is applied to the application server.
  • an embodiment of the present disclosure further provides an account unified device, which is applied to an application server, including the above computer readable storage medium, and one or more processors for executing a program in the computer readable storage medium.
  • FIG. 10 is a block diagram of an account unification device 1000, which is applied to an application server, according to another exemplary embodiment of the present disclosure, the device 1000 includes:
  • the second registration request receiving module 1001 is configured to receive a registration request sent by the client, where the registration request includes a blockchain address of the user entity account to be registered;
  • a second identity contract creation module 1002 configured to create an identity contract according to the blockchain address of the user entity account and associate with the user entity account;
  • a second identity contract deployment module 1003, configured to deploy the identity contract on a blockchain to obtain an identity contract address of the identity contract
  • the second account identifier determining module 1004 is configured to send the identity contract address as an account identifier of the user entity account on the application server and send a registration success response including the identity contract address to the client.
  • an embodiment of the present disclosure further provides a computer readable storage medium, where the computer readable storage medium includes one or more programs, and the one or more programs are used to execute the foregoing.
  • an embodiment of the present disclosure further provides an account unified device, which is applied to an application server, including the above computer readable storage medium, and one or more processors for executing a program in the computer readable storage medium.
  • FIG. 11 is a block diagram of an account unification device 1100, which is applied to a client, and the device 1100 includes:
  • a first identity contract creation module 1101, configured to create an identity contract and associate the identity contract with a user entity account
  • a first identity contract deployment module 1102 configured to deploy the identity contract on a blockchain to obtain an identity contract address of the identity contract
  • a first registration request sending module 1103, configured to send, to the application server, a registration request including the identity contract address, where the identity contract address is used to instruct the application server to use the identity contract address as the user entity account The account ID on the application server.
  • the device 1100 further includes:
  • a login request sending module 1104 configured to send a login request to the application server, where the login request includes the identity contract address and signature information, wherein the identity contract address and the signature information are used by the application server to determine Whether the user entity account is associated with the identity contract address and signature verification of the signature information.
  • the identity contract further includes account information of multiple arbitration clients and an arbitration rule
  • the device 1100 further includes:
  • An entity account creation module 1105 configured to create a new user entity account
  • the replacement request sending module 1106 is configured to separately send an entity account replacement request to the plurality of arbitration clients according to the account information of the plurality of arbitration clients, where the entity account replacement request includes the identity contract address and the new user a blockchain address of the physical account, wherein the identity contract address is used to instruct the plurality of arbitration clients to send an arbitration result to the identity contract, and the blockchain address of the new user entity account is used to indicate the
  • the identity contract associates the new user entity account with the identity contract based on the arbitration results of the plurality of arbitration clients and the arbitration rules.
  • the device 1100 further includes:
  • the private key blocking module 1107 is configured to block the private key of the user entity account according to a preset algorithm to obtain n data blocks, where n ⁇ 2;
  • a hash processing module 1108, configured to perform hash processing on the n data blocks, respectively, to obtain a hash value of the n data blocks;
  • the data block encryption module 1109 is configured to encrypt s data blocks in the n data blocks according to the public key of the c buddy clients, to obtain s encrypted data blocks, where c ⁇ 1, n ⁇ s ⁇ k ;
  • the information writing module 1110 is configured to write the s encrypted data blocks, the blockchain addresses of the c buddy clients, and the hash values of the n data blocks into the identity contract.
  • the device 1100 further includes:
  • a target buddy client address obtaining module 1111 configured to access the identity contract according to the identity contract address, and obtain a blockchain address of a target buddy client corresponding to at least k encrypted data blocks in the s encrypted data blocks, where , n ⁇ k ⁇ 1;
  • the private key recovery request sending module 1112 is configured to send a private key recovery request to the at least k target buddy clients according to the blockchain address of the at least k target buddy clients, where the private key recovery request is used to indicate Obtaining, by the at least k target buddy clients, the at least k encrypted data blocks from the identity contract, and decrypting and re-encrypting to store the identity contract;
  • the private key recovery module 1113 is configured to query the at least k re-encrypted encrypted data blocks and the corresponding hash value from the identity contract and decrypt the private key of the user entity account.
  • an embodiment of the present disclosure further provides a computer readable storage medium, where the computer readable storage medium includes one or more programs, and the one or more programs are used to execute the foregoing.
  • the unified method of the account applied to the client provided in the example.
  • an embodiment of the present disclosure further provides an account unified device, which is applied to a client, including the above computer readable storage medium, and one or more processors for executing a program in the computer readable storage medium.
  • FIG. 12 is a block diagram of an account unification device 1200, which is applied to a client, and the device 1200 includes:
  • a second registration request sending module 1201 configured to send a registration request to the application server, where the registration request includes a blockchain address of the user entity account, where the blockchain address is used by the application server according to the blockchain address Deploying an identity contract associated with the user entity account;
  • the registration success response receiving module 1202 is configured to receive a registration success response sent by the application server, where the registration request includes an identity contract address associated with the user entity account.
  • an embodiment of the present disclosure further provides a computer readable storage medium, where the computer readable storage medium includes one or more programs, and the one or more programs are used to execute the foregoing.
  • the unified method of the account applied to the client provided in the example.
  • an embodiment of the present disclosure further provides an account unified device, which is applied to a client, including the above computer readable storage medium, and one or more processors for executing a program in the computer readable storage medium.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

An account unifying method and device and a storage medium used for solving the technical problem of inconvenience to users caused by using different accounts in different application servers in the prior art. The method is applied to an application client, and the method comprises: creating an identity contract and associating the identity contract with a user entity account; deploying the identity contract on a block chain to obtain an identity contract address of the identity contract; and sending a registration request including the identity contract address to an application server, the identity contract address being used for indicating the application server to use the identity contract address as an account identification of the user entity account in the application server.

Description

账户统一方法、装置及存储介质Account unified method, device and storage medium 技术领域Technical field
本公开涉及信息技术领域,尤其涉及一种账户统一方法、装置及存储介质。The present disclosure relates to the field of information technology, and in particular, to an account unified method, apparatus, and storage medium.
背景技术Background technique
随着互联网的飞速发展,各种移动应用、WEB网站、云端服务等成为人们日常生活中不可或缺的一部分。账户作为访问各个服务的凭证和身份标识扮演着极为重要的角色。目前,无论是不同的应用服务器还是统一企业内部的不同应用系统,都需要用户在使用之前独立地完成注册且记住每一个系统的账户和密码,繁多的账户和密码容易使用户混淆甚至遗忘,给用户带来使用的不便。With the rapid development of the Internet, various mobile applications, WEB websites, and cloud services have become an indispensable part of people's daily lives. Accounts play an extremely important role as credentials and identities for accessing individual services. At present, whether it is a different application server or a different application system within the unified enterprise, the user needs to complete the registration independently before using and remember the account and password of each system, and the numerous accounts and passwords are easy to confuse or even forget. Inconvenience to the user.
发明内容Summary of the invention
本公开的主要目的是提供一种账户统一方法、装置及存储介质,用以解决现有技术中在不同应用服务器中使用不同账户而导致的用户使用不便的技术问题。The main purpose of the present disclosure is to provide an account unified method, apparatus, and storage medium for solving the technical problem of inconvenience to users caused by using different accounts in different application servers in the prior art.
为了实现上述目的,本公开第一方面提供一种账户统一方法,应用于客户端,所述方法包括:创建身份合约并将所述身份合约与用户实体账户关联;在区块链上部署所述身份合约,得到所述身份合约的身份合约地址;向应用服务器发送包括所述身份合约地址的注册请求,所述身份合约地址用于指示所述应用服务器将所述身份合约地址作为所述用户实体账户在所述应用服务器上的账户标识。In order to achieve the above object, a first aspect of the present disclosure provides an account unification method, applied to a client, the method comprising: creating an identity contract and associating the identity contract with a user entity account; deploying the same on a blockchain An identity contract, obtaining an identity contract address of the identity contract; transmitting, to the application server, a registration request including the identity contract address, the identity contract address being used to instruct the application server to use the identity contract address as the user entity The account ID of the account on the application server.
本公开第二方面提供一种账户统一方法,应用于客户端,所述方法包括:向应用服务器发送注册请求,所述注册请求包括用户实体账户的区块链地址,所述区块链地址用于所述应用服务器根据所述区块链地址部署与所述用户实体账户关联的身份合约;接收所述应用服务器发送的注册成功响应,所述注册请求包括与所述用户实体账户关联的身份合约地址。A second aspect of the present disclosure provides a method for unifying an account, which is applied to a client, the method comprising: sending a registration request to an application server, where the registration request includes a blockchain address of a user entity account, and the blockchain address is used by the blockchain address And the application server deploys an identity contract associated with the user entity account according to the blockchain address; receiving a registration success response sent by the application server, where the registration request includes an identity contract associated with the user entity account address.
本公开第三方面提供一种账户统一方法,应用于应用服务器,所述方法包括:接收客户端发送的注册请求,所述注册请求包括与待注册的用户实体账户关联的身份合约地址;将所述身份合约地址作为所述用户实体账户在所述应用服务器上的账户标识。A third aspect of the present disclosure provides a method for unifying an account, which is applied to an application server, the method comprising: receiving a registration request sent by a client, where the registration request includes an identity contract address associated with a user entity account to be registered; The identity contract address is used as an account identifier of the user entity account on the application server.
本公开第四方面提供一种账户统一方法,应用于应用服务器,所述方法包括:接收客户端发送的注册请求,所述注册请求包括待注册的用户实体账户的区块链地址;根据所述用户实体账户的区块链地址创建身份合约并与所述用户实体账户关联;在区块链上部署所述身份合约,得到所述身份合约的身份合约地址;将所述身份合约地址作为所述用户实体账户在所述应用服务器上的账户标识并将包括所述身份合约地址的注册成功响应发送给所述客户端。A fourth aspect of the present disclosure provides a method for unifying an account, which is applied to an application server, the method comprising: receiving a registration request sent by a client, where the registration request includes a blockchain address of a user entity account to be registered; The blockchain address of the user entity account creates an identity contract and associates with the user entity account; deploying the identity contract on the blockchain to obtain an identity contract address of the identity contract; using the identity contract address as the The account identity of the user entity account on the application server and a registration success response including the identity contract address is sent to the client.
本公开第五方面提供一种账户统一装置,应用于客户端,所述装置包括:第一身份合约创建模块,用于创建身份合约并将所述身份合约与用户实体账户关联;第一身份合约部署模块,用于在区块链上部署所述身份合约,得到所述身份合约的身份合约地址;第一注册请求发送模块,用于向应用服务器发送包括所述身份合约地址的注册请求,所述身份合约地址用于指示所述应用服务器将所述身份合约地址作为所述用户实体账户在所述应用服务器上的账户标识。A fifth aspect of the present disclosure provides an account unification device, which is applied to a client, the device comprising: a first identity contract creation module, configured to create an identity contract and associate the identity contract with a user entity account; a deployment module, configured to deploy the identity contract on a blockchain, to obtain an identity contract address of the identity contract, and a first registration request sending module, configured to send, to the application server, a registration request including the identity contract address, where The identity contract address is used to instruct the application server to use the identity contract address as an account identifier of the user entity account on the application server.
本公开第六方面提供一种账户统一装置,应用于客户端,所述装置包括:第二注册请求发送模块,用于向应用服务器发送注册请求,所述注册请求包括用户实体账户的区块链地址,所述区块链地址用于所述应用服务器根据所述区块链地址部署与所述用户实体账户关联的身份合约;注册成功响应接收模块,用于接收所述应用服务器发送的注册成功响应,所述注册请求包括与所述用户实体账户关联的身份合约地址。A sixth aspect of the present disclosure provides an account unified apparatus, which is applied to a client, where the apparatus includes: a second registration request sending module, configured to send a registration request to an application server, where the registration request includes a blockchain of a user entity account. An address, the blockchain address is used by the application server to deploy an identity contract associated with the user entity account according to the blockchain address; the registration success response receiving module is configured to receive the registration success sent by the application server In response, the registration request includes an identity contract address associated with the user entity account.
本公开第七方面提供一种账户统一装置,应用于应用服务器,所述装置包括:第一注册请求接收模块,用于接收客户端发送的注册请求,所述注册请求包括身份合约地址;第一账户标识确定模块,用于将所述身份合约地址作为所述用户实体账户在所述应用服务器上的账户标识。A seventh aspect of the present disclosure provides an account unified device, which is applied to an application server, where the device includes: a first registration request receiving module, configured to receive a registration request sent by a client, where the registration request includes an identity contract address; An account identifier determining module is configured to use the identity contract address as an account identifier of the user entity account on the application server.
本公开第八方面提供一种账户统一装置,应用于应用服务器,所述装置包括:第二注册请求接收模块,用于接收客户端发送的注册请求,所述注册请求包括待注册的用户实体账户的区块链地址;第二身份合约创建模块,用于根据所述用户实体账户的区块链地址创建身份合约并与所述用户实体账户关联;第二身份合约部署模块,用于在区块链上部署所述身份合约,得到所述身份合约的身份合约地址;第二账户标识确定模块,用于将所述身份合约地址作为所述用户实体账户在所述应用服务器上的账户标识并将包括所述身份合约地址的注册成功响应发送给所述客户端。An eighth aspect of the present disclosure provides an account unified device, which is applied to an application server, where the device includes: a second registration request receiving module, configured to receive a registration request sent by a client, where the registration request includes a user entity account to be registered a blockchain address; a second identity contract creation module, configured to create an identity contract according to a blockchain address of the user entity account and associated with the user entity account; and a second identity contract deployment module for use in the block Deploying the identity contract on the chain to obtain an identity contract address of the identity contract; a second account identifier determining module, configured to use the identity contract address as an account identifier of the user entity account on the application server and A registration success response including the identity contract address is sent to the client.
本公开第九方面提供一种计算机可读存储介质,所述计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行第一方面所述的方法。A ninth aspect of the present disclosure provides a computer readable storage medium comprising one or more programs for performing the method of the first aspect.
本公开第十方面提供一种账户统一装置,应用于客户端,包括:第九方面所述的计算机可读存储介质;以及一个或多个处理器,用于执行所述计算机可读存储介质中的程序。A tenth aspect of the present disclosure provides an account unified device, which is applied to a client, comprising: the computer readable storage medium of the ninth aspect; and one or more processors for executing the computer readable storage medium program of.
本公开第十一方面提供一种计算机可读存储介质,所述计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行第二方面所述的方法。An eleventh aspect of the present disclosure provides a computer readable storage medium comprising one or more programs for performing the method of the second aspect.
本公开第十二方面提供一种账户统一装置,应用于客户端,包括:第十一方面所述的计算机可读存储介质;以及一个或多个处理器,用于执行所述计算机可读存储介质中的程序。A twelfth aspect of the present disclosure provides an account unified device, which is applied to a client, comprising: the computer readable storage medium of the eleventh aspect; and one or more processors for executing the computer readable storage The program in the media.
本公开第十三方面提供一种计算机可读存储介质,所述计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行第三方面所述的方法。A thirteenth aspect of the present disclosure provides a computer readable storage medium comprising one or more programs for performing the method of the third aspect.
本公开第十四方面提供一种账户统一装置,应用于应用服务器,包括:第十三方面所述的计算机可读存储介质;以及一个或多个处理器,用于执行所述计算机可读存储介质中的程序。A fourteenth aspect of the present disclosure provides an account unified apparatus, which is applied to an application server, comprising: the computer readable storage medium of the thirteenth aspect; and one or more processors for executing the computer readable storage The program in the media.
本公开第十五方面提供一种计算机可读存储介质,所述计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行第四方面所述的方法。A fifteenth aspect of the present disclosure provides a computer readable storage medium, comprising one or more programs, the one or more programs for performing the method of the fourth aspect.
本公开第十六方面提供一种账户统一装置,应用于应用服务器,包括:第十五方面所述的计算机可读存储介质;以及一个或多个处理器,用于执行所述计算机可读存储介质中的程序。A sixteenth aspect of the present disclosure provides an account unified apparatus, applicable to an application server, comprising: the computer readable storage medium of the fifteenth aspect; and one or more processors for executing the computer readable storage The program in the media.
采用上述技术方案,基于区块链技术,客户端在区块链上部署与用户实体账户关联的身份合约,并向应用服务器发送包括身份合约地址的注册请求,以指示应用服务器将身份合约地址作为用户实体账户的账户标识,可以方便用户统一使用身份合约地址参与各种应用服务,从根本上解决繁多的账户给用户带来使用不便的问题。同时,区块链的去中心化使得身份合约与用户实体账户的关联关系无法被篡改和伪造,可以保证在各应用服务器上使用身份合约作为账户标识的安全性,相比于在各应用服务器上使用相同的账户和密码,降低了账户遗失或被盗造成的损失。Using the above technical solution, based on the blockchain technology, the client deploys an identity contract associated with the user entity account on the blockchain, and sends a registration request including the identity contract address to the application server to instruct the application server to use the identity contract address as The account identifier of the user entity account can facilitate the user to uniformly use the identity contract address to participate in various application services, thereby fundamentally solving the problem that a large number of accounts bring inconvenience to the user. At the same time, the decentralization of the blockchain makes the relationship between the identity contract and the user entity account cannot be falsified and forged, which can ensure the security of using the identity contract as the account identifier on each application server, compared to the application server. Using the same account and password reduces the loss of lost or stolen accounts.
本公开的其他特征和优点将在随后的具体实施方式部分予以详细说明。Other features and advantages of the present disclosure will be described in detail in the detailed description which follows.
附图说明DRAWINGS
图1是根据本公开一示例性实施例示出的一种账户统一方法的流程图,其中,所述方法应用于客户端;FIG. 1 is a flowchart of an account unification method according to an exemplary embodiment of the present disclosure, where the method is applied to a client;
图2是根据本公开一示例性实施例示出的一种账户统一方法的流程图,其中,所述方法应用于应用服务器;FIG. 2 is a flowchart of an account unification method according to an exemplary embodiment of the present disclosure, where the method is applied to an application server;
图3是根据本公开一示例性实施例示出的一种用户实体账户与身份合约的关联关系的示意图;FIG. 3 is a schematic diagram showing a relationship between a user entity account and an identity contract according to an exemplary embodiment of the present disclosure; FIG.
图4是根据本公开一示例性实施例示出的一种账户统一方法的信令交互示意图;FIG. 4 is a schematic diagram of signaling interaction of an account unification method according to an exemplary embodiment of the present disclosure; FIG.
图5是根据本公开另一示例性实施例示出的一种账户统一方法的信令交互示意图;FIG. 5 is a schematic diagram of signaling interaction of an account unification method according to another exemplary embodiment of the present disclosure; FIG.
图6是根据本公开一示例性实施例示出的一种实施环境的示意图;FIG. 6 is a schematic diagram showing an implementation environment according to an exemplary embodiment of the present disclosure; FIG.
图7是根据本公开一示例性实施例示出的一种更换用户实体账户的方法的流程图;FIG. 7 is a flowchart of a method for replacing a user entity account according to an exemplary embodiment of the present disclosure; FIG.
图8是本公开一示例性实施例示出的一种单点登陆及注销方法的信令交互示意图;FIG. 8 is a schematic diagram of signaling interaction of a single sign-on and logout method according to an exemplary embodiment of the present disclosure; FIG.
图9是根据本公开一示例性实施例示出的一种账户统一装置的框图,其中,所述装置应用于应用服务器;FIG. 9 is a block diagram of an account unification apparatus according to an exemplary embodiment of the present disclosure, wherein the apparatus is applied to an application server;
图10是根据本公开另一示例性实施例示出的一种账户统一装置的框图,其中,所述装置应用于应用服务器;FIG. 10 is a block diagram showing an account unification apparatus according to another exemplary embodiment of the present disclosure, wherein the apparatus is applied to an application server;
图11是根据本公开一示例性实施例示出的一种账户统一装置的框图,其中,所述装置应用于客户端;FIG. 11 is a block diagram of an account unification apparatus according to an exemplary embodiment of the present disclosure, where the apparatus is applied to a client;
图12是根据本公开另一示例性实施例示出的一种账户统一装置的框图,其中,所述装置应用于客户端。FIG. 12 is a block diagram of an account unification apparatus according to another exemplary embodiment of the present disclosure, wherein the apparatus is applied to a client.
具体实施方式Detailed ways
为使本公开实施例的目的、技术方案和优点更加清楚,下面将结合本公开实施例中的附图,对本公开实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present disclosure will be clearly and completely described in conjunction with the drawings in the embodiments of the present disclosure. It is a partial embodiment of the invention, and not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
为了使本领域技术人员更容易理解本公开实施例提供的技术方案,下面首先对涉及到的相关技术进行简单介绍。In order to make it easier for a person skilled in the art to understand the technical solutions provided by the embodiments of the present disclosure, the related technologies involved will be briefly introduced below.
区块链是由区块链网络中所有节点共同参与维护的去中心化分布式数据库系统,它是由一系列基于密码学方法产生的数据块组成,每个数据块即为区块链中的一个区块。根据产生时间的先后顺序,区块被有序地链接在一起,形成一个数据链条,被形象地称为区块链。区块链由其特别的区块和交易产生、验证协议,具有不可更改,不可伪造、完全可追溯的安全特性。A blockchain is a decentralized distributed database system in which all nodes in a blockchain network participate in maintenance. It is composed of a series of data blocks generated by cryptography, and each block is a blockchain. One block. According to the order of the generation time, the blocks are linked together in an orderly manner to form a data chain, which is aptly called a blockchain. The blockchain is generated and validated by its special blocks and transactions, with unchangeable, unforgeable and fully traceable security features.
区块链技术中涉及到的相关概念说明:Description of related concepts involved in blockchain technology:
区块链节点:区块链网络基于P2P(Peer to Peer,对等网络)网络,每个参与交易和区块存储、验证、转发的P2P网络节点都是一个区块链网络中的节点。Blockchain node: The blockchain network is based on a P2P (Peer to Peer) network. Each P2P network node participating in transaction and block storage, verification, and forwarding is a node in a blockchain network.
用户身份:区块链中的用户身份使用公钥表示,并且公钥和私钥是成对出现的,其中,私钥由用户掌握而不发布到上述的区块链网络中,公钥通过特定的哈希和编码后成为“地址”,“地址”代表了用户,并且公钥和“地址”可随意发布在区块链网络中。值得一提的是,用户身份和区块链节点不存在一一对应关系,用户可以在任意一个区块链节点上使用自己的私钥。User identity: The user identity in the blockchain is represented by a public key, and the public key and the private key appear in pairs, wherein the private key is mastered by the user and not posted to the above-mentioned blockchain network, and the public key passes through the specific The hash and encoding become the "address", the "address" represents the user, and the public key and "address" can be freely published in the blockchain network. It is worth mentioning that there is no one-to-one correspondence between user identity and blockchain nodes. Users can use their own private key on any blockchain node.
区块链数据写入:区块链节点通过向区块链网络发布“交易”(Transaction)实现向区块链写入数据。交易中包含用户使用自己私钥对交易的签名,以证明用户的身份。交易被“矿工”(执行区块链共识竞争机制的区块链节点)记录入产生的新区块,然后发布到区块链网络,并被其他区块链节点验证通过和接受后,交易数据即被写入区块链。Blockchain data write: The blockchain node writes data to the blockchain by issuing a "transaction" to the blockchain network. The transaction contains the signature of the user using his or her private key to prove the identity of the user. The transaction is recorded by the “miner” (block chain node that implements the blockchain consensus competition mechanism) into the generated new block, and then released to the blockchain network, and verified and passed by other blockchain nodes, the transaction data is Is written to the blockchain.
图1是根据本公开一示例性实施例示出的一种账户统一方法的流程图,该方法应用于客户端,如图1所示,该方法包括:1 is a flowchart of an account unification method according to an exemplary embodiment of the present disclosure. The method is applied to a client. As shown in FIG. 1, the method includes:
在步骤S101中,创建身份合约并将身份合约与用户实体账户关联。In step S101, an identity contract is created and the identity contract is associated with the user entity account.
在步骤S102中,在区块链上部署身份合约,得到身份合约的身份合约地址。In step S102, an identity contract is deployed on the blockchain to obtain an identity contract address of the identity contract.
在本公开的实施例中,区块链可以是以太坊区块链。在以太坊区块链上存在两种实体账户,一种是用户实体账户(可对应人或智能设备),其对应的拥有一对公钥和私钥,公钥的哈希编码值(例如哈希值前20个字节)即为该用户实体账户的区块链地址;另一种是程序实体,也就是智能合约,其只拥有预设字节数的地址值(例如20个字节的地址值),不具有相关私钥。In an embodiment of the present disclosure, the blockchain may be an Ethereum blockchain. There are two kinds of physical accounts on the Ethereum blockchain, one is a user entity account (corresponding to a person or a smart device), and the corresponding one has a pair of public and private keys, and the hash code of the public key (for example, The first 20 bytes of the hash value is the blockchain address of the user entity account; the other is the program entity, that is, the smart contract, which only has the address value of the preset number of bytes (for example, 20 bytes) Address value), does not have an associated private key.
在本公开的实施例中,客户端可以通过运行区块链程序产生自己的用户实体账户。此外,客户端还可以创建身份合约(即智能合约的一种类型)并将身份合约与用户实体账户关联(例如将用户实体账户的区块链地址写入身份合约中),且通过在区块链上部署该身份合约获得身份合约的地址。In an embodiment of the present disclosure, the client can generate its own user entity account by running a blockchain program. In addition, the client can also create an identity contract (ie a type of smart contract) and associate the identity contract with the user entity account (eg, write the blockchain address of the user entity account into the identity contract) and pass the block The identity contract is deployed on the chain to obtain the address of the identity contract.
在步骤S103中,向应用服务器发送包括身份合约地址的注册请求。In step S103, a registration request including an identity contract address is transmitted to the application server.
其中,身份合约地址用于指示应用服务器将身份合约地址作为用户实体账户在该应用服务器上的账户标识。The identity contract address is used to instruct the application server to use the identity contract address as the account identifier of the user entity account on the application server.
图2是根据本公开一示例性实施例示出的一种账户统一方法的流程图,其中,该方法应用于应用服务器,如图2所述,该方法包括:FIG. 2 is a flowchart of an account unification method according to an exemplary embodiment of the present disclosure, where the method is applied to an application server, as described in FIG. 2, the method includes:
在步骤S201中,接收客户端发送的注册请求,注册请求包括与待注册的用户实体账户关联的身份合约地址。In step S201, a registration request sent by the client is received, and the registration request includes an identity contract address associated with the user entity account to be registered.
在步骤S202中,将身份合约地址作为用户实体账户在该应用服务器上的账户标识。In step S202, the identity contract address is used as the account identifier of the user entity account on the application server.
可选地,应用服务器可将该身份合约地址记录至其账户数据库或者区块链上的账户信息合约中,其中,账户信息合约可以是预先部署在区块链上记录有各已注册的身份合约地址的合约。Optionally, the application server may record the identity contract address into an account information contract in its account database or blockchain, wherein the account information contract may be pre-deployed on the blockchain and each registered identity contract is recorded. The contract of the address.
应用服务器可将身份合约地址作为用户实体账户在应用服务器上的账户标识。由此,用户通过客户端在各应用服务器上完成注册后,便可在各应用服务器上统一使用身份合约地址登陆。The application server can use the identity contract address as the account identifier of the user entity account on the application server. Therefore, after the user completes the registration on each application server through the client, the user can uniformly use the identity contract address to log in on each application server.
需要说明的是,在本公开的实施例中,如图3所示,可选地,客户端可创建一个身份合约并将用户实体账户与身份合约一一关联,进而可以将身份合约地址作为用户实体账户的唯一账户标识,这样,用户可以方便地在各应用服务器上的统一使用该身份合约地址。It should be noted that, in the embodiment of the present disclosure, as shown in FIG. 3, optionally, the client may create an identity contract and associate the user entity account with the identity contract, thereby using the identity contract address as the user. The unique account identifier of the physical account, so that the user can conveniently use the identity contract address on each application server.
可选地,客户端也可以创建多个身份合约并将用户实体账户分别与多个身份合约关联,由此,用户可以对外以不同的身份合约地址(即不同的账户标识)参与不同的应用服务,而对内可以方便地仅使用唯一的实体账户。Optionally, the client may also create multiple identity contracts and associate the user entity accounts with multiple identity contracts, thereby allowing users to participate in different application services with different identity contract addresses (ie different account identifiers). And it is convenient to use only a single entity account.
采用上述方法,基于区块链技术,客户端在区块链上部署与用户实体账户关联的身份合约,并使用身份合约地址在应用服务器上注册,以使应用服务器将身份合约地址作为该用户实体账户在应用服务器上的账户标识,这样,可以方便用户统一使用身份合约地址参与各种应用服务,从根本上解决繁多的账户给用户带来使用不便的问题。同时,区块链的去中心化使得身份合约与用户实体账户的关联关系无法被篡改和伪造,可以保证在各应用服务器上使用身份合约作为账户标识的安全性,相比于在各应用服务器上使用相同的账户和密码,降低了账户遗失或被盗造成的损失。Using the above method, based on the blockchain technology, the client deploys an identity contract associated with the user entity account on the blockchain and registers with the application server using the identity contract address, so that the application server uses the identity contract address as the user entity. The account identifier of the account on the application server, so that the user can conveniently use the identity contract address to participate in various application services, thereby fundamentally solving the problem that the complicated account brings inconvenience to the user. At the same time, the decentralization of the blockchain makes the relationship between the identity contract and the user entity account cannot be falsified and forged, which can ensure the security of using the identity contract as the account identifier on each application server, compared to the application server. Using the same account and password reduces the loss of lost or stolen accounts.
在本公开的另一些实施例中,若应用服务器中存在用户已注册的其他账户信息,则在用户通过客户端使用已注册的其他账户信息登陆应用服务器时,客户端可以向应用服务器发送包括其他账户信息和身份合约地址的登陆请求,应用服务器对其他账户信息进行身份认证,在身份认证通过后则向客户端返回登陆成功响应。与此同时,应用服务器还可以将身份合约地址替换或关联已注册的其他账户信息,这样,应用服务器可以迁移使用身份合约地址作为用户实体账户的账户标识。In other embodiments of the present disclosure, if there is other account information registered by the user in the application server, when the user logs in to the application server by using the other account information registered by the client, the client may send the application server to include other The account information and the identity contract address login request, the application server authenticates the other account information, and returns the login success response to the client after the identity authentication is passed. At the same time, the application server can also replace or associate the registered account information with other account information, so that the application server can migrate the identity contract address as the account identifier of the user entity account.
为了使本公开技术方案更加易于理解,下面再通过以下可能的实施方式的信令交互示意图对本公开技术方案进行详细说明。In order to make the technical solutions of the present disclosure easier to understand, the technical solutions of the present disclosure are further described in detail through the signaling interaction diagrams of the following possible implementation manners.
图4是根据本公开一示例性实施例示出的一种账户统一方法的信令交互示意图,如图4所示,该方法包括:FIG. 4 is a schematic diagram of signaling interaction of an account unification method according to an exemplary embodiment of the present disclosure. As shown in FIG. 4, the method includes:
在步骤S401中,客户端创建身份合约并将身份合约与用户实体账户关联。In step S401, the client creates an identity contract and associates the identity contract with the user entity account.
在步骤S402中,客户端在区块链上部署身份合约,得到该身份合约的身份合约地址。In step S402, the client deploys an identity contract on the blockchain to obtain the identity contract address of the identity contract.
在步骤S403中,客户端向应用服务器发送包括身份合约地址的注册请求。In step S403, the client sends a registration request including an identity contract address to the application server.
在步骤S404中,应用服务器在接收到客户端发送的注册请求时,将身份合约地址作为用户实体账户在该应用服务器上的账户标识。In step S404, when receiving the registration request sent by the client, the application server uses the identity contract address as the account identifier of the user entity account on the application server.
在步骤S405中,应用服务器向客户端发送注册成功响应。In step S405, the application server sends a registration success response to the client.
可见,通过本公开实施例的上述技术方案,基于区块链技术,客户端可产生用户实体账户并在区块链上部署身份合约,将用户实体账户与身份合约关联,且可使用身份合约地址在应用服务器上注册,而应用服务器在接收到客户端发送的注册请求时,可以将身份合约地址作为用户实体账户的账户标识,进而方便用户统一使用身份合约地址参与各种应用服务,从根本上解决繁多的账户给用户带来使用不便的问题。同时,区块链的去中心化使得身份合约与用户实体账户的关联关系无法被篡改和伪造,可以保证在各应用服务器上使用身份合约作为账户标识的安全性,相比于在各应用服务器上使用相同的账户和密码,降低了账户遗失或被盗造成的损失。It can be seen that, through the above technical solution of the embodiment of the present disclosure, based on the blockchain technology, the client can generate a user entity account and deploy an identity contract on the blockchain, associate the user entity account with the identity contract, and can use the identity contract address. The application server registers, and the application server can use the identity contract address as the account identifier of the user entity account when receiving the registration request sent by the client, thereby facilitating the user to uniformly use the identity contract address to participate in various application services, fundamentally Resolving a large number of accounts brings problems to users. At the same time, the decentralization of the blockchain makes the relationship between the identity contract and the user entity account cannot be falsified and forged, which can ensure the security of using the identity contract as the account identifier on each application server, compared to the application server. Using the same account and password reduces the loss of lost or stolen accounts.
在本公开的其他实施例中,身份合约也可以由应用服务器创建和部署,在这种情况下,客户端在向应用服务器注册时仅需提供用户实体账户的区块链地址。例如,对于同一企业内部的用户,应用服务器在接收到各客户端发送的注册请求时,可根据各用户实体账户的区块链地址创建身份合约并建立身份合约与用户实体账户之间的关联关系。相应地,如图5所示,所述账户统一方法可以包括:In other embodiments of the present disclosure, the identity contract may also be created and deployed by the application server, in which case the client only needs to provide the blockchain address of the user entity account when registering with the application server. For example, for users within the same enterprise, when receiving the registration request sent by each client, the application server may create an identity contract according to the blockchain address of each user entity account and establish an association relationship between the identity contract and the user entity account. . Accordingly, as shown in FIG. 5, the account unified method may include:
在步骤S501中,客户端向应用服务器发送注册请求,注册请求包括用户实体账户的区块链地址。In step S501, the client sends a registration request to the application server, the registration request including the blockchain address of the user entity account.
在步骤S502中,应用服务器在接收到客户端发送的注册请求时,根据用户实体账户的区块链地址创建身份合约并将身份合约与用户实体账户关联。In step S502, when receiving the registration request sent by the client, the application server creates an identity contract according to the blockchain address of the user entity account and associates the identity contract with the user entity account.
在步骤S503中,应用服务器在区块链上部署身份合约,得到该身份合约的身份合约地址。In step S503, the application server deploys an identity contract on the blockchain to obtain an identity contract address of the identity contract.
在步骤S504中,应用服务器将身份合约地址作为用户实体账户在该应用服务器上的账户标识。In step S504, the application server uses the identity contract address as the account identifier of the user entity account on the application server.
在步骤S505中,应用服务器向客户端发送注册成功响应,注册成功响应包括身份合约地址。In step S505, the application server sends a registration success response to the client, and the registration success response includes the identity contract address.
如图3所示,可选地,应用服务器可以将每个待注册的用户实体账户关联一个身份合约,以将身份合约地址作为用户实体账户的唯一账户标识,这样,用户可以方便地在各应用服务器上的统一使用该身份合约地址。As shown in FIG. 3, optionally, the application server may associate each user entity account to be registered with an identity contract to identify the identity contract address as a unique account of the user entity account, so that the user can conveniently use each application. The identity contract address is used uniformly on the server.
可选地,应用服务器也可以将每个用户实体账户分别与多个身份合约关联,由此可支持用户对外以不同的身份合约地址(即不同的账户标识)使用不同的应用服务器,而对内可以方便地仅使用唯一的实体账户。Optionally, the application server may also associate each user entity account with multiple identity contracts, thereby supporting the user to use different application servers with different identity contract addresses (ie different account identifiers), and internally It is convenient to use only a single physical account.
可选地,应用服务器也可以将多个用户实体账户与同一个身份合约关联,此种设置可适用于相关业务场景,比如用户拥有多个不同预置或分配的用户实体账户的移动设备,通过配置可使这些移动设备的用户实体账户都与一个相同的身份合约关联,在这种情况下,用户不管使用哪个移动设备,都可以以相同的身份合约表征的身份参与各种应用服务,由此可以解决用户无法方便地以不同的私钥标识相同身份的问题。Optionally, the application server may also associate multiple user entity accounts with the same identity contract. The setting may be applicable to related business scenarios, such as a mobile device in which the user has multiple different preset or assigned user entity accounts. The configuration allows the user entity accounts of these mobile devices to be associated with a same identity contract, in which case the user can participate in various application services with the identity of the same identity contract regardless of which mobile device is used. It can solve the problem that users cannot easily identify the same identity with different private keys.
可选地,应用服务器还可以设置用户实体账户与身份合约之间的多对多关系,以支持更复杂或特殊的业务需求。Optionally, the application server can also set a many-to-many relationship between the user entity account and the identity contract to support more complex or special business needs.
需要说明的是,应用服务器创建和部署身份合约的过程可以参照图1提供的账户统一方法中客户端创建和部署身份合约的过程,此处不再赘述。It should be noted that the process of creating and deploying an identity contract by the application server may refer to the process of creating and deploying an identity contract by the client in the unified account method provided in FIG. 1 , and details are not described herein again.
在本公开的实施例中,为了解决用户无法方便地更换实体账户的问题,在一种可能的实施方式中,客户端可以在身份合约中加入用户实体账户关联关系管理功能。例如,与身份合约关联的当前用户实体账户有权指定、添加新的用户实体账户与身份合约关联。这样,客户端无需更新参与的身份合约,只需要更换同身份合约关联的用户实体账户,从而不会影响应用服务器的数据和逻辑。In an embodiment of the present disclosure, in order to solve the problem that the user cannot easily replace the physical account, in a possible implementation manner, the client may add a user entity account association management function in the identity contract. For example, the current user entity account associated with the identity contract has the right to specify, add a new user entity account to associate with the identity contract. In this way, the client does not need to update the participating identity contract, only need to replace the user entity account associated with the identity contract, so as not to affect the application server data and logic.
在另一种可能的实施方式中,客户端还可以在身份合约中加入用户实体账户关联关系仲裁功能,即,客户端可在身份合约中设置多个仲裁客户端(比如用户的可信好友客户端或者第三方可信机构等),通过程序逻辑赋予仲裁客户端管理用户实体账户同身份合约的关联关系的功能,同时设定仲裁规则。In another possible implementation manner, the client may also add a user entity account association arbitration function in the identity contract, that is, the client may set multiple arbitration clients in the identity contract (such as the user's trusted friend client). End or third-party trusted authority, etc., through the program logic to give the arbitration client the function of managing the association relationship between the user entity account and the identity contract, and setting the arbitration rules.
为了使本领域技术人员更加理解本公开的上述实施方式提供的技术方案,下面以结合图6对上述实施方式进行详细说明。In order to make those skilled in the art more understand the technical solutions provided by the above embodiments of the present disclosure, the above embodiments will be described in detail below with reference to FIG. 6.
图6是根据本公开一示例性实施例示出的一种实施环境的示意图,如图6所示,该实施环境包括客户端61、客户端61创建的身份合约以及与该身份合约关联的用户实体账户以及多个仲裁客户端62。结合图6,本公开实施例提供的一种更换用户实体账户的方法如图7所示,包括:FIG. 6 is a schematic diagram showing an implementation environment according to an exemplary embodiment of the present disclosure. As shown in FIG. 6, the implementation environment includes a client 61, an identity contract created by the client 61, and a user entity associated with the identity contract. Account and multiple arbitration clients 62. With reference to FIG. 6, a method for replacing a user entity account provided by an embodiment of the present disclosure is as shown in FIG. 7, and includes:
在步骤S701中,客户端61在区块链上部署身份合约并在身份合约中设置多个仲裁客户端的账户信息和仲裁规则。In step S701, the client 61 deploys an identity contract on the blockchain and sets account information and arbitration rules of the plurality of arbitration clients in the identity contract.
在步骤S702中,客户端61创建新用户实体账户。In step S702, the client 61 creates a new user entity account.
在步骤S703中,客户端61分别向多个仲裁客户端发送实体账户更换请求。In step S703, the client 61 sends a physical account replacement request to a plurality of arbitration clients, respectively.
其中,实体账户更换请求可以包括身份合约地址和新用户实体账户的区块链地址。The physical account replacement request may include an identity contract address and a blockchain address of the new user entity account.
在一种可能的实施方式中,客户端可以通过链外能够明确身份的方式分别向各个仲裁客户端发送实体账户更换请求,例如,客户端可以通过邮件等方式向各个仲裁客户端发送实体账户更换请求并在实体账户更换请求携带表明自己与身份合约关联的身份信息。In a possible implementation manner, the client may separately send an entity account replacement request to each arbitration client by means of an unidentified identity outside the chain. For example, the client may send the entity account replacement to each arbitration client by using an email or the like. The request and the physical account replacement request carry identification information indicating that it is associated with the identity contract.
在步骤S704中,各仲裁客户端62在确认原用户实体账户的身份后,通过调用身份合约的接口向身份合约发送仲裁结果。In step S704, after confirming the identity of the original user entity account, each arbitration client 62 sends an arbitration result to the identity contract by calling the interface of the identity contract.
在步骤S705中,身份合约根据各个仲裁客户端发送的仲裁结果、各个仲裁客户端的账户信息以及仲裁规则,将新用户实体账户与身份合约关联。In step S705, the identity contract associates the new user entity account with the identity contract according to the arbitration result sent by each arbitration client, the account information of each arbitration client, and the arbitration rule.
例如,仲裁规则可以为超过半数仲裁客户端的同意后可以修改与身份合约关联的用户实体账户。相应地,若身份合约接收到超过半数的仲裁客户端确认将新用户实体账户与身份合约关联的仲裁结果,则根据新用户实体账户的区块链地址,通过内置程序逻辑与新用户实体账户关联。For example, the arbitration rule may modify the user entity account associated with the identity contract for more than half of the arbitration client's consent. Correspondingly, if the identity contract receives more than half of the arbitration clients confirming the arbitration result of associating the new user entity account with the identity contract, the new user entity account is associated with the new user entity account according to the blockchain address of the new user entity account. .
通过上述实施方式提供的技术方案,不仅可以解决用户无法方便地更换实体账户的问题,与此同时,即使原用户实体账户的私钥丢失或被盗,也可以通过仲裁管理将身份合约与新用户实体账户关联,从而解决了私钥丢失后身份合约无法使用以及私钥被盗后无法挽回身份证明的问题。The technical solution provided by the foregoing embodiment can not only solve the problem that the user cannot easily replace the physical account, but at the same time, the identity contract and the new user can be managed through arbitration after the private key of the original user entity account is lost or stolen. The entity account is associated, which solves the problem that the identity contract cannot be used after the private key is lost and the private key is stolen.
在本公开的实施例中,私钥作为用户实体账户至关重要的信息,除了安全硬件不可导出的情况,通常在可能的情况下为了安全需要对私钥进行备份。用户可以选择加密或明文离线备份,但考虑到这种方式仍需要考虑备份文件的安全以及备份文件或加密密码遗忘和遗失的问题,用户也可以同时选择在线加密备份的方式,比如通过密码技术将用户实体账户的私钥(或种子)加密保存至区块链上,并在适当的时候通过相关解密方式恢复。通过采用合适的备份和恢复技术,可以避免私钥的丢失。In an embodiment of the present disclosure, the private key is a vital information for the user entity account, and in addition to the case where the security hardware is not exportable, the private key is usually backed up for security purposes if possible. Users can choose to encrypt or clear offline backup, but considering this method still needs to consider the security of backup files and the problems of forgetting and losing backup files or encrypted passwords, users can also choose online encryption backup methods, such as through password technology. The private key (or seed) of the user entity account is encrypted and saved to the blockchain and restored by appropriate decryption when appropriate. Loss of private keys can be avoided by using appropriate backup and recovery techniques.
在一种可能的实施方式中,在需要备份用户实体账户的私钥时,客户端可通过预设算法(例如Shamir’s Secret Sharing算法)将用户实体账户的私钥进行分块,得到n个(n≥2)数据块,相应地,任意k个数据块(n≥k≥1)即可恢复整个私钥。接着,客户端可对n个数据块分别进行哈希处理,例如,使用哈希算法计算n个数据块的哈希值,并再次使用哈希算法计算每个数据块哈希值的哈希值,以作为各数据块的指纹,这些指纹可在恢复私钥时作为验证。然后,客户端可将s(k≤s≤n)个数据块分享给c(c≥1)个好友客户端,并使用c个好友客户端的公钥加密这s个数据块(比如每个好友客户端的公钥加密s个数据块中的一个或多个,以保证s个数据块均被加密),且将所有的加密数据块、各加密数据块对应的哈希值以及c个好友客户端的区块链地址记录至该用户实体账户关联的身份合约中。In a possible implementation manner, when the private key of the user entity account needs to be backed up, the client may block the private key of the user entity account by using a preset algorithm (for example, Shamir's Secret Sharing algorithm) to obtain n (n). ≥ 2) Data block, correspondingly, any k data blocks (n ≥ k ≥ 1) can recover the entire private key. Then, the client may separately hash the n data blocks, for example, use a hash algorithm to calculate the hash values of the n data blocks, and again use the hash algorithm to calculate the hash value of each data block hash value. As the fingerprint of each data block, these fingerprints can be used as verification when restoring the private key. Then, the client can share s(k ≤ s ≤ n) data blocks to c (c ≥ 1) buddy clients, and encrypt the s data blocks using the public keys of the c buddy clients (such as each buddy). The client's public key encrypts one or more of the s data blocks to ensure that s data blocks are encrypted, and all the encrypted data blocks, the hash values corresponding to the encrypted data blocks, and the c friend clients. The blockchain address is logged to the identity contract associated with the user entity account.
需要说明的是,k值、s值以及c值决定了密钥分享备份的强度,其中,k值越小、s值和c值越大,私钥越不容易丢失。It should be noted that the k value, the s value, and the c value determine the strength of the key sharing backup, wherein the smaller the k value, the larger the s value and the c value, the less likely the private key is lost.
此外,为了在恢复密钥时向好友账户表明用户实体账户与身份合约的关联关系,客户端在向好友客户端分享加密数据时,可以告知各好友客户端自己关联的身份合约,以使好友客户端记录下该关联关系。客户端也可以在用户实体账户关联的身份合约中记录挑战信息(例如以好友客户端的公钥加密的问题及答案)或者记录用户实体账户的标识(例如用户实体账户的身份证ID哈希值)。In addition, in order to indicate the association relationship between the user entity account and the identity contract to the friend account when the key is restored, the client can inform the friend client of the associated identity contract when sharing the encrypted data to the friend client, so as to make the friend client The end records the association. The client may also record challenge information (eg, questions and answers encrypted with the buddy client's public key) or record the identity of the user entity account (eg, the identity ID hash of the user entity account) in the identity contract associated with the user entity account. .
在需要恢复私钥时,客户端可从身份合约中查询获取至少k个加密数据块对应的目标好友账户的区块链地址,并根据区块链地址分别向这至少k个目标好友发送私钥恢复请求。各目标好友账户在接收到私钥恢复请求时对客户端的身份进行验证并在验证通过后,根据身份合约地址访问身份合约并从身份合约中获取到其加密的加密数据块,且对加密数据块解密后以用户实体账户指定的公钥加密存储回身份合约中。当客户端能够从身份合约中获取到k个或k个以上指定公钥加密的数据块后,以相关私钥解密即可得到解密的k份数据,并通过身份合约中记录的哈希值验证k份数据的有效性,在验证通过后应用预设算法(例如Shamir’s Secret Sharing算法)即可恢复用户实体账户的原始私钥。When the private key needs to be restored, the client may query, from the identity contract, the blockchain address of the target friend account corresponding to the at least k encrypted data blocks, and send the private key to the at least k target friends according to the blockchain address. Restore the request. Each target friend account verifies the identity of the client when receiving the private key recovery request, and after the verification is passed, accesses the identity contract according to the identity contract address and obtains the encrypted encrypted data block from the identity contract, and encrypts the data block. After decryption, it is stored in the identity contract by the public key specified by the user entity account. When the client can obtain k or more data blocks encrypted by the specified public key from the identity contract, the decrypted k data can be obtained by decrypting with the relevant private key, and verified by the hash value recorded in the identity contract. Validity of k data, applying a preset algorithm after verification (eg Shamir's The Secret Sharing algorithm can restore the original private key of the user entity account.
需要说明的是,上述各实施例提供的用户实体账户关联关系管理功能、用户实体账户关联关系仲裁功能、私钥备份与恢复功能等不限于加入身份合约的程序逻辑中,其也可以提取至其他程序实体中,本公开对此不做限定。It should be noted that the user entity account association relationship management function, the user entity account association relationship arbitration function, the private key backup and recovery function, and the like provided by the foregoing embodiments are not limited to the program logic of joining the identity contract, and may also be extracted to other In the program entity, the disclosure does not limit this.
在本公开的实施例中,基于上述账户统一方法,用户通过客户端在各应用服务器上完成注册后,可使用关联的身份合约地址作为账户标识在各应用平台上登陆,其具体登陆过程可以为:用户通过客户端向服务器发送登陆请求,在客户端上查询和选择与其实体账户的区块链地址关联的身份合约地址。客户端响应应用服务器的登陆挑战,其中,登陆挑战响应可以包括用户实体账户的挑战签名信息和身份合约地址。应用平台在接收到客户端发送的登陆挑战响应后,验证身份合约地址是否已注册以及基于挑战签名机制验证用户实体账户是否为身份合约的关联账户,若该身份合约地址已注册且用户实体账户为该身份合约的关联账户,则向客户端发送登陆成功响应;否则,拒绝该用户实体账户的登陆请求。In the embodiment of the present disclosure, after the user completes the registration on each application server by using the client, the user may log in to each application platform by using the associated identity contract address as the account identifier, and the specific login process may be The user sends a login request to the server through the client, and queries and selects the identity contract address associated with the blockchain address of the entity account on the client. The client responds to the login challenge of the application server, wherein the login challenge response may include challenge signature information and an identity contract address of the user entity account. After receiving the login challenge response sent by the client, the application platform verifies whether the identity contract address is registered and verifies whether the user entity account is an associated account of the identity contract based on the challenge signature mechanism, if the identity contract address is registered and the user entity account is The associated account of the identity contract sends a login success response to the client; otherwise, the login request of the user entity account is rejected.
与传统的用户密码登陆相比,本公开的上述实施例基于挑战签名机制进行登陆,应用服务器需要客户端发送的用户实体账户的签名信息来验证用户实体账户的身份。此外,客户端还可以集成生物认证等技术,例如虹膜解锁、指纹解锁、面部解锁等,可以避免用户输入密码。在生物认证成功后,客户端可以使用用户实体账户的私钥签名应用服务器的相关信息并发送给应用服务器,以供应用服务器进行挑战签名认证。Compared with the traditional user password login, the above embodiment of the present disclosure logs in based on the challenge signature mechanism, and the application server needs the signature information of the user entity account sent by the client to verify the identity of the user entity account. In addition, the client can also integrate technologies such as biometric authentication, such as iris unlocking, fingerprint unlocking, and face unlocking, to prevent users from entering passwords. After the biometric authentication succeeds, the client can use the private key of the user entity account to sign the relevant information of the application server and send it to the application server to provide the server with the challenge signature authentication.
在本公开的其他实施例中,基于上述账户统一方法,用户通过客户端在各应用服务器上完成注册后,还可以使用身份合约地址(即账户标识)实现在各应用服务器上的单点登录及注销。为了使该技术方案更加易于理解,下面结合图8对该技术方案进行详细说明。图8是本公开一示例性实施例示出的一种单点登陆及注销方法的信令交互示意图,该方法包括:In other embodiments of the present disclosure, based on the above account unified method, after the user completes registration on each application server through the client, the identity contract address (ie, account identifier) can also be used to implement single sign-on on each application server. Logout. In order to make the technical solution easier to understand, the technical solution will be described in detail below with reference to FIG. 8. FIG. 8 is a schematic diagram of signaling interaction of a single sign-on and logout method according to an exemplary embodiment of the present disclosure, the method includes:
在步骤S801中,客户端向第一应用服务器发送第一登陆请求,第一登陆请求包括用户实体账户的第一签名信息和与该用户实体账户关联的身份合约地址。In step S801, the client sends a first login request to the first application server, where the first login request includes first signature information of the user entity account and an identity contract address associated with the user entity account.
其中,用户实体账户的第一签名信息可以是用户实体账户的私钥签名第一应用服务器的域名和当前时间等信息得到的。The first signature information of the user entity account may be obtained by signing the domain name of the first application server and the current time of the private key of the user entity account.
在步骤S802中,第一应用服务器在接收到客户端发送的登陆请求时,验证该身份合约地址是否已登陆。In step S802, when receiving the login request sent by the client, the first application server verifies whether the identity contract address has been logged in.
在步骤S803中,第一应用服务器在验证得出该身份合约地址未登陆时,根据身份合约地址查询区块链上的登陆信息合约,确定身份合约地址在其他可信任应用服务器上的登陆状态。In step S803, when the first application server verifies that the identity contract address is not logged in, the first application server queries the login information contract on the blockchain according to the identity contract address to determine the login status of the identity contract address on other trusted application servers.
其中,登陆信息合约是预先部署在区块链上的记录有各身份合约地址在各可信任应用服务器上的登陆状态的合约。The login information contract is a contract pre-deployed on the blockchain that records the login status of each identity contract address on each trusted application server.
在步骤S804中,若确定该身份合约地址在其他可信任应用服务器上的登陆状态为未登陆,第一应用服务器则根据身份合约地址和第一签名信息验证用户实体账户是否与身份合约地址关联。In step S804, if it is determined that the login status of the identity contract address on the other trusted application server is not logged in, the first application server verifies whether the user entity account is associated with the identity contract address according to the identity contract address and the first signature information.
在步骤S805中,第一应用服务器在确定用户实体账户与身份合约地址关联时,向客户端发送登陆挑战页面。In step S805, the first application server sends a login challenge page to the client when determining that the user entity account is associated with the identity contract address.
在步骤S806中,客户端使用身份合约地址响应第一应用服务器的挑战。In step S806, the client responds to the challenge of the first application server using the identity contract address.
在步骤S807中,第一应用服务器对客户端的挑战响应进行认证并在认证成功后将该身份合约信息在其上的登陆状态标记为已登陆。In step S807, the first application server authenticates the challenge response of the client and marks the login status of the identity contract information on the login status as logged in after the authentication succeeds.
在本公开的实施例中,身份合约至少具有一个特定的接口,可用于判定用户实体账户是否和该身份合约关联。可选地,第一应用服务器可使用用户实体账户的公钥对第一签名信息进行签名验证,并在签名验证成功后,根据该身份合约地址查询相应的身份合约并通过该身份合约的接口查看该身份合约中记录的用户实体账户的区块链地址,以确定该第一签名信息所属的用户实体账户是否与该身份合约地址关联。In an embodiment of the present disclosure, the identity contract has at least one specific interface that can be used to determine whether the user entity account is associated with the identity contract. Optionally, the first application server may use the public key of the user entity account to perform signature verification on the first signature information, and after the signature verification succeeds, query the corresponding identity contract according to the identity contract address and view through the interface of the identity contract. The blockchain address of the user entity account recorded in the identity contract to determine whether the user entity account to which the first signature information belongs is associated with the identity contract address.
在步骤S808中,第一应用服务器将该身份合约地址在其上的已登录状态记录至登陆信息合约中。In step S808, the first application server records the logged-in status of the identity contract address thereon into the login information contract.
在步骤S809中,第一应用服务器向客户端返回第一登陆成功响应。In step S809, the first application server returns a first login success response to the client.
其中,第一登陆成功响应中可以包括第一应用服务器的会话ID。The first login success response may include a session ID of the first application server.
在步骤S810中,客户端向第二应用服务器发送第二登陆请求,第二登陆请求包括用户实体账户的第二签名信息和与该用户实体账户关联的身份合约地址。In step S810, the client sends a second login request to the second application server, where the second login request includes the second signature information of the user entity account and the identity contract address associated with the user entity account.
其中,用户实体账户的第二签名信息可以是用户实体账户的私钥签名第二应用服务器的域名和当前时间等信息得到的。The second signature information of the user entity account may be obtained by using the domain name of the second application server and the current time of the private key of the user entity account.
在步骤S811中,第二应用服务器在接收到客户端发送的登陆请求时,验证该身份合约地址是否已登陆。In step S811, when receiving the login request sent by the client, the second application server verifies whether the identity contract address has been logged in.
在步骤S812中,第二应用服务器在验证得出该身份合约地址未登陆时,根据身份合约地址查询区块链上的登陆信息合约,确定身份合约地址在其他可信任应用服务器上的登陆状态。In step S812, the second application server, when verifying that the identity contract address is not logged in, queries the login information contract on the blockchain according to the identity contract address to determine the login status of the identity contract address on other trusted application servers.
在步骤S813中,第二应用服务器查询到该身份合约地址在第一应用服务器上的登陆状态为已登陆,则根据身份合约地址和第二签名信息验证用户实体账户是否与该身份合约地址关联。In step S813, the second application server queries whether the login status of the identity contract address on the first application server is logged in, and then verifies whether the user entity account is associated with the identity contract address according to the identity contract address and the second signature information.
其中,第二应用服务器根据身份合约地址和第二签名信息验证用户实体账户是否与身份合约地址关联的过程可参考步骤S805中第一应用服务器验证用户实体账户是否与身份合约地址关联的过程,此处不再赘述。The process of verifying, by the second application server, whether the user entity account is associated with the identity contract address according to the identity contract address and the second signature information may refer to the process of verifying, by the first application server, whether the user entity account is associated with the identity contract address in step S805. I won't go into details here.
在步骤S814中,在确定该用户实体账户与该身份合约地址关联时,第二应用服务器将该身份合约信息在其上的登陆状态标记为已登陆。In step S814, when it is determined that the user entity account is associated with the identity contract address, the second application server marks the login status of the identity contract information as having been logged in.
在步骤S815中,第二应用服务器向客户端返回第二登陆成功响应。In step S815, the second application server returns a second login success response to the client.
其中,第二登陆成功响应中可以包括第二应用服务器的会话ID。The second login success response may include a session ID of the second application server.
在步骤S816中,客户端向第二应用服务器发送注销请求,注销请求包括与用户实体账户关联的身份合约地址。In step S816, the client sends a logout request to the second application server, the logout request including an identity contract address associated with the user entity account.
在步骤S817中,第二应用服务器将该身份合约信息在其上的登陆状态标记为未登陆。In step S817, the second application server marks the login status of the identity contract information as not logged in.
在步骤S818中,第二应用服务器将该身份合约地址在其上的未登录状态记录至登陆信息合约中。In step S818, the second application server records the unlogged-in status of the identity contract address thereon into the login information contract.
在步骤S819中,第二应用服务器向客户端发送登陆挑战界面。In step S819, the second application server sends a login challenge interface to the client.
在步骤S820中,第一应用服务器监听或者轮训查询登陆信息合约。In step S820, the first application server monitors or rotates the query login information contract.
在步骤S821中,第一应用服务器在获知该身份信息合约在第二应用服务器上的登陆状态为未登陆时,标记该身份合约在其上的登陆状态为未登陆。In step S821, when the first application server knows that the login status of the identity information contract on the second application server is not logged in, the login status of the identity contract is marked as not logged in.
需要说明的是,在本公开的各实施例中,应用服务器可以是区块链上的应用服务器,也可以是区块链外的应用服务器。对于区块链上的应用服务器,其可通过身份合约的接口验证身份合约与用户实体账户的关联关系。对于区块链外的应用服务器,其可通过区块链相关的API接口访问、读写或调用区块链上的身份合约,验证身份合约与用户实体账户的关联关系。It should be noted that, in various embodiments of the present disclosure, the application server may be an application server on a blockchain or an application server outside the blockchain. For the application server on the blockchain, it can verify the association between the identity contract and the user entity account through the interface of the identity contract. For the application server outside the blockchain, it can access, read, write or call the identity contract on the blockchain through the API interface of the blockchain to verify the association between the identity contract and the user entity account.
可见,采用上述方法,各个应用服务器可以有自己的登陆控制,用户使用身份合约地址在任一应用服务器上登陆后不需要与其他待登陆的应用平台进行凭证传递,在实现非中心化登陆和注销的同时增加了由客户端、多个应用平台及区块链组成的单点登陆及注销系统的鲁棒性。It can be seen that, by using the above method, each application server can have its own login control, and the user does not need to perform the voucher delivery with other application platforms to be logged in after using the identity contract address to log in on any application server, and realize the decentralized login and logout. At the same time, the robustness of the single sign-on and log-out system consisting of client, multiple application platforms and blockchain is added.
需要说明的是,在本公开的实施例中,任何一个互相信任的应用服务器都可以成为相关单点登陆及注销系统中的认证机构,同时,相互信任的应用服务器也可以不限制于同一企业。It should be noted that, in the embodiment of the present disclosure, any one of the mutually trusted application servers may become the certification authority in the related single sign-on and log-out system, and the mutually trusted application server may not be limited to the same enterprise.
另外,对于上述方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本公开并不受所描述的动作顺序的限制。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作并不一定是本公开所必须的。In addition, the above method embodiments are described as a series of action combinations for the sake of simple description, but those skilled in the art should understand that the present disclosure is not limited by the described action sequence. In the following, those skilled in the art should also understand that the embodiments described in the specification are all preferred embodiments, and the actions involved are not necessarily required by the present disclosure.
图9是根据本公开一示例性实施例示出的一种账户统一装置900的框图,所述装置900应用于应用服务器,所述装置900包括:FIG. 9 is a block diagram of an account unification device 900, which is applied to an application server, and the device 900 includes:
第一注册请求接收模块901,用于接收客户端发送的注册请求,所述注册请求包括身份合约地址;The first registration request receiving module 901 is configured to receive a registration request sent by the client, where the registration request includes an identity contract address;
第一账户标识确定模块902,用于将所述身份合约地址作为所述用户实体账户在所述应用服务器上的账户标识。The first account identifier determining module 902 is configured to use the identity contract address as an account identifier of the user entity account on the application server.
可选地,所述装置900还包括:Optionally, the device 900 further includes:
第一登陆请求接收模块903,用于接收所述客户端发送的登陆请求,所述登陆请求包括所述身份合约地址和所述用户实体账户的挑战签名信息;The first login request receiving module 903 is configured to receive a login request sent by the client, where the login request includes the identity contract address and challenge signature information of the user entity account;
第一关联关系验证模块904,用于根据所述身份合约地址和所述挑战签名信息验证所述用户实体账户是否与所述身份合约地址关联;The first association verification module 904 is configured to verify, according to the identity contract address and the challenge signature information, whether the user entity account is associated with the identity contract address;
第一登陆成功响应模块905,用于在确定所述用户实体账户与所述身份合约地址关联且对所述挑战签名信息验证通过时,向所述客户端返回登陆成功响应。The first login success response module 905 is configured to return a login success response to the client when it is determined that the user entity account is associated with the identity contract address and the challenge signature information is verified.
可选地,所述装置900还包括:Optionally, the device 900 further includes:
第二登陆请求接收模块906,用于接收所述客户端发送的登陆请求,所述登陆请求包括所述身份合约地址和所述用户实体账户的签名信息;The second login request receiving module 906 is configured to receive a login request sent by the client, where the login request includes the identity contract address and signature information of the user entity account;
登陆状态确定模块907,用于根据所述身份合约地址查询所述区块链上的登陆信息合约,确定所述身份合约地址在其他可信任应用服务器上的登陆状态,其中,所述登陆信息合约是预先部署在所述区块链上的记录有各身份合约地址在各可信任应用服务器上的登陆状态的合约;The login status determining module 907 is configured to query a login information contract on the blockchain according to the identity contract address, and determine a login status of the identity contract address on another trusted application server, where the login information contract Is a contract pre-deployed on the blockchain that records the login status of each identity contract address on each trusted application server;
第二关联关系验证模块908,用于在确定所述身份合约地址在所述其他可信任应用服务器上的登陆状态为已登陆时,根据所述身份合约地址和所述签名信息验证所述用户实体账户是否与所述身份合约地址关联;The second association verification module 908 is configured to verify the user entity according to the identity contract address and the signature information when determining that the login status of the identity contract address on the other trusted application server is logged in. Whether the account is associated with the identity contract address;
第二登陆成功响应模块909,用于在确定所述用户实体账户与所述身份合约地址关联时,向所述客户端返回登陆成功响应。The second login success response module 909 is configured to return a login success response to the client when determining that the user entity account is associated with the identity contract address.
可选地,所述装置900还包括:Optionally, the device 900 further includes:
第三关联关系验证模块910,用于在确定所述身份合约地址在所述其他可信任应用服务器上的登陆状态为未登陆时,根据所述身份合约地址和所述签名信息验证所述用户实体账户是否与所述身份合约地址关联并对所述签名信息进行签名验证;The third association verification module 910 is configured to verify the user entity according to the identity contract address and the signature information when determining that the login status of the identity contract address on the other trusted application server is not logged in. Whether the account is associated with the identity contract address and signature verification of the signature information;
第一登陆状态标记模块911,用于在确定所述用户实体账户与所述身份合约地址关联时,对所述用户实体账户进行挑战认证,并在认证通过后将所述身份合约地址在所述应用服务器上的登陆状态标记为已登陆并记录至所述登陆信息合约中。a first login status marking module 911, configured to perform challenge authentication on the user entity account when determining that the user entity account is associated with the identity contract address, and after the authentication is passed, the identity contract address is in the The login status on the application server is marked as logged in and recorded in the login information contract.
可选地,所述装置900还包括:Optionally, the device 900 further includes:
注销请求接收模块912,用于接收所述客户端发送的注销请求,所述注销请求包括所述身份合约地址;The logout request receiving module 912 is configured to receive a logout request sent by the client, where the logout request includes the identity contract address;
第二登陆状态标记模块913,用于将所述身份合约地址在所述应用服务器上的登陆状态标记为未登陆并记录至所述登陆信息合约中。The second login status marking module 913 is configured to mark the login status of the identity contract address on the application server as not logged in and recorded in the login information contract.
相应地,本公开实施例还提供一种计算机可读存储介质,所述计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行权上述应用于实施上述方法实施例中提供的应用于应用服务器所示的账户统一方法。Correspondingly, an embodiment of the present disclosure further provides a computer readable storage medium, where the computer readable storage medium includes one or more programs, and the one or more programs are used to execute the foregoing. The account uniform method shown in the example is applied to the application server.
相应地,本公开实施例还提供一种账户统一装置,应用于应用服务器,包括上述计算机可读存储介质;以及一个或者多个处理器,用于执行所述计算机可读存储介质中的程序。Accordingly, an embodiment of the present disclosure further provides an account unified device, which is applied to an application server, including the above computer readable storage medium, and one or more processors for executing a program in the computer readable storage medium.
图10是根据本公开另一示例性实施例示出的一种账户统一装置1000的框图,所述装置1000应用于应用服务器,所述装置1000包括:FIG. 10 is a block diagram of an account unification device 1000, which is applied to an application server, according to another exemplary embodiment of the present disclosure, the device 1000 includes:
第二注册请求接收模块1001,用于接收客户端发送的注册请求,所述注册请求包括待注册的用户实体账户的区块链地址;The second registration request receiving module 1001 is configured to receive a registration request sent by the client, where the registration request includes a blockchain address of the user entity account to be registered;
第二身份合约创建模块1002,用于根据所述用户实体账户的区块链地址创建身份合约并与所述用户实体账户关联;a second identity contract creation module 1002, configured to create an identity contract according to the blockchain address of the user entity account and associate with the user entity account;
第二身份合约部署模块1003,用于在区块链上部署所述身份合约,得到所述身份合约的身份合约地址;a second identity contract deployment module 1003, configured to deploy the identity contract on a blockchain to obtain an identity contract address of the identity contract;
第二账户标识确定模块1004,用于将所述身份合约地址作为所述用户实体账户在所述应用服务器上的账户标识并将包括所述身份合约地址的注册成功响应发送给所述客户端。The second account identifier determining module 1004 is configured to send the identity contract address as an account identifier of the user entity account on the application server and send a registration success response including the identity contract address to the client.
相应地,本公开实施例还提供一种计算机可读存储介质,所述计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行权上述应用于实施上述方法实施例中提供的应用于应用服务器的账户统一方法。Correspondingly, an embodiment of the present disclosure further provides a computer readable storage medium, where the computer readable storage medium includes one or more programs, and the one or more programs are used to execute the foregoing. The unified method of accounts applied to the application server provided in the example.
相应地,本公开实施例还提供一种账户统一装置,应用于应用服务器,包括上述计算机可读存储介质;以及一个或者多个处理器,用于执行所述计算机可读存储介质中的程序。Accordingly, an embodiment of the present disclosure further provides an account unified device, which is applied to an application server, including the above computer readable storage medium, and one or more processors for executing a program in the computer readable storage medium.
图11是根据本公开一示例性实施例示出的一种账户统一装置1100的框图,所述装置1100应用于客户端,所述装置1100包括:FIG. 11 is a block diagram of an account unification device 1100, which is applied to a client, and the device 1100 includes:
第一身份合约创建模块1101,用于创建身份合约并将所述身份合约与用户实体账户关联;a first identity contract creation module 1101, configured to create an identity contract and associate the identity contract with a user entity account;
第一身份合约部署模块1102,用于在区块链上部署所述身份合约,得到所述身份合约的身份合约地址;a first identity contract deployment module 1102, configured to deploy the identity contract on a blockchain to obtain an identity contract address of the identity contract;
第一注册请求发送模块1103,用于向应用服务器发送包括所述身份合约地址的注册请求,所述身份合约地址用于指示所述应用服务器将所述身份合约地址作为所述用户实体账户在所述应用服务器上的账户标识。a first registration request sending module 1103, configured to send, to the application server, a registration request including the identity contract address, where the identity contract address is used to instruct the application server to use the identity contract address as the user entity account The account ID on the application server.
可选地,所述装置1100还包括:Optionally, the device 1100 further includes:
登陆请求发送模块1104,用于向所述应用服务器发送登陆请求,所述登陆请求包括所述身份合约地址和签名信息,其中,所述身份合约地址和所述签名信息用于所述应用服务器确定所述用户实体账户与所述身份合约地址是否关联并对所述签名信息进行签名验证。a login request sending module 1104, configured to send a login request to the application server, where the login request includes the identity contract address and signature information, wherein the identity contract address and the signature information are used by the application server to determine Whether the user entity account is associated with the identity contract address and signature verification of the signature information.
可选地,所述身份合约还包括多个仲裁客户端的账户信息以及仲裁规则;Optionally, the identity contract further includes account information of multiple arbitration clients and an arbitration rule;
所述装置1100还包括:The device 1100 further includes:
实体账户创建模块1105,用于创建新用户实体账户;An entity account creation module 1105, configured to create a new user entity account;
更换请求发送模块1106,用于根据所述多个仲裁客户端的账户信息分别向所述多个仲裁客户端发送实体账户更换请求,所述实体账户更换请求包括所述身份合约地址和所述新用户实体账户的区块链地址,其中,所述身份合约地址用于指示所述多个仲裁客户端向所述身份合约发送仲裁结果,所述新用户实体账户的区块链地址用于指示所述身份合约根据所述多个仲裁客户端的仲裁结果和所述仲裁规则将所述新用户实体账户与所述身份合约关联。The replacement request sending module 1106 is configured to separately send an entity account replacement request to the plurality of arbitration clients according to the account information of the plurality of arbitration clients, where the entity account replacement request includes the identity contract address and the new user a blockchain address of the physical account, wherein the identity contract address is used to instruct the plurality of arbitration clients to send an arbitration result to the identity contract, and the blockchain address of the new user entity account is used to indicate the The identity contract associates the new user entity account with the identity contract based on the arbitration results of the plurality of arbitration clients and the arbitration rules.
可选地,所述装置1100还包括:Optionally, the device 1100 further includes:
私钥分块模块1107,用于根据预设算法将所述用户实体账户的私钥进行分块,得到n个数据块,其中,n≥2;The private key blocking module 1107 is configured to block the private key of the user entity account according to a preset algorithm to obtain n data blocks, where n≥2;
哈希处理模块1108,用于分别对所述n个数据块进行哈希处理,得到所述n个数据块的哈希值;a hash processing module 1108, configured to perform hash processing on the n data blocks, respectively, to obtain a hash value of the n data blocks;
数据块加密模块1109,用于根据c个好友客户端的公钥对所述n个数据块中的s个数据块进行加密,得到s个加密数据块,其中,c≥1,n≥s≥k;The data block encryption module 1109 is configured to encrypt s data blocks in the n data blocks according to the public key of the c buddy clients, to obtain s encrypted data blocks, where c ≥ 1, n ≥ s ≥ k ;
信息写入模块1110,用于将所述s个加密数据块、所述c个好友客户端的区块链地址以及所述n个数据块的哈希值写入所述身份合约中。The information writing module 1110 is configured to write the s encrypted data blocks, the blockchain addresses of the c buddy clients, and the hash values of the n data blocks into the identity contract.
可选地,所述装置1100还包括:Optionally, the device 1100 further includes:
目标好友客户端地址获取模块1111,用于根据所述身份合约地址访问所述身份合约,获得所述s个加密数据块中至少k个加密数据块对应的目标好友客户端的区块链地址,其中,n≥k≥1;a target buddy client address obtaining module 1111, configured to access the identity contract according to the identity contract address, and obtain a blockchain address of a target buddy client corresponding to at least k encrypted data blocks in the s encrypted data blocks, where , n≥k≥1;
私钥恢复请求发送模块1112,用于根据所述至少k个目标好友客户端的区块链地址分别向所述至少k个目标好友客户端发送私钥恢复请求,所述私钥恢复请求用于指示所述至少k个目标好友客户端从所述身份合约中获取所述至少k个加密数据块并经解密和重新加密后存储至所述身份合约;The private key recovery request sending module 1112 is configured to send a private key recovery request to the at least k target buddy clients according to the blockchain address of the at least k target buddy clients, where the private key recovery request is used to indicate Obtaining, by the at least k target buddy clients, the at least k encrypted data blocks from the identity contract, and decrypting and re-encrypting to store the identity contract;
私钥恢复模块1113,用于从所述身份合约中查询所述至少k个重新加密后的加密数据块和对应的所述哈希值并解密得到所述用户实体账户的私钥。The private key recovery module 1113 is configured to query the at least k re-encrypted encrypted data blocks and the corresponding hash value from the identity contract and decrypt the private key of the user entity account.
相应地,本公开实施例还提供一种计算机可读存储介质,所述计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行权上述应用于实施上述方法实施例中提供的应用于客户端的账户统一方法。Correspondingly, an embodiment of the present disclosure further provides a computer readable storage medium, where the computer readable storage medium includes one or more programs, and the one or more programs are used to execute the foregoing. The unified method of the account applied to the client provided in the example.
相应地,本公开实施例还提供一种账户统一装置,应用于客户端,包括上述计算机可读存储介质;以及一个或者多个处理器,用于执行所述计算机可读存储介质中的程序。Correspondingly, an embodiment of the present disclosure further provides an account unified device, which is applied to a client, including the above computer readable storage medium, and one or more processors for executing a program in the computer readable storage medium.
图12是根据本公开一示例性实施例示出的一种账户统一装置1200的框图,所述装置1200应用于客户端,所述装置1200包括:FIG. 12 is a block diagram of an account unification device 1200, which is applied to a client, and the device 1200 includes:
第二注册请求发送模块1201,用于向应用服务器发送注册请求,所述注册请求包括用户实体账户的区块链地址,所述区块链地址用于所述应用服务器根据所述区块链地址部署与所述用户实体账户关联的身份合约;a second registration request sending module 1201, configured to send a registration request to the application server, where the registration request includes a blockchain address of the user entity account, where the blockchain address is used by the application server according to the blockchain address Deploying an identity contract associated with the user entity account;
注册成功响应接收模块1202,用于接收所述应用服务器发送的注册成功响应,所述注册请求包括与所述用户实体账户关联的身份合约地址。The registration success response receiving module 1202 is configured to receive a registration success response sent by the application server, where the registration request includes an identity contract address associated with the user entity account.
相应地,本公开实施例还提供一种计算机可读存储介质,所述计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行权上述应用于实施上述方法实施例中提供的应用于客户端的账户统一方法。Correspondingly, an embodiment of the present disclosure further provides a computer readable storage medium, where the computer readable storage medium includes one or more programs, and the one or more programs are used to execute the foregoing. The unified method of the account applied to the client provided in the example.
相应地,本公开实施例还提供一种账户统一装置,应用于客户端,包括上述计算机可读存储介质;以及一个或者多个处理器,用于执行所述计算机可读存储介质中的程序。Correspondingly, an embodiment of the present disclosure further provides an account unified device, which is applied to a client, including the above computer readable storage medium, and one or more processors for executing a program in the computer readable storage medium.
需要说明的是,本领域的技术人员可以清楚地了解到,为描述的方便和简洁,针对上述各实施例所示的账户统一装置,仅以上述各功能单元的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元完成,即将装置的内部结构划分成不同的功能单元,以完成以上描述的全部或者部分功能。上述描述功能单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。It should be clearly understood that those skilled in the art can clearly understand that, for the convenience and brevity of the description, the account unified device shown in the above embodiments is only illustrated by the division of the above functional units, in practical application. The above function assignment can be completed by different functional units as needed, that is, the internal structure of the device is divided into different functional units to complete all or part of the functions described above. For the specific working process of the foregoing description of the functional unit, refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以权利要求的保护范围为准。The above is only a specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. All should be covered by the scope of the present invention. Therefore, the scope of protection of the present invention should be determined by the scope of the claims.

Claims (32)

  1. 一种账户统一方法,其特征在于,应用于客户端,所述方法包括:An account unified method, which is characterized in that it is applied to a client, and the method includes:
    创建身份合约并将所述身份合约与用户实体账户关联;Create an identity contract and associate the identity contract with a user entity account;
    在区块链上部署所述身份合约,得到所述身份合约的身份合约地址;Deploying the identity contract on a blockchain to obtain an identity contract address of the identity contract;
    向应用服务器发送包括所述身份合约地址的注册请求,所述身份合约地址用于指示所述应用服务器将所述身份合约地址作为所述用户实体账户在所述应用服务器上的账户标识。Sending a registration request including the identity contract address to the application server, the identity contract address being used to instruct the application server to use the identity contract address as an account identifier of the user entity account on the application server.
  2. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1 further comprising:
    向所述应用服务器发送登陆请求,所述登陆请求包括所述身份合约地址和签名信息,其中,所述身份合约地址和所述签名信息用于所述应用服务器确定所述用户实体账户与所述身份合约地址是否关联并对所述签名信息进行签名验证。Sending a login request to the application server, the login request including the identity contract address and signature information, wherein the identity contract address and the signature information are used by the application server to determine the user entity account and the Whether the identity contract address is associated and signature verification of the signature information.
  3. 根据权利要求1所述的方法,其特征在于,所述身份合约还包括多个仲裁客户端的账户信息以及仲裁规则;The method according to claim 1, wherein said identity contract further comprises account information of a plurality of arbitration clients and an arbitration rule;
    所述方法还包括:The method further includes:
    创建新用户实体账户;Create a new user entity account;
    根据所述多个仲裁客户端的账户信息分别向所述多个仲裁客户端发送实体账户更换请求,所述实体账户更换请求包括所述身份合约地址和所述新用户实体账户的区块链地址,其中,所述身份合约地址用于指示所述多个仲裁客户端向所述身份合约发送仲裁结果,所述新用户实体账户的区块链地址用于指示所述身份合约根据所述多个仲裁客户端的仲裁结果和所述仲裁规则将所述新用户实体账户与所述身份合约关联。And sending an entity account replacement request to the plurality of arbitration clients according to the account information of the plurality of arbitration clients, where the entity account replacement request includes the identity contract address and a blockchain address of the new user entity account, The identity contract address is used to instruct the multiple arbitration clients to send an arbitration result to the identity contract, and the blockchain address of the new user entity account is used to indicate that the identity contract is based on the multiple arbitrations. The client's arbitration result and the arbitration rule associate the new user entity account with the identity contract.
  4. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1 further comprising:
    根据预设算法将所述用户实体账户的私钥进行分块,得到n个数据块,其中,n≥2;The private key of the user entity account is partitioned according to a preset algorithm to obtain n data blocks, where n≥2;
    分别对所述n个数据块进行哈希处理,得到所述n个数据块的哈希值;Performing hash processing on the n data blocks to obtain hash values of the n data blocks;
    根据c个好友客户端的公钥对所述n个数据块中的s个数据块进行加密,得到s个加密数据块,其中,c≥1,n≥s≥k;Encrypting the s data blocks in the n data blocks according to the public key of the c buddy clients, to obtain s encrypted data blocks, where c ≥ 1, n ≥ s ≥ k;
    将所述s个加密数据块、所述c个好友客户端的区块链地址以及所述n个数据块的哈希值写入所述身份合约中。Writing the s encrypted data blocks, the blockchain addresses of the c buddy clients, and the hash values of the n data blocks into the identity contract.
  5. 根据权利要求4所述的方法,其特征在于,所述方法还包括:The method of claim 4, wherein the method further comprises:
    根据所述身份合约地址访问所述身份合约,获得所述s个加密数据块中至少k个加密数据块对应的目标好友客户端的区块链地址,其中,n≥k≥1;Obtaining, according to the identity contract address, the identity contract, obtaining a blockchain address of a target friend client corresponding to at least k encrypted data blocks of the s encrypted data blocks, where n≥k≥1;
    根据所述至少k个目标好友客户端的区块链地址分别向所述至少k个目标好友客户端发送私钥恢复请求,所述私钥恢复请求用于指示所述至少k个目标好友客户端从所述身份合约中获取所述至少k个加密数据块并经解密和重新加密后存储至所述身份合约;Sending a private key recovery request to the at least k target buddy clients according to the blockchain address of the at least k target buddy clients, where the private key recovery request is used to indicate that the at least k target buddy clients are Obtaining the at least k encrypted data blocks in the identity contract, and decrypting and re-encrypting to store the identity contract;
    从所述身份合约中查询所述至少k个重新加密后的加密数据块和对应的所述哈希值并解密得到所述用户实体账户的私钥。Querying the at least k re-encrypted encrypted data blocks and the corresponding hash value from the identity contract and decrypting the private key of the user entity account.
  6. 一种账户统一方法,其特征在于,应用于客户端,所述方法包括:An account unified method, which is characterized in that it is applied to a client, and the method includes:
    向应用服务器发送注册请求,所述注册请求包括用户实体账户的区块链地址,所述区块链地址用于所述应用服务器根据所述区块链地址部署与所述用户实体账户关联的身份合约;Sending a registration request to an application server, the registration request including a blockchain address of a user entity account, the blockchain address being used by the application server to deploy an identity associated with the user entity account according to the blockchain address contract;
    接收所述应用服务器发送的注册成功响应,所述注册请求包括与所述用户实体账户关联的身份合约地址。Receiving a registration success response sent by the application server, the registration request including an identity contract address associated with the user entity account.
  7. 一种账户统一方法,其特征在于,应用于应用服务器,所述方法包括:An account unified method, which is applied to an application server, and the method includes:
    接收客户端发送的注册请求,所述注册请求包括与待注册的用户实体账户关联的身份合约地址;Receiving a registration request sent by the client, where the registration request includes an identity contract address associated with the user entity account to be registered;
    将所述身份合约地址作为所述用户实体账户在所述应用服务器上的账户标识。The identity contract address is used as an account identifier of the user entity account on the application server.
  8. 根据权利要求7所述的方法,其特征在于,所述方法还包括:The method of claim 7, wherein the method further comprises:
    接收所述客户端发送的登陆请求,所述登陆请求包括所述身份合约地址和所述用户实体账户的挑战签名信息;Receiving a login request sent by the client, where the login request includes the identity contract address and challenge signature information of the user entity account;
    根据所述身份合约地址和所述挑战签名信息验证所述用户实体账户是否与所述身份合约地址关联;Verifying whether the user entity account is associated with the identity contract address based on the identity contract address and the challenge signature information;
    在确定所述用户实体账户与所述身份合约地址关联且对所述挑战签名信息验证通过时,向所述客户端返回登陆成功响应。Upon determining that the user entity account is associated with the identity contract address and validating the challenge signature information, a login success response is returned to the client.
  9. 根据权利要求7所述的方法,其特征在于,所述方法还包括:The method of claim 7, wherein the method further comprises:
    接收所述客户端发送的登陆请求,所述登陆请求包括所述身份合约地址和所述用户实体账户的签名信息;Receiving a login request sent by the client, where the login request includes the identity contract address and signature information of the user entity account;
    根据所述身份合约地址查询所述区块链上的登陆信息合约,确定所述身份合约地址在其他可信任应用服务器上的登陆状态,其中,所述登陆信息合约是预先部署在所述区块链上的记录有各身份合约地址在各可信任应用服务器上的登陆状态的合约;Querying a login information contract on the blockchain according to the identity contract address, determining a login status of the identity contract address on another trusted application server, wherein the login information contract is pre-deployed in the block The record on the chain has a contract for the login status of each identity contract address on each trusted application server;
    在确定所述身份合约地址在所述其他可信任应用服务器上的登陆状态为已登陆时,根据所述身份合约地址和所述签名信息验证所述用户实体账户是否与所述身份合约地址关联;When it is determined that the login status of the identity contract address on the other trusted application server is logged in, verifying whether the user entity account is associated with the identity contract address according to the identity contract address and the signature information;
    在确定所述用户实体账户与所述身份合约地址关联时,向所述客户端返回登陆成功响应。Upon determining that the user entity account is associated with the identity contract address, a login success response is returned to the client.
  10. 根据权利要求9所述的方法,其特征在于,所述方法还包括:The method of claim 9 wherein the method further comprises:
    在确定所述身份合约地址在所述其他可信任应用服务器上的登陆状态为未登陆时,根据所述身份合约地址和所述签名信息验证所述用户实体账户是否与所述身份合约地址关联;When it is determined that the login status of the identity contract address on the other trusted application server is not logged in, verifying whether the user entity account is associated with the identity contract address according to the identity contract address and the signature information;
    在确定所述用户实体账户与所述身份合约地址关联时,对所述用户实体账户进行挑战认证,并在认证通过后将所述身份合约地址在所述应用服务器上的登陆状态标记为已登录并记录至所述登陆信息合约中。When it is determined that the user entity account is associated with the identity contract address, performing challenge authentication on the user entity account, and marking the login status of the identity contract address on the application server as logged in after the authentication is passed And recorded in the login information contract.
  11. 根据权利要求9或10所述的方法,其特征在于,所述方法还包括:The method according to claim 9 or 10, wherein the method further comprises:
    接收所述客户端发送的注销请求,所述注销请求包括所述身份合约地址;Receiving a logout request sent by the client, where the logout request includes the identity contract address;
    将所述身份合约地址在所述应用服务器上的登陆状态标记为未登录并记录至所述登陆信息合约中。The login status of the identity contract address on the application server is marked as not logged in and recorded in the login information contract.
  12. 一种账户统一方法,其特征在于,应用于应用服务器,所述方法包括:An account unified method, which is applied to an application server, and the method includes:
    接收客户端发送的注册请求,所述注册请求包括待注册的用户实体账户的区块链地址;Receiving a registration request sent by the client, where the registration request includes a blockchain address of the user entity account to be registered;
    根据所述用户实体账户的区块链地址创建身份合约并与所述用户实体账户关联;Creating an identity contract according to a blockchain address of the user entity account and associating with the user entity account;
    在区块链上部署所述身份合约,得到所述身份合约的身份合约地址;Deploying the identity contract on a blockchain to obtain an identity contract address of the identity contract;
    将所述身份合约地址作为所述用户实体账户在所述应用服务器上的账户标识并将包括所述身份合约地址的注册成功响应发送给所述客户端。The identity contract address is used as an account identifier of the user entity account on the application server and a registration success response including the identity contract address is sent to the client.
  13. 一种账户统一装置,其特征在于,应用于客户端,所述装置包括:An account unified device, which is applied to a client, and the device includes:
    第一身份合约创建模块,用于创建身份合约并将所述身份合约与用户实体账户关联;a first identity contract creation module for creating an identity contract and associating the identity contract with a user entity account;
    第一身份合约部署模块,用于在区块链上部署所述身份合约,得到所述身份合约的身份合约地址;a first identity contract deployment module, configured to deploy the identity contract on a blockchain to obtain an identity contract address of the identity contract;
    第一注册请求发送模块,用于向应用服务器发送包括所述身份合约地址的注册请求,所述身份合约地址用于指示所述应用服务器将所述身份合约地址作为所述用户实体账户在所述应用服务器上的账户标识。a first registration request sending module, configured to send, to the application server, a registration request including the identity contract address, where the identity contract address is used to instruct the application server to use the identity contract address as the user entity account The account ID on the application server.
  14. 根据权利要求13所述的装置,其特征在于,所述装置还包括:The device according to claim 13, wherein the device further comprises:
    登陆请求发送模块,用于向所述应用服务器发送登陆请求,所述登陆请求包括所述身份合约地址和签名信息,其中,所述身份合约地址和所述签名信息用于所述应用服务器确定所述用户实体账户与所述身份合约地址是否关联并对所述签名信息进行签名验证。a login request sending module, configured to send a login request to the application server, where the login request includes the identity contract address and signature information, wherein the identity contract address and the signature information are used by the application server to determine Whether the user entity account is associated with the identity contract address and signature verification of the signature information.
  15. 根据权利要求13所述的装置,其特征在于,所述身份合约还包括多个仲裁客户端的账户信息以及仲裁规则;The apparatus according to claim 13, wherein said identity contract further comprises account information of a plurality of arbitration clients and an arbitration rule;
    所述装置还包括:The device also includes:
    实体账户创建模块,用于创建新用户实体账户;An entity account creation module for creating a new user entity account;
    更换请求发送模块,用于根据所述多个仲裁客户端的账户信息分别向所述多个仲裁客户端发送实体账户更换请求,所述实体账户更换请求包括所述身份合约地址和所述新用户实体账户的区块链地址,其中,所述身份合约地址用于指示所述多个仲裁客户端向所述身份合约发送仲裁结果,所述新用户实体账户的区块链地址用于指示所述身份合约根据所述多个仲裁客户端的仲裁结果和所述仲裁规则将所述新用户实体账户与所述身份合约关联。And a replacement request sending module, configured to separately send an entity account replacement request to the plurality of arbitration clients according to the account information of the plurality of arbitration clients, where the entity account replacement request includes the identity contract address and the new user entity a blockchain address of the account, wherein the identity contract address is used to instruct the plurality of arbitration clients to send an arbitration result to the identity contract, and the blockchain address of the new user entity account is used to indicate the identity The contract associates the new user entity account with the identity contract based on the arbitration results of the plurality of arbitration clients and the arbitration rules.
  16. 根据权利要求13所述的装置,其特征在于,所述装置还包括:The device according to claim 13, wherein the device further comprises:
    私钥分块模块,用于根据预设算法将所述用户实体账户的私钥进行分块,得到n个数据块,其中,n≥2;a private key blocking module, configured to block a private key of the user entity account according to a preset algorithm, to obtain n data blocks, where n≥2;
    哈希处理模块,用于分别对所述n个数据块进行哈希处理,得到所述n个数据块的哈希值;a hash processing module, configured to perform hash processing on the n data blocks, respectively, to obtain a hash value of the n data blocks;
    数据块加密模块,用于根据c个好友客户端的公钥对所述n个数据块中的s个数据块进行加密,得到s个加密数据块,其中,c≥1,n≥s≥k;a data block encryption module, configured to encrypt s data blocks in the n data blocks according to a public key of the c buddy clients, to obtain s encrypted data blocks, where c ≥ 1, n ≥ s ≥ k;
    信息写入模块,用于将所述s个加密数据块、所述c个好友客户端的区块链地址以及所述n个数据块的哈希值写入所述身份合约中。The information writing module is configured to write the s encrypted data blocks, the blockchain addresses of the c buddy clients, and the hash values of the n data blocks into the identity contract.
  17. 根据权利要求16所述的方法,其特征在于,所述装置还包括:The method of claim 16 wherein said apparatus further comprises:
    目标好友客户端地址获取模块,用于根据所述身份合约地址访问所述身份合约,获得所述s个加密数据块中至少k个加密数据块对应的目标好友客户端的区块链地址,其中,n≥k≥1;a target buddy client address obtaining module, configured to access the identity contract according to the identity contract address, and obtain a blockchain address of a target buddy client corresponding to at least k encrypted data blocks of the s encrypted data blocks, where N≥k≥1;
    私钥恢复请求发送模块,用于根据所述至少k个目标好友客户端的区块链地址分别向所述至少k个目标好友客户端发送私钥恢复请求,所述私钥恢复请求用于指示所述至少k个目标好友客户端从所述身份合约中获取所述至少k个加密数据块并经解密和重新加密后存储至所述身份合约;a private key recovery request sending module, configured to send a private key recovery request to the at least k target buddy clients according to the blockchain address of the at least k target buddy clients, where the private key recovery request is used to indicate Dedicating at least k target buddy clients to obtain the at least k encrypted data blocks from the identity contract, and decrypting and re-encrypting to store the identity contract;
    私钥恢复模块,用于从所述身份合约中查询所述至少k个重新加密后的加密数据块和对应的所述哈希值并解密得到所述用户实体账户的私钥。And a private key recovery module, configured to query the at least k re-encrypted encrypted data blocks and the corresponding hash value from the identity contract and decrypt the private key of the user entity account.
  18. 一种账户统一装置,其特征在于,应用于客户端,所述装置包括:An account unified device, which is applied to a client, and the device includes:
    第二注册请求发送模块,用于向应用服务器发送注册请求,所述注册请求包括用户实体账户的区块链地址,所述区块链地址用于所述应用服务器根据所述区块链地址部署与所述用户实体账户关联的身份合约;a second registration request sending module, configured to send a registration request to the application server, where the registration request includes a blockchain address of the user entity account, where the blockchain address is used by the application server to deploy according to the blockchain address An identity contract associated with the user entity account;
    注册成功响应接收模块,用于接收所述应用服务器发送的注册成功响应,所述注册请求包括与所述用户实体账户关联的身份合约地址。The registration success response receiving module is configured to receive a registration success response sent by the application server, where the registration request includes an identity contract address associated with the user entity account.
  19. 一种账户统一装置,其特征在于,应用于应用服务器,所述装置包括:An account unified device, which is applied to an application server, and the device includes:
    第一注册请求接收模块,用于接收客户端发送的注册请求,所述注册请求包括与待注册的用户实体账户关联的身份合约地址;a first registration request receiving module, configured to receive a registration request sent by the client, where the registration request includes an identity contract address associated with the user entity account to be registered;
    第一账户标识确定模块,用于将所述身份合约地址作为所述用户实体账户在所述应用服务器上的账户标识。And a first account identifier determining module, configured to use the identity contract address as an account identifier of the user entity account on the application server.
  20. 根据权利要求19所述的装置,其特征在于,所述装置还包括:The device of claim 19, wherein the device further comprises:
    第一登陆请求接收模块,用于接收所述客户端发送的登陆请求,所述登陆请求包括所述身份合约地址和所述用户实体账户的挑战签名信息;a first login request receiving module, configured to receive a login request sent by the client, where the login request includes the identity contract address and challenge signature information of the user entity account;
    第一关联关系验证模块,用于根据所述身份合约地址和所述挑战签名信息验证所述用户实体账户是否与所述身份合约地址关联;a first association verification module, configured to verify, according to the identity contract address and the challenge signature information, whether the user entity account is associated with the identity contract address;
    第一登陆成功响应模块,用于在确定所述用户实体账户与所述身份合约地址关联且对所述挑战签名信息验证通过时,向所述客户端返回登陆成功响应。The first login success response module is configured to return a login success response to the client when it is determined that the user entity account is associated with the identity contract address and the challenge signature information is verified.
  21. 根据权利要求19所述的装置,其特征在于,所述装置还包括:The device of claim 19, wherein the device further comprises:
    第二登陆请求接收模块,用于接收所述客户端发送的登陆请求,所述登陆请求包括所述身份合约地址和所述用户实体账户的签名信息;a second login request receiving module, configured to receive a login request sent by the client, where the login request includes the identity contract address and signature information of the user entity account;
    登陆状态确定模块,用于根据所述身份合约地址查询所述区块链上的登陆信息合约,确定所述身份合约地址在其他可信任应用服务器上的登陆状态,其中,所述登陆信息合约是预先部署在所述区块链上的记录有各身份合约地址在各可信任应用服务器上的登陆状态的合约;a login status determining module, configured to query a login information contract on the blockchain according to the identity contract address, and determine a login status of the identity contract address on another trusted application server, where the login information contract is a contract pre-deployed on the blockchain with a login status of each identity contract address on each trusted application server;
    第二关联关系验证模块,用于在确定所述身份合约地址在所述其他可信任应用服务器上的登陆状态为已登陆时,根据所述身份合约地址和所述签名信息验证所述用户实体账户是否与所述身份合约地址关联;a second association verification module, configured to verify the user entity account according to the identity contract address and the signature information when determining that the login status of the identity contract address on the other trusted application server is logged in Whether it is associated with the identity contract address;
    第二登陆成功响应模块,用于在确定所述用户实体账户与所述身份合约地址关联时,向所述客户端返回登陆成功响应。The second login success response module is configured to return a login success response to the client when determining that the user entity account is associated with the identity contract address.
  22. 根据权利要求21所述的装置,其特征在于,所述装置还包括:The device of claim 21, wherein the device further comprises:
    第三关联关系验证模块,用于在确定所述身份合约地址在所述其他可信任应用服务器上的登陆状态为未登陆时,根据所述身份合约地址和所述签名信息验证所述用户实体账户是否与所述身份合约地址关联并对所述签名信息进行签名验证;a third association verification module, configured to verify the user entity account according to the identity contract address and the signature information when determining that the login status of the identity contract address on the other trusted application server is not logged in Whether to associate with the identity contract address and perform signature verification on the signature information;
    第一登陆状态标记模块,用于在确定所述用户实体账户与所述身份合约地址关联且时,对所述用户实体账户进行挑战认证,并在认证通过后在认证通过后将所述身份合约地址在所述应用服务器上的登陆状态标记为已登陆并记录至所述登陆信息合约中。a first login status marking module, configured to perform challenge authentication on the user entity account when determining that the user entity account is associated with the identity contract address, and to perform the identity contract after the authentication is passed after the authentication is passed The login status of the address on the application server is marked as logged in and recorded in the login information contract.
  23. 根据权利要求21或22所述的装置,其特征在于,所述装置还包括:The device according to claim 21 or 22, wherein the device further comprises:
    注销请求接收模块,用于接收所述客户端发送的注销请求,所述注销请求包括所述身份合约地址;a logout request receiving module, configured to receive a logout request sent by the client, where the logout request includes the identity contract address;
    第二登陆状态标记模块,用于将所述身份合约地址在所述应用服务器上的登陆状态标记为未登陆并记录至所述登陆信息合约中。The second login status marking module is configured to mark the login status of the identity contract address on the application server as not logged in and recorded in the login information contract.
  24. 一种账户统一装置,其特征在于,应用于应用服务器,所述装置包括:An account unified device, which is applied to an application server, and the device includes:
    第二注册请求接收模块,用于接收客户端发送的注册请求,所述注册请求包括待注册的用户实体账户的区块链地址;a second registration request receiving module, configured to receive a registration request sent by the client, where the registration request includes a blockchain address of the user entity account to be registered;
    第二身份合约创建模块,用于根据所述用户实体账户的区块链地址创建身份合约并与所述用户实体账户关联;a second identity contract creation module, configured to create an identity contract according to a blockchain address of the user entity account and associate with the user entity account;
    第二身份合约部署模块,用于在区块链上部署所述身份合约,得到所述身份合约的身份合约地址;a second identity contract deployment module, configured to deploy the identity contract on a blockchain to obtain an identity contract address of the identity contract;
    第二账户标识确定模块,用于将所述身份合约地址作为所述用户实体账户在所述应用服务器上的账户标识并将包括所述身份合约地址的注册成功响应发送给所述客户端。And a second account identifier determining module, configured to send the identity contract address as an account identifier of the user entity account on the application server, and send a registration success response including the identity contract address to the client.
  25. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行权利要求1-5中任一项所述的方法。A computer readable storage medium, comprising: one or more programs, the one or more programs for performing the method of any one of claims 1-5 .
  26. 一种账户统一装置,应用于客户端,其特征在于,包括:权利要求25所述的计算机可读存储介质;以及一个或多个处理器,用于执行所述计算机可读存储介质中的程序。An account unified device, applied to a client, comprising: the computer readable storage medium of claim 25; and one or more processors for executing a program in the computer readable storage medium .
  27. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行权利要求6所述的方法。A computer readable storage medium, comprising: one or more programs, the one or more programs for performing the method of claim 6.
  28. 一种账户统一装置,应用于客户端,其特征在于,包括:权利要求27所述的计算机可读存储介质;以及一个或多个处理器,用于执行所述计算机可读存储介质中的程序。An account unified device, applied to a client, comprising: the computer readable storage medium of claim 27; and one or more processors for executing a program in the computer readable storage medium .
  29. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行权利要求7-11中任一项所述的方法。A computer readable storage medium, comprising: one or more programs, the one or more programs for performing the method of any one of claims 7-11 .
  30. 一种账户统一装置,应用于应用服务器,其特征在于,包括:权利要求29所述的计算机可读存储介质;以及一个或多个处理器,用于执行所述计算机可读存储介质中的程序。An account unified device, applied to an application server, comprising: the computer readable storage medium of claim 29; and one or more processors for executing a program in the computer readable storage medium .
  31. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行权利要求12所述的方法。A computer readable storage medium, comprising: one or more programs, the one or more programs for performing the method of claim 12.
  32. 一种账户统一装置,应用于应用服务器,其特征在于,包括:权利要求31所述的计算机可读存储介质;以及一个或多个处理器,用于执行所述计算机可读存储介质中的程序。An account unified device, applied to an application server, comprising: the computer readable storage medium of claim 31; and one or more processors for executing a program in the computer readable storage medium .
PCT/CN2017/120263 2017-12-29 2017-12-29 Account unifying method and device and storage medium WO2019127530A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201780002514.2A CN108235805B (en) 2017-12-29 2017-12-29 Account unifying method and device and storage medium
PCT/CN2017/120263 WO2019127530A1 (en) 2017-12-29 2017-12-29 Account unifying method and device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/120263 WO2019127530A1 (en) 2017-12-29 2017-12-29 Account unifying method and device and storage medium

Publications (1)

Publication Number Publication Date
WO2019127530A1 true WO2019127530A1 (en) 2019-07-04

Family

ID=62645410

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/120263 WO2019127530A1 (en) 2017-12-29 2017-12-29 Account unifying method and device and storage medium

Country Status (2)

Country Link
CN (1) CN108235805B (en)
WO (1) WO2019127530A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113343204A (en) * 2021-08-06 2021-09-03 北京微芯感知科技有限公司 Digital identity management system and method based on block chain
FR3112623A1 (en) * 2020-07-20 2022-01-21 Jiangsu Aowei Holdings Co., Ltd. Process for managing accounts of the decentralized platform for recording evidence of electronic contracts

Families Citing this family (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108235805B (en) * 2017-12-29 2021-07-30 达闼机器人有限公司 Account unifying method and device and storage medium
CN109087079B (en) * 2018-07-09 2021-03-30 北京知帆科技有限公司 Digital currency transaction information analysis method
CN109344625A (en) * 2018-07-24 2019-02-15 东方银谷(北京)投资管理有限公司 User account management method and device for block chain
CN109145201B (en) * 2018-07-26 2020-11-10 百度在线网络技术(北京)有限公司 Information management method, device, equipment and storage medium based on block chain
CN109146477B (en) * 2018-08-02 2022-02-18 夸克链科技(深圳)有限公司 Method for specifying address when Ethernet workshop issues intelligent contract
CN110807203B (en) * 2018-08-06 2022-03-01 中国电信股份有限公司 Data processing method, service operation center platform, system and storage medium
CN109005186B (en) * 2018-08-20 2020-12-11 杭州复杂美科技有限公司 Method, system, equipment and storage medium for isolating user identity information
CN109191132B (en) * 2018-08-20 2022-02-11 众安信息技术服务有限公司 Method, system and device for deploying intelligent contracts
CN109257454A (en) * 2018-08-23 2019-01-22 深圳市元征科技股份有限公司 A kind of contract address resolution method, device, equipment and medium based on block chain
CN109040341B (en) * 2018-08-27 2021-05-04 深圳前海益链网络科技有限公司 Intelligent contract address generation method and device, computer equipment and readable storage medium
CN109359976A (en) * 2018-09-06 2019-02-19 深圳大学 Account number cipher management method, device, equipment and storage medium based on block chain
TWI708199B (en) * 2018-09-14 2020-10-21 宏達國際電子股份有限公司 Method and system for sharing private data based on smart contracts
CN109272317A (en) * 2018-09-27 2019-01-25 北京金山安全软件有限公司 Block chain private key obtaining method and device and electronic equipment
CN108900562B (en) * 2018-10-11 2021-07-20 北京京东尚科信息技术有限公司 Login state sharing method and device, electronic equipment and medium
EP3644549A1 (en) * 2018-10-23 2020-04-29 Siemens Aktiengesellschaft Issuing device and method for issuing and requesting device and method for requesting a digital certificate
CN109492433A (en) * 2018-11-08 2019-03-19 中链科技有限公司 It deposits the building of card information inquiry port, deposit the querying method and system of card information
US20200213100A1 (en) * 2018-11-27 2020-07-02 Shenzhen Lianbao Technology Co., Ltd. Multi-chain information management method, storage medium and blockchain identity parser
CN109819443B (en) * 2018-12-29 2021-09-21 东莞见达信息技术有限公司 Registration authentication method, device and system based on block chain
CN109889503B (en) * 2019-01-22 2022-02-22 平安科技(深圳)有限公司 Identity management method based on block chain, electronic device and storage medium
CN109936569B (en) * 2019-02-21 2021-05-28 领信智链(北京)科技有限公司 Decentralized digital identity login management system based on Ether house block chain
CA3057385C (en) * 2019-03-01 2023-02-14 Alibaba Group Holding Limited Methods and devices for protecting sensitive data of transaction activity based on smart contract in blockchain
CN113077254A (en) * 2019-03-29 2021-07-06 创新先进技术有限公司 Method and apparatus for resetting blockchain account key based on biometrics
CN110035002B (en) * 2019-04-01 2021-09-10 达闼机器人有限公司 Method for implementing instant messaging, terminal equipment and storage medium
CN110071937B (en) * 2019-04-30 2022-01-25 中国联合网络通信集团有限公司 Login method, system and storage medium based on block chain
CN110166254B (en) * 2019-05-27 2020-09-29 国家电网有限公司 Method and device for realizing identity-based key management by using intelligent contract
CN110245955A (en) * 2019-05-27 2019-09-17 众安信息技术服务有限公司 A kind of block chain account attributes management method and system based on intelligent contract
CN110177119A (en) * 2019-06-13 2019-08-27 朱子腾 A kind of account and application method of binding IP address
CN110231965B (en) * 2019-06-19 2022-05-10 京东方科技集团股份有限公司 Cloud device, application processing method and electronic device
CN111095236B (en) * 2019-06-28 2024-05-10 创新先进技术有限公司 System and method for blockchain address mapping
CN111355723B (en) * 2020-02-26 2023-04-18 腾讯科技(深圳)有限公司 Single sign-on method, device, equipment and readable storage medium
CN112132585A (en) * 2020-09-16 2020-12-25 北京好扑信息科技有限公司 Decentralized identity authentication and identification method based on block chain technology
CN112330449A (en) * 2020-11-03 2021-02-05 平安科技(深圳)有限公司 Block chain-based joint account creation method, system, device and storage medium
CN112364311B (en) * 2020-11-10 2024-01-26 上海保险交易所股份有限公司 Identity management method and device on blockchain
CN114614998B (en) * 2020-11-24 2024-01-02 富泰华工业(深圳)有限公司 Account identity verification method, device, computer device and storage medium
CN112488685B (en) * 2020-12-23 2023-12-12 杨宁波 User private key protection method for blockchain
CN114401100A (en) * 2021-10-02 2022-04-26 杭州荔藤网络科技有限公司 Cross-application platform login method and system for block chain account
CN114268472B (en) * 2021-12-10 2023-12-15 杭州溪塔科技有限公司 User authentication method and system of application system based on block chain

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1866822A (en) * 2005-05-16 2006-11-22 联想(北京)有限公司 Method for realizing uniform authentication
CN106779708A (en) * 2016-12-23 2017-05-31 中钞信用卡产业发展有限公司北京智能卡技术研究院 Participant identity management method and system on block chain based on intelligent contract
CN107196966A (en) * 2017-07-05 2017-09-22 北京信任度科技有限公司 The identity identifying method and system of multi-party trust based on block chain
US20170344988A1 (en) * 2016-05-24 2017-11-30 Ubs Ag System and method for facilitating blockchain-based validation
CN108235805A (en) * 2017-12-29 2018-06-29 深圳前海达闼云端智能科技有限公司 Account unifying method and device and storage medium

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170048235A1 (en) * 2015-07-14 2017-02-16 Fmr Llc Crypto Captcha and Social Aggregating, Fractionally Efficient Transfer Guidance, Conditional Triggered Transaction, Datastructures, Apparatuses, Methods and Systems
CN105847247B (en) * 2016-03-21 2020-04-10 飞天诚信科技股份有限公司 Authentication system and working method thereof
CN106453271B (en) * 2016-09-21 2019-05-03 江苏通付盾科技有限公司 Identity registration method and system, identity identifying method and system
CN106533696B (en) * 2016-11-18 2019-10-01 江苏通付盾科技有限公司 Identity identifying method, certificate server and user terminal based on block chain
CN106453407B (en) * 2016-11-23 2019-10-15 江苏通付盾科技有限公司 Identity authentication method based on block chain, authentication server and user terminal
CN106919419A (en) * 2017-02-03 2017-07-04 中钞信用卡产业发展有限公司北京智能卡技术研究院 The update method and device of the intelligent contract program on block chain
CN107248074A (en) * 2017-03-29 2017-10-13 阿里巴巴集团控股有限公司 A kind of method for processing business and equipment based on block chain
CN107274186A (en) * 2017-05-11 2017-10-20 上海点融信息科技有限责任公司 The method and apparatus that intelligent contract-defined interface is obtained in block chain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1866822A (en) * 2005-05-16 2006-11-22 联想(北京)有限公司 Method for realizing uniform authentication
US20170344988A1 (en) * 2016-05-24 2017-11-30 Ubs Ag System and method for facilitating blockchain-based validation
CN106779708A (en) * 2016-12-23 2017-05-31 中钞信用卡产业发展有限公司北京智能卡技术研究院 Participant identity management method and system on block chain based on intelligent contract
CN107196966A (en) * 2017-07-05 2017-09-22 北京信任度科技有限公司 The identity identifying method and system of multi-party trust based on block chain
CN108235805A (en) * 2017-12-29 2018-06-29 深圳前海达闼云端智能科技有限公司 Account unifying method and device and storage medium

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3112623A1 (en) * 2020-07-20 2022-01-21 Jiangsu Aowei Holdings Co., Ltd. Process for managing accounts of the decentralized platform for recording evidence of electronic contracts
NL2028773A (en) * 2020-07-20 2022-03-15 Jiangsu Aowei Holdings Co Ltd Account management method of decentralized electronic contract deposit platform
CN113343204A (en) * 2021-08-06 2021-09-03 北京微芯感知科技有限公司 Digital identity management system and method based on block chain
CN113343204B (en) * 2021-08-06 2021-11-30 北京微芯感知科技有限公司 Digital identity management system and method based on block chain

Also Published As

Publication number Publication date
CN108235805A (en) 2018-06-29
CN108235805B (en) 2021-07-30

Similar Documents

Publication Publication Date Title
WO2019127530A1 (en) Account unifying method and device and storage medium
Almadhoun et al. A user authentication scheme of IoT devices using blockchain-enabled fog nodes
US11606352B2 (en) Time-based one time password (TOTP) for network authentication
JP7121459B2 (en) Blockchain authentication via hard/soft token verification
Lesavre et al. A taxonomic approach to understanding emerging blockchain identity management systems
Lim et al. Blockchain technology the identity management and authentication service disruptor: a survey
US11196573B2 (en) Secure de-centralized domain name system
US11159307B2 (en) Ad-hoc trusted groups on a blockchain
WO2018112946A1 (en) Registration and authorization method, device and system
JP2021505098A (en) Systems and methods for recording device lifecycle transactions as a versioned block of a blockchain network using transaction connectors and broker services
Zhou et al. EverSSDI: blockchain-based framework for verification, authorisation and recovery of self-sovereign identity using smart contracts
Faísca et al. Decentralized semantic identity
KR20230073236A (en) Authentication system and method
EP4183104A1 (en) Challenge-response protocol based on physically unclonable functions
Sharma et al. A blockchain based secure communication framework for community interaction
US20230362019A1 (en) Physically unclonable functions storing response values on a data store
Kokoris-Kogias et al. Verifiable management of private data under byzantine failures
Fathalla et al. PT-SSIM: A proactive, trustworthy self-sovereign identity management system
JP2023543474A (en) Physically difficult-to-replicate function
Dumas et al. LocalPKI: An interoperable and IoT friendly PKI
Wu et al. A Blockchain‐Based Hierarchical Authentication Scheme for Multiserver Architecture
WO2022069134A1 (en) Physically unclonable functions storing response values on a blockchain
Shehu et al. Spidverify: A secure and privacy-preserving decentralised identity verification framework
Nguyen et al. Protecting biometrics using fuzzy extractor and non-invertible transformation methods in kerberos authentication protocol
Heher et al. BISON: Blind Identification through Stateless scOpe-specific derivatioN

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17936871

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 17/11/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 17936871

Country of ref document: EP

Kind code of ref document: A1