WO2020252753A1 - Dispositif de nœud de bloc de chaîne, procédé et dispositif d'autorisation associés, et support d'enregistrement - Google Patents

Dispositif de nœud de bloc de chaîne, procédé et dispositif d'autorisation associés, et support d'enregistrement Download PDF

Info

Publication number
WO2020252753A1
WO2020252753A1 PCT/CN2019/092143 CN2019092143W WO2020252753A1 WO 2020252753 A1 WO2020252753 A1 WO 2020252753A1 CN 2019092143 W CN2019092143 W CN 2019092143W WO 2020252753 A1 WO2020252753 A1 WO 2020252753A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
node device
authentication information
blockchain
blockchain node
Prior art date
Application number
PCT/CN2019/092143
Other languages
English (en)
Chinese (zh)
Inventor
周茂青
Original Assignee
深圳市网心科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市网心科技有限公司 filed Critical 深圳市网心科技有限公司
Priority to CN201980004507.5A priority Critical patent/CN112544057B/zh
Priority to PCT/CN2019/092143 priority patent/WO2020252753A1/fr
Publication of WO2020252753A1 publication Critical patent/WO2020252753A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present invention relates to the field of blockchain technology, in particular to a blockchain node device, a blockchain node device authentication method, device and storage medium.
  • Blockchain technology has become more and more popular with companies in the fields of finance, insurance, etc. due to its decentralization and non-tamperable information, especially the use of blockchain technology to achieve transaction events involving multiple parties (for example, transfers) Events such as transactions, payment transactions, etc.) have increasingly become the focus of attention.
  • the current authentication methods of blockchain node devices are usually implemented based on public key encryption systems.
  • the basic process is to generate a public-private key pair or Public Key Infrastructure (PKI) certificate (including a public key) and a private key for each blockchain node device.
  • the private key is stored on the blockchain node device.
  • the key or PKI certificate is disclosed to the authentication system and other blockchain node devices. When accessing the blockchain network, it becomes a trusted node by verifying the signature of the private key of the blockchain node device.
  • PKI Public Key Infrastructure
  • the disadvantage of this current authentication method is that the private key is not bound to the device, so the security is relatively low.
  • the private key stored on the disk of the networked machine may be stolen by hackers, and the disk hardware may be damaged. The key is lost, the user may copy the private key to other machines and the authentication system cannot identify whether the machine has been replaced, etc.
  • the first aspect of the present invention provides a blockchain node device installed with a blockchain program, and the blockchain node device further includes: a hardware token chip and a hardware token driver;
  • the blockchain program is used to call the hardware token driver when the blockchain node device triggers node authentication
  • the hardware token driver is used to, when called, call the read interface in the hardware token chip to read the first authentication information obtained by the hardware token chip operation;
  • the hardware token chip is used to obtain the first authentication information by calculation and return it to the hardware token driver;
  • the blockchain program is also used to generate second authentication information containing the first authentication information after reading the first authentication information returned by the hardware token driver, and send the second authentication information
  • the authentication request of the information is sent to the authentication server of the blockchain network.
  • the hardware token driver is located at the kernel layer of the operating system; the hardware token chip is installed on the motherboard and connected to the bus of the motherboard.
  • the hardware token chip calculates the first authentication information when it is called by the hardware token driver; or, the hardware token chip periodically automatically calculates the first authentication information. information.
  • the second aspect of the present invention provides a blockchain node device authentication method, the method is applied to a blockchain node device with a built-in hardware token chip, and the method includes:
  • the obtaining the first authentication information obtained by the operation of the hardware token chip includes:
  • the reading interface in the hardware token chip is called by the hardware token driver to read the first authentication information obtained by the hardware token chip operation.
  • the obtaining the first authentication information obtained by the operation of the hardware token chip includes:
  • a pre-stored cryptographic algorithm is used to calculate the time and random number to obtain a data result as the first authentication information.
  • said generating second authentication information including said first authentication information includes:
  • the method further includes:
  • the sending the authentication request carrying the second authentication information to the authentication server in the blockchain network includes: sending the authentication request carrying the encoded second authentication information to the authentication server in the blockchain network.
  • the blockchain node device triggers node authentication through one or more of the following combinations:
  • the blockchain node device When it is detected that the blockchain node device requests a blockchain transaction, it is determined that the blockchain node device triggers node authentication.
  • the method further includes:
  • a third aspect of the present invention provides a blockchain node device authentication device, the device runs in a blockchain node device with a built-in hardware token chip, and the device includes:
  • An arithmetic module configured to obtain first authentication information obtained by the hardware token chip operation when the blockchain node device triggers node authentication
  • a generating module configured to generate second authentication information including the first authentication information
  • a sending module configured to send an authentication request carrying the second authentication information to an authentication server in the blockchain network
  • the receiving module is configured to receive the authentication result returned by the authentication server after verifying the authentication request.
  • a fourth aspect of the present invention provides a blockchain node device, the blockchain node device includes a processor and a memory, and the memory stores a block that can run on the processor A download program for chain node device authentication, which implements the blockchain node device authentication method when the download program for blockchain node device authentication is executed by the processor.
  • the fifth aspect of the present invention provides a computer-readable storage medium, the computer-readable storage medium stores a download program for blockchain node device authentication, and the download program for the blockchain node device authentication
  • the program can be executed by one or more processors to implement the blockchain node device authentication method.
  • the blockchain node device, the authentication method, device and storage medium of the blockchain node device of the present invention embed or integrate a hardware token chip in the blockchain node device to realize the token and
  • the binding of blockchain node devices is due to the dynamic nature of the hardware token chip (the authentication information generated each time is different), randomness (the authentication information generated each time is random and unpredictable), once
  • the advantages of security the generated authentication information can only be used once and cannot be reused), anti-theft, non-duplication, etc., so as to ensure the security of the authentication information and will not be stolen, lost or transferred; in addition, hardware tokens
  • the chip provides a reading interface for authentication information.
  • the generated authentication information can be read by the blockchain program.
  • the blockchain node device When the blockchain node device triggers node authentication, it can automatically generate an authentication request and send it to the blockchain network
  • the node authentication process is automated, without manual intervention; when the node is authenticated, the blockchain node device can be qualified to establish connections with other blockchain node devices in other blockchain networks and participate in consensus, thus from the overall
  • the above improves the security of the blockchain network and ensures that the blockchain node devices connected to the blockchain network are standardized and trusted hardware.
  • Figure 1 is a schematic structural diagram of a preferred embodiment of a blockchain node device provided by the present invention.
  • FIG. 2 is a schematic diagram of the environment of a preferred embodiment of the blockchain node device authentication blockchain network provided by the present invention.
  • Fig. 3 is a flowchart of a preferred embodiment of a method for authenticating a blockchain node device provided by the present invention.
  • FIG. 4 is a schematic diagram of signaling interaction of a preferred embodiment of a blockchain node device to authenticate a blockchain network provided by the present invention.
  • Fig. 5 is a functional module diagram of a preferred embodiment of the device for authenticating blockchain node equipment provided by the present invention.
  • Fig. 6 is a schematic structural diagram of a preferred embodiment of another blockchain node device provided by the present invention.
  • FIG. 1 and FIG. 2 are schematic structural diagrams of a preferred embodiment of the blockchain node device disclosed in the present invention.
  • the blockchain node device 100 Before the blockchain node device 100 requests access to the blockchain network 200, it needs to pass the legality verification of the blockchain network 200.
  • the blockchain network 200 verifies that the blockchain node device 100 is legal, the blockchain node device 100 is successfully connected to the blockchain network 200; when the blockchain network 200 verifies The blockchain node device 100 is illegal, and it refuses to access the blockchain node device 100 in the blockchain network 200.
  • the blockchain node device 100 refers to a device that has installed a blockchain program 10 and a hardware token driver 12, integrated or embedded a hardware token chip 14, and can participate in blockchain consensus and accounting. computer.
  • the blockchain program 10 belongs to the application layer
  • the hardware token driver 12 belongs to the operating system kernel layer
  • the hardware token chip 14 belongs to the hardware layer. .
  • the blockchain program 10 is a software program that runs at the application layer, responsible for the consensus and accounting logic of the blockchain node device 100, and calls the blockchain node device 100 when the node authentication is triggered.
  • the hardware token driver 12 reads the first authentication information calculated by the hardware token chip 14.
  • the hardware token driver 12 is a driver module located at the kernel layer of the operating system, and provides an application programming interface (Application Programming Interface, API) for the blockchain program 10 at the application layer.
  • API Application Programming Interface
  • the hardware token chip 14 is integrated or embedded on the main board of the blockchain node device 100, and has a bus with the main board, for example, an Inter-Integrated Circuit (I2C) bus, a serial peripheral interface (Serial Peripheral Interface, SPI) bus or other suitable computer bus connection.
  • the hardware token chip 14 is pre-stored with a token.
  • a pre-stored cryptographic algorithm is used to calculate the time and random number to obtain the first authentication information.
  • the generated first authentication information can be recognized and read by the hardware token driver 12, but the first authentication information cannot be written or modified. If the hardware token chip 14 is forcibly removed, the first authentication information is lost and the function becomes invalid. Even if it is installed on another computer, the first authentication information can no longer be read.
  • the hardware token chip 14 may include, but is not limited to: a password generation chip, an algorithm coprocessor, a data memory, a bus pin, and a corresponding signal processor (for example, if it is connected to an I2C bus) , You need pins and signal processors that comply with the I2C bus protocol).
  • the password generation chip runs a special password algorithm to generate the current password according to the current time or the number of times of use; the algorithm coprocessor is used to perform the algorithm calculation of the authentication algorithm; the data memory is used to store the security key and data; the bus pins and corresponding signal processing
  • the device is used to connect with the bus of the computer motherboard and is responsible for data exchange with the kernel driver.
  • the blockchain program 10 is also used to generate second authentication information containing the first authentication information after reading the first authentication information returned by the hardware token driver, and send the second authentication information that carries the second authentication information.
  • the authentication request of the authentication information is sent to the authentication server of the blockchain network 200.
  • the blockchain program 10 is further configured to encode the second authentication information according to a preset format after generating the second authentication information, and send the encoded data
  • the authentication request of the second authentication information is sent to the authentication server of the blockchain network 200.
  • an authentication server 20 and several blockchain node devices 22 may exist in the blockchain network 200.
  • the several blockchain node devices 22 are connected to each other through peer to peer (P2P) to form a blockchain network 200.
  • P2P peer to peer
  • the authentication server 20 is responsible for receiving the authentication request sent by the blockchain node device 100 and verifying the legality of the authentication request. If the authentication server 20 verifies that the authentication request is legal, confirm that the blockchain node device 100 is a trusted node, and return to the blockchain node device 100 an authentication result indicating that the blockchain node device is successfully authenticated .
  • the authentication server 20 verifies that the authentication request is illegal, confirm that the blockchain node device 100 is an untrusted node, and return to the blockchain node device 100 an authentication result indicating that the blockchain node device has failed authentication .
  • the authentication server 20 may be built in the blockchain network 200, or may be an integrated third-party authentication service.
  • the hardware token chip 14 is integrated or embedded in the blockchain node device 100, so that the hardware token chip 14 can be bound to the blockchain node device 100, ensuring The security of the token; in addition, the authentication information in the hardware token chip can be read by the application, so there is no need for manual intervention in the subsequent authentication process, and it will not be stolen, lost or transferred.
  • the blockchain network 200 authenticates the blockchain node device 100 based on the hardware token chip 14 to ensure that the blockchain node devices for access or consensus are standardized and trusted hardware.
  • FIG. 3 is a flowchart of a preferred embodiment of the blockchain node device authentication method provided by the present invention.
  • the blockchain node device authentication method is applied to the blockchain node device. According to different requirements, the order of the steps in the flowchart can be changed, and some steps can be omitted.
  • a blockchain program, a hardware token driver, and a hardware token chip are integrated or embedded in the blockchain node device.
  • the blockchain program calls the read interface of the hardware token driver, and the hardware token driver calls the read of the hardware token chip Interface, the hardware token chip generates first authentication information when the call signal is detected; after that, the hardware token driver reads the first authentication information calculated by the hardware token chip and returns the first authentication information To the blockchain program, the blockchain program reads the first authentication information.
  • the block chain program calls the read parameters of the read interface of the hardware token driver, and the hardware token driver calls the read interface of the hardware token chip.
  • the parameters are not the same.
  • the read interface of the hardware token driver is used to encapsulate information to the blockchain program, and the read interface of the hardware token chip is used to encapsulate information to the hardware token driver.
  • the blockchain node device may trigger node authentication through one or more of the following combinations:
  • the blockchain node device When it is detected that the blockchain node device requests a blockchain transaction, it is determined that the blockchain node device triggers node authentication.
  • the blockchain network needs to perform identity authentication on the blockchain node device to determine the block Whether the chain node device is a trusted node.
  • the block chain node device needs to perform a block chain transaction, the transaction information is put into a data packet and broadcast to the block chain network, and the block chain network performs identity authentication on the block chain node device To determine whether the blockchain node device is a trusted node.
  • the obtaining the first authentication information obtained by the operation of the hardware token chip includes:
  • a pre-stored cryptographic algorithm is used to calculate the time and random number to obtain a data result as the first authentication information.
  • tokens are pre-stored in the hardware token chip, for example: KEY tokens based on public key infrastructure (Public Key Infrastructure, PKI) technology, tokens based on challenge/response And tokens based on dynamic passwords.
  • KEY tokens based on public key infrastructure (Public Key Infrastructure, PKI) technology
  • tokens based on challenge/response And tokens based on dynamic passwords.
  • the reading interface of the hardware token chip can be called by the hardware token driver
  • the calling time of is used as the time when the blockchain node device triggers node authentication.
  • the hardware token chip obtains the calling time of the hardware token driver, and uses a cryptographic algorithm to perform the calling time and the generated random number
  • the cryptographic operation returns the calculated data result as the first authentication information to the hardware token driver.
  • the cryptographic operation is a prior art, and the present invention will not be elaborated here.
  • the random number is an unpredictable number generated by the hardware token chip using a special algorithm. Because uncertain factors such as time and random numbers are added to the first authentication information, the first authentication information can only be used once, so that the attacker cannot obtain the first authentication information by stealing passwords or replaying attacks. The first authentication information obtained by the token chip operation has higher security.
  • the authentication server of the blockchain network When the authentication server of the blockchain network receives an authentication request, it generates a random number, uses the same cryptographic algorithm for cryptographic operations, and compares whether the generated random number is the same as the random number in the received authentication request To determine whether the authentication request is valid. If the random number generated by the authentication server is the same as the random number in the received authentication request, it is determined that the authentication request is valid. If the random number generated by the authentication server comparison is different from the random number in the received authentication request, it is determined that the authentication request is invalid.
  • S32 Generate second authentication information including the first authentication information.
  • the blockchain program after the blockchain program reads the first authentication information, it does not directly send the first authentication information to the authentication server of the blockchain network for verification, but generates the information that meets the requirements based on the first authentication information.
  • the second authentication information is then sent to the authentication server of the blockchain network.
  • said generating second authentication information including said first authentication information includes:
  • the blockchain program reads the pre-stored target field and combines the first authentication information to generate the second authentication information.
  • the target field may include, but is not limited to: message version number, authentication purpose, computer equipment identification, computer’s Internet Protocol (IP) address, computer’s media access control (Media Access Control Address, MAC) address and communication Agreement etc.
  • IP Internet Protocol
  • MAC media access control
  • the method further includes:
  • the second authentication information is encoded according to a preset format.
  • the blockchain node device encodes the generated second authentication information according to the format in which the information is transmitted in the blockchain network, for example, compression or encryption.
  • the second authentication information can be transmitted to the blockchain network.
  • the sending the authentication request carrying the second authentication information to the authentication server in the blockchain network is: sending the authentication request carrying the encoded second authentication information to the authentication server in the blockchain network.
  • S33 Send an authentication request carrying the second authentication information to an authentication server in the blockchain network.
  • the blockchain node device After the blockchain node device encodes the second authentication information, it sends an authentication request to the blockchain network, where the authentication request carries the encoded second authentication information.
  • the blockchain network After receiving the authentication request, the blockchain network forwards the authentication request to the authentication server for verification, so as to determine that the blockchain node device is a trusted node.
  • S34 Receive an authentication result returned after the authentication server verifies the authentication request.
  • the authentication server verifies that the authentication request is legal, it confirms that the blockchain node device is a trusted node, and returns an authentication result that the blockchain node device is successfully authenticated to the blockchain node device. If the authentication server verifies that the authentication request is illegal, confirm that the blockchain node device is an untrusted node, and return an authentication result that the blockchain node device has failed authentication to the blockchain node device.
  • the authentication server verifying the authentication request depends on the token algorithm, such as KEY token based on Public Key Infrastructure (PKI) technology, token based on challenge/response, and based on dynamic password
  • PKI Public Key Infrastructure
  • the specific verification method belongs to the prior art, and will not be repeated here.
  • the method further includes:
  • the blockchain network needs to verify the authentication request. If the authentication succeeds, it indicates that the blockchain node If the device is successfully authenticated, the blockchain node device may send an access request carrying the authentication result to the blockchain network. After receiving the access request, the blockchain network responds to the access request. Enter a request to verify the authentication result. When the verification is passed, the blockchain network allows the blockchain node device to access the blockchain network, and when the blockchain node device receives the permission response from the blockchain network, connects Enter the blockchain network.
  • the blockchain network prohibits the blockchain node device from accessing the blockchain network, and the blockchain node device receives the When the block chain network responds to the prohibition, the authentication request can be sent again to the authentication server in the block chain network.
  • the blockchain node device authentication method of the present invention embeds or integrates a hardware token chip in the blockchain node device to realize the binding of the token and the blockchain node device, because the hardware token chip Dynamic (the authentication information generated each time is different), random (the authentication information generated each time is random and unpredictable), one-time (the generated authentication information can only be used once and cannot be repeated) Use), anti-theft, non-duplication and other advantages, so as to ensure the security of the authentication information, will not be stolen, lost or transferred; in addition, the hardware token chip provides a reading interface for the authentication information, the generated authentication The information can be read by the blockchain program. When the blockchain node device triggers node authentication, it can automatically generate an authentication request and send it to the authentication server in the blockchain network.
  • the node authentication process is automated without manual intervention; After the node authentication is passed, the blockchain node device can be qualified to establish connections with other blockchain node devices in other blockchain networks and participate in consensus, thereby improving the security of the blockchain network as a whole and ensuring the connection
  • the blockchain node devices in the blockchain network are all standardized and trusted hardware.
  • FIG. 4 is a schematic diagram of signaling interaction in a preferred embodiment of the blockchain node device authenticating a blockchain network.
  • S42 The hardware token driver calls the read interface of the hardware token chip.
  • the hardware token chip calculates to obtain first authentication information and returns the first authentication information to the hardware token driver.
  • the hardware token driver reads the first authentication information and returns it to the blockchain program.
  • the blockchain program reads the first authentication information and generates second authentication information including the first authentication information.
  • the blockchain program encodes the second authentication information according to a preset format, and at the same time sends an authentication request carrying the encoded second authentication information to an authentication server in the blockchain network.
  • S47 The authentication server performs legality verification on the authentication request to obtain an authentication result.
  • FIG. 5 is a functional module diagram of a preferred embodiment of a blockchain node device authentication device disclosed in the present invention.
  • the blockchain node device authentication device runs in the blockchain node device.
  • the device for authenticating blockchain node equipment may include a plurality of functional modules composed of program code segments.
  • the program code of each program segment in the blockchain node device authentication device can be stored in a memory and executed by at least one processor to execute part or part of the blockchain node device authentication method described in FIG. 3 All steps.
  • the blockchain node equipment authentication device 50 can be divided into multiple functional modules according to the functions it performs.
  • the functional modules may include: an arithmetic module 501, a generating module 502, an encoding module 503, a sending module 504, a receiving module 505, and an access module 506.
  • the module referred to in the present invention refers to a series of computer program segments that can be executed by at least one processor and can complete fixed functions, and are stored in a memory. In some embodiments, the functions of each module will be detailed in subsequent embodiments.
  • the calculation module 501 is configured to obtain first authentication information obtained by calculation of the hardware token chip when the blockchain node device triggers node authentication.
  • a blockchain program, a hardware token driver, and a hardware token chip are integrated or embedded in the blockchain node device.
  • the blockchain program calls the read interface of the hardware token driver, and the hardware token driver calls the read of the hardware token chip Interface, the hardware token chip generates first authentication information when the call signal is detected; after that, the hardware token driver reads the first authentication information calculated by the hardware token chip and returns the first authentication information To the blockchain program, the blockchain program reads the first authentication information.
  • the block chain program calls the read parameters of the read interface of the hardware token driver, and the hardware token driver calls the read interface of the hardware token chip.
  • the parameters are not the same.
  • the read interface of the hardware token driver is used to encapsulate information to the blockchain program, and the read interface of the hardware token chip is used to encapsulate information to the hardware token driver.
  • the blockchain node device may trigger node authentication through one or more of the following combinations:
  • the blockchain node device When it is detected that the blockchain node device requests a blockchain transaction, it is determined that the blockchain node device triggers node authentication.
  • the blockchain network needs to perform identity authentication on the blockchain node device to determine the block Whether the chain node device is a trusted node.
  • the block chain node device needs to perform a block chain transaction, the transaction information is put into a data packet and broadcast to the block chain network, and the block chain network performs identity authentication on the block chain node device To determine whether the blockchain node device is a trusted node.
  • the obtaining the first authentication information obtained by the operation of the hardware token chip includes:
  • a pre-stored cryptographic algorithm is used to calculate the time and random number to obtain a data result as the first authentication information.
  • tokens are pre-stored in the hardware token chip, for example: KEY tokens based on public key infrastructure (Public Key Infrastructure, PKI) technology, tokens based on challenge/response And tokens based on dynamic passwords.
  • KEY tokens based on public key infrastructure (Public Key Infrastructure, PKI) technology
  • tokens based on challenge/response And tokens based on dynamic passwords.
  • the reading interface of the hardware token chip can be called by the hardware token driver
  • the calling time of is used as the time when the blockchain node device triggers node authentication.
  • the hardware token chip obtains the calling time of the hardware token driver, and uses a cryptographic algorithm to perform the calling time and the generated random number
  • the cryptographic operation returns the calculated data result as the first authentication information to the hardware token driver.
  • the cryptographic operation is a prior art, and the present invention will not be elaborated here.
  • the random number is an unpredictable number generated by the hardware token chip using a special algorithm. Because uncertain factors such as time and random numbers are added to the first authentication information, the first authentication information can only be used once, so that the attacker cannot obtain the first authentication information by stealing passwords or replaying attacks. The first authentication information obtained by the token chip operation has higher security.
  • the authentication server of the blockchain network When the authentication server of the blockchain network receives an authentication request, it generates a random number, uses the same cryptographic algorithm for cryptographic operations, and compares whether the generated random number is the same as the random number in the received authentication request To determine whether the authentication request is valid. If the random number generated by the authentication server is the same as the random number in the received authentication request, it is determined that the authentication request is valid. If the random number generated by the authentication server comparison is different from the random number in the received authentication request, it is determined that the authentication request is invalid.
  • the generating module 502 is configured to generate second authentication information including the first authentication information.
  • the blockchain program after the blockchain program reads the first authentication information, it does not directly send the first authentication information to the authentication server of the blockchain network for verification, but generates the information that meets the requirements based on the first authentication information.
  • the second authentication information is then sent to the authentication server of the blockchain network.
  • the generating module 502 generating the second authentication information including the first authentication information includes:
  • the blockchain program reads the pre-stored target field and combines the first authentication information to generate the second authentication information.
  • the target field may include, but is not limited to: message version number, authentication purpose, computer equipment identification, computer’s Internet Protocol (IP) address, computer’s media access control (Media Access Control Address, MAC) address and communication Agreement etc.
  • IP Internet Protocol
  • MAC media access control
  • the encoding module 503 is configured to encode the second authentication information according to a preset format.
  • the blockchain node device encodes the generated second authentication information according to the format in which the information is transmitted in the blockchain network, for example, compression or encryption.
  • the second authentication information can be transmitted to the blockchain network.
  • the sending module 504 is configured to send the authentication request carrying the second authentication information to the authentication server in the blockchain network; or send the authentication request carrying the encoded second authentication information to the authentication in the blockchain network server.
  • the blockchain node device After the blockchain node device encodes the second authentication information, it sends an authentication request to the blockchain network, where the authentication request carries the encoded second authentication information.
  • the blockchain network After receiving the authentication request, the blockchain network forwards the authentication request to the authentication server for verification, so as to determine that the blockchain node device is a trusted node.
  • the receiving module 505 is configured to receive the authentication result returned after the authentication server verifies the authentication request.
  • the authentication server verifies that the authentication request is legal, it confirms that the blockchain node device is a trusted node, and returns an authentication result that the blockchain node device is successfully authenticated to the blockchain node device. If the authentication server verifies that the authentication request is illegal, confirm that the blockchain node device is an untrusted node, and return to the blockchain node device an authentication result that the blockchain node device has failed authentication.
  • the authentication server verifying the authentication request depends on the token algorithm, such as KEY token based on Public Key Infrastructure (PKI) technology, token based on challenge/response, and based on dynamic password
  • PKI Public Key Infrastructure
  • the specific verification method belongs to the prior art, and will not be repeated here.
  • the apparatus further includes:
  • the access module 506 is used to access the blockchain network.
  • the blockchain network needs to verify the authentication request. If the authentication succeeds, it indicates that the blockchain node If the device is successfully authenticated, the blockchain node device may send an access request carrying the authentication result to the blockchain network. After receiving the access request, the blockchain network responds to the access request. Enter a request to verify the authentication result. When the verification is passed, the blockchain network allows the blockchain node device to access the blockchain network, and when the blockchain node device receives the permission response from the blockchain network, connects Enter the blockchain network.
  • the blockchain network prohibits the blockchain node device from accessing the blockchain network, and the blockchain node device receives the When the block chain network responds to the prohibition, the authentication request can be sent again to the authentication server in the block chain network.
  • the blockchain node device authentication device of the present invention embeds or integrates a hardware token chip in the blockchain node device to realize the binding of the token and the blockchain node device, because the hardware token chip Dynamic (the authentication information generated each time is different), random (the authentication information generated each time is random and unpredictable), one-time (the generated authentication information can only be used once and cannot be repeated) Use), anti-theft, non-duplication and other advantages, so as to ensure the security of the authentication information, will not be stolen, lost or transferred; in addition, the hardware token chip provides a reading interface for the authentication information, the generated authentication The information can be read by the blockchain program. When the blockchain node device triggers node authentication, it can automatically generate an authentication request and send it to the authentication server in the blockchain network.
  • the node authentication process is automated without manual intervention; After the node authentication is passed, the blockchain node device can be qualified to establish connections with other blockchain node devices in other blockchain networks and participate in consensus, thereby improving the security of the blockchain network as a whole and ensuring the connection
  • the blockchain node devices in the blockchain network are all standardized and trusted hardware.
  • FIG. 6 is another schematic diagram of the structure of the blockchain node device in the preferred embodiment of the method for implementing the blockchain node device authentication of the present invention.
  • the blockchain node device 6 includes a memory 61, at least one processor 62, a computer program 63 stored in the memory 61 and running on the at least one processor 62, and at least one communication bus 64.
  • FIG. 6 is only an example of the blockchain node device 6 and does not constitute a limitation on the blockchain node device 6, and may include more or more A few components, or a combination of some components, or different components, for example, the blockchain node device 6 may also include input and output devices, network access devices, and the like.
  • the blockchain node device 6 also includes, but is not limited to, any electronic product that can interact with the user through a keyboard, a mouse, a remote control, a touch panel, or a voice control device, for example, a personal computer, a tablet computer, Smart phones, personal digital assistants (PDAs), game consoles, Internet Protocol Television (IPTV), smart wearable devices, etc.
  • the network where the blockchain node device 6 is located includes, but is not limited to, the Internet, a wide area network, a metropolitan area network, a local area network, a virtual private network (Virtual Private Network, VPN), etc.
  • the at least one processor 62 may be a central processing unit (Central Processing Unit, CPU), or other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), and application specific integrated circuits (ASICs). ), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • the processor 62 can be a microprocessor or the processor 62 can also be any conventional processor, etc.
  • the processor 62 is the control center of the blockchain node device 6 and connects the entire Various parts of the blockchain node device 6.
  • the memory 61 may be used to store the computer program 66 and/or modules/units.
  • the processor 62 runs or executes the computer programs and/or modules/units stored in the memory 61 and calls the computer programs and/or modules/units stored in the memory 61.
  • the data in 61 realizes various functions of the blockchain node device 6.
  • the memory 61 may mainly include a program storage area and a data storage area, where the program storage area may store an operating system, an application program required by at least one function (such as a sound playback function, an image playback function, etc.); the storage data area may The data (such as audio data, phone book, etc.) created according to the use of the blockchain node device 6 is stored.
  • the memory 61 may include a high-speed random access memory, and may also include a non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), and a Secure Digital (SD) Card, Flash Card, at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.
  • a non-volatile memory such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), and a Secure Digital (SD) Card, Flash Card, at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.
  • the processor 62 implements the following steps when executing the foregoing instructions:
  • the processor 62 obtaining the first authentication information obtained by the operation of the hardware token chip includes:
  • a pre-stored cryptographic algorithm is used to calculate the time and random number to obtain a data result as the first authentication information.
  • generating, by the processor 62, second authentication information including the first authentication information includes:
  • the processor 62 further implements the following steps when executing the above instructions:
  • the sending the authentication request carrying the second authentication information to the authentication server in the blockchain network includes: sending the authentication request carrying the encoded second authentication information to the authentication server in the blockchain network.
  • the blockchain node device triggers node authentication through one or more of the following combinations:
  • the blockchain node device When it is detected that the blockchain node device requests a blockchain transaction, it is determined that the blockchain node device triggers node authentication.
  • the processor 62 further implements the following steps when executing the above instructions:
  • the integrated module/unit of the blockchain node device 6 is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium.
  • the present invention implements all or part of the processes in the above-mentioned embodiment methods, and can also be completed by instructing relevant hardware through a computer program.
  • the computer program can be stored in a computer-readable storage medium. When executed by the processor, the steps of the foregoing method embodiments can be implemented.
  • the computer program includes computer program code, and the computer program code may be in the form of source code, object code, executable file, or some intermediate forms.
  • the computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, U disk, mobile hard disk, magnetic disk, optical disk, computer memory, read-only memory (ROM, Read-Only Memory) , Random Access Memory (RAM, Random Access Memory), electrical carrier signal, telecommunications signal, and software distribution media, etc.
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • electrical carrier signal telecommunications signal
  • software distribution media etc.
  • the content contained in the computer-readable medium can be appropriately added or deleted according to the requirements of the legislation and patent practice in the jurisdiction.
  • the computer-readable medium Does not include electrical carrier signals and telecommunication signals.
  • modules described as separate components may or may not be physically separated, and the components displayed as modules may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • the functional modules in the various embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above-mentioned integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional modules.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

La présente invention concerne un dispositif de nœud de chaîne de blocs, comprenant : une puce de jeton matériel, utilisée pour le calcul afin d'obtenir des premières informations d'authentification ; un programme de chaîne de blocs, utilisé pour appeler un programme de commande de jeton matériel lorsque le dispositif de nœud de chaîne de blocs déclenche une authentification de nœud ; le programme de commande de jeton matériel, utilisé pour appeler une interface de lecture dans la puce de jeton matériel pour lire les premières informations d'authentification lorsqu'il est appelé ; et le programme de chaîne de blocs, également utilisé pour générer des secondes informations d'authentification contenant les premières informations d'authentification après la lecture des premières informations d'authentification renvoyées par le programme de commande de jeton matériel, et pour envoyer une demande d'authentification portant les secondes informations d'authentification à un serveur d'authentification d'un réseau à chaîne de blocs. La présente invention concerne en outre un procédé et un dispositif d'authentification de dispositif de nœud de chaîne de blocs, et un support d'enregistrement. L'incorporation ou l'intégration de la puce de jeton matériel dans le dispositif de nœud de chaîne de blocs, la présente invention réalise la liaison du jeton et du dispositif de nœud de chaîne de blocs, améliore la sécurité des informations d'authentification, et est capable d'authentifier automatiquement le dispositif de nœud de chaîne de blocs.
PCT/CN2019/092143 2019-06-20 2019-06-20 Dispositif de nœud de bloc de chaîne, procédé et dispositif d'autorisation associés, et support d'enregistrement WO2020252753A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201980004507.5A CN112544057B (zh) 2019-06-20 2019-06-20 区块链节点设备及其认证方法、装置、存储介质
PCT/CN2019/092143 WO2020252753A1 (fr) 2019-06-20 2019-06-20 Dispositif de nœud de bloc de chaîne, procédé et dispositif d'autorisation associés, et support d'enregistrement

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/092143 WO2020252753A1 (fr) 2019-06-20 2019-06-20 Dispositif de nœud de bloc de chaîne, procédé et dispositif d'autorisation associés, et support d'enregistrement

Publications (1)

Publication Number Publication Date
WO2020252753A1 true WO2020252753A1 (fr) 2020-12-24

Family

ID=74037615

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/092143 WO2020252753A1 (fr) 2019-06-20 2019-06-20 Dispositif de nœud de bloc de chaîne, procédé et dispositif d'autorisation associés, et support d'enregistrement

Country Status (2)

Country Link
CN (1) CN112544057B (fr)
WO (1) WO2020252753A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114171107A (zh) * 2021-11-26 2022-03-11 浪潮(北京)电子信息产业有限公司 固态硬盘vpd信息的检测方法、装置、设备及存储介质
CN116800507A (zh) * 2023-06-30 2023-09-22 深圳市联瑞电子有限公司 一种智能网卡的识别方法和系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101674284A (zh) * 2008-09-08 2010-03-17 联想(北京)有限公司 一种认证方法、系统及用户侧服务器和认证服务器
CN107682331A (zh) * 2017-09-28 2018-02-09 复旦大学 基于区块链的物联网身份认证方法
WO2018152410A1 (fr) * 2017-02-16 2018-08-23 Eingot Llc Accès à des dossiers et gestion de dossiers
CN109903041A (zh) * 2018-11-30 2019-06-18 阿里巴巴集团控股有限公司 用于区块链交易的区块上链的方法及系统

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9292712B2 (en) * 2012-09-28 2016-03-22 St-Ericsson Sa Method and apparatus for maintaining secure time
CN105847000A (zh) * 2016-05-27 2016-08-10 深圳市雪球科技有限公司 令牌产生方法以及基于该令牌产生方法的通信系统
CN105897764B (zh) * 2016-06-15 2019-08-30 中电长城网际系统应用有限公司 一种安全认证方法、装置及系统
WO2018215947A1 (fr) * 2017-05-26 2018-11-29 nChain Holdings Limited Interaction de chaîne de blocs basée sur un script
CN108183889A (zh) * 2017-12-15 2018-06-19 深圳市文鼎创数据科技有限公司 身份认证方法及身份认证装置
CN108737418B (zh) * 2018-05-22 2020-09-15 飞天诚信科技股份有限公司 一种基于区块链的身份认证方法及系统
CN109829013A (zh) * 2018-12-27 2019-05-31 上海点融信息科技有限责任公司 用于在区块链网络中运行智能合约的方法、存储介质、计算设备

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101674284A (zh) * 2008-09-08 2010-03-17 联想(北京)有限公司 一种认证方法、系统及用户侧服务器和认证服务器
WO2018152410A1 (fr) * 2017-02-16 2018-08-23 Eingot Llc Accès à des dossiers et gestion de dossiers
CN107682331A (zh) * 2017-09-28 2018-02-09 复旦大学 基于区块链的物联网身份认证方法
CN109903041A (zh) * 2018-11-30 2019-06-18 阿里巴巴集团控股有限公司 用于区块链交易的区块上链的方法及系统

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114171107A (zh) * 2021-11-26 2022-03-11 浪潮(北京)电子信息产业有限公司 固态硬盘vpd信息的检测方法、装置、设备及存储介质
CN116800507A (zh) * 2023-06-30 2023-09-22 深圳市联瑞电子有限公司 一种智能网卡的识别方法和系统

Also Published As

Publication number Publication date
CN112544057B (zh) 2023-07-18
CN112544057A (zh) 2021-03-23

Similar Documents

Publication Publication Date Title
CN111429254B (zh) 一种业务数据处理方法、设备以及可读存储介质
CN108898389B (zh) 基于区块链的内容验证方法及装置、电子设备
CN110915183B (zh) 经由硬/软令牌验证的区块链认证
TWI701573B (zh) 基於區塊鏈的資料存證方法及裝置、電子設備
CN108777684B (zh) 身份认证方法、系统及计算机可读存储介质
US9838205B2 (en) Network authentication method for secure electronic transactions
WO2022095244A1 (fr) Procédé, système et appareil de transactions interchaîne, dispositif et support d'enregistrement
WO2021169107A1 (fr) Procédé et appareil de protection d'identité internet, dispositif électronique et support de stockage
CN110177124B (zh) 基于区块链的身份认证方法及相关设备
KR20190118561A (ko) 디지털 인증서 관리 방법, 장치 및 시스템
CN112671720B (zh) 一种云平台资源访问控制的令牌构造方法、装置及设备
TW202018557A (zh) 基於區塊鏈的資料存證方法及裝置、電子設備
TW201931275A (zh) 用於具有分散式共識之分散式系統中之契約資料之存取控制方法及其契約產生器及驗證伺服器
TWI776404B (zh) 生物支付設備的認證方法、裝置、電腦設備和儲存媒體
CN111241492A (zh) 一种产品多租户安全授信方法、系统及电子设备
WO2024011863A9 (fr) Procédé et appareil de communication, carte sim, dispositif électronique et dispositif terminal
WO2019178763A1 (fr) Procédé et terminal d'importation de certificat
WO2020252753A1 (fr) Dispositif de nœud de bloc de chaîne, procédé et dispositif d'autorisation associés, et support d'enregistrement
CN111431840A (zh) 安全处理方法和装置
US11870905B1 (en) Method for providing user identity based on zero-knowledge proof over blockchain network by using user certificate and blockchain system using the same
CN103559430B (zh) 基于安卓系统的应用账号管理方法和装置
CN113114610B (zh) 一种取流方法、装置及设备
CN111177674A (zh) 设备验证方法及设备
WO2013067792A1 (fr) Procédé, dispositif et système d'interrogation de cartes à puce
JP7334280B2 (ja) プログラム検証方法及び装置、プラットフォーム及びユーザ端末、並びに、オンラインサービスシステム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19934000

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19934000

Country of ref document: EP

Kind code of ref document: A1