WO2020082886A1 - Procédé et appareil d'authentification ainsi que dispositif électronique - Google Patents

Procédé et appareil d'authentification ainsi que dispositif électronique Download PDF

Info

Publication number
WO2020082886A1
WO2020082886A1 PCT/CN2019/102816 CN2019102816W WO2020082886A1 WO 2020082886 A1 WO2020082886 A1 WO 2020082886A1 CN 2019102816 W CN2019102816 W CN 2019102816W WO 2020082886 A1 WO2020082886 A1 WO 2020082886A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
event
server
authenticated
blockchain
Prior art date
Application number
PCT/CN2019/102816
Other languages
English (en)
Chinese (zh)
Inventor
林立
闫莺
宋旭阳
Original Assignee
阿里巴巴集团控股有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿里巴巴集团控股有限公司 filed Critical 阿里巴巴集团控股有限公司
Publication of WO2020082886A1 publication Critical patent/WO2020082886A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions

Definitions

  • One or more embodiments of this specification relate to the field of identity authentication technology, and in particular, to an authentication method and device, and electronic equipment.
  • one or more embodiments of this specification provide an authentication method and apparatus, and electronic equipment.
  • an authentication method including:
  • the server receives an authentication request, which is initiated by the client for the event to be authenticated, and the event to be authenticated is declared to be related to the specified object;
  • the server acquires a transaction event related to the event to be authenticated from the blockchain, and the transaction event is signed by the transaction-related object through a pre-registered digital identity;
  • the server determines the entity identity of the transaction-related object based on the signature of the transaction event, the pre-recorded mapping relationship between the entity identity of each object and the digital identity, and is used to authenticate whether the specified object is Describe the transaction-related objects.
  • an authentication method including:
  • the client initiates an authentication request to the server for the event to be authenticated to instruct the server to obtain a transaction event related to the event to be authenticated from the blockchain, the transaction event is registered by the transaction-related object through a digital identity Sign
  • the client receives the entity identity of the transaction-related object to verify whether the specified object is the transaction-related object, wherein the specified object is declared to be related to the event to be authenticated, and the transaction-related object
  • entity identity of is determined by the server according to the signature of the transaction event, the mapping relationship between the pre-recorded entity identity of each object and the digital identity; or, the client receives the identity authentication returned by the server As a result, the identity authentication result is used to indicate whether the designated object is the transaction-related object.
  • an authentication device including:
  • the request receiving unit enables the server to receive the authentication request, which is initiated by the client for the event to be authenticated, and the event to be authenticated is declared to be related to the specified object;
  • the event acquisition unit enables the server to acquire a transaction event related to the event to be authenticated from the blockchain, and the transaction event is signed by the transaction-related object through a pre-registered digital identity;
  • the identity determination unit enables the server to determine the entity identity of the transaction-related object based on the mapping between the signature of the transaction event, the pre-recorded entity identity of each object and the digital identity, for use in authenticating the Specifies whether the object is the transaction-related object.
  • an authentication device including:
  • the request unit enables the client to initiate an authentication request to the server for the event to be authenticated, to instruct the server to obtain the transaction event related to the event to be authenticated from the blockchain, and the transaction event is passed by the transaction related object in advance Sign the registered digital identity;
  • An identity receiving unit causing the client to receive the entity identity of the transaction-related object for use in verifying whether a specified object is the transaction-related object, wherein the specified object is declared to be related to the event to be authenticated, and The entity identity of the transaction-related object is determined by the server according to the signature of the transaction event, the mapping relationship between the pre-recorded entity identity and digital identity of each object; or, the client receives the service
  • the identity authentication result returned by the terminal, the identity authentication result is used to indicate whether the specified object is the transaction-related object.
  • an electronic device including:
  • Memory for storing processor executable instructions
  • the processor executes the executable instruction to implement the method according to the first aspect.
  • an electronic device including:
  • Memory for storing processor executable instructions
  • the processor executes the executable instruction to implement the method according to the second aspect.
  • FIG. 1 is a flowchart of an authentication method provided by an exemplary embodiment
  • FIG. 2 is a flowchart of another authentication method provided by an exemplary embodiment
  • FIG. 3 is a schematic diagram of a registered digital identity provided by an exemplary embodiment
  • FIG. 4 is a schematic diagram of an information storage certificate provided by an exemplary embodiment
  • FIG. 5 is a schematic diagram of an authentication and authorization situation provided by an exemplary embodiment
  • FIG. 6 is a schematic structural diagram of a device provided by an exemplary embodiment
  • FIG. 7 is a block diagram of an authentication device provided by an exemplary embodiment
  • FIG. 8 is a schematic structural diagram of another device provided by an exemplary embodiment
  • FIG. 9 is a block diagram of another authentication apparatus provided by an exemplary embodiment.
  • the steps of the corresponding method are not necessarily performed in the order shown and described in this specification.
  • the method may include more or fewer steps than described in this specification.
  • the single step described in this specification may be decomposed into multiple steps for description in other embodiments; and the multiple steps described in this specification may also be combined into a single step in other embodiments description.
  • FIG. 1 is a flowchart of an authentication method provided by an exemplary embodiment. As shown in Figure 1, this method is applied to the server and can include the following steps:
  • Step 102 The server receives an authentication request.
  • the authentication request is initiated by the client for the event to be authenticated, and the event to be authenticated is declared to be related to the specified object.
  • the designated object is the object specified by the "declaration".
  • the designated objects can be individuals, institutions (such as enterprises, etc.) or both.
  • the number of designated objects can be one or more, and this specification does not limit this.
  • the association relationship between the "event to be authenticated” and the "designated object” may be declared in any form, and this specification does not limit this.
  • the content of the "to-be-certified event” and the information of the "designated object” can be presented in the same image, for example, the image can be a promotional poster, and the content of the "to-be-certified event” can be the promotional content of the poster, "designated object”
  • the information is the photo of the celebrity in the poster, which is equivalent to declaring that the celebrity is the endorsement of the promotional content in the poster; for another example, the content of the "to be certified event” and the information of the "designated object” can be printed on the same paper, such as the paper
  • the content of "event to be authenticated” is the position information in the business card
  • the information of "designated object” is the name in the business card, which is equivalent to declaring that the issuer of the business card (that is, the user corresponding to the name) is in the corresponding
  • Step 104 The server obtains a transaction event related to the event to be authenticated from the blockchain, and the transaction event is signed by the transaction-related object through a pre-registered digital identity.
  • the transaction-related object may be registered in the above-mentioned server in advance to obtain the corresponding digital identity; or, the transaction-related object may be registered at another service provider to obtain the corresponding digital identity, and the other service provider
  • the identity authentication service can be provided to the above-mentioned server, or the access right to the mapping relationship between the acquired entity identity and digital identity can be opened to the above-mentioned server, so that the server can implement identity authentication by itself.
  • the transaction-related object may be an institution, which may use its own entity identity to register with the above-mentioned server or other service provider to obtain the corresponding digital identity.
  • the transaction related object can be an individual, who can use his own entity identity to register with the above-mentioned server or other service providers to obtain the corresponding digital identity; or, when the individual is an employee of a certain structure or there is a certain
  • the individual can first obtain the certification of an organization and obtain the signature implemented by the organization ’s registered digital identity, which is equivalent to the organization endorsement of the individual ’s identity, and then the individual can use the signature in the above services End or other service providers to register to obtain the corresponding digital identity.
  • transaction-related objects can also obtain digital identities in other ways, and this specification does not limit this.
  • the signature of the transaction event when there is a single transaction-related object, the signature of the transaction event is a single signature; when there are multiple transaction-related objects, the signature of the transaction event is a multi-signature.
  • the transaction-related object may be the issuer of the transaction event, that is, the transaction-related object signs the transaction event and then publishes it to the blockchain (through its corresponding blockchain node, directly to the blockchain Or, submit to the server, and the server publishes the transaction event to the blockchain through its corresponding blockchain node.
  • the transaction-related object is not the issuer of the transaction event, and the transaction-related object can sign the transaction event and then publish it to the blockchain by the issuer; wherein, the transaction-related object can be The issuer and the transaction event are authenticated separately, such as confirming that the identity of the issuer is true and reliable, confirming that the content of the transaction event is true and reliable, and signing the transaction event after the confirmation is passed, otherwise no signature will be implemented.
  • authenticating the identity of the publisher you can restrict the publisher to have a preset association relationship with the transaction-related objects.
  • the transaction-related object is an enterprise
  • the publisher is an internal employee of the enterprise
  • the transaction-related object is an individual
  • the release The party is the address book friend of the transaction-related object, and when there is no preset association relationship, it is considered that the identity of the issuer has not been authenticated.
  • the issuer can publish transaction events to the blockchain through its corresponding blockchain node.
  • the publisher may submit the transaction event to the server, and the server publishes the transaction event to the blockchain through its corresponding blockchain node.
  • the server can verify the identity of the publisher and the content of the transaction event: if the signature contained in the transaction event is the signature of the publisher, and the identity of the publisher has been registered with the server or other service providers, the server can It is believed that the identity of the publisher and the content of the transaction event are true and reliable, and can be posted to the blockchain; if the signature contained in the transaction event is a signature of a transaction-related object other than the publisher, the server can verify that the publisher and the transaction Whether there is the above-mentioned preset association relationship between transaction related objects, for example, the transaction related object is an enterprise, the publisher is an internal employee of the enterprise, and the transaction related object is an individual, and the publisher is the address book friend of the transaction related object, etc.
  • the server can query the digital identity pre-registered by the publisher; when the digital identity of the publisher is registered based on the signature provided by the transaction-related object to the publisher, the server determines The preset association relationship exists.
  • the issuer may request the transaction-related object to verify its entity identity in advance, and after the transaction-related object recognizes the entity identity of the issuer, it may provide the publisher with a digital signature (signed by the transaction-related object's private key), and The issuer may register its own digital identity based on the digital signature, so that the issuer's digital identity has already established an association relationship with the transaction related object's digital identity during registration. Then, after receiving the above-mentioned transaction event submitted by the publisher, the server can verify the identity of the publisher and the content of the transaction event based on the association relationship.
  • the transfer described in this specification refers to a piece of data that a user creates through a client of the blockchain and needs to be finally released to the distributed database of the blockchain.
  • a narrowly defined transaction refers to a value transfer issued by the user to the blockchain; for example, in the traditional Bitcoin blockchain network, the transaction can be a transfer initiated by the user in the blockchain.
  • the generalized transaction refers to a piece of business data with business intent that users release to the blockchain; for example, the operator can build an alliance chain based on actual business needs, relying on the alliance chain to deploy some other types that have nothing to do with value transfer Online services (for example, authentication services, rental services, vehicle scheduling services, insurance claims services, credit services, medical services, etc.), and in this type of alliance chain, transactions can be a sum of business issued by users in the alliance chain Intent business message or business request.
  • value transfer Online services for example, authentication services, rental services, vehicle scheduling services, insurance claims services, credit services, medical services, etc.
  • the transaction event by storing the transaction event in the blockchain, it can ensure that the content of the transaction event is safe and reliable, will not be tampered with, and can be verified from the blockchain ledger at any time, with extremely high reliability Sex and trustworthiness.
  • the server can obtain transaction anchor information, which is declared to be related to the event to be authenticated; then, the server obtains the transaction anchor information from the blockchain
  • the corresponding transaction event is used as the transaction event related to the event to be authenticated.
  • the transaction anchor information can be information such as the transaction serial number; for another example, when the transaction event is generated as an intelligence in the blockchain In a contract, the transaction anchor information may be the name of the smart contract, the transaction serial number corresponding to the smart contract, and other information.
  • the server can obtain the event content of the transaction event to verify the consistency between the transaction event and the above-mentioned event to be authenticated to ensure that the transaction event can be used to realize Authentication.
  • the server acquires the transaction event through the above-mentioned transaction anchor information, it is possible to avoid wrongful guidance to the server after the criminal anchor changes the transaction anchor information.
  • transaction anchor information can be presented in the poster in the form of a two-dimensional code, etc., and if the criminals anchor the two-dimensional code as the celebrity signs for other events Transaction event, then by checking the event content of the transaction event, you can accurately identify the wrongful act of the criminals and avoid misjudgment.
  • the server can call a smart contract, and the smart contract is used to verify the consistency between the transaction event and the event to be authenticated; similar to the above embodiment, this embodiment can also ensure this Transaction events can be used to implement identity authentication related to the event to be authenticated, but the judgment of consistency can be automatically completed by the smart contract, not by the server, to reduce the processing pressure of the server, or based on the automatic smart contract Implementation characteristics to ensure the objectivity and fairness of certification results.
  • the server can return the event content of the transaction event to the client, so that the client (or its user) can learn the details or verify the consistency between the transaction event and the event to be authenticated.
  • Step 106 The server determines the entity identity of the transaction-related object according to the signature of the transaction event and the pre-recorded mapping relationship between the entity identity of each object and the digital identity, which is used to authenticate the specified object Whether it is the transaction related object.
  • the transaction event related to the event to be authenticated by obtaining a transaction event related to the event to be authenticated and verifying the signature for the transaction event, it can be accurately determined whether the declared relationship between the event to be authenticated and the specified object is true and credible, such as when promoting When the poster contains a photo of a celebrity, you can determine whether the celebrity actually endorses the promotional content on the poster, for example, to determine whether the position included on the business card is true.
  • the server may send the determined entity identity of the transaction-related object to the client, so that the client or its user compares the entity identity of the transaction-related object with the entity identity of the specified object to determine Are the two consistent?
  • the server may actively compare the entity identity of the transaction-related object with the entity identity of the specified object, thereby verifying whether the specified object is the transaction-related object, and further return the authentication to the client result.
  • the authentication result may include only the judgment result of "whether it is consistent", or may further include the entity identity of the transaction-related object, for the client (or its user) to understand the details, or for it to verify the aforementioned judgment result.
  • FIG. 2 is a flowchart of another authentication method provided by an exemplary embodiment. As shown in FIG. 2, this method is applied to the client and may include the following steps:
  • Step 202 The client initiates an authentication request to the server for the event to be authenticated to instruct the server to obtain a transaction event related to the event to be authenticated from the blockchain, the transaction event is pre-registered by the transaction-related object Digital identity.
  • the transaction-related object may be registered in the above-mentioned server in advance to obtain the corresponding digital identity; or, the transaction-related object may be registered at another service provider to obtain the corresponding digital identity, and the other service provider
  • the identity authentication service can be provided to the above-mentioned server, or the access right to the mapping relationship between the acquired entity identity and digital identity can be opened to the above-mentioned server, so that the server can implement identity authentication by itself.
  • the transaction-related object may be an institution, which may use its own entity identity to register with the above-mentioned server or other service provider to obtain the corresponding digital identity.
  • the transaction related object can be an individual, who can use his own entity identity to register with the above-mentioned server or other service providers to obtain the corresponding digital identity; or, when the individual is an employee of a certain structure or there is a certain
  • the individual can first obtain the certification of an organization and obtain the signature implemented by the organization ’s registered digital identity, which is equivalent to the organization endorsement of the individual ’s identity, and then the individual can use the signature in the above services End or other service providers to register to obtain the corresponding digital identity.
  • transaction-related objects can also obtain digital identities in other ways, and this specification does not limit this.
  • the signature of the transaction event when there is a single transaction-related object, the signature of the transaction event is a single signature; when there are multiple transaction-related objects, the signature of the transaction event is a multi-signature.
  • the transfer described in this specification refers to a piece of data that a user creates through a client of the blockchain and needs to be finally released to the distributed database of the blockchain.
  • a narrowly defined transaction refers to a value transfer issued by the user to the blockchain; for example, in the traditional Bitcoin blockchain network, the transaction can be a transfer initiated by the user in the blockchain.
  • the generalized transaction refers to a piece of business data with business intent that users release to the blockchain; for example, the operator can build an alliance chain based on actual business needs, relying on the alliance chain to deploy some other types that have nothing to do with value transfer Online services (for example, authentication services, rental services, vehicle scheduling services, insurance claims services, credit services, medical services, etc.), and in this type of alliance chain, transactions can be a sum of business issued by users in the alliance chain Intent business message or business request.
  • value transfer Online services for example, authentication services, rental services, vehicle scheduling services, insurance claims services, credit services, medical services, etc.
  • the client can identify the barcode pattern (such as bar code, two-dimensional code, etc.) associated with the event to be authenticated to obtain transaction anchor information; then, the client can transfer the transaction Anchor information is uploaded to the server to obtain the transaction event from the blockchain by the server.
  • the transaction anchor information can be information such as the transaction serial number; for another example, when the transaction event is generated as an intelligence in the blockchain In a contract, the transaction anchor information may be the name of the smart contract, the transaction serial number corresponding to the smart contract, and other information.
  • Step 204 The client receives the entity identity of the transaction-related object to verify whether the specified object is the transaction-related object, wherein the specified object is declared to be related to the event to be authenticated, and the The entity identity of the transaction-related object is determined by the server according to the mapping relationship between the signature of the transaction event and the pre-recorded entity identity and digital identity of each object; or, the client receives the return from the server The authentication result of the identity is used to indicate whether the specified object is the transaction-related object.
  • the transaction event related to the event to be authenticated by obtaining a transaction event related to the event to be authenticated and verifying the signature for the transaction event, it can be accurately determined whether the declared relationship between the event to be authenticated and the specified object is true and credible, such as when promoting When the poster contains a photo of a celebrity, you can determine whether the celebrity actually endorses the promotional content on the poster, for example, to determine whether the position included on the business card is true.
  • the designated object is the object specified by the "declaration".
  • the designated objects can be individuals, institutions (such as enterprises, etc.) or both.
  • the number of designated objects can be one or more, and this specification does not limit this.
  • the association relationship between the "event to be authenticated” and the "designated object” may be declared in any form, and this specification does not limit this.
  • the content of the "to-be-certified event” and the information of the "designated object” can be presented in the same image, for example, the image can be a promotional poster, and the content of the "to-be-certified event” can be the promotional content of the poster, "designated object”
  • the information is the photo of the celebrity in the poster, which is equivalent to declaring that the celebrity is the endorsement of the promotional content in the poster; for another example, the content of the "to be certified event” and the information of the "designated object” can be printed on the same paper, such as It can be a business card, the content of "event to be authenticated” is the position information in the business card, and the information of "designated object” is the name in the business card, which is equivalent to declaring that the issuer of the business card (that is, the user corresponding to the name) is in the corresponding position
  • the client may receive the event content of the transaction event returned by the server to verify the consistency between the transaction event and the event to be authenticated to ensure the transaction event It can be used to implement identity authentication related to the event to be authenticated.
  • the server acquires the transaction event through the above-mentioned transaction anchor information, it is possible to avoid wrongful guidance to the server after the criminal anchor changes the transaction anchor information.
  • transaction anchor information can be presented in the poster in the form of a two-dimensional code, etc., and if the criminals anchor the two-dimensional code as the celebrity signs for other events Transaction event, then by checking the event content of the transaction event, you can accurately identify the wrongful act of the criminals and avoid misjudgment.
  • the transaction event is inconsistent with the event to be authenticated, it indicates that the transaction event is not a transaction event related to the event to be authenticated, so the client can determine that the specified object is not a transaction-related object of the transaction event related to the event to be authenticated.
  • the client may receive the content authentication result returned by the server, and the content authentication result is used to indicate consistency between the transaction event and the event to be authenticated.
  • the server can authenticate the consistency between the transaction event and the aforementioned event to be authenticated, and obtain the content authentication result described above to inform the client.
  • the client can also receive the event content of the transaction event returned by the server, so that the client (or its user) can learn the details, or verify the consistency between the transaction event and the event to be authenticated.
  • FIG. 3 is a schematic diagram of registering a digital identity provided by an exemplary embodiment.
  • a certification authority specifically, a server-side application running on an electronic device corresponding to the certification authority
  • the certification body can provide the materials and information required for registration, and the certification body can assign the corresponding digital identity to the enterprise AA after verification, such as enterprise digital identity 1; at the same time, the certification body can record the enterprise The mapping relationship between AA's corporate entity identity 1 and the enterprise's digital identity 1 to facilitate subsequent identity authentication.
  • the certification body also issues a public and private key pair to the enterprise AA for the enterprise AA to generate a digital signature (or electronic signature) used to characterize its enterprise digital identity 1.
  • enterprise BB can register with a certification authority and obtain a corresponding digital identity, such as enterprise digital identity 2.
  • the certification authority can record the mapping relationship between the enterprise entity identity 2 of the enterprise BB and the enterprise digital identity 2, and issue the public and private key pair used to generate the digital signature to the enterprise BB.
  • individuals can also register with certification bodies in a similar manner to obtain corresponding digital identities.
  • user A can provide the certification authority with the materials and information required for registration, and the certification authority can assign a corresponding digital identity to user A after verification, such as user digital identity 1.
  • the certification authority can record the mapping relationship between the user entity identity 1 of the user A and the user digital identity 1 to facilitate subsequent identity authentication.
  • the certification authority also issues a public and private key pair to user A for user A to generate a digital signature used to characterize his user's digital identity 1.
  • user B in addition to registering with a certification authority to obtain a digital identity in a similar manner to user A, if there is a certain relationship between user B and enterprise BB, for example, user B is an employee of enterprise BB, Then the user B can also complete the registration through the enterprise BB. For example, user B can submit an authentication to enterprise BB. This process is often easier than providing materials and information to register directly with the authentication structure, and enterprise BB confirms that user B can authenticate the user after passing the authentication.
  • B provides a digital signature, such as an enterprise digital signature 2 generated by a private key; and user B can register with the certification authority based on the enterprise digital signature 2 to obtain a digital identity assigned by the certification authority, such as user digital identity 2.
  • the certification authority can record the mapping relationship between the user entity identity 2 of the user B and the user digital identity 2, and issue a public and private key pair for generating a digital signature to the user B.
  • any enterprise, individual, etc. can register with the certification body, so that the certification body can separately record the mapping relationship between the entity identity of each enterprise or individual and the assigned digital identity, and issued for generating digital signatures Of public and private key pairs.
  • FIG. 4 is a schematic diagram of an information storage certificate provided by an exemplary embodiment. As shown in FIG. 4, assume that user A is a celebrity. When user A agrees to authorize xxx to make a poster, that is, user A agrees to endorse xxx, user A can deposit relevant information to the blockchain.
  • the user equipment 1 used by user A may be any type such as a mobile phone, a tablet, or a personal computer, which is not limited in this specification.
  • the client-side application running on the user device 1 the user A can complete the operation of depositing relevant information in the blockchain.
  • user A may generate certification information such as "I authorize xxx" on the user device 1, and sign the certification information by calling a private key issued by a certification authority, such as obtaining a corresponding digital signature as SIG_U1.
  • the process of generating the certification information "I authorize xxx" and the digital signature SIG_U1 can actually be completed by the certification authority, and the user device 1 can only be used to provide an interactive interface to user A and authenticate the user A (especially It is based on the verification of physiological characteristics; of course, the password verification, input habit verification, etc. can also be completed by the certification authority), and the data transmission between the certification authority, so that the user A can instruct the certification authority to generate certification information and digital signature.
  • the user equipment 1 may be configured as a blockchain node in the blockchain, then the user equipment 1 may submit a blockchain transaction [I authorize xxx; SIG_U1] to the blockchain, so that The blockchain transaction [I authorize xxx; SIG_U1] is recorded in the blockchain ledger maintained by each blockchain node.
  • the user equipment 1 itself is not configured as a blockchain node, then the user equipment 1 can send the certification information "I authorize xxx" and the digital signature SIG_U1 to the blockchain node, so that the blockchain
  • the node submits the above-mentioned blockchain transaction [I authorize xxx; SIG_U1] to the blockchain, which also enables the blockchain transaction [I authorize xxx; SIG_U1] to be recorded in the blockchain ledger maintained by each blockchain node in.
  • the certification authority can be configured as a blockchain node, and through the client-side application running on the user equipment 1 and the server-side application running on the certification authority, the user equipment 1 can set the certification information "I authorize xxx "And the digital signature SIG_U1 is sent to the certification body, and the certification body submits the above-mentioned blockchain transaction [I authorize xxx; SIG_U1] to the blockchain.
  • a corresponding access interface can be formed to facilitate access in the subsequent authentication process.
  • the access interface can be presented in the form of a two-dimensional code, and the blockchain node can send the two-dimensional code to the production agency of the poster (such as enterprise AA), so that the enterprise AA can add the two-dimensional code to Propaganda poster.
  • FIG. 5 is a schematic diagram of an authentication and authorization situation provided by an exemplary embodiment. As shown in FIG. 5, assuming that the application program on the client side is running on the electronic device 2 used by the user B, the camera module on the electronic device 2 can be called, and the QR code on the promotional poster shown in FIG. 4 Scan and upload the scanned content of the identified QR code to the certification body for certification by the certification body.
  • the QR code scan content includes the access interface information generated in the embodiment shown in FIG. 4, and the certification authority can query the blockchain ledger based on the QR code scan content:
  • the certification body may not be able to query any blockchain transactions, indicating that the QR code on the poster is useless information set by the criminals at random, and user A has not released and submitted xxx products to the blockchain Proof of authorization, then the certification body can determine that the authentication failed, that is, user A has not authorized.
  • the certification authority can access the corresponding blockchain transaction, but the blockchain transaction does not contain a digital signature or the included digital signature is not the SIG_U1 corresponding to user A, indicating that the two on the poster
  • the dimensional code is fake information set randomly by the criminals.
  • User A did not publish the certification information on the blockchain and authorized the xxx product, then the certification body can determine that the authentication failed, that is, user A did not authorize.
  • the certification authority can access the corresponding blockchain transaction, the digital signature included in the blockchain transaction is SIG_U1, and the certification authority can be based on the mapping relationship recorded in Figure 3 and the issuance record of the public and private key pair To determine that the digital signature SIG_U1 corresponds to user A. Then, the blockchain transaction has a certain probability to contain the certification information that user A authorizes the xxx product; however, under a certain probability, the blockchain transaction may contain the certification information that user A authorizes other products, not for xxx product authorization information, so the certification body can further verify the content contained in the blockchain exchange to ensure that the certification information it contains is "I authorize xxx" or similar description, not "I authorize yyy" content.
  • the certification authority may return the certification information to the user device 2 so that the user device 2 can display related content to the user B.
  • the authentication information can be as shown in Figure 5, including the certification information "I authorize xxx” and the digital signature SIG_U1 corresponding to Entity identity "User A" (Digital signature can reflect the digital identity, and further combined with the mapping relationship between the digital identity and the entity identity, the entity identity can be determined).
  • the authentication information may further include an authentication conclusion, such as "passed authentication” or “authorized”, “not passed authentication” or “unauthorized".
  • the authentication conclusion is not necessary; even if the authentication information only contains the content contained in the blockchain exchange, the entity information corresponding to the included digital signature, etc., user B can also view the authentication information and combine the content in the poster, Determine whether user A is authorized. For example, when the authentication information includes “authorization information not found”, “I authorize yyy”, “signature: user C", “unsigned”, etc., user B may determine that user A has not authorized the xxx product.
  • user B wants to deposit his position on his business card to show the authenticity of the position. Assuming that user B is also a director of enterprise AA, chairman of enterprise BB and CEO of enterprise CC, then user B can put the position information that needs to be recorded on the business card "User B: enterprise AA-director, enterprise BB-chair, enterprise CC-CEO "It is handed over to each enterprise for authentication, and after passing the authentication, each enterprise can separately sign with the private key held by itself, so that user B can obtain a multiple digital signature SIG_M for the above position information.
  • user B can submit a blockchain transaction to the blockchain ledger through user device 2, the blockchain transaction contains the above job information and multiple digital signatures SIG_M, and user B can gain access to the blockchain transaction Interface, and print the QR code corresponding to the access interface on User B's business card.
  • the user X can request the authentication of the certification authority by scanning the QR code on the business card.
  • the certification body can query the corresponding blockchain transaction from the blockchain through an embodiment such as shown in FIG. 5, the blockchain transaction contains job information "User B: Enterprise AA-Director, Enterprise BB-Chairman, "Enterprise CC-CEO", and the multiple digital signatures SIG_M corresponding to Enterprise AA, Enterprise BB and Enterprise CC, the certification body can assign the job information "User B: Enterprise AA-Director, Enterprise BB-Chairman, Enterprise CC-CEO" and The information of the enterprise AA, enterprise BB and enterprise CC corresponding to the multiple digital signature SIG_M is returned to the user X, so that the user X determines the authenticity of the post information actually marked on the business card.
  • Blockchain transactions include the signatures of enterprise AA, enterprise BB and enterprise CC, and the positions marked on the business card are consistent with the position information contained in the blockchain transaction, then the position information marked on the business card can be considered to be true.
  • the signature information is inconsistent or the position information is inconsistent, it indicates that the position information marked on the business card may be untrue.
  • FIG. 6 is a schematic structural diagram of a device provided by an exemplary embodiment. Please refer to FIG. 6.
  • the device includes a processor 602, an internal bus 604, a network interface 606, a memory 608, and a non-volatile memory 610. Of course, it may include hardware required for other services.
  • the processor 602 reads the corresponding computer program from the non-volatile memory 610 into the memory 608 and then runs it to form an authentication device at a logical level.
  • one or more embodiments of this specification do not exclude other implementations, such as logic devices or a combination of hardware and software, etc., that is to say, the execution body of the following processing flow is not limited to each
  • the logic unit may also be a hardware or logic device.
  • the authentication device may include:
  • the request receiving unit 701 enables the server to receive the authentication request, which is initiated by the client for the event to be authenticated, and the event to be authenticated is declared to be related to the specified object;
  • the event obtaining unit 702 enables the server to obtain a transaction event related to the event to be authenticated from the blockchain, and the transaction event is signed by a transaction-related object through a pre-registered digital identity;
  • the identity determination unit 703 enables the server to determine the entity identity of the transaction-related object based on the mapping relationship between the signature of the transaction event, the pre-recorded entity identity of each object and the digital identity, and to be used for authentication Whether the specified object is the transaction-related object.
  • the event acquisition unit 702 is specifically used to:
  • a content acquisition unit 704 or a contract invocation unit 705 which:
  • the content obtaining unit 704 is used to enable the server to obtain the event content of the transaction event, so as to verify the consistency between the transaction event and the event to be authenticated;
  • the contract invoking unit 705 is used to cause the server to call a smart contract, and the smart contract is used to verify the consistency between the transaction event and the event to be authenticated.
  • Optional also includes:
  • the authentication unit 706 causes the server to authenticate whether the specified object is the transaction-related object, so as to return the authentication result to the client.
  • Optional also includes:
  • the return unit 707 causes the server to return the entity identity of the transaction-related object and / or the event content of the transaction event to the client.
  • the transaction event is posted to the blockchain by the transaction-related object
  • the transaction event is published to the blockchain by a publisher different from the transaction-related object.
  • the transaction event is released to the blockchain by the publisher through its corresponding blockchain node
  • the device further includes: a publishing unit 708, which causes the server to receive the transaction event submitted by the publisher and publish the transaction event to the blockchain through its corresponding blockchain node.
  • a publishing unit 708 which causes the server to receive the transaction event submitted by the publisher and publish the transaction event to the blockchain through its corresponding blockchain node.
  • Optional also includes:
  • the verification unit 709 causes the server to verify whether there is a preset association relationship between the issuer and the transaction association object corresponding to the signature included in the transaction event;
  • the publishing unit 708 causes the server to publish the transaction event to the blockchain.
  • the verification unit 709 is specifically used to:
  • the server When the digital identity of the issuer is registered based on the signature provided by the transaction association object to the issuer, the server is caused to determine that the preset association relationship exists.
  • FIG. 8 is a schematic structural diagram of a device provided by an exemplary embodiment. Please refer to FIG. 8.
  • the device includes a processor 802, an internal bus 804, a network interface 806, a memory 808, and a non-volatile memory 810.
  • the processor 802 reads the corresponding computer program from the non-volatile memory 810 into the memory 808 and then runs it to form an authentication device at a logical level.
  • one or more embodiments of this specification do not exclude other implementations, such as logic devices or a combination of hardware and software, etc., that is to say, the execution body of the following processing flow is not limited to each
  • the logic unit may also be a hardware or logic device.
  • the authentication device may include:
  • the requesting unit 901 enables the client to initiate an authentication request to the server for the event to be authenticated, to instruct the server to obtain a transaction event related to the event to be authenticated from the blockchain, and the transaction event is passed by the transaction related object Pre-registered digital identity for signature;
  • the identity receiving unit 902 enables the client to receive the entity identity of the transaction-related object for use in verifying whether the specified object is the transaction-related object, wherein the specified object is declared to be related to the event to be authenticated, And the entity identity of the transaction-associated object is determined by the server according to the mapping relationship between the signature of the transaction event, the pre-recorded entity identity of each object and the digital identity; or, the client receives the The identity authentication result returned by the server.
  • the identity authentication result is used to indicate whether the specified object is the transaction-related object.
  • Optional also includes:
  • the identification unit 903 enables the client to identify the barcode pattern associated with the event to be authenticated to obtain transaction anchor information
  • the uploading unit 904 enables the client to upload the transaction anchor information to the server, so that the server can obtain the transaction event from the blockchain.
  • it also includes a content receiving unit 905 or a result receiving unit 906; where:
  • the content receiving unit 905 is used to enable the client to receive the event content of the transaction event returned by the server, for verifying the consistency between the transaction event and the event to be authenticated;
  • the result receiving unit 906 is used to enable the client to receive the content authentication result returned by the server, and the content authentication result is used to indicate the consistency between the transaction event and the event to be authenticated.
  • the system, device, module or unit explained in the above embodiments may be specifically implemented by a computer chip or entity, or by a product having a certain function.
  • a typical implementation device is a computer, and the specific form of the computer may be a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email sending and receiving device, and a game control Desk, tablet computer, wearable device, or any combination of these devices.
  • the computer includes one or more processors (CPUs), input / output interfaces, network interfaces, and memory.
  • processors CPUs
  • input / output interfaces output interfaces
  • network interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory, random access memory (RAM) and / or non-volatile memory in computer-readable media, such as read only memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
  • RAM random access memory
  • ROM read only memory
  • flash RAM flash memory
  • Computer-readable media including permanent and non-permanent, removable and non-removable media, can store information by any method or technology.
  • the information may be computer readable instructions, data structures, modules of programs, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, read-only compact disc read-only memory (CD-ROM), digital versatile disc (DVD) or other optical storage, Magnetic cassette tapes, magnetic disk storage, quantum memory, graphene-based storage media or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices.
  • computer-readable media does not include temporary computer-readable media (transitory media), such as modulated data signals and carrier waves.
  • first, second, third, etc. may use the terms first, second, third, etc. to describe various information, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other.
  • first information may also be referred to as second information, and similarly, the second information may also be referred to as first information.
  • word "if” as used herein may be interpreted as "when” or “when” or “in response to a determination”.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Selon un ou plusieurs modes de réalisation, la présente invention concerne un procédé et un appareil d'authentification ainsi qu'un dispositif électronique. Le procédé peut comprendre les étapes suivantes : un terminal serveur reçoit une demande d'authentification, la demande d'authentification est lancée par un terminal client pour un évènement à authentifier, et l'évènement à authentifier est déclaré comme étant associé à un objet désigné ; le terminal serveur obtient auprès d'une chaîne de blocs un évènement de transaction associé à l'évènement à authentifier, l'événement de transaction est signé par un objet associé à la transaction au moyen d'une identité numérique préenregistrée ; et le terminal serveur détermine l'identité d'entité de l'objet associé à la transaction selon une signature de l'évènement de transaction et une relation de mappage préenregistrée entre les identités d'entité d'objets respectifs et les identités numériques, ce qui authentifie si l'objet désigné est l'objet associé à la transaction ou non.
PCT/CN2019/102816 2018-10-26 2019-08-27 Procédé et appareil d'authentification ainsi que dispositif électronique WO2020082886A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811258195.4A CN109327312B (zh) 2018-10-26 2018-10-26 认证方法及装置、电子设备
CN201811258195.4 2018-10-26

Publications (1)

Publication Number Publication Date
WO2020082886A1 true WO2020082886A1 (fr) 2020-04-30

Family

ID=65261732

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/102816 WO2020082886A1 (fr) 2018-10-26 2019-08-27 Procédé et appareil d'authentification ainsi que dispositif électronique

Country Status (3)

Country Link
CN (2) CN111600716B (fr)
TW (1) TW202016833A (fr)
WO (1) WO2020082886A1 (fr)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111600716B (zh) * 2018-10-26 2023-09-29 创新先进技术有限公司 认证方法及装置、电子设备
CN109978551A (zh) * 2019-03-29 2019-07-05 北京投肯科技有限公司 一种基于区块链的账户信息确认及找回方法以及装置
CN110086626B (zh) * 2019-04-22 2023-05-05 如般量子科技有限公司 基于非对称密钥池对的量子保密通信联盟链交易方法和系统
CN110599190B (zh) * 2019-09-27 2022-10-21 支付宝(杭州)信息技术有限公司 基于区块链的身份认证方法以及装置
CN110768967B (zh) * 2019-10-11 2021-06-01 支付宝(杭州)信息技术有限公司 业务授权方法、装置、设备、系统及存储介质
CN113949585A (zh) * 2019-12-17 2022-01-18 支付宝(杭州)信息技术有限公司 基于信用的信息标识生成方法及装置
CN113807700B (zh) * 2021-09-18 2023-10-27 厦门大学 基于区块链的飞机在翼指挥调度发布、接收方法及系统

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106384236A (zh) * 2016-08-31 2017-02-08 江苏通付盾科技有限公司 基于区块链的ca认证管理方法、装置及系统
WO2017051250A1 (fr) * 2015-09-25 2017-03-30 Assa Abloy Ab Justificatifs d'identité virtuels et autorisations
CN107079037A (zh) * 2016-09-18 2017-08-18 深圳前海达闼云端智能科技有限公司 基于区块链的身份认证方法、装置、节点及系统
CN107086909A (zh) * 2017-03-07 2017-08-22 阿里巴巴集团控股有限公司 身份信息的生成方法和装置、身份审核的方法和装置
CN108416588A (zh) * 2018-02-14 2018-08-17 北京三六五八网络科技有限公司 用于电子交易认证的数据处理方法及装置
CN109327312A (zh) * 2018-10-26 2019-02-12 阿里巴巴集团控股有限公司 认证方法及装置、电子设备

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9858569B2 (en) * 2014-03-21 2018-01-02 Ramanan Navaratnam Systems and methods in support of authentication of an item
US11165754B2 (en) * 2016-06-16 2021-11-02 The Bank Of New York Mellon Managing verifiable, cryptographically strong transactions
CN106845210A (zh) * 2017-01-19 2017-06-13 布比(北京)网络技术有限公司 事件认证方法和装置
CN107368259B (zh) * 2017-05-25 2020-07-10 创新先进技术有限公司 一种向区块链系统中写入业务数据的方法和装置
CN107257340B (zh) * 2017-06-19 2019-10-01 阿里巴巴集团控股有限公司 一种认证方法、基于区块链的认证数据处理方法及设备
CN107742212B (zh) * 2017-10-13 2021-01-01 深圳怡化电脑股份有限公司 基于区块链的资产验证方法、装置及系统
CN108123936B (zh) * 2017-12-13 2021-04-13 北京科技大学 一种基于区块链技术的访问控制方法及系统
CN108573741A (zh) * 2017-12-25 2018-09-25 北京金山云网络技术有限公司 业务数据记录方法、装置、设备和存储介质
CN108234135B (zh) * 2017-12-29 2021-02-26 苏州朗润创新知识产权运营有限公司 一种业务认证方法、系统和计算机可读存储介质
CN108183801B (zh) * 2017-12-29 2023-04-25 苏州朗润创新知识产权运营有限公司 一种业务认证方法、系统和计算机可读存储介质
CN108111543B (zh) * 2018-02-06 2020-08-04 上海冲量网络科技有限公司 一种区块链上的数字身份识别系统
CN111861433B (zh) * 2018-03-30 2024-04-02 创新先进技术有限公司 基于区块链的业务执行方法及装置、电子设备
CN108667618B (zh) * 2018-05-10 2020-07-03 阿里巴巴集团控股有限公司 区块链成员管理的数据处理方法、装置、服务器及系统

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017051250A1 (fr) * 2015-09-25 2017-03-30 Assa Abloy Ab Justificatifs d'identité virtuels et autorisations
CN106384236A (zh) * 2016-08-31 2017-02-08 江苏通付盾科技有限公司 基于区块链的ca认证管理方法、装置及系统
CN107079037A (zh) * 2016-09-18 2017-08-18 深圳前海达闼云端智能科技有限公司 基于区块链的身份认证方法、装置、节点及系统
CN107086909A (zh) * 2017-03-07 2017-08-22 阿里巴巴集团控股有限公司 身份信息的生成方法和装置、身份审核的方法和装置
CN108416588A (zh) * 2018-02-14 2018-08-17 北京三六五八网络科技有限公司 用于电子交易认证的数据处理方法及装置
CN109327312A (zh) * 2018-10-26 2019-02-12 阿里巴巴集团控股有限公司 认证方法及装置、电子设备

Also Published As

Publication number Publication date
TW202016833A (zh) 2020-05-01
CN109327312B (zh) 2020-03-24
CN111600716B (zh) 2023-09-29
CN111600716A (zh) 2020-08-28
CN109327312A (zh) 2019-02-12

Similar Documents

Publication Publication Date Title
WO2020082886A1 (fr) Procédé et appareil d'authentification ainsi que dispositif électronique
JP7187532B2 (ja) 電子文書を締結して配送するためのシステム及び方法
US11139976B2 (en) System and method, which using blockchain and mobile devices, provides the validated and authenticated identity of an individual to a valid and authenticated requestor
TWI762818B (zh) 基於區塊鏈的發票創建方法及裝置、電子設備
US20220052852A1 (en) Secure biometric authentication using electronic identity
US10902425B2 (en) System and method for biometric credit based on blockchain
TWI728678B (zh) 基於區塊鏈的企業認證、認證追溯方法、裝置及設備
US10171476B2 (en) System and method for protecting the privacy of identity and financial information of the consumer conducting online business
US11645632B2 (en) System and method for a decentralized portable information container supporting privacy protected digital information credentialing, remote administration, local validation, access control and remote instruction signaling utilizing blockchain distributed ledger and container wallet technologies
WO2020119286A1 (fr) Procédé et appareil de création de facture fondée sur une chaîne de blocs et dispositif électronique
WO2020119294A1 (fr) Procédé, appareil et système de partage de données, et dispositif électronique
US11445364B2 (en) Secure data communication
US11764974B2 (en) Method and system for certification and authentication of objects
JP2021524216A (ja) デジタルシールされたアセットを作成および登録し、デジタルシールされたアセットが本物であるかを確認するための方法、コンピュータプログラム製品および装置
WO2016128568A1 (fr) Authentification de contenu web
TW202013930A (zh) 網路中使用者身份認證方法和裝置
US11075766B1 (en) Method and system for certification and authentication of objects
US20210327008A1 (en) Systems and methods for automated will creation, verification of beneficiaries, and passing assets through a borderless fintech ecosystem
WO2023207086A1 (fr) Procédé, appareil et dispositif de transfert de données d'utilisateur se basant sur une chaîne de blocs
CN108140152A (zh) 计算机实现的追踪机制及数据管理
CN110969531A (zh) 借款存证、在线查证方法及其系统
KR102166690B1 (ko) 전자문서를 위한 전자서명 관리서버 및 관리방법
CN112287311A (zh) 一种基于区块链的业务实现方法和装置
US11171781B2 (en) System and method which using blockchain protects the privacy of access code and the identity of an individual seeking online access
US11971929B2 (en) Secure signing method, device and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19876449

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19876449

Country of ref document: EP

Kind code of ref document: A1