WO2020119477A1 - Identity authentication method employing blockchain, and terminal apparatus - Google Patents

Identity authentication method employing blockchain, and terminal apparatus Download PDF

Info

Publication number
WO2020119477A1
WO2020119477A1 PCT/CN2019/121867 CN2019121867W WO2020119477A1 WO 2020119477 A1 WO2020119477 A1 WO 2020119477A1 CN 2019121867 W CN2019121867 W CN 2019121867W WO 2020119477 A1 WO2020119477 A1 WO 2020119477A1
Authority
WO
WIPO (PCT)
Prior art keywords
node
middleware
smart contract
blockchain
identification information
Prior art date
Application number
PCT/CN2019/121867
Other languages
French (fr)
Chinese (zh)
Inventor
冯承勇
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2020119477A1 publication Critical patent/WO2020119477A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals

Definitions

  • This application relates to the field of blockchain technology, in particular to a blockchain-based identity authentication method and terminal device.
  • Blockchain is a new application model of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm, etc. It is essentially a decentralized database.
  • the blockchain contains multiple nodes, and each node establishes trust and obtains rights and interests through a consensus mechanism. When the nodes in the blockchain need to interact with the nodes in the non-blockchain, they need to use middleware as a medium.
  • the application middleware does not belong to the blockchain node, and the blockchain node cannot directly authenticate and establish trust for the application middleware through the consensus mechanism, and cannot effectively manage the identity information of the application middleware.
  • One of the purposes of the embodiments of the present application is to provide a blockchain-based identity authentication method and terminal device to solve the problem that nodes in the blockchain cannot perform trusted identity authentication on application middleware in the prior art.
  • the first aspect of the embodiments of the present application provides a blockchain-based identity authentication method applied to the first node in the blockchain, which may include:
  • middleware and the first node belong to the same blockchain, write the identity information of the middleware into a smart contract, and monitor the authorization request of the second node in the blockchain;
  • the second node If the authorization request of the second node is monitored, the second node is authorized by a smart contract and the smart contract is sent to the second node, and the smart contract is used to instruct the second node to The smart contract authenticates the middleware.
  • a method for identity authentication based on a blockchain is provided, which is applied to a second node in the blockchain.
  • the method includes:
  • a computer-readable storage medium stores computer-readable instructions.
  • the computer-readable instructions are executed by a processor, they are implemented as the embodiments of the present application.
  • a fourth aspect of the embodiments of the present application provides a terminal device, including a memory, a processor, and computer-readable instructions stored in the memory and executable on the processor, and the processor executes the The computer readable instructions implement the steps in the method described in the first aspect of the embodiments of the present application or the method described in the second aspect of the embodiments of the present application.
  • the identity information of the middleware is obtained through the first node in the blockchain. If the middleware and the first node belong to the same blockchain, the identity information of the middleware is written into the smart contract.
  • the first identity authentication of the middleware can be achieved; after monitoring the second quarter point in the blockchain to the authorization request, the second node is authorized by the smart contract, so that the second node can be based on the smart contract Identity authentication is performed on the middleware to realize the second identity authentication on the middleware.
  • the nodes in the blockchain can perform trusted identity authentication on the middleware, and the double authentication process effectively improves the reliability of the middleware authentication.
  • FIG. 1 is a schematic diagram of an implementation process of a blockchain-based identity authentication method provided by an embodiment of the present application
  • FIG. 2 is a schematic diagram of an implementation process of a blockchain-based identity authentication method provided by another embodiment of the present application.
  • FIG. 3 is a schematic diagram of a terminal device provided by an embodiment of the present application.
  • FIG. 4 is a schematic diagram of a terminal device provided by another embodiment of the present application.
  • the terms “if” and “if” can be interpreted as “when” or “once” or “in response to a determination” or “response” depending on the context Detected”.
  • the phrase “if determined” or “if [described condition or event] is detected” can be interpreted in the context to mean “once determined” or “in response to a determination” or “once detected [described condition or event ]” or “In response to detection of [the described condition or event]”.
  • the nodes in the alliance chain can be divided into application layer nodes, intermediate layer nodes and blockchain layer nodes according to their functions.
  • the blockchain layer nodes interact with application layer nodes, they need to use intermediate layer nodes As a medium.
  • the blockchain layer is composed of multiple alliance chain nodes
  • the middle layer can be composed of multiple middleware, and each blockchain node can be used for information exchange by a system in the application layer through the middleware.
  • the middleware can be regarded as an application interface, through which the two systems can be connected for communication.
  • Blockchain nodes must first authenticate the middleware. After the identity authentication is passed, the blockchain nodes can interact with the middleware. Therefore, this application proposes an identity authentication method based on the alliance chain to implement trusted identity authentication for middleware.
  • FIG. 1 is a schematic diagram of an implementation process of a blockchain-based identity authentication method provided by an embodiment of the present application.
  • the method in this embodiment is applied to a first node in a blockchain.
  • the method may include the following step:
  • Step S101 Obtain the identity identification information of the middleware, and determine whether the middleware belongs to the same blockchain as the first node according to the identity identification information.
  • the nodes in the alliance chain are divided into two types, one is an administrator node (that is, a first node), and one is a member node (that is, a second node). Only the administrator node can have permission to write smart contracts. Therefore, the administrator node is responsible for publishing the identity information of middleware in the blockchain. For middleware that is no longer used or is no longer safe, the administrator node can Revoke its identity information and write it into the blockchain through a smart contract. After obtaining the contract authorization, the member nodes can verify the identity information of the middleware through the smart contract and obtain detailed identity information of the middleware, but they have no right to rewrite the smart contract.
  • Smart contracts can be deployed on all nodes in the blockchain, or only on some nodes. Only nodes with smart contracts can provide smart contract services, that is, they can participate in middleware identity authentication and information interaction.
  • Steps S101-S103 are the authentication process of the middleware by the administrator node (ie the first node) in the blockchain. Only through the identity authentication of the chain administrator node can the identity information of the middleware be written into the smart contract.
  • the judging whether the middleware belongs to the same blockchain as the first node according to the identity identification information includes:
  • the root certificate in the identity information of the middleware is the same as the root certificate in the identity information of the first node, it is determined that the middleware and the first node belong to the same blockchain.
  • Step S102 If the middleware and the first node belong to the same blockchain, write the identity information of the middleware into a smart contract, and monitor the authorization request of the second node in the blockchain.
  • the identity identification information of the middleware node may be a digital certificate issued on behalf of the root CA of the organization.
  • An organization creates a root CA and uses the root certificate as the identification method of the organization.
  • the root CA can issue an identity certificate to the middleware, which contains the identity information of the middleware, such as name, type, and description.
  • the root CA representing the organization can also issue an identity certificate to the blockchain nodes. Nodes whose identity certificates are issued by the same root CA belong to the same alliance chain organization member.
  • the method further includes:
  • the middleware is invalid middleware.
  • the identification information of the invalid middleware is deleted and the updated smart contract is deleted.
  • This embodiment is used to determine whether the middleware is effective. If the middleware is used too few times, it means that the middleware is not commonly used or rarely used. If the security level of the middleware is less than the preset level, it means that the middleware Not safe. Middleware used too few times or unsafe will be judged as invalid middleware. Monitoring the invalidity of middleware can improve the reliability of middleware in the alliance chain.
  • the sending the smart contract to the second node includes:
  • Step S103 if the authorization request of the second node is monitored, the second node is authorized with a smart contract, and the smart contract is sent to the second node, and the smart contract is used to indicate the first
  • the two nodes authenticate the middleware according to the smart contract.
  • the administrator node of the blockchain can perform contract authorization on the member node after receiving the authorization request from the member node, or it can perform contract authorization on the member nodes in the blockchain on its own.
  • FIG. 2 is a schematic diagram of an implementation process of a blockchain-based identity authentication method provided by another embodiment of the present application.
  • the method in this embodiment is applied to the second node in the blockchain. As shown in the figure, the method may It includes the following steps:
  • Step S201 Send an authorization request to the first node in the blockchain, where the authorization request is used to instruct the first node to authorize the second node for a smart contract.
  • Steps S201-S204 are the identity authentication process of the middleware by the member nodes (ie, the second node) in the blockchain. Only after the member nodes are authenticated can the member nodes interact with the middleware.
  • the sending an authorization request to the first node in the blockchain includes:
  • the administrator list includes the block All first nodes in the chain.
  • the sending an authorization request to the first node in the blockchain further includes:
  • the communication efficiency with each third node in the blockchain is calculated separately, and the third node is a node in the blockchain other than the current second node.
  • extension item information of the digital certificate of the node to be selected, and determine whether the extension item information includes administrator identification information.
  • extension item information includes administrator identification information
  • the node to be selected is used as the first node, and an authorization request is sent to the first node.
  • the node with administrator status is generally written into the administrator list of the genesis block.
  • the administrator identity can be marked in the extension information of the digital certificate of the node in the form of administrator identification information, so that the node's status can be judged by the administrator identification information in the extension information of the digital certificate of the blockchain node Administrator status.
  • Step S202 After obtaining the authorization of the smart contract of the first node, receive the smart contract sent by the first node, and load and install the smart contract.
  • Only the second node loaded with the smart contract can provide smart contract services to the outside, that is, it can participate in the identity authentication and information exchange of the middleware.
  • Step S203 After monitoring the communication request of the middleware, obtain the identity identification information of the middleware, and authenticate the identity identification information of the middleware according to the smart contract.
  • the authentication of the identity information of the middleware according to the smart contract includes:
  • the identity identification information of the middleware exists in the smart contract, it is determined whether the root certificate in the identity identification information of the middleware is the same as the root certificate in the identity identification information of the second node.
  • the authentication of the identity identification information of the middleware is successful.
  • Step S204 if the authentication of the identity identification information of the middleware is passed, establish a communication connection with the middleware.
  • the identity information of the middleware is obtained through the first node in the blockchain. If the middleware and the first node belong to the same blockchain, the identity information of the middleware is written into the smart contract.
  • the first identity authentication of the middleware can be achieved; after monitoring the second quarter point in the blockchain to the authorization request, the second node is authorized by the smart contract, so that the second node can be based on the smart contract Identity authentication is performed on the middleware to realize the second identity authentication on the middleware.
  • the nodes in the blockchain can perform trusted identity authentication on the middleware, and the double authentication process effectively improves the reliability of the middleware authentication.
  • each functional unit and module is used as an example for illustration.
  • the above-mentioned functions may be allocated by different functional units
  • Module completion means that the internal structure of the device is divided into different functional units or modules to complete all or part of the functions described above.
  • the functional units and modules in the embodiments may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above integrated unit may use hardware It can also be implemented in the form of software functional units.
  • the specific names of each functional unit and module are only for the purpose of distinguishing each other, and are not used to limit the protection scope of the present application.
  • FIG. 3 is a schematic diagram of a terminal device provided by an embodiment of the present application.
  • the terminal device 3 of this embodiment includes: a processor 30, a memory 31, and computer-readable instructions 32 stored in the memory 31 and executable on the processor 30.
  • the processor 30 executes the computer-readable instructions 32, the steps in the above embodiments of each blockchain-based identity authentication method are implemented, for example, steps S101 to S103 shown in FIG. 1.
  • the computer-readable instructions 32 may be divided into one or more modules/units, the one or more modules/units are stored in the memory 31 and executed by the processor 30, To complete this application.
  • the one or more modules/units may be an instruction segment of a series of computer-readable instructions capable of performing specific functions, and the instruction segment is used to describe the execution process of the computer-readable instructions 32 in the terminal device 3.
  • the computer-readable instructions 32 may be divided into an acquisition unit, a writing unit, and an authorization unit. The specific functions of each unit are as follows:
  • the acquiring unit is used to acquire the identity identification information of the middleware, and determine whether the middleware belongs to the same blockchain as the first node according to the identity identification information.
  • Write unit used to write the identity information of the middleware to the smart contract if the middleware and the first node belong to the same blockchain, and monitor the authorization of the second node in the blockchain request.
  • the authorization unit is configured to authorize the second node for a smart contract and send the smart contract to the second node if the authorization request of the second node is monitored, and the smart contract is used to indicate The second node authenticates the middleware according to the smart contract.
  • the acquiring unit includes:
  • the first judgment module is used to judge whether the root certificate in the identity identification information of the middleware is the same as the root certificate in the identity identification information of the first node.
  • a first determining module configured to determine that the middleware and the first node belong to the same if the root certificate in the identity information of the middleware is the same as the root certificate in the identity information of the first node Blockchain.
  • the computer storage medium further includes:
  • the judging unit is used to judge whether the number of times the middleware is used within a preset time is less than the preset number after writing the identity identification information of the middleware into the smart contract, and judge whether the security level of the middleware is Less than the preset level.
  • the determining unit is configured to determine that the middleware is an invalid middleware if the number of times the middleware is used within a preset time is less than a preset number of times, or the security level of the middleware is less than a preset level.
  • the identification information of the invalid middleware is deleted to obtain the updated smart contract.
  • the authorization unit includes:
  • a sending module configured to send the updated smart contract to the second node.
  • the terminal device 4 of this embodiment includes: a processor 40, a memory 41, and computer-readable instructions 42 stored in the memory 41 and executable on the processor 40.
  • the processor 40 executes the computer-readable instructions 42, the steps in the above embodiments of each blockchain-based identity authentication method are implemented, for example, steps S201 to S204 shown in FIG. 2.
  • the computer-readable instructions 42 may be divided into one or more modules/units, the one or more modules/units are stored in the memory 41, and executed by the processor 40, To complete this application.
  • the one or more modules/units may be an instruction segment of a series of computer-readable instructions capable of performing specific functions, and the instruction segment is used to describe the execution process of the computer-readable instructions 42 in the terminal device 4.
  • the computer-readable instructions 42 can be divided into a sending unit, a receiving unit, an authentication unit, and a communication unit. The specific functions of each unit are as follows:
  • the sending unit is configured to send an authorization request to the first node in the blockchain, and the authorization request is used to instruct the first node to authorize the second node for the smart contract.
  • the receiving unit is configured to receive the smart contract sent by the first node after obtaining the authorization of the smart contract of the first node, and load and install the smart contract.
  • the authentication unit is used for acquiring the identity identification information of the middleware after monitoring the communication request of the middleware, and authenticating the identity identification information of the middleware according to the smart contract.
  • the communication unit is configured to establish a communication connection with the middleware if the authentication of the identity information of the middleware is passed.
  • the sending unit includes:
  • the statistics module is used to obtain an administrator list from the genesis block of the blockchain, and separately count the historical communication times with each first node in the administrator list. Including all the first nodes in the blockchain.
  • the first selection module is used to select a first node according to the order of the historical communication times from more to less and send an authorization request to the first node.
  • the sending unit further includes:
  • the calculation module is used to separately calculate the communication efficiency with each third node in the blockchain, and the third node is a node other than the current second node in the blockchain.
  • the second selection module is used to select a node as the candidate node according to the order of communication efficiency from high to low.
  • the obtaining module is used to obtain the extended item information of the digital certificate of the node to be selected, and determine whether the extended item information includes administrator identification information.
  • the sending module is configured to use the node to be selected as the first node and send an authorization request to the first node if the extension item information includes administrator identification information.
  • the authentication unit includes:
  • a search module is used to search for the existence of the identity information of the middleware in the smart contract.
  • the second judgment module is used to judge whether the root certificate in the middleware's identity information and the second node's identity information in the smart contract if the middleware's identity information exists in the smart contract The root certificate is the same.
  • the second determination module is used to authenticate the identity identification information of the middleware if the root certificate in the identity identification information of the middleware is the same as the root certificate in the identity identification information of the second node.
  • the terminal device 3/4 may be a computing device such as a desktop computer, a notebook, a palmtop computer and a cloud server.
  • the terminal device may include, but is not limited to, a processor and a memory.
  • FIG. 3/4 is only an example of the terminal device 3/4, and does not constitute a limitation on the terminal device 3/4, and may include more or less components than the illustration, or a combination Components, or different components, for example, the terminal device may further include an input output device, a network access device, a bus, and the like.
  • the so-called processor may be a central processing unit (Central Processing Unit, CPU) or other general-purpose processors or digital signal processors (Digital Signal Processor, DSP), Application Specific Integrated Circuit (ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • the general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • the memory may be an internal storage unit of the terminal device 3/4, for example, a hard disk or a memory of the terminal device 3/4.
  • the memory may also be an external storage device of the terminal device 3/4, for example, a plug-in hard disk equipped on the terminal device 3/4, a smart memory card (Smart Media Card, SMC), or secure digital (Secure Digital) , SD) card, flash memory card (Flash Card) etc.
  • the memory may include both an internal storage unit of the terminal device 3/4 and an external storage device.
  • the memory is used to store the computer-readable instructions and other programs and data required by the terminal device.
  • the memory can also be used to temporarily store data that has been or will be output.
  • the disclosed device/terminal device and method may be implemented in other ways.
  • the device/terminal device embodiments described above are only schematic.
  • the division of the module or unit is only a logical function division, and in actual implementation, there may be another division manner, such as multiple units Or components can be combined or integrated into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above integrated unit may be implemented in the form of hardware or software functional unit.
  • Non-volatile memory may include read-only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
  • Volatile memory can include random access memory (RAM) or external cache memory.
  • RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
  • SRAM static RAM
  • DRAM dynamic RAM
  • SDRAM synchronous DRAM
  • DDRSDRAM double data rate SDRAM
  • ESDRAM enhanced SDRAM
  • SLDRAM synchronous chain (Synchlink) DRAM
  • SLDRAM synchronous chain (Synchlink) DRAM
  • Rambus direct RAM
  • DRAM direct memory bus dynamic RAM
  • RDRAM memory bus dynamic RAM

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present application is applicable to the technical field of blockchains, and provides an identity authentication method employing a blockchain and a terminal apparatus. The method comprises: acquiring identity identification information of middleware, and determining, according to the identity identification information, whether the middleware belongs to the same blockchain as a first node; if so, writing the identity identification information of the middleware into a smart contract, and performing detection on an authorization request of a second node in the blockchain; and if the authorization request of the second node is detected, performing smart contract authorization for the second node, and sending to the second node the smart contract used to instruct the second node to perform identity authentication on the middleware according to the smart contract. The method effectively solves the problem in which a node of a blockchain lacks the capability to perform trusted identity authentication on middleware of an application.

Description

一种基于区块链的身份认证方法及终端设备Block chain-based identity authentication method and terminal equipment
本申请要求于2018年12月14日提交中国专利局、申请号为201811529951.2、发明名称为“一种基于区块链的身份认证方法及终端设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application requires the priority of the Chinese patent application submitted to the Chinese Patent Office on December 14, 2018, with the application number 201811529951.2 and the invention titled "A Blockchain-based Identity Authentication Method and Terminal Equipment", all of which are approved by The reference is incorporated in this application.
技术领域Technical field
本申请涉及区块链技术领域,尤其涉及一种基于区块链的身份认证方法及终端设备。This application relates to the field of blockchain technology, in particular to a blockchain-based identity authentication method and terminal device.
背景技术Background technique
区块链是分布式数据存储、点对点传输、共识机制、加密算法等计算机技术的新型应用模式,其本质上是一个去中心化的数据库。区块链中包含多个节点,各节点之间通过共识机制建立信任、获取权益。当区块链中的节点需要与非区块链中的节点进行信息交互时,则需要应用中间件作为媒介。Blockchain is a new application model of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm, etc. It is essentially a decentralized database. The blockchain contains multiple nodes, and each node establishes trust and obtains rights and interests through a consensus mechanism. When the nodes in the blockchain need to interact with the nodes in the non-blockchain, they need to use middleware as a medium.
但是,应用中间件不属于区块链节点,区块链节点不能直接通过共识机制对应用中间件进行认证、建立信任,并且不能有效地对应用中间件的身份信息进行管理。However, the application middleware does not belong to the blockchain node, and the blockchain node cannot directly authenticate and establish trust for the application middleware through the consensus mechanism, and cannot effectively manage the identity information of the application middleware.
技术问题technical problem
本申请实施例的目的之一在于:提供了一种基于区块链的身份认证方法及终端设备,以解决现有技术中区块链中节点无法对应用中间件进行可信身份认证的问题。One of the purposes of the embodiments of the present application is to provide a blockchain-based identity authentication method and terminal device to solve the problem that nodes in the blockchain cannot perform trusted identity authentication on application middleware in the prior art.
技术解决方案Technical solution
本申请实施例的第一方面,提供了一种基于区块链的身份认证方法,应用于区块链中的第一节点,可以包括:The first aspect of the embodiments of the present application provides a blockchain-based identity authentication method applied to the first node in the blockchain, which may include:
获取中间件的身份标识信息,并根据所述身份标识信息判断所述中间件是否与所述第一节点属于相同的区块链;Obtain the identity identification information of the middleware, and determine whether the middleware belongs to the same blockchain as the first node according to the identity identification information;
若所述中间件与所述第一节点属于相同的区块链,则将所述中间件的身份标识信息写入智能合约,并监测区块链中第二节点的授权请求;If the middleware and the first node belong to the same blockchain, write the identity information of the middleware into a smart contract, and monitor the authorization request of the second node in the blockchain;
若监测到所述第二节点的授权请求,则对所述第二节点进行智能合约的授权,并将智能合约发送至所述第二节点,所述智能合约用于指示所述第二节点根据所述智能合约对所述中间件进行身份认证。If the authorization request of the second node is monitored, the second node is authorized by a smart contract and the smart contract is sent to the second node, and the smart contract is used to instruct the second node to The smart contract authenticates the middleware.
本申请实施例第二方面,提供了一种基于区块链的身份认证方法,应用于区块链中的第二节点,所述方法包括:In a second aspect of an embodiment of the present application, a method for identity authentication based on a blockchain is provided, which is applied to a second node in the blockchain. The method includes:
向区块链中的第一节点发送授权请求,所述授权请求用于指示所述第一节点对所述第二节点进行智能合约的授权;Send an authorization request to the first node in the blockchain, where the authorization request is used to instruct the first node to authorize the second node for a smart contract;
在获得所述第一节点的智能合约的授权之后,接收所述第一节点发送的智能合约,并加载安装所述智能合约;After obtaining the authorization of the smart contract of the first node, receive the smart contract sent by the first node, and load and install the smart contract;
在监测到中间件的通信请求后,获取所述中间件的身份标识信息,并根据所述智能合约对所述中间件的身份标识信息进行认证;After monitoring the communication request of the middleware, obtain the identity identification information of the middleware, and authenticate the identity identification information of the middleware according to the smart contract;
如果对所述中间件的身份标识信息的认证通过,则与所述中间件建立通信连接。If the authentication of the identity identification information of the middleware is passed, a communication connection is established with the middleware.
本申请实施例的第三方面,提供了一种计算机可读存储介质,所述计算机可读存储介质存储有计算机可读指令,所述计算机可读指令被处理器执行时实现如本申请实施例第一方面所述方法或本申请实施例第二方面所述方法中的步骤。According to a third aspect of the embodiments of the present application, a computer-readable storage medium is provided. The computer-readable storage medium stores computer-readable instructions. When the computer-readable instructions are executed by a processor, they are implemented as the embodiments of the present application. The method described in the first aspect or the steps in the method described in the second aspect of the embodiments of the present application.
本申请实施例的第四方面,提供了一种终端设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,所述处理器执行所述计算机可读指令时实现如本申请实施例第一方面所述方法或本申请实施例第二方面所述方法中步骤。A fourth aspect of the embodiments of the present application provides a terminal device, including a memory, a processor, and computer-readable instructions stored in the memory and executable on the processor, and the processor executes the The computer readable instructions implement the steps in the method described in the first aspect of the embodiments of the present application or the method described in the second aspect of the embodiments of the present application.
有益效果Beneficial effect
本申请实施例中通过区块链中的第一节点获取中间件的身份标识信息,若该中间件与第一节点属于相同的区块链,则将中间件的身份标识信息写入智能合约,通过上述方法能够实现对中间件的第一重身份认证;在监测到区块链中第二季点到授权请求后,对第二节点进行智能合约的授权,以使第二节点能够根据智能合约对中间件进行身份认证,以此实现对中间件的第二重身份认证。通过上述方法,使得区块链中节点能够对中间件进行可信身份认证,并且双重认证过程有效提高了对中间件认证的可靠性。In the embodiment of the present application, the identity information of the middleware is obtained through the first node in the blockchain. If the middleware and the first node belong to the same blockchain, the identity information of the middleware is written into the smart contract. Through the above method, the first identity authentication of the middleware can be achieved; after monitoring the second quarter point in the blockchain to the authorization request, the second node is authorized by the smart contract, so that the second node can be based on the smart contract Identity authentication is performed on the middleware to realize the second identity authentication on the middleware. Through the above method, the nodes in the blockchain can perform trusted identity authentication on the middleware, and the double authentication process effectively improves the reliability of the middleware authentication.
附图说明BRIEF DESCRIPTION
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly explain the technical solutions in the embodiments of the present application, the following will briefly introduce the drawings required in the embodiments or the description of the prior art. Obviously, the drawings in the following description are only for the application In some embodiments, for those of ordinary skill in the art, without paying creative labor, other drawings may be obtained based on these drawings.
图1是本申请实施例提供的基于区块链的身份认证方法的实现流程示意图;1 is a schematic diagram of an implementation process of a blockchain-based identity authentication method provided by an embodiment of the present application;
图2是本申请又一实施例提供的基于区块链的身份认证方法的实现流程示意图;2 is a schematic diagram of an implementation process of a blockchain-based identity authentication method provided by another embodiment of the present application;
图3是本申请实施例提供的终端设备的示意图;3 is a schematic diagram of a terminal device provided by an embodiment of the present application;
图4是本申请又一实施例提供的终端设备的示意图。4 is a schematic diagram of a terminal device provided by another embodiment of the present application.
本发明的实施方式Embodiments of the invention
以下描述中,为了说明而不是为了限定,提出了诸如特定系统结构、技术之类的具体细节,以便透彻理解本申请实施例。然而,本领域的技术人员应当清楚,在没有这些具体细节的其它实施例中也可以实现本申请。在其它情况中,省略对众所周知的系统、装置、电路以及方法的详细说明,以免不必要的细节妨碍本申请的描述。In the following description, for the purpose of illustration rather than limitation, specific details such as specific system structure and technology are proposed to thoroughly understand the embodiments of the present application. However, those skilled in the art should understand that the present application can also be implemented in other embodiments without these specific details. In other cases, detailed descriptions of well-known systems, devices, circuits, and methods are omitted to avoid unnecessary details hindering the description of the present application.
应当理解,当在本说明书和所附权利要求书中使用时,术语“包括”指示所描述特征、整体、步骤、操作、元素和/或组件的存在,但并不排除一个或多个其它特征、整体、步骤、操作、元素、组件和/或其集合的存在或添加。It should be understood that when used in this specification and the appended claims, the term "comprising" indicates the presence of described features, integers, steps, operations, elements, and/or components, but does not exclude one or more other features , Wholes, steps, operations, elements, components and/or their existence or addition.
还应当进一步理解,在本申请说明书和所附权利要求书中使用的术语“和/或”是指相关联列出的项中的一个或多个的任何组合以及所有可能组合,并且包括这些组合。It should also be further understood that the term "and/or" used in the specification of the present application and the appended claims refers to any and all possible combinations of one or more of the associated listed items and includes these combinations .
如在本说明书和所附权利要求书中所使用的那样,术语“如果”、“若”可以依据上下文被解释为“当...时”或“一旦”或“响应于确定”或“响应于检测到”。类似地,短语“如果确定”或“如果检测到[所描述条件或事件]”可以依据上下文被解释为意指“一旦确定”或“响应于确定”或“一旦检测到[所描述条件或事件]”或“响应于检测到[所描述条件或事件]”。As used in this specification and the appended claims, the terms "if" and "if" can be interpreted as "when" or "once" or "in response to a determination" or "response" depending on the context Detected". Similarly, the phrase "if determined" or "if [described condition or event] is detected" can be interpreted in the context to mean "once determined" or "in response to a determination" or "once detected [described condition or event ]" or "In response to detection of [the described condition or event]".
在介绍本申请实施例之前,先介绍本申请的一个应用场景。Before introducing the embodiments of the present application, an application scenario of the present application is introduced first.
在区块链技术中,可按照功能将联盟链中的节点分为应用层节点、中间层节点和区块链层节点,区块链层节点与应用层节点进行信息交互时需要以中间层节点作为媒介。区块链层由多个联盟链节点组成,中间层可以由多个中间件构成,每个区块链节点都可以通过中间件被应用层中的某个系统进行信息交互。换句话说,中间件可以看作是一个应用接口,通过中间件可以将两个系统进行通信连接。In blockchain technology, the nodes in the alliance chain can be divided into application layer nodes, intermediate layer nodes and blockchain layer nodes according to their functions. When the blockchain layer nodes interact with application layer nodes, they need to use intermediate layer nodes As a medium. The blockchain layer is composed of multiple alliance chain nodes, the middle layer can be composed of multiple middleware, and each blockchain node can be used for information exchange by a system in the application layer through the middleware. In other words, the middleware can be regarded as an application interface, through which the two systems can be connected for communication.
区块链节点首先要对中间件进行身份认证,身份认证通过后,区块链节点才可以与中间件进行信息交互。所以,本申请提出一种基于联盟链的身份认证方法,以实现对中间件进行可信身份认证。Blockchain nodes must first authenticate the middleware. After the identity authentication is passed, the blockchain nodes can interact with the middleware. Therefore, this application proposes an identity authentication method based on the alliance chain to implement trusted identity authentication for middleware.
为了说明本申请所述的技术方案,下面通过具体实施例来进行说明。In order to explain the technical solutions described in the present application, the following will be described with specific embodiments.
图1是本申请实施例提供的基于区块链的身份认证方法的实现流程示意图,本实施例中的方法应用于区块链中的第一节点,如图所示,所述方法可以包括以下步骤:FIG. 1 is a schematic diagram of an implementation process of a blockchain-based identity authentication method provided by an embodiment of the present application. The method in this embodiment is applied to a first node in a blockchain. As shown in the figure, the method may include the following step:
步骤S101,获取中间件的身份标识信息,并根据所述身份标识信息判断所述中间件是否与所述第一节点属于相同的区块链。Step S101: Obtain the identity identification information of the middleware, and determine whether the middleware belongs to the same blockchain as the first node according to the identity identification information.
在本申请实施例中,将联盟链中的节点分为两种,一种是管理员节点(即第一节点),一种是成员节点(即第二节点)。只有管理员节点才可以拥有智能合约的写入权限,所以,管理员节点负责区块链中中间件的身份标识信息的发布,而对于不再使用或不再安全的中间件,管理员节点可以吊销其身份标识信息,并通过智能合约写入区块链中。而成员节点在获得合约授权后,可以通过智能合约对中间件的身份标识信息进行验证,以及获取中间件的详细的身份标识信息,但是无权改写智能合约。In the embodiment of the present application, the nodes in the alliance chain are divided into two types, one is an administrator node (that is, a first node), and one is a member node (that is, a second node). Only the administrator node can have permission to write smart contracts. Therefore, the administrator node is responsible for publishing the identity information of middleware in the blockchain. For middleware that is no longer used or is no longer safe, the administrator node can Revoke its identity information and write it into the blockchain through a smart contract. After obtaining the contract authorization, the member nodes can verify the identity information of the middleware through the smart contract and obtain detailed identity information of the middleware, but they have no right to rewrite the smart contract.
智能合约可以部署在区块链中所有的节点上,也可以只部署在部分节点上,只有部署了智能合约的节点才能对外提供智能合约服务,即才能参与中间件的身份认证及信息交互。Smart contracts can be deployed on all nodes in the blockchain, or only on some nodes. Only nodes with smart contracts can provide smart contract services, that is, they can participate in middleware identity authentication and information interaction.
步骤S101-S103是区块链中的管理员节点(即第一节点)对中间件的身份认证过程。只有通过链管理员节点的身份认证,才可以将中间件的身份标识信息写入智能合约。Steps S101-S103 are the authentication process of the middleware by the administrator node (ie the first node) in the blockchain. Only through the identity authentication of the chain administrator node can the identity information of the middleware be written into the smart contract.
在一个实施例中,所述根据所述身份标识信息判断所述中间件是否与所述第一节点属于相同的区块链,包括:In one embodiment, the judging whether the middleware belongs to the same blockchain as the first node according to the identity identification information includes:
判断所述中间件的身份标识信息中的根证书是否与所述第一节点的身份标识信息中的根证书相同。Judging whether the root certificate in the identity information of the middleware is the same as the root certificate in the identity information of the first node.
若所述中间件的身份标识信息中的根证书与所述第一节点的身份标识信息中的根证书相同,则判定所述中间件与所述第一节点属于相同的区块链。If the root certificate in the identity information of the middleware is the same as the root certificate in the identity information of the first node, it is determined that the middleware and the first node belong to the same blockchain.
步骤S102,若所述中间件与所述第一节点属于相同的区块链,则将所述中间件的身份标识信息写入智能合约,并监测区块链中第二节点的授权请求。Step S102: If the middleware and the first node belong to the same blockchain, write the identity information of the middleware into a smart contract, and monitor the authorization request of the second node in the blockchain.
这里,中间件节点的身份标识信息可以是代表该组织的根CA签发的一个数字证书。一个组织创建一个根CA并以根证书作为组织的识别方法,根CA可以对中间件签发一张身份证书,上面包含该中间件的身份标识信息,如名称、类型、描述等。同样的,代表组织的根CA也可以对区块链节点签发一张身份证书。由同一根CA签发身份证书的节点属于同一个联盟链组织成员。Here, the identity identification information of the middleware node may be a digital certificate issued on behalf of the root CA of the organization. An organization creates a root CA and uses the root certificate as the identification method of the organization. The root CA can issue an identity certificate to the middleware, which contains the identity information of the middleware, such as name, type, and description. Similarly, the root CA representing the organization can also issue an identity certificate to the blockchain nodes. Nodes whose identity certificates are issued by the same root CA belong to the same alliance chain organization member.
在一个实施例中,在将所述中间件的身份标识信息写入智能合约之后,还包括:In one embodiment, after the identity information of the middleware is written into the smart contract, the method further includes:
判断所述中间件在预设时间内的使用次数是否小于预设次数,并判断所述中间件的安全等级是否小于预设等级。It is determined whether the number of times the middleware is used within a preset time is less than the preset number of times, and whether the security level of the middleware is less than the preset level.
若所述中间件在预设时间内的使用次数小于预设次数,或者所述中间件的安全等级小于预设等级,则判定所述中间件为无效中间件,从所述智能合约中将所述无效中间件的身份标识信息删除得到更新后的智能合约。If the number of times the middleware is used within a preset time is less than the preset number of times, or the security level of the middleware is less than the preset level, it is determined that the middleware is invalid middleware. The identification information of the invalid middleware is deleted and the updated smart contract is deleted.
这一实施例是用于判断中间件是否有效,如果中间件的使用次数过少,说明该中间件不常用或很少被用到,如果中间件的安全等级小于预设等级,说明该中间件不安全。中间件使用次数过少或者不安全,都将被判定为无效中间件。对中间件的无效的监测,可以提高联盟链中的中间件的可靠性。This embodiment is used to determine whether the middleware is effective. If the middleware is used too few times, it means that the middleware is not commonly used or rarely used. If the security level of the middleware is less than the preset level, it means that the middleware Not safe. Middleware used too few times or unsafe will be judged as invalid middleware. Monitoring the invalidity of middleware can improve the reliability of middleware in the alliance chain.
在一个实施例中,所述将智能合约发送至所述第二节点,包括:In one embodiment, the sending the smart contract to the second node includes:
将所述更新后的智能合约发送至所述第二节点。Sending the updated smart contract to the second node.
步骤S103,若监测到所述第二节点的授权请求,则对所述第二节点进行智能合约的授权,并将智能合约发送至所述第二节点,所述智能合约用于指示所述第二节点根据所述智能合约对所述中间件进行身份认证。Step S103, if the authorization request of the second node is monitored, the second node is authorized with a smart contract, and the smart contract is sent to the second node, and the smart contract is used to indicate the first The two nodes authenticate the middleware according to the smart contract.
在实际应用中,区块链的管理员节点可以在收到成员节点的授权请求后对该成员节点进行合约授权,也可以自行对区块链中的成员节点进行合约授权。In practical applications, the administrator node of the blockchain can perform contract authorization on the member node after receiving the authorization request from the member node, or it can perform contract authorization on the member nodes in the blockchain on its own.
图2是本申请又一实施例提供的基于区块链的身份认证方法的实现流程示意图,本实施例中的方法应用于区块链中的第二节点,如图所示,所述方法可以包括以下步骤:2 is a schematic diagram of an implementation process of a blockchain-based identity authentication method provided by another embodiment of the present application. The method in this embodiment is applied to the second node in the blockchain. As shown in the figure, the method may It includes the following steps:
步骤S201,向区块链中的第一节点发送授权请求,所述授权请求用于指示所述第一节点对所述第二节点进行智能合约的授权。Step S201: Send an authorization request to the first node in the blockchain, where the authorization request is used to instruct the first node to authorize the second node for a smart contract.
步骤S201-S204是区块链中的成员节点(即第二节点)对中间件的身份认证过程,只有经过了成员节点的认证,成员节点才能与中间件进行数据交互。Steps S201-S204 are the identity authentication process of the middleware by the member nodes (ie, the second node) in the blockchain. Only after the member nodes are authenticated can the member nodes interact with the middleware.
在一个实施例中,所述向区块链中的第一节点发送授权请求,包括:In one embodiment, the sending an authorization request to the first node in the blockchain includes:
从所述区块链的创世块中获取管理员列表,并分别统计与所述管理员列表中的每个第一节点之间的历史通信次数,所述管理员列表中包括所述区块链中所有第一节点。Obtain an administrator list from the genesis block of the blockchain, and separately count the number of historical communications with each first node in the administrator list. The administrator list includes the block All first nodes in the chain.
按照所述历史通信次数由多到少的顺序,选择一个第一节点,并向该第一节点发送授权请求。According to the order of the number of historical communication times, select a first node and send an authorization request to the first node.
通信次数越多,说明成员节点与该管理员节点的互动性越高,进一步说明它们之间的通信成功率较高。The more communication times, the higher the interaction between the member node and the administrator node, and the higher the success rate of communication between them.
在一个实施例中,所述向区块链中的第一节点发送授权请求,还包括:In one embodiment, the sending an authorization request to the first node in the blockchain further includes:
分别计算与所述区块链中每个第三节点之间的通信效率,所述第三节点为所述区块链中除当前第二节点外的节点。The communication efficiency with each third node in the blockchain is calculated separately, and the third node is a node in the blockchain other than the current second node.
按照通信效率由高到低的顺序,选择一个节点作为待选节点。According to the order of communication efficiency from high to low, select a node as the candidate node.
获取所述待选节点的数字证书的扩展项信息,并判断所述扩展项信息中是否包含管理员标识信息。Obtain the extension item information of the digital certificate of the node to be selected, and determine whether the extension item information includes administrator identification information.
若所述扩展项信息中包含管理员标识信息,则将所述待选节点作为第一节点,并向该第一节点发送授权请求。If the extension item information includes administrator identification information, the node to be selected is used as the first node, and an authorization request is sent to the first node.
在实际应用中,一般是将具有管理员身份的节点写入创世块的管理员列表中。而管理员身份可以以管理员标识信息的方式标注在节点的数字证书的扩展项信息中,这样就可以通过区块链节点的数字证书的扩展项信息中的管理员标识信息来判断该节点的管理员身份。In practical applications, the node with administrator status is generally written into the administrator list of the genesis block. The administrator identity can be marked in the extension information of the digital certificate of the node in the form of administrator identification information, so that the node's status can be judged by the administrator identification information in the extension information of the digital certificate of the blockchain node Administrator status.
通信效率较高说明通信质量较高,或者通信距离较近。选择通信效率较高的管理员节点,有利于提高授权的成功率。Higher communication efficiency means higher communication quality or closer communication distance. Choosing an administrator node with higher communication efficiency is helpful to improve the success rate of authorization.
步骤S202,在获得所述第一节点的智能合约的授权之后,接收所述第一节点发送的智能合约,并加载安装所述智能合约。Step S202: After obtaining the authorization of the smart contract of the first node, receive the smart contract sent by the first node, and load and install the smart contract.
只有加载了智能合约的第二节点才能对外提供智能合约服务,即才能参与中间件的身份认证及信息交互。Only the second node loaded with the smart contract can provide smart contract services to the outside, that is, it can participate in the identity authentication and information exchange of the middleware.
步骤S203,在监测到中间件的通信请求后,获取所述中间件的身份标识信息,并根据所述智能合约对所述中间件的身份标识信息进行认证。Step S203: After monitoring the communication request of the middleware, obtain the identity identification information of the middleware, and authenticate the identity identification information of the middleware according to the smart contract.
在一个实施例中,所述根据所述智能合约对所述中间件的身份标识信息进行认证,包括:In one embodiment, the authentication of the identity information of the middleware according to the smart contract includes:
在所述智能合约中查找是否存在所述中间件的身份标识信息。Find whether there is identification information of the middleware in the smart contract.
若所述智能合约中存在所述中间件的身份标识信息,则判断所述中间件的身份标识信息中的根证书是否与所述第二节点的身份标识信息中的根证书相同。If the identity identification information of the middleware exists in the smart contract, it is determined whether the root certificate in the identity identification information of the middleware is the same as the root certificate in the identity identification information of the second node.
如果所述中间件的身份标识信息中的根证书与所述第二节点的身份标识信息中的根证书相同,则对所述中间件的身份标识信息的认证成功。If the root certificate in the identity identification information of the middleware is the same as the root certificate in the identity identification information of the second node, the authentication of the identity identification information of the middleware is successful.
步骤S204,如果对所述中间件的身份标识信息的认证通过,则与所述中间件建立通信连接。Step S204, if the authentication of the identity identification information of the middleware is passed, establish a communication connection with the middleware.
本申请实施例中通过区块链中的第一节点获取中间件的身份标识信息,若该中间件与第一节点属于相同的区块链,则将中间件的身份标识信息写入智能合约,通过上述方法能够实现对中间件的第一重身份认证;在监测到区块链中第二季点到授权请求后,对第二节点进行智能合约的授权,以使第二节点能够根据智能合约对中间件进行身份认证,以此实现对中间件的第二重身份认证。通过上述方法,使得区块链中节点能够对中间件进行可信身份认证,并且双重认证过程有效提高了对中间件认证的可靠性。In the embodiment of the present application, the identity information of the middleware is obtained through the first node in the blockchain. If the middleware and the first node belong to the same blockchain, the identity information of the middleware is written into the smart contract. Through the above method, the first identity authentication of the middleware can be achieved; after monitoring the second quarter point in the blockchain to the authorization request, the second node is authorized by the smart contract, so that the second node can be based on the smart contract Identity authentication is performed on the middleware to realize the second identity authentication on the middleware. Through the above method, the nodes in the blockchain can perform trusted identity authentication on the middleware, and the double authentication process effectively improves the reliability of the middleware authentication.
应理解,上述实施例中各步骤的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。It should be understood that the size of the sequence numbers of the steps in the above embodiments does not mean the order of execution, and the execution order of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of the present application.
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上述各功能单元、模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元、模块完成,即将所述装置的内部结构划分成不同的功能单元或模块,以完成以上描述的全部或者部分功能。实施例中的各功能单元、模块可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中,上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。另外,各功能单元、模块的具体名称也只是为了便于相互区分,并不用于限制本申请的保护范围。上述系统中单元、模块的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for convenience and conciseness of description, only the above-mentioned division of each functional unit and module is used as an example for illustration. In practical applications, the above-mentioned functions may be allocated by different functional units, Module completion means that the internal structure of the device is divided into different functional units or modules to complete all or part of the functions described above. The functional units and modules in the embodiments may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above integrated unit may use hardware It can also be implemented in the form of software functional units. In addition, the specific names of each functional unit and module are only for the purpose of distinguishing each other, and are not used to limit the protection scope of the present application. For the specific working processes of the units and modules in the above system, reference may be made to the corresponding processes in the foregoing method embodiments, which will not be repeated here.
图3是本申请实施例提供的终端设备的示意图。如图3所示,该实施例的终端设备3包括:处理器30、存储器31以及存储在所述存储器31中并可在所述处理器30上运行的计算机可读指令32。所述处理器30执行所述计算机可读指令32时实现上述各个基于区块链的身份认证方法实施例中的步骤,例如图1所示的步骤S101至S103。FIG. 3 is a schematic diagram of a terminal device provided by an embodiment of the present application. As shown in FIG. 3, the terminal device 3 of this embodiment includes: a processor 30, a memory 31, and computer-readable instructions 32 stored in the memory 31 and executable on the processor 30. When the processor 30 executes the computer-readable instructions 32, the steps in the above embodiments of each blockchain-based identity authentication method are implemented, for example, steps S101 to S103 shown in FIG. 1.
示例性的,所述计算机可读指令32可以被分割成一个或多个模块/单元,所述一个或者多个模块/单元被存储在所述存储器31中,并由所述处理器30执行,以完成本申请。所述一个或多个模块/单元可以是能够完成特定功能的一系列计算机可读指令的指令段,该指令段用于描述所述计算机可读指令32在所述终端设备3中的执行过程。例如,所述计算机可读指令32可以被分割成获取单元、写入单元、授权单元,各单元具体功能如下:Exemplarily, the computer-readable instructions 32 may be divided into one or more modules/units, the one or more modules/units are stored in the memory 31 and executed by the processor 30, To complete this application. The one or more modules/units may be an instruction segment of a series of computer-readable instructions capable of performing specific functions, and the instruction segment is used to describe the execution process of the computer-readable instructions 32 in the terminal device 3. For example, the computer-readable instructions 32 may be divided into an acquisition unit, a writing unit, and an authorization unit. The specific functions of each unit are as follows:
获取单元,用于获取中间件的身份标识信息,并根据所述身份标识信息判断所述中间件是否与所述第一节点属于相同的区块链。The acquiring unit is used to acquire the identity identification information of the middleware, and determine whether the middleware belongs to the same blockchain as the first node according to the identity identification information.
写入单元,用于若所述中间件与所述第一节点属于相同的区块链,则将所述中间件的身份标识信息写入智能合约,并监测区块链中第二节点的授权请求。Write unit, used to write the identity information of the middleware to the smart contract if the middleware and the first node belong to the same blockchain, and monitor the authorization of the second node in the blockchain request.
授权单元,用于若监测到所述第二节点的授权请求,则对所述第二节点进行智能合约的授权,并将智能合约发送至所述第二节点,所述智能合约用于指示所述第二节点根据所述智能合约对所述中间件进行身份认证。The authorization unit is configured to authorize the second node for a smart contract and send the smart contract to the second node if the authorization request of the second node is monitored, and the smart contract is used to indicate The second node authenticates the middleware according to the smart contract.
可选的,所述获取单元包括:Optionally, the acquiring unit includes:
第一判断模块,用于判断所述中间件的身份标识信息中的根证书是否与所述第一节点的身份标识信息中的根证书相同。The first judgment module is used to judge whether the root certificate in the identity identification information of the middleware is the same as the root certificate in the identity identification information of the first node.
第一判定模块,用于若所述中间件的身份标识信息中的根证书与所述第一节点的身份标识信息中的根证书相同,则判定所述中间件与所述第一节点属于相同的区块链。A first determining module, configured to determine that the middleware and the first node belong to the same if the root certificate in the identity information of the middleware is the same as the root certificate in the identity information of the first node Blockchain.
可选的,所述计算机存储介质还包括:Optionally, the computer storage medium further includes:
判断单元,用于在将所述中间件的身份标识信息写入智能合约之后,判断所述中间件在预设时间内的使用次数是否小于预设次数,并判断所述中间件的安全等级是否小于预设等级。The judging unit is used to judge whether the number of times the middleware is used within a preset time is less than the preset number after writing the identity identification information of the middleware into the smart contract, and judge whether the security level of the middleware is Less than the preset level.
判定单元,用于若所述中间件在预设时间内的使用次数小于预设次数,或者所述中间件的安全等级小于预设等级,则判定所述中间件为无效中间件,从所述智能合约中将所述无效中间件的身份标识信息删除得到更新后的智能合约。The determining unit is configured to determine that the middleware is an invalid middleware if the number of times the middleware is used within a preset time is less than a preset number of times, or the security level of the middleware is less than a preset level. In the smart contract, the identification information of the invalid middleware is deleted to obtain the updated smart contract.
可选的,所述授权单元包括:Optionally, the authorization unit includes:
发送模块,用于将所述更新后的智能合约发送至所述第二节点。A sending module, configured to send the updated smart contract to the second node.
图4是本申请实施例提供的终端设备的示意图。如图4所示,该实施例的终端设备4包括:处理器40、存储器41以及存储在所述存储器41中并可在所述处理器40上运行的计算机可读指令42。所述处理器40执行所述计算机可读指令42时实现上述各个基于区块链的身份认证方法实施例中的步骤,例如图2所示的步骤S201至S204。4 is a schematic diagram of a terminal device provided by an embodiment of the present application. As shown in FIG. 4, the terminal device 4 of this embodiment includes: a processor 40, a memory 41, and computer-readable instructions 42 stored in the memory 41 and executable on the processor 40. When the processor 40 executes the computer-readable instructions 42, the steps in the above embodiments of each blockchain-based identity authentication method are implemented, for example, steps S201 to S204 shown in FIG. 2.
示例性的,所述计算机可读指令42可以被分割成一个或多个模块/单元,所述一个或者多个模块/单元被存储在所述存储器41中,并由所述处理器40执行,以完成本申请。所述一个或多个模块/单元可以是能够完成特定功能的一系列计算机可读指令的指令段,该指令段用于描述所述计算机可读指令42在所述终端设备4中的执行过程。例如,所述计算机可读指令42可以被分割成发送单元、接收单元、认证单元、通信单元,各单元具体功能如下:Exemplarily, the computer-readable instructions 42 may be divided into one or more modules/units, the one or more modules/units are stored in the memory 41, and executed by the processor 40, To complete this application. The one or more modules/units may be an instruction segment of a series of computer-readable instructions capable of performing specific functions, and the instruction segment is used to describe the execution process of the computer-readable instructions 42 in the terminal device 4. For example, the computer-readable instructions 42 can be divided into a sending unit, a receiving unit, an authentication unit, and a communication unit. The specific functions of each unit are as follows:
发送单元,用于向区块链中的第一节点发送授权请求,所述授权请求用于指示所述第一节点对所述第二节点进行智能合约的授权。The sending unit is configured to send an authorization request to the first node in the blockchain, and the authorization request is used to instruct the first node to authorize the second node for the smart contract.
接收单元,用于在获得所述第一节点的智能合约的授权之后,接收所述第一节点发送的智能合约,并加载安装所述智能合约。The receiving unit is configured to receive the smart contract sent by the first node after obtaining the authorization of the smart contract of the first node, and load and install the smart contract.
认证单元,用于在监测到中间件的通信请求后,获取所述中间件的身份标识信息,并根据所述智能合约对所述中间件的身份标识信息进行认证。The authentication unit is used for acquiring the identity identification information of the middleware after monitoring the communication request of the middleware, and authenticating the identity identification information of the middleware according to the smart contract.
通信单元,用于如果对所述中间件的身份标识信息的认证通过,则与所述中间件建立通信连接。The communication unit is configured to establish a communication connection with the middleware if the authentication of the identity information of the middleware is passed.
可选的,所述发送单元包括:Optionally, the sending unit includes:
统计模块,用于从所述区块链的创世块中获取管理员列表,并分别统计与所述管理员列表中的每个第一节点之间的历史通信次数,所述管理员列表中包括所述区块链中所有第一节点。The statistics module is used to obtain an administrator list from the genesis block of the blockchain, and separately count the historical communication times with each first node in the administrator list. Including all the first nodes in the blockchain.
第一选择模块,用于按照所述历史通信次数由多到少的顺序,选择一个第一节点,并向该第一节点发送授权请求。The first selection module is used to select a first node according to the order of the historical communication times from more to less and send an authorization request to the first node.
可选的,所述发送单元还包括:Optionally, the sending unit further includes:
计算模块,用于分别计算与所述区块链中每个第三节点之间的通信效率,所述第三节点为所述区块链中除当前第二节点外的节点。The calculation module is used to separately calculate the communication efficiency with each third node in the blockchain, and the third node is a node other than the current second node in the blockchain.
第二选择模块,用于按照通信效率由高到低的顺序,选择一个节点作为待选节点。The second selection module is used to select a node as the candidate node according to the order of communication efficiency from high to low.
获取模块,用于获取所述待选节点的数字证书的扩展项信息,并判断所述扩展项信息中是否包含管理员标识信息。The obtaining module is used to obtain the extended item information of the digital certificate of the node to be selected, and determine whether the extended item information includes administrator identification information.
发送模块,用于若所述扩展项信息中包含管理员标识信息,则将所述待选节点作为第一节点,并向该第一节点发送授权请求。The sending module is configured to use the node to be selected as the first node and send an authorization request to the first node if the extension item information includes administrator identification information.
可选的,所述认证单元包括:Optionally, the authentication unit includes:
查找模块,用于在所述智能合约中查找是否存在所述中间件的身份标识信息。A search module is used to search for the existence of the identity information of the middleware in the smart contract.
第二判断模块,用于若所述智能合约中存在所述中间件的身份标识信息,则判断所述中间件的身份标识信息中的根证书是否与所述第二节点的身份标识信息中的根证书相同。The second judgment module is used to judge whether the root certificate in the middleware's identity information and the second node's identity information in the smart contract if the middleware's identity information exists in the smart contract The root certificate is the same.
第二判定模块,用于如果所述中间件的身份标识信息中的根证书与所述第二节点的身份标识信息中的根证书相同,则对所述中间件的身份标识信息的认证成功。The second determination module is used to authenticate the identity identification information of the middleware if the root certificate in the identity identification information of the middleware is the same as the root certificate in the identity identification information of the second node.
所述终端设备3/4可以是桌上型计算机、笔记本、掌上电脑及云端服务器等计算设备。所述终端设备可包括,但不仅限于,处理器、存储器。本领域技术人员可以理解,图3/4仅仅是终端设备3/4的示例,并不构成对终端设备3/4的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如所述终端设备还可以包括输入输出设备、网络接入设备、总线等。The terminal device 3/4 may be a computing device such as a desktop computer, a notebook, a palmtop computer and a cloud server. The terminal device may include, but is not limited to, a processor and a memory. Those skilled in the art may understand that FIG. 3/4 is only an example of the terminal device 3/4, and does not constitute a limitation on the terminal device 3/4, and may include more or less components than the illustration, or a combination Components, or different components, for example, the terminal device may further include an input output device, a network access device, a bus, and the like.
所称处理器可以是中央处理单元(Central Processing Unit,CPU),还可以是其他通用处理器、数字信号处理器 (Digital Signal Processor,DSP)、专用集成电路 (Application Specific Integrated Circuit,ASIC)、现成可编程门阵列 (Field-Programmable Gate Array,FPGA) 或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The so-called processor may be a central processing unit (Central Processing Unit, CPU) or other general-purpose processors or digital signal processors (Digital Signal Processor, DSP), Application Specific Integrated Circuit (ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
所述存储器可以是所述终端设备3/4的内部存储单元,例如终端设备3/4的硬盘或内存。所述存储器也可以是所述终端设备3/4的外部存储设备,例如所述终端设备3/4上配备的插接式硬盘,智能存储卡(Smart Media Card, SMC),安全数字(Secure Digital, SD)卡,闪存卡(Flash Card)等。进一步地,所述存储器还可以既包括所述终端设备3/4的内部存储单元也包括外部存储设备。所述存储器用于存储所述计算机可读指令以及所述终端设备所需的其他程序和数据。所述存储器还可以用于暂时地存储已经输出或者将要输出的数据。The memory may be an internal storage unit of the terminal device 3/4, for example, a hard disk or a memory of the terminal device 3/4. The memory may also be an external storage device of the terminal device 3/4, for example, a plug-in hard disk equipped on the terminal device 3/4, a smart memory card (Smart Media Card, SMC), or secure digital (Secure Digital) , SD) card, flash memory card (Flash Card) etc. Further, the memory may include both an internal storage unit of the terminal device 3/4 and an external storage device. The memory is used to store the computer-readable instructions and other programs and data required by the terminal device. The memory can also be used to temporarily store data that has been or will be output.
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述或记载的部分,可以参见其它实施例的相关描述。In the above embodiments, the description of each embodiment has its own emphasis. For a part that is not detailed or recorded in an embodiment, you can refer to the related descriptions of other embodiments.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。Those of ordinary skill in the art may realize that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are executed in hardware or software depends on the specific application of the technical solution and design constraints. Professional technicians can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application.
在本申请所提供的实施例中,应该理解到,所揭露的装置/终端设备和方法,可以通过其它的方式实现。例如,以上所描述的装置/终端设备实施例仅仅是示意性的,例如,所述模块或单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通讯连接可以是通过一些接口,装置或单元的间接耦合或通讯连接,可以是电性,机械或其它的形式。In the embodiments provided in this application, it should be understood that the disclosed device/terminal device and method may be implemented in other ways. For example, the device/terminal device embodiments described above are only schematic. For example, the division of the module or unit is only a logical function division, and in actual implementation, there may be another division manner, such as multiple units Or components can be combined or integrated into another system, or some features can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above integrated unit may be implemented in the form of hardware or software functional unit.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机可读指令来指令相关的硬件来完成,所述的计算机可读指令可存储于一计算机可读取存储介质中,该计算机可读指令在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink) DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。A person of ordinary skill in the art may understand that all or part of the processes in the method of the foregoing embodiments may be completed by instructing relevant hardware through computer-readable instructions, and the computer-readable instructions may be stored in a computer-readable storage In the medium, when the computer-readable instructions are executed, the processes of the foregoing method embodiments may be included. Wherein, any reference to the memory, storage, database or other media used in the embodiments provided in this application may include non-volatile and/or volatile memory. Non-volatile memory may include read-only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory can include random access memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
以上所述实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围,均应包含在本申请的保护范围之内。The above-mentioned embodiments are only used to illustrate the technical solutions of the present application, not to limit them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that they can still implement the foregoing The technical solutions described in the examples are modified, or some of the technical features are equivalently replaced; and these modifications or replacements do not deviate from the spirit and scope of the technical solutions of the embodiments of the present application. Within the scope of protection of this application.

Claims (20)

  1. 一种基于区块链的身份认证方法,其特征在于,应用于区块链中的第一节点,所述方法包括:A block chain-based identity authentication method is characterized by being applied to the first node in the block chain. The method includes:
    获取中间件的身份标识信息,并根据所述身份标识信息判断所述中间件是否与所述第一节点属于相同的区块链;Obtain the identity identification information of the middleware, and determine whether the middleware belongs to the same blockchain as the first node according to the identity identification information;
    若所述中间件与所述第一节点属于相同的区块链,则将所述中间件的身份标识信息写入智能合约,并监测区块链中第二节点的授权请求;If the middleware and the first node belong to the same blockchain, write the identity information of the middleware into a smart contract, and monitor the authorization request of the second node in the blockchain;
    若监测到所述第二节点的授权请求,则对所述第二节点进行智能合约的授权,并将智能合约发送至所述第二节点,所述智能合约用于指示所述第二节点根据所述智能合约对所述中间件进行身份认证。If the authorization request of the second node is monitored, the second node is authorized by a smart contract and the smart contract is sent to the second node, and the smart contract is used to instruct the second node to The smart contract authenticates the middleware.
  2. 如权利要求1所述的基于区块链的身份认证方法,其特征在于,所述根据所述身份标识信息判断所述中间件是否与所述第一节点属于相同的区块链,包括:The blockchain-based identity authentication method according to claim 1, wherein the determining whether the middleware belongs to the same blockchain as the first node according to the identity identification information includes:
    判断所述中间件的身份标识信息中的根证书是否与所述第一节点的身份标识信息中的根证书相同;Determine whether the root certificate in the identity identification information of the middleware is the same as the root certificate in the identity identification information of the first node;
    若所述中间件的身份标识信息中的根证书与所述第一节点的身份标识信息中的根证书相同,则判定所述中间件与所述第一节点属于相同的区块链。If the root certificate in the identity information of the middleware is the same as the root certificate in the identity information of the first node, it is determined that the middleware and the first node belong to the same blockchain.
  3. 如权利要求1所述的基于区块链的身份认证方法,其特征在于,在将所述中间件的身份标识信息写入智能合约之后,还包括:The blockchain-based identity authentication method according to claim 1, wherein after writing the identity information of the middleware into the smart contract, the method further includes:
    判断所述中间件在预设时间内的使用次数是否小于预设次数,并判断所述中间件的安全等级是否小于预设等级;Determine whether the number of times the middleware is used within a preset time is less than the preset number, and determine whether the security level of the middleware is less than the preset level;
    若所述中间件在预设时间内的使用次数小于预设次数,或者所述中间件的安全等级小于预设等级,则判定所述中间件为无效中间件,从所述智能合约中将所述无效中间件的身份标识信息删除得到更新后的智能合约;If the number of times the middleware is used within a preset time is less than the preset number of times, or the security level of the middleware is less than the preset level, it is determined that the middleware is invalid middleware. The smart contract with the updated ID information of the invalid middleware is deleted;
    所述将智能合约发送至所述第二节点,包括:The sending the smart contract to the second node includes:
    将所述更新后的智能合约发送至所述第二节点。Sending the updated smart contract to the second node.
  4. 一种基于区块链的身份认证方法,其特征在于,应用于区块链中的第二节点,所述方法包括:A block chain-based identity authentication method is characterized in that it is applied to the second node in the block chain. The method includes:
    向区块链中的第一节点发送授权请求,所述授权请求用于指示所述第一节点对所述第二节点进行智能合约的授权;Send an authorization request to the first node in the blockchain, where the authorization request is used to instruct the first node to authorize the second node for a smart contract;
    在获得所述第一节点的智能合约的授权之后,接收所述第一节点发送的智能合约,并加载安装所述智能合约;After obtaining the authorization of the smart contract of the first node, receive the smart contract sent by the first node, and load and install the smart contract;
    在监测到中间件的通信请求后,获取所述中间件的身份标识信息,并根据所述智能合约对所述中间件的身份标识信息进行认证;After monitoring the communication request of the middleware, obtain the identity identification information of the middleware, and authenticate the identity identification information of the middleware according to the smart contract;
    如果对所述中间件的身份标识信息的认证通过,则与所述中间件建立通信连接。If the authentication of the identity identification information of the middleware is passed, a communication connection is established with the middleware.
  5. 如权利要求4所述的基于区块链的身份认证方法,其特征在于,所述向区块链中的第一节点发送授权请求,包括:The blockchain-based identity authentication method according to claim 4, wherein the sending an authorization request to the first node in the blockchain includes:
    从所述区块链的创世块中获取管理员列表,并分别统计与所述管理员列表中的每个第一节点之间的历史通信次数,所述管理员列表中包括所述区块链中所有第一节点;Obtain an administrator list from the genesis block of the blockchain, and separately count the number of historical communications with each first node in the administrator list. The administrator list includes the block All first nodes in the chain;
    按照所述历史通信次数由多到少的顺序,选择一个第一节点,并向该第一节点发送授权请求。According to the order of the number of historical communication times, select a first node and send an authorization request to the first node.
  6. 如权利要求4所述的基于区块链的身份认证方法,其特征在于,所述向区块链中的第一节点发送授权请求,还包括:The blockchain-based identity authentication method according to claim 4, wherein the sending an authorization request to the first node in the blockchain further comprises:
    分别计算与所述区块链中每个第三节点之间的通信效率,所述第三节点为所述区块链中除当前第二节点外的节点;Calculate the communication efficiency with each third node in the blockchain separately, the third node is a node in the blockchain other than the current second node;
    按照通信效率由高到低的顺序,选择一个节点作为待选节点;According to the order of communication efficiency from high to low, select a node as the candidate node;
    获取所述待选节点的数字证书的扩展项信息,并判断所述扩展项信息中是否包含管理员标识信息;Obtain the expansion item information of the digital certificate of the node to be selected, and determine whether the expansion item information includes administrator identification information;
    若所述扩展项信息中包含管理员标识信息,则将所述待选节点作为第一节点,并向该第一节点发送授权请求。If the extension item information includes administrator identification information, the node to be selected is used as the first node, and an authorization request is sent to the first node.
  7. 如权利要求4所述的基于区块链的身份认证方法,其特征在于,所述根据所述智能合约对所述中间件的身份标识信息进行认证,包括:The blockchain-based identity authentication method according to claim 4, wherein the authenticating the identity information of the middleware according to the smart contract includes:
    在所述智能合约中查找是否存在所述中间件的身份标识信息;Searching whether the identity information of the middleware exists in the smart contract;
    若所述智能合约中存在所述中间件的身份标识信息,则判断所述中间件的身份标识信息中的根证书是否与所述第二节点的身份标识信息中的根证书相同;If the identity identification information of the middleware exists in the smart contract, determine whether the root certificate in the identity identification information of the middleware is the same as the root certificate in the identity identification information of the second node;
    如果所述中间件的身份标识信息中的根证书与所述第二节点的身份标识信息中的根证书相同,则对所述中间件的身份标识信息的认证成功。If the root certificate in the identity identification information of the middleware is the same as the root certificate in the identity identification information of the second node, the authentication of the identity identification information of the middleware is successful.
  8. 一种计算机可读存储介质,所述计算机可读存储介质存储有计算机可读指令,其特征在于,所述计算机可读指令被处理器执行时实现下步骤:A computer-readable storage medium, the computer-readable storage medium stores computer-readable instructions, characterized in that, when the computer-readable instructions are executed by a processor, the following steps are realized:
    获取中间件的身份标识信息,并根据所述身份标识信息判断所述中间件是否与所述第一节点属于相同的区块链;Obtain the identity identification information of the middleware, and determine whether the middleware belongs to the same blockchain as the first node according to the identity identification information;
    若所述中间件与所述第一节点属于相同的区块链,则将所述中间件的身份标识信息写入智能合约,并监测区块链中第二节点的授权请求;If the middleware and the first node belong to the same blockchain, write the identity information of the middleware into a smart contract, and monitor the authorization request of the second node in the blockchain;
    若监测到所述第二节点的授权请求,则对所述第二节点进行智能合约的授权,并将智能合约发送至所述第二节点,所述智能合约用于指示所述第二节点根据所述智能合约对所述中间件进行身份认证。If the authorization request of the second node is monitored, the second node is authorized by a smart contract and the smart contract is sent to the second node, and the smart contract is used to instruct the second node to The smart contract authenticates the middleware.
  9. 如权利要求8所述的计算机可读存储介质,其特征在于,所述根据所述身份标识信息判断所述中间件是否与所述第一节点属于相同的区块链,包括:The computer-readable storage medium according to claim 8, wherein the judging whether the middleware belongs to the same blockchain as the first node according to the identification information includes:
    判断所述中间件的身份标识信息中的根证书是否与所述第一节点的身份标识信息中的根证书相同;Determine whether the root certificate in the identity identification information of the middleware is the same as the root certificate in the identity identification information of the first node;
    若所述中间件的身份标识信息中的根证书与所述第一节点的身份标识信息中的根证书相同,则判定所述中间件与所述第一节点属于相同的区块链。If the root certificate in the identity information of the middleware is the same as the root certificate in the identity information of the first node, it is determined that the middleware and the first node belong to the same blockchain.
  10. 如权利要求8所述的计算机可读存储介质,其特征在于,在将所述中间件的身份标识信息写入智能合约之后,还包括:The computer-readable storage medium according to claim 8, wherein after writing the identity information of the middleware into the smart contract, the method further comprises:
    判断所述中间件在预设时间内的使用次数是否小于预设次数,并判断所述中间件的安全等级是否小于预设等级;Determine whether the number of times the middleware is used within a preset time is less than the preset number, and determine whether the security level of the middleware is less than the preset level;
    若所述中间件在预设时间内的使用次数小于预设次数,或者所述中间件的安全等级小于预设等级,则判定所述中间件为无效中间件,从所述智能合约中将所述无效中间件的身份标识信息删除得到更新后的智能合约;If the number of times the middleware is used within a preset time is less than the preset number, or the security level of the middleware is less than the preset level, the middleware is determined to be invalid middleware, and all The smart contract with the updated ID information of the invalid middleware is deleted;
    所述将智能合约发送至所述第二节点,包括:The sending the smart contract to the second node includes:
    将所述更新后的智能合约发送至所述第二节点。Sending the updated smart contract to the second node.
  11. 一种计算机可读存储介质,所述计算机可读存储介质存储有计算机可读指令,其特征在于,所述计算机可读指令被处理器执行时实现下步骤:A computer-readable storage medium, the computer-readable storage medium stores computer-readable instructions, characterized in that, when the computer-readable instructions are executed by a processor, the following steps are realized:
    向区块链中的第一节点发送授权请求,所述授权请求用于指示所述第一节点对所述第二节点进行智能合约的授权;Send an authorization request to the first node in the blockchain, where the authorization request is used to instruct the first node to authorize the second node for a smart contract;
    在获得所述第一节点的智能合约的授权之后,接收所述第一节点发送的智能合约,并加载安装所述智能合约;After obtaining the authorization of the smart contract of the first node, receive the smart contract sent by the first node, and load and install the smart contract;
    在监测到中间件的通信请求后,获取所述中间件的身份标识信息,并根据所述智能合约对所述中间件的身份标识信息进行认证;After monitoring the communication request of the middleware, obtain the identity identification information of the middleware, and authenticate the identity identification information of the middleware according to the smart contract;
    如果对所述中间件的身份标识信息的认证通过,则与所述中间件建立通信连接。If the authentication of the identity identification information of the middleware is passed, a communication connection is established with the middleware.
  12. 如权利要求11所述的计算机可读存储介质,其特征在于,所述向区块链中的第一节点发送授权请求,包括:The computer-readable storage medium of claim 11, wherein the sending an authorization request to the first node in the blockchain includes:
    从所述区块链的创世块中获取管理员列表,并分别统计与所述管理员列表中的每个第一节点之间的历史通信次数,所述管理员列表中包括所述区块链中所有第一节点;Obtain an administrator list from the genesis block of the blockchain, and separately count the number of historical communications with each first node in the administrator list. The administrator list includes the block All first nodes in the chain;
    按照所述历史通信次数由多到少的顺序,选择一个第一节点,并向该第一节点发送授权请求。According to the order of the number of historical communication times, select a first node and send an authorization request to the first node.
  13. 如权利要求11所述的计算机可读存储介质,其特征在于,所述向区块链中的第一节点发送授权请求,还包括:The computer-readable storage medium of claim 11, wherein the sending an authorization request to the first node in the blockchain further comprises:
    分别计算与所述区块链中每个第三节点之间的通信效率,所述第三节点为所述区块链中除当前第二节点外的节点;Calculate the communication efficiency with each third node in the blockchain separately, the third node is a node in the blockchain other than the current second node;
    按照通信效率由高到低的顺序,选择一个节点作为待选节点;According to the order of communication efficiency from high to low, select a node as the candidate node;
    获取所述待选节点的数字证书的扩展项信息,并判断所述扩展项信息中是否包含管理员标识信息;Obtain the expansion item information of the digital certificate of the node to be selected, and determine whether the expansion item information includes administrator identification information;
    若所述扩展项信息中包含管理员标识信息,则将所述待选节点作为第一节点,并向该第一节点发送授权请求。If the extension item information includes administrator identification information, the node to be selected is used as the first node, and an authorization request is sent to the first node.
  14. 如权利要求11所述的计算机可读存储介质,其特征在于,所述根据所述智能合约对所述中间件的身份标识信息进行认证,包括:The computer-readable storage medium of claim 11, wherein the authenticating the identity information of the middleware according to the smart contract includes:
    在所述智能合约中查找是否存在所述中间件的身份标识信息;Searching whether the identity information of the middleware exists in the smart contract;
    若所述智能合约中存在所述中间件的身份标识信息,则判断所述中间件的身份标识信息中的根证书是否与所述第二节点的身份标识信息中的根证书相同;If the identity identification information of the middleware exists in the smart contract, determine whether the root certificate in the identity identification information of the middleware is the same as the root certificate in the identity identification information of the second node;
    如果所述中间件的身份标识信息中的根证书与所述第二节点的身份标识信息中的根证书相同,则对所述中间件的身份标识信息的认证成功。If the root certificate in the identity identification information of the middleware is the same as the root certificate in the identity identification information of the second node, the authentication of the identity identification information of the middleware is successful.
  15. 一种终端设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,其特征在于,所述处理器执行所述计算机可读指令时实现如下步骤:A terminal device includes a memory, a processor, and computer-readable instructions stored in the memory and executable on the processor, characterized in that the processor is implemented as follows when executing the computer-readable instructions step:
    获取中间件的身份标识信息,并根据所述身份标识信息判断所述中间件是否与所述第一节点属于相同的区块链;Obtain the identity identification information of the middleware, and determine whether the middleware belongs to the same blockchain as the first node according to the identity identification information;
    若所述中间件与所述第一节点属于相同的区块链,则将所述中间件的身份标识信息写入智能合约,并监测区块链中第二节点的授权请求;If the middleware and the first node belong to the same blockchain, write the identity information of the middleware into a smart contract, and monitor the authorization request of the second node in the blockchain;
    若监测到所述第二节点的授权请求,则对所述第二节点进行智能合约的授权,并将智能合约发送至所述第二节点,所述智能合约用于指示所述第二节点根据所述智能合约对所述中间件进行身份认证。If the authorization request of the second node is monitored, the second node is authorized by a smart contract and the smart contract is sent to the second node, and the smart contract is used to instruct the second node to The smart contract authenticates the middleware.
  16. 如权利要求15所述的终端设备,其特征在于,所述根据所述身份标识信息判断所述中间件是否与所述第一节点属于相同的区块链,包括:The terminal device according to claim 15, wherein the determining whether the middleware belongs to the same blockchain as the first node according to the identity identification information includes:
    判断所述中间件的身份标识信息中的根证书是否与所述第一节点的身份标识信息中的根证书相同;Determine whether the root certificate in the identity identification information of the middleware is the same as the root certificate in the identity identification information of the first node;
    若所述中间件的身份标识信息中的根证书与所述第一节点的身份标识信息中的根证书相同,则判定所述中间件与所述第一节点属于相同的区块链。If the root certificate in the identity information of the middleware is the same as the root certificate in the identity information of the first node, it is determined that the middleware and the first node belong to the same blockchain.
  17. 如权利要求15所述的终端设备,其特征在于,在将所述中间件的身份标识信息写入智能合约之后,还包括:The terminal device according to claim 15, wherein after the identity information of the middleware is written into the smart contract, the method further includes:
    判断所述中间件在预设时间内的使用次数是否小于预设次数,并判断所述中间件的安全等级是否小于预设等级;Determine whether the number of times the middleware is used within a preset time is less than the preset number, and determine whether the security level of the middleware is less than the preset level;
    若所述中间件在预设时间内的使用次数小于预设次数,或者所述中间件的安全等级小于预设等级,则判定所述中间件为无效中间件,从所述智能合约中将所述无效中间件的身份标识信息删除得到更新后的智能合约;If the number of times the middleware is used within a preset time is less than the preset number of times, or the security level of the middleware is less than the preset level, it is determined that the middleware is invalid middleware. The smart contract with the updated ID information of the invalid middleware is deleted;
    所述将智能合约发送至所述第二节点,包括:The sending the smart contract to the second node includes:
    将所述更新后的智能合约发送至所述第二节点。Sending the updated smart contract to the second node.
  18. 一种终端设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,其特征在于,所述处理器执行所述计算机可读指令时实现如下步骤:A terminal device includes a memory, a processor, and computer-readable instructions stored in the memory and executable on the processor, characterized in that the processor is implemented as follows when executing the computer-readable instructions step:
    向区块链中的第一节点发送授权请求,所述授权请求用于指示所述第一节点对所述第二节点进行智能合约的授权;Send an authorization request to the first node in the blockchain, where the authorization request is used to instruct the first node to authorize the second node for a smart contract;
    在获得所述第一节点的智能合约的授权之后,接收所述第一节点发送的智能合约,并加载安装所述智能合约;After obtaining the authorization of the smart contract of the first node, receive the smart contract sent by the first node, and load and install the smart contract;
    在监测到中间件的通信请求后,获取所述中间件的身份标识信息,并根据所述智能合约对所述中间件的身份标识信息进行认证;After monitoring the communication request of the middleware, obtain the identity identification information of the middleware, and authenticate the identity identification information of the middleware according to the smart contract;
    如果对所述中间件的身份标识信息的认证通过,则与所述中间件建立通信连接。If the authentication of the identity identification information of the middleware is passed, a communication connection is established with the middleware.
  19. 如权利要求18所述的终端设备,其特征在于,所述向区块链中的第一节点发送授权请求,包括:The terminal device according to claim 18, wherein the sending of the authorization request to the first node in the blockchain includes:
    从所述区块链的创世块中获取管理员列表,并分别统计与所述管理员列表中的每个第一节点之间的历史通信次数,所述管理员列表中包括所述区块链中所有第一节点;Obtain an administrator list from the genesis block of the blockchain, and separately count the number of historical communications with each first node in the administrator list. The administrator list includes the block All first nodes in the chain;
    按照所述历史通信次数由多到少的顺序,选择一个第一节点,并向该第一节点发送授权请求。According to the order of the number of historical communication times, select a first node and send an authorization request to the first node.
  20. 如权利要求18所述的终端设备,其特征在于,所述向区块链中的第一节点发送授权请求,还包括:The terminal device according to claim 18, wherein the sending an authorization request to the first node in the blockchain further comprises:
    分别计算与所述区块链中每个第三节点之间的通信效率,所述第三节点为所述区块链中除当前第二节点外的节点;Calculate the communication efficiency with each third node in the blockchain separately, the third node is a node in the blockchain other than the current second node;
    按照通信效率由高到低的顺序,选择一个节点作为待选节点;According to the order of communication efficiency from high to low, select a node as the candidate node;
    获取所述待选节点的数字证书的扩展项信息,并判断所述扩展项信息中是否包含管理员标识信息;Obtain the expansion item information of the digital certificate of the node to be selected, and determine whether the expansion item information includes administrator identification information;
    若所述扩展项信息中包含管理员标识信息,则将所述待选节点作为第一节点,并向该第一节点发送授权请求。If the extension item information includes administrator identification information, the node to be selected is used as the first node, and an authorization request is sent to the first node.
PCT/CN2019/121867 2018-12-14 2019-11-29 Identity authentication method employing blockchain, and terminal apparatus WO2020119477A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811529951.2 2018-12-14
CN201811529951.2A CN109740320A (en) 2018-12-14 2018-12-14 A kind of identity identifying method and terminal device based on block chain

Publications (1)

Publication Number Publication Date
WO2020119477A1 true WO2020119477A1 (en) 2020-06-18

Family

ID=66359363

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/121867 WO2020119477A1 (en) 2018-12-14 2019-11-29 Identity authentication method employing blockchain, and terminal apparatus

Country Status (2)

Country Link
CN (1) CN109740320A (en)
WO (1) WO2020119477A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109740320A (en) * 2018-12-14 2019-05-10 深圳壹账通智能科技有限公司 A kind of identity identifying method and terminal device based on block chain
CN113282887A (en) * 2020-02-19 2021-08-20 北京沃东天骏信息技术有限公司 Method and device for authorizing user information

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107079036A (en) * 2016-12-23 2017-08-18 深圳前海达闼云端智能科技有限公司 Registration and authorization method, apparatus and system
CN107196900A (en) * 2017-03-24 2017-09-22 阿里巴巴集团控股有限公司 A kind of method and device for verification of knowing together
CN108256988A (en) * 2016-12-30 2018-07-06 深圳壹账通智能科技有限公司 The data processing method and device of alliance of credit information service
WO2018161479A1 (en) * 2017-03-09 2018-09-13 上海亿账通区块链科技有限公司 Blockchain cluster processing system and method, computer device and storage medium
CN109740320A (en) * 2018-12-14 2019-05-10 深圳壹账通智能科技有限公司 A kind of identity identifying method and terminal device based on block chain

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106534097B (en) * 2016-10-27 2018-05-18 上海亿账通区块链科技有限公司 Permission method of control and system based on the transaction of block chain
CN106533696B (en) * 2016-11-18 2019-10-01 江苏通付盾科技有限公司 Identity identifying method, certificate server and user terminal based on block chain
CN111917864B (en) * 2017-02-22 2023-08-22 创新先进技术有限公司 Service verification method and device
CN108737106B (en) * 2018-05-09 2021-06-01 深圳壹账通智能科技有限公司 User authentication method and device on block chain system, terminal equipment and storage medium
CN108765001A (en) * 2018-05-28 2018-11-06 江苏荣泽信息科技股份有限公司 Commercial real estate value analysis system and method based on block chain
CN110493273B (en) * 2018-06-28 2021-03-16 腾讯科技(深圳)有限公司 Identity authentication data processing method and device, computer equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107079036A (en) * 2016-12-23 2017-08-18 深圳前海达闼云端智能科技有限公司 Registration and authorization method, apparatus and system
CN108256988A (en) * 2016-12-30 2018-07-06 深圳壹账通智能科技有限公司 The data processing method and device of alliance of credit information service
WO2018161479A1 (en) * 2017-03-09 2018-09-13 上海亿账通区块链科技有限公司 Blockchain cluster processing system and method, computer device and storage medium
CN107196900A (en) * 2017-03-24 2017-09-22 阿里巴巴集团控股有限公司 A kind of method and device for verification of knowing together
CN109740320A (en) * 2018-12-14 2019-05-10 深圳壹账通智能科技有限公司 A kind of identity identifying method and terminal device based on block chain

Also Published As

Publication number Publication date
CN109740320A (en) 2019-05-10

Similar Documents

Publication Publication Date Title
US11115418B2 (en) Registration and authorization method device and system
US9621355B1 (en) Securely authorizing client applications on devices to hosted services
US9172541B2 (en) System and method for pool-based identity generation and use for service access
US10270757B2 (en) Managing exchanges of sensitive data
US9325697B2 (en) Provisioning and managing certificates for accessing secure services in network
TW202007115A (en) Identity management system based on cross-chain and method thereof
CN113422683B (en) Edge cloud cooperative data transmission method, system, storage medium and terminal
CN110851877B (en) Data processing method and device, block chain node equipment and storage medium
US11489674B2 (en) Method and network node for managing access to a blockchain
CN111880919A (en) Data scheduling method, system and computer equipment
WO2020119477A1 (en) Identity authentication method employing blockchain, and terminal apparatus
CN112235301A (en) Method and device for verifying access authority and electronic equipment
WO2022170821A1 (en) Service certificate management method and apparatus, system, and electronic device
WO2024140699A1 (en) Method and system for processing identity authentication of internet-of-things device
WO2021170049A1 (en) Method and apparatus for recording access behavior
WO2015007184A1 (en) Multi-application smart card and multi-application management method for smart card
CN111797373B (en) Method, system, computer device and readable storage medium for identity information authentication
EP4446917A1 (en) Nft-based firmware management
CN114117373B (en) Equipment authentication system and method based on secret key
US20240160739A1 (en) NFT-based Firmware Management
CN113704723B (en) Block chain-based digital identity verification method and device and storage medium
TWI769672B (en) Data sharing authorization method, blockchain system, sharing device, and query device
CN114513526B (en) Method, system and first blockchain for accessing data across chains
US20240236056A1 (en) Authenticating work order requests in a multiple node environment
US20240323010A1 (en) Remote Controlled Hardware Security Module

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19897342

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 29.09.2021)

122 Ep: pct application non-entry in european phase

Ref document number: 19897342

Country of ref document: EP

Kind code of ref document: A1