WO2019205389A1 - Dispositif électronique, procédé d'authentification fondé sur une chaîne de blocs et programme et support d'informations informatique - Google Patents

Dispositif électronique, procédé d'authentification fondé sur une chaîne de blocs et programme et support d'informations informatique Download PDF

Info

Publication number
WO2019205389A1
WO2019205389A1 PCT/CN2018/102407 CN2018102407W WO2019205389A1 WO 2019205389 A1 WO2019205389 A1 WO 2019205389A1 CN 2018102407 W CN2018102407 W CN 2018102407W WO 2019205389 A1 WO2019205389 A1 WO 2019205389A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
verification
user
user identity
identity
Prior art date
Application number
PCT/CN2018/102407
Other languages
English (en)
Chinese (zh)
Inventor
陈文博
刘�英
周鹏华
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2019205389A1 publication Critical patent/WO2019205389A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Definitions

  • the present application relates to the field of blockchain technology, and in particular, to an electronic device, a blockchain-based identity verification method, a program, and a computer storage medium.
  • the blockchain is essentially a distributed database based on smart contracts.
  • the information on the blockchain is shared by all P2P (Peer-to-peer) networks to all nodes. Due to the advantages of tamper resistance, high transparency and decentralization, blockchain has been widely used in various fields in recent years.
  • Authentication also becomes "authentication” or “identification”, which refers to the process of confirming the identity of an operator in a computer and computer network system to determine whether the user has access to and use of a certain resource, thereby enabling the computer and
  • the access policy of the network system can be executed reliably and effectively, preventing the attacker from impersonating legitimate users to obtain access rights to resources, ensuring the security of the system and data, and authorizing the legitimate interests of the visitors.
  • the identity verification method of the blockchain is: when the user logs in through the application end of a blockchain, the application end authenticates the user identity by verifying the user name and the user password of the user.
  • the problem with this verification method is that the same verification method is adopted for different users, and the verification method is too singular to meet the diverse needs of multiple application scenarios.
  • the main purpose of the present application is to provide an electronic device, a blockchain-based identity verification method, a program, and a computer storage medium, which are intended to solve the problem that the existing identity verification method is too single to meet the diverse needs of multiple application scenarios. .
  • the present application provides an electronic device including a memory and a processor, and the memory stores a first identity verification program based on a blockchain, the first identity based on the blockchain
  • the verification procedure is implemented by the processor to implement the following steps:
  • a verification step when receiving the first identity verification request carrying the first user identity information, verifying the first user identity information according to a predetermined identity verification rule to obtain a first verification result;
  • a determining step determining whether to perform multiple identity verification according to the obtained first verification result, the first user identity information, and a predetermined determination rule;
  • a first outputting step when it is determined that the multiple authentication is not performed, outputting the first verification result as a user identity verification result; or, when determining to perform the multiple identity verification, acquiring the second user identity information;
  • the searching step searching for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identification information in the first user identity information and the predetermined user identification information and the verification node identification information;
  • a publishing step publishing a second identity verification request carrying the second user identity information to the blockchain network, and receiving, by the blockchain network, the carrying node identification information that is generated and broadcasted by the second user identity information Feedback information;
  • the analyzing step analyzing and processing the verification result in the feedback information based on the predetermined first result analysis rule, and outputting the first analysis result as the second verification result;
  • the second output step is: performing analysis processing on the second verification result according to the predetermined second result analysis rule, and outputting the second analysis result as the identity verification result of the user.
  • the present application further provides an electronic device, where the electronic device includes a memory and a processor, and the memory stores a second identity verification program based on a blockchain, and the blockchain-based When the second authentication program is executed by the processor, the following steps are implemented:
  • Receiving step receiving an identity verification request carrying user identity information
  • the verification step verifying the user identity information to obtain a verification result, and generating feedback information carrying the node identification information according to the verification result, and broadcasting the feedback information to the blockchain network.
  • the present application further provides a blockchain-based identity verification method, the method comprising the steps of:
  • a first verification step when receiving the first identity verification request carrying the first user identity information, verifying the first user identity information according to a predetermined identity verification rule to obtain a first verification result;
  • a determining step determining whether to perform multiple identity verification according to the obtained first verification result, the first user identity information, and a predetermined determination rule;
  • a first outputting step when it is determined that the multiple authentication is not performed, outputting the first verification result as a user identity verification result; or, when determining to perform the multiple identity verification, acquiring the second user identity information;
  • the searching step searching for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identification information in the first user identity information and the predetermined user identification information and the verification node identification information;
  • a publishing step publishing a second identity verification request carrying the second user identity information to the blockchain network, and receiving, by the blockchain network, the carrying node identification information that is generated and broadcasted by the second user identity information Feedback information;
  • the analyzing step analyzing and processing the verification result in the feedback information based on the predetermined first result analysis rule, and outputting the first analysis result as the second verification result;
  • the second output step is: performing analysis processing on the second verification result according to the predetermined second result analysis rule, and outputting the second analysis result as the identity verification result of the user.
  • the present application further provides a blockchain-based identity verification program, where the blockchain-based identity verification program includes:
  • a verification module configured to: when receiving the first identity verification request carrying the first user identity information, verify the first user identity information according to a predetermined identity verification rule, to obtain a first verification result;
  • a determining module configured to determine whether to perform multiple identity verification according to the obtained first verification result, the first user identity information, and a predetermined determination rule
  • a first output module configured to output the first verification result as a user identity verification result when determining that multiple authentication is not performed; or acquire second user identity information when determining to perform multiple identity verification;
  • a searching module configured to search for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identifier information in the first user identity information and the predetermined user identifier information and the verification node identifier information;
  • a publishing module configured to send a second identity verification request that carries the second user identity information to a blockchain network, and receive a carrying node that is configured to verify and broadcast the second user identity information of the blockchain network Feedback information of the identification information;
  • An analysis module configured to analyze and process the verification result in the feedback information based on a predetermined first result analysis rule, and output the first analysis result as a second verification result;
  • a second output module configured to perform an analysis process on the second verification result according to the predetermined second result analysis rule, and output a second analysis result as the identity verification result of the user.
  • the present application further provides a computer readable storage medium storing a first identity program based on a blockchain, the first identity verification program based on a blockchain
  • the at least one processor can be executed by the at least one processor to perform the following steps:
  • a verification step when receiving the first identity verification request carrying the first user identity information, verifying the first user identity information according to a predetermined identity verification rule to obtain a first verification result;
  • a determining step determining whether to perform multiple identity verification according to the obtained first verification result, the first user identity information, and a predetermined determination rule;
  • a first outputting step when it is determined that the multiple authentication is not performed, outputting the first verification result as a user identity verification result; or, when determining to perform the multiple identity verification, acquiring the second user identity information;
  • the searching step searching for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identification information in the first user identity information and the predetermined user identification information and the verification node identification information;
  • a publishing step publishing a second identity verification request carrying the second user identity information to the blockchain network, and receiving, by the blockchain network, the carrying node identification information that is generated and broadcasted by the second user identity information Feedback information;
  • the analyzing step analyzing and processing the verification result in the feedback information based on the predetermined first result analysis rule, and outputting the first analysis result as the second verification result;
  • the second output step is: performing analysis processing on the second verification result according to the predetermined second result analysis rule, and outputting the second analysis result as the identity verification result of the user.
  • the present application further provides a blockchain-based identity verification method, where the blockchain-based identity verification method includes:
  • Receiving step receiving an identity verification request carrying user identity information
  • the verification step verifying the user identity information to obtain a verification result, and generating feedback information carrying the node identification information according to the verification result, and broadcasting the feedback information to the blockchain network.
  • the present application further provides a blockchain-based identity verification program, where the blockchain-based identity verification program includes:
  • a receiving module configured to receive an identity verification request that carries user identity information
  • a verification module configured to verify the user identity information to obtain a verification result, and generate feedback information carrying the node identification information according to the verification result, and broadcast the feedback information to the blockchain network.
  • the present application further provides a computer readable storage medium storing a blockchain based second identity verification program, the blockchain based second identity verification
  • the program can be executed by at least one processor to cause the at least one processor to perform the following steps:
  • Receiving step receiving an identity verification request carrying user identity information
  • the verification step verifying the user identity information to obtain a verification result, and generating feedback information carrying the node identification information according to the verification result, and broadcasting the feedback information to the blockchain network.
  • the application After verifying the first user identity information according to the predetermined identity verification rule, the application determines whether to perform the multiple identity verification according to the predetermined determination rule, and after determining to perform the multiple identity verification, releasing the second user identity information to the zone.
  • the blockchain network is verified to obtain the verification result of multiple authentication.
  • FIG. 1 is a schematic diagram of an operating environment of a first electronic device and a second electronic device according to the present application;
  • FIG. 2 is a schematic diagram of an operating environment of a first embodiment of a first identity verification procedure based on a blockchain according to the present application;
  • FIG. 3 is a program module diagram of a first embodiment of a first identity verification procedure based on a blockchain according to the present application
  • FIG. 4 is a schematic flowchart of a blockchain-based identity verification method according to a first embodiment of the present application
  • FIG. 5 is a schematic diagram of an operating environment of a first embodiment of a second identity verification procedure based on a blockchain according to the present application;
  • FIG. 6 is a program module diagram of a first embodiment of a second identity verification procedure based on a blockchain according to the present application
  • FIG. 7 is a schematic flowchart diagram of a second embodiment of a blockchain-based identity verification method according to the present application.
  • the electronic device of the present application, the blockchain-based identity verification method, and the computer storage medium are applicable to a blockchain-based public welfare system, and the system includes a plurality of application terminals, and node devices corresponding to the application terminals, and the application end
  • the utility model includes a public welfare platform and a public welfare target platform
  • the node equipment comprises a public welfare platform node device corresponding to the public welfare platform, a public welfare object platform node device corresponding to the public welfare object platform, a plurality of public welfare platform employee management subsystems, and a corresponding public welfare platform employee management subsystem.
  • the non-profit platform employee management node device in some embodiments, the blockchain-based public interest system further includes: a plurality of fair institution platforms and fair institution node devices corresponding to the fair institution platforms.
  • the application also proposes a first identity verification procedure based on a blockchain.
  • FIG. 1 is a schematic diagram of an operating environment of a first electronic device 1 and a second electronic device 2 according to the present application.
  • FIG. 2 is a schematic diagram of the operating environment of the first embodiment of the first identity verification program 10 based on the blockchain of the present application.
  • the first identity verification program 10 based on the blockchain is installed and operates in the first electronic device 1.
  • the first electronic device 1 may be a publishing node device, or may be an application server corresponding to the publishing node device, and may be an electronic device other than the publishing node device and the application server. .
  • the first electronic device 1 may be a computing device such as a desktop computer, a notebook, a palmtop computer, and a server.
  • the first electronic device 1 may include, but is not limited to, a memory 11, a processor 12, and a display 13.
  • Figure 2 shows only the first electronic device 1 with components 11-13, but it should be understood that not all illustrated components may be implemented, and more or fewer components may be implemented instead.
  • the memory 11 may be an internal storage unit of the first electronic device 1, such as a hard disk or memory of the first electronic device 1, in some embodiments.
  • the memory 11 may also be an external storage device of the first electronic device 1 in other embodiments, such as a plug-in hard disk equipped on the first electronic device 1, a smart memory card (SMC), and a secure digital (Secure) Digital, SD) cards, flash cards, etc.
  • the memory 11 may also include both an internal storage unit of the first electronic device 1 and an external storage device.
  • the memory 11 is used to store application software and various types of data installed in the first electronic device 1, such as program code of the first identity verification program 10 based on the blockchain.
  • the memory 11 can also be used to temporarily store data that has been output or is about to be output.
  • the processor 12 in some embodiments, may be a Central Processing Unit (CPU), microprocessor or other data processing chip for running program code or processing data stored in the memory 11, for example, performing a first identity Verification procedure 10, etc.
  • the processor 12 may be a smart contract.
  • the display 13 may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch sensor, or the like in some embodiments.
  • the display 13 is for displaying information processed in the first electronic device 1 and a user interface for displaying visualization.
  • the components 11-13 of the first electronic device 1 communicate with one another via a system bus.
  • FIG. 3 is a program module diagram of the first embodiment of the first identity verification program 10 based on the blockchain of the present application.
  • the blockchain-based first identity verification program 10 can be divided into one or more modules, one or more modules are stored in the memory 11, and by one or more processors (this implementation) The example is executed by the processor 12) to complete the application.
  • the first identity verification program 10 based on the blockchain may be divided into a verification module 101, a determination module 102, a first output module 103, a lookup module 104, a distribution module 105, an analysis module 106, and a second. Output module 107.
  • a module as referred to in the present application refers to a series of computer program instruction segments capable of performing a specific function, and is more suitable than the program to describe the execution process of the first identity verification program 10 based on the blockchain in the first electronic device 1, wherein:
  • the verification module 101 is configured to, when receiving the first identity verification request carrying the first user identity information, verify the first user identity information according to the predetermined identity verification rule to obtain a first verification result.
  • the determining module 102 is configured to determine whether to perform the multiple identity verification according to the obtained first verification result, the first user identity information, and the predetermined determination rule.
  • the first output module 103 is configured to: when the multi-identity verification is not performed, output the first verification result as a user identity verification result; or, when it is determined to perform the multiple identity verification, acquire the second user identity information.
  • the searching module 104 is configured to search for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identifier information in the first user identity information and the predetermined user identifier information and the verification node identifier information.
  • a publishing module 105 configured to issue a second identity verification request that carries the second user identity information to the blockchain network, and receive, by the blockchain network, the second user identity information to be verified and generated and broadcasted. Feedback information of node identification information.
  • the analyzing module 106 is configured to perform analysis processing on the verification result in the feedback information based on the predetermined first result analysis rule, and output the first analysis result as the second verification result.
  • the second output module 107 is configured to perform analysis processing on the second verification result according to a predetermined second result analysis rule, and output a second analysis result as the identity verification result of the user.
  • the first user identity information is identity information that does not involve user privacy. Even if the first user identity information is obtained by another person, the winner of the first user identity information cannot learn the true identity of the user by using the first user identity information.
  • the first user identity information includes user identification information and first user identity information, where the user identity association information includes user name information and user password information (the user password information may be U shield, electronic certificate, etc. as a storage medium). ), dynamic code, etc.
  • the above predetermined authentication rules include:
  • the above predetermined judgment rules are:
  • the application scenario of the foregoing solution 1 is: when the user logs in through the public welfare platform, the public interest platform first authenticates by using the user name and user password provided by the user. If the verification result is that the verification fails, the user may be an illegal login user or the user forgets the user. Username and/or user password, in order to prevent misjudgment, the public welfare platform performs multiple authentication to ensure the accuracy of authentication.
  • the above predetermined judgment rules are:
  • the first verification result is that the verification is successful
  • determining whether to perform the multiple identity verification according to the user identification information in the first user identity information and based on the predetermined determination sub-rule determining whether to perform the multiple identity verification according to the user identification information in the first user identity information and based on the predetermined determination sub-rule.
  • the outputting of the judgment result is to perform the multi-intelligence verification.
  • the outputting of the judgment result is that the multi-factor authentication is not performed.
  • the output judgment result is that the multiple authentication is not performed.
  • the above predetermined judging rule is:
  • the output judgment result is to perform multi-factor authentication.
  • the output judgment result is that multi-factor authentication is not performed.
  • the multiple identity identifier may also be set in advance in the user identification information. If the multiple identity identifier exists in the user identifier information of a user, it is determined to perform multiple identity verification, if the user of the user If the multiple authentication identifier does not exist in the identification information, it is determined that multiple authentication is not performed.
  • the application scenario of the foregoing solution 2 is: when the user logs in through the public welfare platform, the public welfare platform first performs verification by using the first user identity information provided by the user. If the verification is passed, it is further determined whether the user is a user with a high system operation level (for example, a public interest platform employee), and since these users can often have processing authority for confidential data or non-public data in the system, to ensure system data security. Sex, the user's real identity needs to be verified to confirm that the login is actually performed by the user himself.
  • a high system operation level for example, a public interest platform employee
  • the user is a user with a high system operation level, it is determined that the user needs to perform multiple authentication; if it is determined that the user is not a user with a high system operation level, it is determined that the user does not need only multiple authentication, but only The first user identity information needs to be verified. Since the first user identity information is identity information that does not involve user privacy, the first user identity information may be stored in each node of the blockchain, and even if the first user identity information is stolen, the user is not caused. The disclosure of privacy.
  • the second user identity information includes user identity information and second user identity feature information.
  • the second user identity feature information includes at least one of user biometric information and identity document information.
  • the user biometric information includes fingerprint information, face information, iris information, voiceprint information, and the like for biometric information for uniquely identifying a user identity.
  • the above identification information includes the ID number, passport number, employee number, and the like.
  • mapping relationship between the foregoing user identification information and the verification node identification information may be stored in a mapping table, wherein the identity verification of a user may be completed by one or more verification nodes, and the number of verification nodes enabled to perform one user identity verification may be Determined according to needs, not limited here.
  • the publishing module 105 is specifically used to:
  • the blockchain network decrypts the encrypted second user identity information according to the predetermined first decryption rule to obtain the first And the second user identity information is verified, and the verification result is obtained, and the feedback information carrying the node identification information is generated according to the verification result, and the feedback information is broadcasted to the blockchain network.
  • the step of performing the encryption processing on the second user identity information according to the predetermined first encryption rule, and issuing the second identity verification request carrying the encrypted second user identity information to the blockchain network specifically:
  • the public key corresponding to the verification node is obtained.
  • the second user identity information is encrypted by using the obtained public key corresponding to the verification node to obtain the encrypted second user identity information.
  • the second user identity information is separately encrypted by using the obtained public key corresponding to each of the verification nodes to obtain a plurality of the encrypted second user identity information.
  • the second authentication request is then issued to the blockchain network by the publishing node.
  • the above one verification node (for example, the public interest platform employee management node device) generally corresponds to a blockchain-based first identity verification program, and the blockchain-based first identity verification program is stored in the memory, and the blockchain is based on the blockchain.
  • the first authentication program can be executed by one or more processors, and the processor executing the blockchain-based first identity verification program can be set in the verification node or can be set on the application end (for example, the nonprofit platform employee)
  • the management subsystem may also be independently disposed in an electronic device. For example, if the processor is disposed in the verification node, the processor may be a smart contract corresponding to the verification node.
  • the verification node decrypts the encrypted second user identity information by using the private key corresponding to the verification node after receiving the second identity verification request to obtain the Second user identity information. And searching for the second pre-encrypted storage corresponding to the user identifier information, according to the user identifier information in the second user identity information, and based on a mapping relationship between the predetermined user identifier information and the second standard user identity feature information. Standard user identity information, and decrypting the encrypted second standard user identity feature information by using a symmetric encryption key corresponding to the verification node to obtain second standard user identity feature information, according to the second criterion of the search The user identity information is used to verify the second user identity feature information to be verified in the second identity information.
  • the verification result is verified to be successful. If the second user identity feature information to be verified is different from the second standard user identity feature information, the verification result is a verification failure. And generating, according to the verification result, feedback information carrying the node identification information, where the verification node issues the generated feedback information to the blockchain network.
  • each of the verification nodes can receive the plurality of encrypted second user identity information, and the verification node can only receive the encrypted second user identity information.
  • Decrypting the second user identity information encrypted with the public key corresponding to the verification node. a method for verifying, by the verification node, the received second user identity information by using a private key corresponding to each verification node, verifying the second user identity information, and generating and distributing feedback information. The method is the same and will not be described here.
  • the above predetermined first result analysis rule is:
  • the verification node is one, when the verification result is successful, the first analysis result is determined as successful verification; when the verification result is verification failure, determining that the first analysis result is verification failure;
  • the verification node is multiple, when all the verification results are successful, it is determined that the first analysis result is the verification success; otherwise, the first analysis result is determined to be the verification failure.
  • the above predetermined second result analysis rule is:
  • the second analysis result is that the verification is successful
  • the second analysis result is a verification failure.
  • this embodiment after verifying the first user identity information according to the predetermined identity verification rule, determining whether to perform the multiple identity verification according to the predetermined determination rule, and after determining to perform the multiple identity verification, publishing the second user identity information to the The blockchain network is verified to obtain verification results for multiple authentications.
  • this embodiment can meet the diversified requirements of multiple application scenarios, improve the accuracy of user identity verification, and prevent user identity information from being leaked.
  • the application also provides a blockchain-based authentication method, which is applicable to a publishing end of an identity verification request in a blockchain network, for example, a publishing node.
  • the first identity verification program based on the blockchain is stored in the memory, and the blockchain-based first identity verification program may be executed by one or more processors to implement the block based in the embodiment.
  • the chain authentication method, the processor executing the blockchain-based first identity verification program may be set in the verification node, or may be set in the application end (for example, a public welfare platform), or may be independently set in an electronic In the device, for example, if the processor is disposed in the publishing node, the processor may be a smart contract corresponding to the publishing node.
  • FIG. 4 is a schematic flowchart of a first embodiment of a blockchain-based identity verification method according to the present application.
  • the method includes:
  • Step S110 When receiving the first identity verification request that carries the first user identity information, verify the first user identity information according to a predetermined identity verification rule to obtain a first verification result.
  • the first user identity information is identity information that does not involve user privacy. Even if the first user identity information is obtained by another person, the winner of the first user identity information cannot learn the true identity of the user by using the first user identity information.
  • the first user identity information includes user identification information and first user identity information, where the user identity association information includes user name information and user password information (the user password information may be U shield, electronic certificate, etc. as a storage medium). ), dynamic code, etc.
  • the above predetermined authentication rules include:
  • Step S120 Determine whether to perform multiple identity verification according to the obtained first verification result, the first user identity information, and a predetermined determination rule.
  • the predetermined judgment rules are explained by the following two schemes:
  • the above predetermined judgment rules are:
  • the application scenario of the foregoing solution 1 is: when the user logs in through the public welfare platform, the public interest platform first authenticates by using the user name and user password provided by the user. If the verification result is that the verification fails, the user may be an illegal login user or the user forgets the user. Username and/or user password, in order to prevent misjudgment, the public welfare platform performs multiple authentication to ensure the accuracy of authentication.
  • the above predetermined judgment rules are:
  • the first verification result is that the verification is successful
  • determining whether to perform the multiple identity verification according to the user identification information in the first user identity information and based on the predetermined determination sub-rule determining whether to perform the multiple identity verification according to the user identification information in the first user identity information and based on the predetermined determination sub-rule.
  • the outputting of the judgment result is to perform the multi-intelligence verification.
  • the outputting of the judgment result is that the multi-factor authentication is not performed.
  • the output judgment result is that the multiple authentication is not performed.
  • the above predetermined judging rule is:
  • the output judgment result is to perform multi-factor authentication.
  • the output judgment result is that multi-factor authentication is not performed.
  • the multiple identity identifier may also be set in advance in the user identification information. If the multiple identity identifier exists in the user identifier information of a user, it is determined to perform multiple identity verification, if the user of the user If the multiple authentication identifier does not exist in the identification information, it is determined that multiple authentication is not performed.
  • the application scenario of the foregoing solution 2 is: when the user logs in through the public welfare platform, the public welfare platform first performs verification by using the first user identity information provided by the user. If the verification is passed, it is further determined whether the user is a user with a high system operation level (for example, a public interest platform employee), and since these users can often have processing authority for confidential data or non-public data in the system, to ensure system data security. Sex, the user's real identity needs to be verified to confirm that the login is actually performed by the user himself.
  • a high system operation level for example, a public interest platform employee
  • the user is a user with a high system operation level, it is determined that the user needs to perform multiple authentication; if it is determined that the user is not a user with a high system operation level, it is determined that the user does not need only multiple authentication, but only The first user identity information needs to be verified. Since the first user identity information is identity information that does not involve user privacy, the first user identity information may be stored in each node of the blockchain, and even if the first user identity information is stolen, the user is not caused. The disclosure of privacy.
  • Step S130 when it is determined that the multiple authentication is not performed, outputting the first verification result as a user identity verification result.
  • Step S140 when it is determined that the multiple identity verification is performed, acquiring the second user identity information.
  • the second user identity information includes user identity information and second user identity feature information.
  • the second user identity feature information includes at least one of user biometric information and identity document information.
  • the user biometric information includes fingerprint information, face information, iris information, voiceprint information, and the like for biometric information for uniquely identifying a user identity.
  • the above identification information includes the ID number, passport number, employee number, and the like.
  • Step S150 Search for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identifier information in the first user identity information and the predetermined user identifier information and the verification node identifier information.
  • mapping relationship between the foregoing user identification information and the verification node identification information may be stored in a mapping table, wherein the identity verification of a user may be completed by one or more verification nodes, and the number of verification nodes enabled to perform one user identity verification may be Determined according to needs, not limited here.
  • Step S160 the second identity verification request carrying the second user identity information is sent to the blockchain network, and the carrying node identification information that is verified by the blockchain network and generated and broadcasted by the second user identity information is received. Feedback information.
  • Step S160 specifically includes:
  • the blockchain network decrypts the encrypted second user identity information according to the predetermined first decryption rule to obtain the first And the second user identity information is verified, and the verification result is obtained, and the feedback information carrying the node identification information is generated according to the verification result, and the feedback information is broadcasted to the blockchain network.
  • the step of performing the encryption processing on the second user identity information according to the predetermined first encryption rule, and issuing the second identity verification request carrying the encrypted second user identity information to the blockchain network specifically:
  • the public key corresponding to the verification node is obtained.
  • the second user identity information is encrypted by using the obtained public key corresponding to the verification node to obtain the encrypted second user identity information.
  • the second user identity information is separately encrypted by using the obtained public key corresponding to each of the verification nodes to obtain a plurality of the encrypted second user identity information.
  • the second authentication request is then issued to the blockchain network by the publishing node.
  • the above one verification node (for example, the public interest platform employee management node device) generally corresponds to a blockchain-based first identity verification program, and the blockchain-based first identity verification program is stored in the memory, and the blockchain is based on the blockchain.
  • the first authentication program can be executed by one or more processors, and the processor executing the blockchain-based first identity verification program can be set in the verification node or can be set on the application end (for example, the nonprofit platform employee)
  • the management subsystem may also be independently disposed in an electronic device. For example, if the processor is disposed in the verification node, the processor may be a smart contract corresponding to the verification node.
  • the verification node decrypts the encrypted second user identity information by using the private key corresponding to the verification node after receiving the second identity verification request to obtain the
  • the second user identity information is obtained according to the user identity information in the second user identity information, and based on the mapping relationship between the predetermined user identity information and the second standard user identity feature information, searching for the corresponding information of the user identity information Pre-encrypting the stored second standard user identity feature information, and decrypting the encrypted second standard user identity feature information by using a symmetric encryption key corresponding to the verification node, to obtain a second standard user identity feature information, according to the search
  • the second standard user identity feature information is used to verify the second user identity feature information to be verified in the second identity information; if the second user identity feature information and the second standard user identity feature information are to be verified If the same, the output verification result is verified successfully; if the second user identity characteristic letter is to be verified Different from the second standard user identity information, the output verification result is a verification failure; according to the verification result, feedback information carrying the node
  • each of the verification nodes can receive the plurality of encrypted second user identity information, and the verification node can only receive the encrypted second user identity information.
  • the method for verifying the second user identity information and generating and distributing the feedback information is the same as the foregoing method, and details are not described herein.
  • Step S170 Perform analysis processing on the verification result in the feedback information based on the predetermined first result analysis rule, and output the first analysis result as the second verification result.
  • the above predetermined first result analysis rule is:
  • the verification node is one, when the verification result is successful, the first analysis result is determined as the verification success; when the verification result is the verification failure, determining that the first analysis result is a verification failure;
  • the verification node is multiple, when all the verification results are successful, it is determined that the first analysis result is the verification success; otherwise, the first analysis result is determined to be the verification failure.
  • Step S180 Perform analysis processing on the second verification result according to the predetermined second result analysis rule, and output a second analysis result as the identity verification result of the user.
  • the above predetermined second result analysis rule is:
  • the second analysis result is that the verification is successful
  • the second analysis result is a verification failure.
  • the identity verification method provided in this embodiment can meet the diversified requirements of multiple application scenarios, improve the accuracy of user identity verification, and prevent user identity information from being leaked.
  • the present application further provides a computer readable storage medium storing a first identity verification program based on a blockchain, wherein the blockchain-based first identity verification program can be at least A processor executes to cause the at least one processor to perform the blockchain based authentication method of any of the above embodiments.
  • the application also proposes a second identity verification procedure based on a blockchain.
  • FIG. 5 is a schematic diagram of the operating environment of the first embodiment of the second identity verification program 20 based on the blockchain of the present application.
  • the block chain-based second identity verification program 20 is installed and operates in the second electronic device 2.
  • the second electronic device 2 may be a verification node device, or an application server corresponding to the verification node device, and may be an electronic device other than the verification node device and the application server. .
  • the second electronic device 2 can be a computing device such as a desktop computer, a notebook, a palmtop computer, and a server.
  • the second electronic device 2 can include, but is not limited to, a memory 21, a processor 22, and a display 23.
  • Figure 5 shows only the second electronic device 2 with components 21-23, but it should be understood that not all illustrated components may be implemented and that more or fewer components may be implemented instead.
  • the memory 21 may be an internal storage unit of the second electronic device 2, such as a hard disk or memory of the second electronic device 2, in some embodiments.
  • the memory 21 may also be an external storage device of the second electronic device 2 in other embodiments, such as a plug-in hard disk equipped on the second electronic device 2, a smart memory card (SMC), and a secure digital (Secure) Digital, SD) cards, flash cards, etc.
  • the memory 21 may also include both an internal storage unit of the second electronic device 2 and an external storage device.
  • the memory 21 is used to store application software and various types of data installed in the second electronic device 2, such as program code of the second identity verification program 20 based on the blockchain.
  • the memory 21 can also be used to temporarily store data that has been output or is about to be output.
  • the processor 22 in some embodiments, may be a Central Processing Unit (CPU), microprocessor or other data processing chip for running program code or processing data stored in the memory 21, such as executing a second identity. Verification program 20, etc.
  • the processor 22 may be a smart contract.
  • the display 23 may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch sensor, or the like in some embodiments.
  • the display 23 is used to display information processed in the second electronic device 2 and a user interface for displaying visualizations.
  • the components 21-23 of the second electronic device 2 communicate with one another via a system bus.
  • FIG. 6 is a program module diagram of the first embodiment of the block chain-based second identity verification program 20 of the present application.
  • the blockchain-based second identity verification program 20 can be divided into one or more modules, one or more modules are stored in the memory 21, and by one or more processors (this implementation) The example is executed by the processor 22) to complete the application.
  • the blockchain based second identity verification program 20 can be partitioned into a receiving module 201 and a verification module 202.
  • a module as referred to in the present application refers to a series of computer program instruction segments capable of performing a specific function, and is more suitable than a program to describe the execution process of the blockchain-based second identity verification program 20 in the second electronic device 2, wherein:
  • the receiving module 201 is configured to receive an identity verification request that carries user identity information.
  • the verification module 202 is configured to check the user identity information to obtain a verification result, and generate feedback information carrying the node identification information according to the verification result, and broadcast the feedback information to the blockchain network.
  • the user identity information includes user identification information and user identity feature information.
  • the user identity feature information includes at least one of user biometric information and identity document information.
  • the user biometric information includes fingerprint information, face information, iris information, voiceprint information, and the like for biometric information for uniquely identifying a user identity.
  • the above identification information includes the ID number, passport number, employee number, and the like.
  • the user identity information is encrypted user identity information obtained by encrypting user identity information by using a predetermined first encryption rule.
  • the first encryption rule includes: encrypting the user identity information by using the public key of the verification node.
  • the verification module 202 is specifically configured to:
  • the user identity information includes user identification information and identity information of the user to be verified;
  • the output verification result is successful verification
  • the verification result is a verification failure.
  • this embodiment satisfies the diversified requirements of multiple application scenarios, improves the accuracy of user identity verification, and prevents user identity information from being leaked.
  • the application also provides a blockchain-based authentication method, which is applicable to a receiving end of an identity verification request in a blockchain network, for example, a verification node.
  • the blockchain-based second identity verification program is stored in the memory, and the blockchain-based second identity verification program can be executed by one or more processors to implement the block based in the embodiment.
  • the chain authentication method, the processor executing the blockchain-based second identity verification program may be set in the verification node, or may be set in the application end (for example, the public welfare platform employee management subsystem), or may be independent
  • the processor is disposed in an electronic device. For example, if the processor is disposed in the verification node, the processor may be a smart contract corresponding to the verification node.
  • FIG. 7 is a schematic flowchart of a second embodiment of a blockchain-based identity verification method according to the present application.
  • the method includes:
  • Step S210 Receive an identity verification request that carries user identity information.
  • the user identity information includes user identification information and user identity feature information.
  • the user identity feature information includes at least one of user biometric information and identity document information.
  • the user biometric information includes fingerprint information, face information, iris information, voiceprint information, and the like for biometric information that uniquely identifies the user.
  • the above identification information includes the ID number, passport number, employee number, and the like.
  • the user identity information is encrypted user identity information obtained by encrypting user identity information by using a predetermined first encryption rule.
  • the first encryption rule includes: encrypting the user identity information by using the public key of the verification node.
  • Step S220 Perform verification on the user identity information to obtain a verification result, and generate feedback information carrying the node identification information according to the verification result, and broadcast the feedback information to the blockchain network.
  • the step S220 includes:
  • the user identity information includes user identification information and identity information of the user to be verified;
  • the output verification result is successful verification
  • the verification result is a verification failure.
  • this embodiment satisfies the diversified requirements of multiple application scenarios, improves the accuracy of user identity verification, and prevents user identity information from being leaked.
  • the present application further provides a computer readable storage medium storing a blockchain-based second identity verification program, the blockchain-based second identity verification program being at least A processor executes to cause the at least one processor to perform the blockchain based authentication method of any of the above embodiments.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

L'invention concerne un dispositif électronique, un procédé d'authentification fondé sur une chaîne de blocs et un programme et un support d'informations informatique. Le procédé consiste : après la vérification de premières informations d'identité d'utilisateur conformément à une règle d'authentification prédéterminée, à déterminer s'il convient d'exécuter une authentification multifactorielle conformément à une règle de détermination prédéterminée ; et lorsqu'il est déterminé d'exécuter une authentification multifactorielle, à libérer des secondes informations d'identité d'utilisateur vers un réseau de chaîne de blocs pour une vérification, de façon à obtenir un résultat de vérification de l'authentification multifactorielle. Des exigences diversifiées de multiples scénarios d'application peuvent être satisfaites, la précision d'authentification d'utilisateur peut être améliorée et une fuite d'informations d'identité d'utilisateur peut également être empêchée.
PCT/CN2018/102407 2018-04-26 2018-08-27 Dispositif électronique, procédé d'authentification fondé sur une chaîne de blocs et programme et support d'informations informatique WO2019205389A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810386011.6A CN108777675B (zh) 2018-04-26 2018-04-26 电子装置、基于区块链的身份验证方法和计算机存储介质
CN201810386011.6 2018-04-26

Publications (1)

Publication Number Publication Date
WO2019205389A1 true WO2019205389A1 (fr) 2019-10-31

Family

ID=64026779

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/102407 WO2019205389A1 (fr) 2018-04-26 2018-08-27 Dispositif électronique, procédé d'authentification fondé sur une chaîne de blocs et programme et support d'informations informatique

Country Status (2)

Country Link
CN (1) CN108777675B (fr)
WO (1) WO2019205389A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11348104B2 (en) * 2019-03-14 2022-05-31 Advanced New Technologies Co., Ltd. Methods and devices for acquiring and recording tracking information on blockchain
US12056731B1 (en) 2023-01-11 2024-08-06 Wells Fargo Bank, N.A. Self-disclosed identity on a network

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109767534B (zh) * 2019-01-17 2022-03-04 平安科技(深圳)有限公司 基于区块链的门禁访问方法、系统、管理终端和门禁终端
CN110555296B (zh) * 2019-08-01 2020-08-18 阿里巴巴集团控股有限公司 基于区块链的身份验证方法、装置及设备
CN110727933A (zh) * 2019-09-10 2020-01-24 阿里巴巴集团控股有限公司 身份认证方法、装置、电子设备及存储介质
CN110602114B (zh) * 2019-09-19 2022-07-19 腾讯科技(深圳)有限公司 基于区块链的身份验证方法及装置、存储介质、电子设备
CN111010367B (zh) * 2019-11-07 2022-11-29 深圳市电子商务安全证书管理有限公司 数据存证方法、装置、计算机设备和存储介质
CN114880645A (zh) * 2022-06-07 2022-08-09 中关村科学城城市大脑股份有限公司 一种基于区块链的身份核验方法和装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106533696A (zh) * 2016-11-18 2017-03-22 江苏通付盾科技有限公司 基于区块链的身份认证方法、认证服务器及用户终端
CN107257340A (zh) * 2017-06-19 2017-10-17 阿里巴巴集团控股有限公司 一种认证方法、基于区块链的认证数据处理方法及设备
CN107276973A (zh) * 2016-12-10 2017-10-20 江苏恒为信息科技有限公司 一种互联网物品身份标识构建及验证方法
CN107480555A (zh) * 2017-08-01 2017-12-15 中国联合网络通信集团有限公司 基于区块链的数据库访问权限控制方法及设备

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6914517B2 (en) * 2001-04-17 2005-07-05 Dalton Patrick Enterprises, Inc. Fingerprint sensor with feature authentication
CN101557406B (zh) * 2009-06-01 2012-04-18 杭州华三通信技术有限公司 一种用户终端的认证方法、装置及系统
CN102202040B (zh) * 2010-03-26 2014-06-04 联想(北京)有限公司 一种对客户端进行认证方法及装置
US8949951B2 (en) * 2011-03-04 2015-02-03 Red Hat, Inc. Generating modular security delegates for applications
CN102236766B (zh) * 2011-05-10 2014-04-09 桂林电子科技大学 安全的数据项级数据库加密方法
CN105005720B (zh) * 2015-06-24 2018-01-19 青岛大学 计算机安全控制系统
US11227675B2 (en) * 2016-08-23 2022-01-18 BBM Health LLC Blockchain-based mechanisms for secure health information resource exchange
EP3486817B1 (fr) * 2016-09-18 2020-11-11 Cloudminds (Shenzhen) Robotics Systems Co., Ltd. Procédés, produits programme d'ordinateur et noeuds d'authentification d'identité fondés sur une chaîne de blocs
CN106453407B (zh) * 2016-11-23 2019-10-15 江苏通付盾科技有限公司 基于区块链的身份认证方法、认证服务器及用户终端
CN107241329B (zh) * 2017-06-07 2020-04-21 北京奇艺世纪科技有限公司 账号登录处理方法及装置

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106533696A (zh) * 2016-11-18 2017-03-22 江苏通付盾科技有限公司 基于区块链的身份认证方法、认证服务器及用户终端
CN107276973A (zh) * 2016-12-10 2017-10-20 江苏恒为信息科技有限公司 一种互联网物品身份标识构建及验证方法
CN107257340A (zh) * 2017-06-19 2017-10-17 阿里巴巴集团控股有限公司 一种认证方法、基于区块链的认证数据处理方法及设备
CN107480555A (zh) * 2017-08-01 2017-12-15 中国联合网络通信集团有限公司 基于区块链的数据库访问权限控制方法及设备

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11348104B2 (en) * 2019-03-14 2022-05-31 Advanced New Technologies Co., Ltd. Methods and devices for acquiring and recording tracking information on blockchain
US12056731B1 (en) 2023-01-11 2024-08-06 Wells Fargo Bank, N.A. Self-disclosed identity on a network

Also Published As

Publication number Publication date
CN108777675A (zh) 2018-11-09
CN108777675B (zh) 2020-04-14

Similar Documents

Publication Publication Date Title
WO2019205389A1 (fr) Dispositif électronique, procédé d'authentification fondé sur une chaîne de blocs et programme et support d'informations informatique
US11558381B2 (en) Out-of-band authentication based on secure channel to trusted execution environment on client device
KR102493744B1 (ko) 생체 특징에 기초한 보안 검증 방법, 클라이언트 단말, 및 서버
US8572689B2 (en) Apparatus and method for making access decision using exceptions
US8572714B2 (en) Apparatus and method for determining subject assurance level
US8752124B2 (en) Apparatus and method for performing real-time authentication using subject token combinations
US11418499B2 (en) Password security
US20120030475A1 (en) Machine-machine authentication method and human-machine authentication method for cloud computing
CN103259663A (zh) 一种云计算环境下的用户统一认证方法
CN116980230B (zh) 一种信息安全保护方法及装置
EP3206329B1 (fr) Procédé, dispositif, terminal et serveur de contrôle de sécurité
JP5013931B2 (ja) コンピューターログインをコントロールする装置およびその方法
US20220067130A1 (en) Computing System and Method for Verification of Access Permissions
US20130047204A1 (en) Apparatus and Method for Determining Resource Trust Levels
US20130047245A1 (en) Apparatus and Method for Performing Session Validation to Access Confidential Resources
US8850515B2 (en) Method and apparatus for subject recognition session validation
US11177958B2 (en) Protection of authentication tokens
US9159065B2 (en) Method and apparatus for object security session validation
Cahill et al. Client-based authentication technology: user-centric authentication using secure containers
CN114139131A (zh) 操作系统登录方法、装置及电子设备
KR102648908B1 (ko) 사용자 인증 시스템 및 방법
CN118118227A (zh) 统一身份认证方法及装置
US20130047243A1 (en) Apparatus and Method for Performing Session Validation
RU2565529C2 (ru) Способ обеспечения доступа к объектам в операционной системе
KR20160071711A (ko) 안전 인증 시스템 및 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18916938

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 05/02/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 18916938

Country of ref document: EP

Kind code of ref document: A1