WO2023093319A1 - Procédé de réinitialisation de compte à base de chaîne de blocs, et dispositif - Google Patents

Procédé de réinitialisation de compte à base de chaîne de blocs, et dispositif Download PDF

Info

Publication number
WO2023093319A1
WO2023093319A1 PCT/CN2022/124274 CN2022124274W WO2023093319A1 WO 2023093319 A1 WO2023093319 A1 WO 2023093319A1 CN 2022124274 W CN2022124274 W CN 2022124274W WO 2023093319 A1 WO2023093319 A1 WO 2023093319A1
Authority
WO
WIPO (PCT)
Prior art keywords
account
reset
ciphertext
authentication device
associated account
Prior art date
Application number
PCT/CN2022/124274
Other languages
English (en)
Chinese (zh)
Inventor
张龙
范瑞彬
张开翔
毛嘉宇
储雨知
王越
Original Assignee
深圳前海微众银行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳前海微众银行股份有限公司 filed Critical 深圳前海微众银行股份有限公司
Publication of WO2023093319A1 publication Critical patent/WO2023093319A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3827Use of message hashing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions

Definitions

  • This application relates to the field of financial technology (Finteh), in particular to a blockchain-based account reset method and device.
  • Blockchain (Block-Chain) technology is no exception, but due to the security and real-time requirements of the financial industry, it also puts forward higher requirements for blockchain technology. Especially when resetting the blockchain account, the security requirements are higher.
  • An embodiment of the present application provides a blockchain-based account reset method, which is applied to a requesting device.
  • the reset system includes a requesting device, a blockchain system, and multiple authentication devices.
  • the method includes:
  • each authenticated device For each authenticated device, obtain the reset information and the ciphertext of at least one associated account logged in on other authenticated devices, and generate a reset notification request according to the reset information and the ciphertext of at least one associated account, so as to obtain the ciphertext of each authenticated device The corresponding reset notification request;
  • the reset transaction request is generated by each authentication device according to the corresponding reset notification request and the ciphertext of the associated account logged on it;
  • the verification results of each associated account are obtained by the blockchain system through identity verification based on the reset transaction request sent by each authentication device and the ciphertext of the joint associated account stored on the blockchain.
  • the account reset process is performed according to the reset information.
  • Another embodiment of the present application provides a blockchain-based account reset method, the method is applied to the blockchain system, and the method includes:
  • each reset transaction request is generated by the corresponding authentication device according to the ciphertext of the associated account logged on the corresponding authentication device and the reset notification request; the corresponding reset transaction request of each authentication device
  • the configuration notification request is generated by the requesting device based on the ciphertext and reset information of the associated account logged on at least one other authentication device;
  • the account reset process is performed according to the reset information.
  • a requesting device including: a processor, and a memory communicatively connected to the processor;
  • the memory stores computer-executable instructions
  • the processor executes the computer-executed instructions stored in the memory, so as to implement the account reset method provided in the above embodiments.
  • an authentication device including: a processor, and a memory communicatively connected to the processor;
  • the memory stores computer-executable instructions
  • the processor executes the computer-executed instructions stored in the memory, so as to implement the account reset method provided in the above embodiments.
  • Another embodiment of the present application provides a computer-readable storage medium.
  • Computer-executable instructions are stored in the computer-readable storage medium. When the computer-executable instructions are executed by a processor, they are used to implement the account reset method provided in the above-mentioned embodiments.
  • the blockchain-based account reset method and device provided by this application store multiple associated accounts used to reset private keys and corresponding external accounts in the blockchain in the form of joint ciphertext, and the data security of associated accounts High, it can prevent the authentication device logged in with one of the associated accounts from obtaining other associated accounts on the blockchain to do evil, and cooperate with other associated accounts to initiate a transaction to reset the private key and the corresponding external account, in order to facilitate the reset initiated by the authentication device
  • the transaction request is authenticated.
  • a notification request is generated based on at least one associated account ciphertext, so that the authentication device can generate a reset transaction request with multiple associated account ciphertexts.
  • Blockchain can verify the associated account according to the ciphertext of multiple associated accounts, so as to realize the reset of the private key and the corresponding external account.
  • Figure 1 is a schematic diagram of a model of a blockchain account provided by this application.
  • FIG. 2 is a schematic flow diagram of establishing a new blockchain account provided by an embodiment of the present application
  • Figure 3 is a schematic diagram of an example based on the blockchain account model shown in Figure 1 provided by this application;
  • Fig. 4 is a schematic diagram of an example after the blockchain account shown in Fig. 3 is reset based on the present application;
  • FIG. 5 is a schematic structural diagram of the reset system provided by the present application.
  • FIG. 6 is a schematic flowchart of an account reset method provided in another embodiment of the present application.
  • FIG. 7 is a schematic flowchart of an account reset method provided by another embodiment of the present application.
  • Figure 8 is a schematic diagram of another model of the blockchain account provided by this application.
  • FIG. 9 is a schematic diagram of the principle of generating the ciphertext of joint associated accounts provided by another embodiment of the present application.
  • Figure 10 is a schematic diagram of an example based on the blockchain account model shown in Figure 8 provided by this application;
  • Fig. 11 is a schematic diagram of an example after the blockchain account shown in Fig. 10 is reset based on the present application;
  • Fig. 12 is a schematic structural diagram of an account reset device provided by another embodiment of the present application.
  • FIG. 13 is a schematic structural diagram of an account reset device provided in yet another embodiment of the present application.
  • FIG. 14 is a schematic structural diagram of an account reset device provided in another embodiment of the present application.
  • FIG. 15 is a schematic structural diagram of an electronic device provided by another embodiment of the present application.
  • the public key system is usually used to operate and manage the blockchain account.
  • the user saves the private key and saves the account generated based on the public key on the blockchain.
  • the transaction request is signed by the private key, and the blockchain system verifies the transaction signature through the account on the blockchain.
  • the private key is the only certificate for identity verification of the blockchain account. Once the private key is lost, it means that the user will lose all assets and rights under the current blockchain account.
  • the user needs to save the mnemonic, usually through the mnemonic.
  • the lost private key can be obtained through the mnemonic.
  • the encrypted private key will also be saved through the password escrow system. Since the encrypted private key is escrowed by the password escrow system, the user is required to save the password used for private key encryption.
  • mnemonic words and passwords can improve user experience, users do not need to memorize complex private keys. However, mnemonic words and passwords still have the risk of being lost or stolen, which essentially does not solve the problem of private key loss.
  • a blockchain account model based on a two-tier account system which facilitates obtaining a new private key and a new external account by resetting the private key and external account when the private key is lost. account.
  • all the assets and rights of the user are bound to the internal account, and the external account is only used to verify the transaction signature. When the external account is reset, the user's assets and rights will not be affected in any way.
  • the blockchain account model of the proposed two-tier account system includes external accounts and internal accounts.
  • the external account is implemented based on the public key, that is, the device is requested to randomly generate an asymmetric key, and the external account generated based on the public key is saved on the blockchain, and the user saves the private key.
  • the requesting device initiates a transaction request
  • the transaction request is signed by the private key
  • the blockchain system verifies the transaction signature through the external account on the blockchain.
  • Internal accounts are used to reset private keys and external accounts.
  • Internal accounts include internal contract account information, a list of associated accounts, and reset thresholds.
  • the internal contract account information is randomly generated by the blockchain system in response to the registration request initiated by the requesting device, and forms a mapping relationship between the internal contract account information and the external account.
  • the associated account list contains multiple associated accounts, and each associated account is an external account of a blockchain account, which is used to reset the private key saved by the user and the external account saved in the blockchain.
  • the reset threshold is the minimum number of signatures associated with an account when private keys and external accounts are reset.
  • the process of creating a new blockchain account in the blockchain system specifically includes:
  • the requesting device randomly generates an asymmetric key, and generates an external account according to the public key in the asymmetric key.
  • privateKey represents the private key, and the private key is used to sign the transaction to the blockchain system.
  • publicKey represents the public key, and the private key is used to generate an external account in the blockchain account, and the external account is recorded as publicKeyAddress.
  • the requesting device generates a registration request according to the external account, and signs the registration request with a private key.
  • the requesting device sends a registration request to the blockchain system.
  • the blockchain system creates a new blockchain account according to the registration request.
  • the blockchain system After the blockchain system receives the registration request, the blockchain system first randomly generates internal contract account information, which is recorded as: randomAddress. Then obtain the external account according to the signature, record it as: publicKeyAddress, and finally establish the mapping relationship between the external account and the internal contract account information, and record the mapping relationship on the blockchain.
  • the mapping relationship is recorded as: (publicKeyAddress, randomAddress).
  • the essence of setting up linked accounts is to provide a redundant multi-factor authentication.
  • the account reset transaction can be initiated through the device logged in with the associated account, and the external account generated by the blockchain system using the public key corresponding to the new private key will replace the public key corresponding to the old private key.
  • the external account generated by the key will form a new mapping relationship, and the security of account reset will be ensured by means of multi-party signatures.
  • the requesting device When adding an associated account and resetting the threshold, the requesting device obtains the associated account and resetting the threshold, and initiates an adding transaction request based on the associated account and resetting the threshold, and the requesting device signs the adding transaction request and sends it to the blockchain system . That is, the request device is sent to the blockchain system in plain text. After the blockchain system receives the request to add a transaction, it is also stored on the blockchain in plain text.
  • publicKeyAddress A represents the external account of blockchain account A
  • publicKeyAddress B represents the external account of blockchain account B
  • publicKeyAddress C represents the external account of blockchain account C
  • publicKeyAddress D represents the external account of blockchain account D.
  • the reset threshold is the minimum number of blockchain accounts that agree to reset during the private key and external account reset process. That is to say, when resetting the private key and external account, at least 3 signatures of blockchain accounts in blockchain account A to blockchain account D are required to complete the reset operation.
  • the user's blockchain account model is shown in Figure 3.
  • the requesting device can initiate a reset notification request to the authentication device logged in with the associated account, so that the authentication device initiates an account reset transaction request to the blockchain, and the blockchain system
  • the reset of the account and private key is completed by means of multi-party signatures. Specific steps are as follows:
  • the requesting device randomly generates an asymmetric key, and generates a new external account according to the public key in the asymmetric key.
  • the requesting device randomly generates an asymmetric key, which is recorded as:
  • privateKey' is the new private key
  • publicKey' is the new public key
  • a new external account is calculated according to the new public key publicKey', and the new external account is recorded as publicKeyAddress'.
  • the requesting device generates an account reset notification request according to the new external account and the old external account.
  • the requesting device sends a reset notification request to the authentication device logged in with the associated account.
  • the associated account list includes blockchain account A to blockchain account D, then a reset notification request is sent to the authentication device logged in from blockchain account A to blockchain account D, and the new external account The publicKeyAddress' and the old external account publicKeyAddress are sent to the authentication devices logged in from blockchain account A to blockchain account D.
  • Each authentication device generates a private key reset transaction request according to the new external address and the old external address.
  • the associated accounts are blockchain account A to blockchain account D, and the authentication device logged in from blockchain account A to blockchain account C sends a signed reset transaction request.
  • TX A , TX B and TX C are recorded as TX A , TX B and TX C , specifically:
  • TX A (publicKeyAddress', publicKeyAddress, signature A )
  • TX B (publicKeyAddress', publicKeyAddress, signature B )
  • TX C (publicKeyAddress', publicKeyAddress, signature C )
  • publicKeyAddress′ is the new external account
  • publicKeyAddress is the external account corresponding to the lost private key, that is, the old external account
  • signature A is the signature of blockchain account A
  • signature B is the signature of blockchain account B
  • signature c It is the signature of blockchain account C.
  • the blockchain system performs signature verification according to the reset transaction request sent by each authentication device and the associated account list on the blockchain, and resets the account according to the signature verification result.
  • the blockchain system parses out the external address according to the transaction signature A of blockchain account A. If the external address is in In the list of associated accounts on the blockchain, if the verification is passed, the number of signatures that pass the verification is accumulated.
  • the reset transaction requests sent by the authentication devices logged in by blockchain account B and blockchain account C are authenticated in turn, and the number of signatures that pass the verification is accumulated.
  • the update model is:
  • the reset blockchain account is shown in Figure 4. Since the internal account remains unchanged, the user's assets and rights and interests are not lost, and the external account is reset to the external account publicKeyAddress' corresponding to the new private key privateKey', so The user signs the transaction initiated by the new private key, the signature can be verified, and the assets and rights of the account corresponding to the old private key can be inherited, and the old private key will become invalid.
  • the above-mentioned private key and external account reset solution based on the two-tier account system can reset the private key and external account through the associated account in case the private key is leaked or lost, so as to ensure that the assets and rights of the account are not lost .
  • This algorithm for resetting the private key and external account is based on the assumption that the associated account does not do evil or the private key of the associated account is not stolen. Since the associated account list of the blockchain account is stored on the blockchain in plain text. When the associated account does evil, it will also collude with other associated accounts to initiate a reset transaction request, and reset the external account corresponding to the blockchain account to obtain the assets and related rights of the blockchain account. Or, the attacking device attacks the device logged in by the associated account until the private key of the most associated account is obtained, and then it can initiate a reset transaction request for the private key of the corresponding blockchain account, thereby obtaining the assets and related information of the blockchain account. rights and interests.
  • the root cause of the above-mentioned malicious risks or attack methods is that the associated accounts are stored in plain text on the blockchain.
  • this application provides a more secure account reset solution. Save the associated account in ciphertext on the upper blockchain, and jointly encrypt the associated account, so that the attacking device cannot determine the associated account of the blockchain account based on the associated account after joint encryption, and reset the account if necessary At this time, the identity verification of the associated account can still be performed through joint encryption, so as to realize account reset.
  • an embodiment of the present application provides an account reset system, which includes a blockchain system 300 , a requesting device 100 and an authentication device 200 .
  • the blockchain system 300 and the authentication device 200 are connected in communication, so that the authentication device 200 initiates a reset transaction request to the blockchain system 300 .
  • the blockchain system 300 and the requesting device 100 are also connected in communication, so that the requesting device 100 can also initiate a registration request and an initialization transaction request to the blockchain system 300 .
  • a blockchain account is stored in the blockchain running on the blockchain system 300, and the communication connection between the requesting device 100 and the authentication device 200, so that the requesting device 100 can initiate a reset notification request to the authentication device, and the authentication device 200 After receiving the reset notification request, send an account reset transaction request to the blockchain system, so that the blockchain system resets the blockchain account.
  • an embodiment of the present application provides a blockchain-based account reset method, which is applied to an account reset system, and the method includes the following steps:
  • each authentication device For each authentication device, request the device to obtain the reset information and the ciphertext of at least one associated account logged in on other authentication devices, and generate a reset notification request according to the reset information and the ciphertext of at least one associated account, to obtain Reset notification request for each authenticated device.
  • the reset information includes an external account in the blockchain account corresponding to the private key to be reset, which is also called an old external account. It also includes a new external account generated based on the public key corresponding to the new private key.
  • the requesting device For each authenticated device, the requesting device generates a reset notification request.
  • a reset notification request is generated for a certain authentication device, obtain the associated account logged on other authentication devices except the authentication device, the associated account is the associated account in the blockchain account corresponding to the private key to be reset, and Encrypting associated accounts logged in on other authentication devices to obtain at least one associated account ciphertext.
  • the ciphertexts of at least one associated account may be grouped, and the ciphertexts in each group are encrypted, so as to generate the certification information of the certification device.
  • the grouping method is the same as the grouping method when generating the joint associated account ciphertext stored on the blockchain. It is also possible to directly use the obtained ciphertext of at least one associated account as the certification information of the authentication device.
  • the requesting device sends a corresponding reset notification request to each authentication device.
  • the requesting device will generate a corresponding reset notification request for each authentication device.
  • the ciphertext of the associated account logged in on other authentication devices is used to generate a reset notification request. Therefore, each authentication Device reset notification requests are different.
  • Each authentication device generates a reset transaction request according to the corresponding reset notification request and the ciphertext of the associated account logged on the authentication device.
  • the authentication device receives the reset notification request, and parses out the reset information and the certification information of the authentication device from the reset notification request, and obtains the ciphertext of the associated account logged in on its own device. , and then generate a reset transaction request based on the ciphertext of the associated account logged in on the own device, the certification information of the authentication device, and the reset information. That is, the reset transaction request needs to be based on the ciphertext of all associated accounts.
  • the authentication device also uses the private key corresponding to the associated account logged on it to sign the reset transaction request.
  • Each authentication device sends a reset transaction request to the blockchain system.
  • each authentication device After each authentication device receives the reset notification request, it will generate a signed reset transaction request and send the reset transaction request to the blockchain system under the condition of not doing evil.
  • the blockchain system verifies the identity of the associated account according to the reset transaction request sent by each authentication device and the ciphertext of the associated account stored on the blockchain, and obtains the verification result of the associated account.
  • the blockchain system performs identity verification on the reset transaction request sent by each authentication device, and obtains the verification result of the associated account logged on each authentication device.
  • any node in the blockchain system parses the reset transaction request to obtain the certification information of the authentication device, the ciphertext of the associated account logged on the authentication device, and the reset information.
  • the certification information of the authentication device and the ciphertext of the associated account logged on the authentication device are encrypted to generate a composite ciphertext, and then the composite ciphertext is compared with the ciphertext of the joint associated account stored on the blockchain, and if they are consistent, a verification is generated If the verification result is passed, if it is inconsistent, a verification result of verification failure will be generated.
  • the blockchain system resets the account according to the reset information when the verification result of the associated account satisfies the preset reset condition.
  • satisfying the preset reset condition includes that the verification result is that the number of linked accounts that pass the verification is greater than or equal to the reset threshold. Failure to meet the preset reset condition includes that the verification result is that the number of associated accounts that pass the verification is less than the reset threshold.
  • the blockchain system counts the verification results of the associated accounts, obtains the number of associated accounts that have passed the verification, and judges whether the number of associated accounts that have passed the verification is greater than or equal to the reset threshold. If so, use the new external account to update the old external account, and form The mapping relationship between the new external account and the corresponding internal account of the old external account.
  • the multiple associated accounts used to reset the private key and the corresponding external accounts are stored in the block chain in the form of joint ciphertext.
  • the authentication device obtains other associated accounts on the blockchain to do evil, and cooperates with other associated accounts to initiate a transaction to reset the private key and the corresponding external account, which can also resist the attack of the attacking device.
  • a notification request is generated based on at least one associated account ciphertext, so that the authentication device can use multiple associated account ciphertexts Generate a reset transaction request, and the blockchain system can verify the associated account according to the ciphertext of multiple associated accounts, so as to realize the reset of the private key and the corresponding external account.
  • an embodiment of the present application provides a blockchain-based account reset method, which is applied to an account reset system, and the method includes the following steps:
  • the old external account is generated by the requesting device according to the public key in the randomly generated second asymmetric key.
  • the way in which the requesting device generates the certification information of each authentication account is the same as the way in which the requesting device generates the ciphertext of the joint associated account.
  • the certification information of the authentication account only includes the ciphertext of the associated account logged in on each other authentication device.
  • the ciphertext of the joint associated account is obtained by grouping the ciphertexts of each associated account and then encrypting them separately, when generating the certification information of the authentication account, it is also necessary to group the ciphertexts of the associated accounts logged in on other authentication devices.
  • a hash calculation is performed on each associated account associated with the old external account to obtain the ciphertext of each associated account associated with the old external account.
  • hash calculation is performed on the hash values of the multiple groups obtained at last to obtain the ciphertext of the joint associated account.
  • Satisfying the second loop stop condition includes that the number of packets is equal to 2, and not satisfying the second loop stop condition includes that the number of packets is not equal to 2.
  • the requesting device generates an initialization transaction request according to the ciphertext of the associated account and the reset threshold, and signs the initialization transaction request using the private key in the second asymmetric key.
  • the initialization request is used to increase the associated account information and reset the threshold in the blockchain account, and the associated account information is stored in the form of joint associated account ciphertext.
  • the private key in the second asymmetric key is used to sign the initial transaction request, so that the blockchain system can authenticate the requesting device.
  • the requesting device sends an initialization transaction request to the blockchain system.
  • the blockchain system responds to the initialization transaction request.
  • the group hash value is calculated again by cyclically grouping each hash value, and the ciphertext of the joint associated account is obtained in a tree-shaped encryption method, and the ciphertext of the associated account is increased in the area.
  • the data security stored in the block chain does not need to decrypt the ciphertext of the joint associated account when resetting the account. It is directly based on the certification information of the authentication device and the hash value of the associated account logged in on the authentication device. After rehashing , and then compared with the ciphertext of the joint associated account stored in the blockchain to complete the identity verification, which can further resist the attack of the attacking device and the malicious authentication device will jointly perform the account reset transaction after cracking the associated account.
  • An embodiment of the present application provides a blockchain-based account reset method, which is applied to an account reset system, and the method includes the following steps:
  • each authentication device For each authentication device, request the device to obtain the reset information and the ciphertext of at least one associated account logged in on other authentication devices, and generate a reset notification request according to the reset information and the ciphertext of at least one associated account, so as to obtain Reset notification request for each authenticated device.
  • the reset information includes an external account in the blockchain account corresponding to the private key to be reset, which is also called an old external account.
  • Reset information also includes new external accounts.
  • a first asymmetric key is randomly generated, and a new external account is generated according to the public key in the first asymmetric key.
  • the ciphertext of at least one associated account is grouped, and hash calculation is performed on the ciphertext in each group to obtain the hash value of each group. That is, for each group, calculate the hash value between all ciphertexts in the group, and use it as the hash value of the group. For example, if the group includes 2 ciphertexts, calculate the hash value between the 2 ciphertexts, and if the group includes 3 ciphertexts, then calculate the hash value between the 3 ciphertexts.
  • the hash value of each group is cyclically grouped and then the hash value in the group is calculated to obtain the hash value of multiple groups until the number of groups satisfies the first loop stop condition. That is, after obtaining the hash values of multiple groups, further group the hash values of multiple groups to obtain a new group, and then calculate the hash value between the hash values in the new group for each new group, Use it as the hash value of the new group, so as to obtain the hash values of multiple new groups, and complete a cycle.
  • the hash value of each group is obtained through multiple loops. And the hash value of multiple groups is used as the certification information of the authenticated device.
  • satisfying the first cycle stop condition includes that the number of groups is equal to the first threshold, and the first threshold is determined according to the method of obtaining the ciphertext of the joint associated account, so as to ensure that when the blockchain system receives the reset transaction request sent by the authentication device, Based on the hash value of each group and the hash value of the associated account registered on the authentication device, the ciphertext of the joint associated account can be obtained, and then compared with the ciphertext of the associated account stored on the blockchain to realize the verification of the authentication device.
  • a reset notification request for each certified device is generated according to each certified device, the certified information and the reset information.
  • the requesting device sends a corresponding reset notification request to each authentication device.
  • the authentication device For each authentication device, the authentication device performs hash processing on the associated account logged in to obtain the ciphertext of the associated account logged in on the authentication device, so as to obtain the ciphertext of the associated account logged in on each authentication device.
  • the authentication device For each authentication device, the authentication device generates a reset transaction request according to the received reset notification request and the ciphertext of the associated account logged on it, so as to obtain the reset transaction request generated by each authentication device.
  • Each authentication device sends a reset transaction request to the blockchain system.
  • the blockchain system performs identity verification on each associated account according to the reset transaction request sent by each authentication device and the joint associated account ciphertext stored on the blockchain, and obtains a verification result of each associated account.
  • the blockchain system performs account reset processing according to the reset information when the verification result of each associated account meets the preset reset condition.
  • the verification results of the obtained associated accounts are counted to obtain the number of associated accounts that have passed the verification.
  • the internal account includes the ciphertext of the joint associated account and resets the threshold.
  • the requesting device in order to realize the identity verification of the authentication device, the requesting device generates an identity certificate for each authentication device, so that the block chain can be based on the ciphertext of the identity certificate and the associated account of the authentication device in the reset transaction request.
  • Identity verification while ensuring the security of associated accounts stored on the block chain, it can also facilitate the block chain system to perform identity verification.
  • Another embodiment of the present application provides a blockchain-based account reset method, which is applied to an account reset system, and the method includes the following steps:
  • the blockchain account to be reset has been created in the blockchain
  • the external account of the blockchain account is recorded as publicKeyAddress
  • the randomly generated internal contract account information is recorded as randomAddress
  • the internal contract account information As an internal account address, and make the external account and internal contract account information form a mapping relationship, and record it on the blockchain, the mapping relationship model is:
  • the external account is generated based on the public key in the asymmetric key, and the asymmetric key is recorded as ⁇ privateKey, publicKey> privateKey is the private key, and publicKey is the public key.
  • the associated accounts of the external account are blockchain account A, blockchain account B, blockchain account C and blockchain account D.
  • H(A) Hash(publicKeyAddress A )
  • H(B) Hash(publicKeyAddress B )
  • H(C) Hash(publicKeyAddress C )
  • H(D) Hash(publicKeyAddress D )
  • the joint associated account ciphertext is obtained through tree hash operation, which is marked as H(ABCD).
  • H(ABCD) tree hash operation
  • the first group is H(A) and H(B)
  • the second group is H(C) and H(D).
  • the hash value of the first group is marked as H(AB):
  • the hash value of the second group is marked as H(CD):
  • Hash the hash values of the two groups to obtain the joint account ciphertext H(ABCD
  • the requesting device generates an initialization transaction request according to the ciphertext of the associated account and the reset threshold, and signs the initialization transaction request using the private key in the second asymmetric key.
  • the associated associated account ciphertext H (ABCD) is used to set the associated account information and set the reset threshold, for example: the reset threshold is 3.
  • the requesting device sends an initialization transaction request to the blockchain system.
  • the blockchain system responds to the initialization transaction request.
  • the joint associated account ciphertext H (ABCD) and the reset threshold are stored in the blockchain, as shown in Figure 10.
  • An embodiment of the present application provides a blockchain-based account reset method, which is applied to an account reset system, and the method includes the following steps:
  • each authentication device For each authentication device, request the device to obtain the reset information and the ciphertext of at least one associated account logged in on other authentication devices, and generate a reset notification request according to the reset information and the ciphertext of at least one associated account, so as to obtain Reset notification request for each authenticated device.
  • the device is requested to regenerate a public-private key pair (privateKey', publicKey'), and calculate a new external account publicKeyAddress' based on the new public key publicKey'.
  • Each authentication device has an associated account logged in, and the requesting device generates certification information for each authentication device based on the associated account, so as to construct a joint associated account ciphertext based on the ciphertext and authentication information of the associated account logged in on the authentication device.
  • H(ABCD) root hash value of the tree encryption method
  • the root hash value needs to be constructed based on the proof information, and it is equal to the root hash value H(ABCD) stored on the blockchain, which proves that the login account on the authentication device is an associated account, otherwise the login account on the authentication device is not associated account.
  • a reset notification request is generated according to the reset information and the certification information of the certification device.
  • the reset information includes the new external account publicKeyAddress' and the old external account publicKeyAddress.
  • the requesting device sends a corresponding reset notification request to each authentication device.
  • the authentication device For each authentication device, the authentication device performs hash processing on the associated account logged in to obtain the ciphertext of the associated account logged in on the authentication device, so as to obtain the ciphertext of the associated account logged in on each authentication device.
  • each authentication device has an associated account logged in, and each authentication device performs hash calculation on the associated account logged in to obtain the ciphertext of the associated account.
  • the first authentication device 200 encrypts the external account of the blockchain account A to obtain the ciphertext of the associated account.
  • the second authentication device 200 has a blockchain account B logged in, and the second authentication device encrypts the external account of the blockchain account B to obtain the ciphertext of the associated account.
  • the authentication device For each authentication device, the authentication device generates a reset transaction request according to the received reset notification request and the ciphertext of the associated account logged on it, so as to obtain the reset transaction request generated by each authentication device.
  • each authentication device After receiving the reset notification request, each authentication device initiates a reset transaction request and signs it.
  • the reset transaction request initiated by the device where the blockchain account A is located is recorded as TX A :
  • TX A (publicKeyAddress′, publicKeyAddress, signature A , Proof A )
  • publicKeyAddress' is the new external account
  • publicKeyAddress is the nine external accounts
  • signature A is the signature of blockchain account A
  • Proof A is the certification information of blockchain account A.
  • the reset transaction request initiated by the device of blockchain account A is recorded as TX A
  • the reset transaction request initiated by the device of blockchain account B is recorded as TX B :
  • TX B (publicKeyAddress′, publicKeyAddress, signature B , Proof B )
  • TX C (publicKeyAddress′, publicKeyAddress, signature C , Proof C )
  • signature B is the signature of blockchain account B
  • Proof B is the certification information of blockchain account B
  • signature C is the signature of blockchain account C
  • Proof C is the certification information of blockchain account C.
  • Each authentication device sends a reset transaction request to the blockchain system.
  • the blockchain system performs identity verification on each associated account according to the reset transaction request sent by each authentication device and the joint associated account ciphertext stored on the blockchain, and obtains a verification result of each associated account.
  • the blockchain network authenticates the blockchain account on the transaction initiator device according to the transaction signature.
  • the blockchain system analyzes the associated account that initiates the reset transaction request based on the transaction signature, and constructs the root hash value based on the associated account and the corresponding certification information. If they are the same, the originating account of the reset transaction request is an associated account, and the verification is passed, and the transaction is successful; if not, it is not an associated account, and the verification fails, and the transaction fails. And accumulate the number of associated accounts that pass the verification, and judge whether the reset threshold is reached.
  • the blockchain system performs account reset processing according to the reset information when the verification result of each associated account meets the preset reset condition.
  • the blockchain account logged in on the device that initiates the reset transaction request TX B and reset transaction request TX C Verify that both are verified, and add up the number of signatures to 3.
  • the number of signatures is equal to the reset threshold, and the blockchain system updates the old external account to a new external account.
  • the model is as follows:
  • the updated blockchain model is shown in Figure 11. Since the internal account remains unchanged, the user's assets and rights and interests are not lost, and the external account is reset to the external account publicKeyAddress' generated based on the public key corresponding to the new private key privateKey', so the authentication device initiates through the new private key pair After the transaction request is signed, it can be verified, and the assets and rights of the account corresponding to the original private key will be inherited, and the original private key will become invalid.
  • the associated account when adding an associated account, the associated account is not added in plain text, but the associated account is encrypted and added, and at the same time, the verification information is used to verify whether the account that initiated the reset transaction request is one of the multiple associated accounts, which can reduce the number of associated accounts. Even if the account is attacked, other associated account information cannot be obtained from the blockchain, which can prevent the associated accounts from colluding.
  • an embodiment of the present application provides a blockchain-based account reset device 800, which includes:
  • the first processing module 801 is configured to, for each authentication device, obtain reset information and the ciphertext of at least one associated account logged on other authentication devices, and generate a reset notification according to the reset information and the ciphertext of at least one associated account request to obtain the reset notification request corresponding to each authenticated device;
  • the first sending module 802 is configured to send a corresponding reset notification request to each authentication device; wherein, the reset transaction request is generated by each authentication device according to the corresponding reset notification request and the ciphertext of the associated account logged on it of;
  • the verification results of each associated account are obtained by the blockchain system through identity verification based on the reset transaction request sent by each authentication device and the ciphertext of the joint associated account stored on the blockchain.
  • the account reset process is performed according to the reset information.
  • the first processing module 801 is specifically configured to:
  • the first processing module 801 is specifically configured to:
  • Group the ciphertext of at least one associated account, and perform hash calculation on the ciphertext in each group to obtain the hash value of each group;
  • the hash values of multiple groups are used as proof information for authenticating the device.
  • the first processing module 801 is specifically configured to:
  • the associated account logged on the authentication device is obtained, and hash processing is performed on the associated account to generate the ciphertext of the associated account, so as to obtain the ciphertext of multiple associated accounts.
  • the first processing module 801 is specifically configured to:
  • the first asymmetric key is randomly generated, and a new external account is generated according to the public key in the first asymmetric key.
  • the first sending module 802 is specifically used for:
  • the initialization transaction request is used to make the blockchain system store the mapping relationship between the old external account and the internal account on the blockchain, and the internal account includes the ciphertext of the joint associated account and the reset threshold.
  • the first processing module 801 is specifically configured to:
  • an embodiment of the present application provides a blockchain-based account reset device 900, which includes:
  • the first receiving module 901 is configured to receive a reset notification request sent by the requesting device; wherein, the reset notification request is generated according to the reset information and the ciphertext of the associated account logged in on other authentication devices;
  • the second processing module 902 is configured to generate a reset transaction request according to the reset notification request and the ciphertext of the associated account logged on the authentication device;
  • the second sending module 903 is used to send a reset transaction request to the block chain system; wherein, the verification result of each associated account is the combination of the reset transaction request sent by the block chain system according to each authentication device and the block chain.
  • the blockchain system is also used to perform account reset processing according to the reset information when the verification results of each associated account meet the preset reset conditions.
  • the second processing module 902 is specifically used to:
  • an embodiment of the present application provides a blockchain-based account reset device 110, which includes:
  • the second receiving module 111 is configured to receive reset transaction requests sent by each authentication device; wherein, each reset transaction request is generated by the corresponding authentication device according to the ciphertext of the associated account logged on the corresponding authentication device and the reset notification request The reset notification request corresponding to each authentication device is generated by the requesting device based on the ciphertext and reset information of the associated account logged on at least one other authentication device;
  • the third processing module 112 is used to perform identity verification on each associated account according to the reset transaction request sent by each authentication device and the joint associated account ciphertext stored on the block chain, and obtain the verification result of each associated account;
  • the account reset process is performed according to the reset information.
  • the third processing module 112 is specifically used for:
  • each reset transaction request For each reset transaction request, analyze the reset transaction request to obtain the certification information of the authentication device and the ciphertext of the associated account logged in on the authentication device, and encrypt the certification information and the ciphertext of the associated account to generate a composite ciphertext to Obtain multiple synthetic ciphertexts;
  • the third processing module 112 is specifically used for:
  • the new external account is used to update the old external account in the blockchain, and the mapping relationship between the new external account and the internal account corresponding to the old external account is established;
  • the internal account includes the joint associated account ciphertext and reset threshold.
  • the third processing module 112 is specifically used for:
  • the old external account includes federated associated account ciphertext and reset threshold.
  • an embodiment of the present application provides an electronic device 120 , and the electronic device 120 includes a memory 121 and a processor 122 .
  • the memory 121 is used to store computer instructions executable by the processor
  • the processor 122 implements each step in the methods in the above-mentioned embodiments when executing computer instructions. For details, refer to the related descriptions in the foregoing method embodiments.
  • the above-mentioned memory 121 can be independent or integrated with the processor 122 .
  • the electronic device further includes a bus for connecting the memory 121 and the processor 122 .
  • the embodiment of the present application also provides a computer-readable storage medium, in which computer instructions are stored, and when the processor executes the computer instructions, each step in the method in the foregoing embodiments is implemented.
  • An embodiment of the present application further provides a computer program product, including computer instructions, and when the computer instructions are executed by a processor, each step in the method in the foregoing embodiments is implemented.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

La présente invention concerne un procédé de réinitialisation de compte à base de chaîne de blocs, et un dispositif. Le procédé comprend les étapes suivantes : acquisition d'informations de réinitialisation et de cryptogramme d'au moins un compte associé connecté à un autre dispositif d'authentification, et génération d'une demande de notification de réinitialisation en fonction des informations de réinitialisation et du cryptogramme dudit compte associé, de façon à obtenir une demande de notification de réinitialisation correspondant à chaque dispositif d'authentification ; et envoi de la demande de notification de réinitialisation correspondante à chaque dispositif d'authentification. Une demande de transaction de réinitialisation est générée au moyen de chaque dispositif d'authentification et conformément à la demande de notification de réinitialisation correspondante et au cryptogramme d'un compte associé connecté au dispositif d'authentification, un résultat de vérification de chaque compte associé est obtenu au moyen d'un système de chaîne de blocs effectuant une vérification d'identité conformément à une demande de transaction de réinitialisation, laquelle est envoyée par chaque dispositif d'authentification, et un cryptogramme de compte associé commun stocké dans une chaîne de blocs, et le système de chaîne de blocs est utilisé pour effectuer un traitement de réinitialisation de compte conformément aux informations de réinitialisation lorsque le résultat de vérification de chaque compte associé satisfait une condition de réinitialisation prédéfinie. La sécurité du compte peut être améliorée par cryptage et stockage d'un compte associé dans une chaîne de blocs.
PCT/CN2022/124274 2021-11-24 2022-10-10 Procédé de réinitialisation de compte à base de chaîne de blocs, et dispositif WO2023093319A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111405515.6A CN114049121B (zh) 2021-11-24 2021-11-24 基于区块链的账户重置方法和设备
CN202111405515.6 2021-11-24

Publications (1)

Publication Number Publication Date
WO2023093319A1 true WO2023093319A1 (fr) 2023-06-01

Family

ID=80210877

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/124274 WO2023093319A1 (fr) 2021-11-24 2022-10-10 Procédé de réinitialisation de compte à base de chaîne de blocs, et dispositif

Country Status (2)

Country Link
CN (1) CN114049121B (fr)
WO (1) WO2023093319A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116455676A (zh) * 2023-06-14 2023-07-18 章和技术(广州)有限公司 一种设备改密方法、装置、电子设备及存储介质

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114049121B (zh) * 2021-11-24 2023-04-07 深圳前海微众银行股份有限公司 基于区块链的账户重置方法和设备
CN115941354B (zh) * 2022-12-31 2024-04-19 广州市鑫澳康科技有限公司 基于区块链的跨链交互身份认证方法、装置及计算机可读介质

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109951295A (zh) * 2019-02-27 2019-06-28 百度在线网络技术(北京)有限公司 密钥处理和使用方法、装置、设备及介质
CN110022316A (zh) * 2019-03-29 2019-07-16 阿里巴巴集团控股有限公司 创建区块链账户及重置账户密钥的方法和装置
CN111311260A (zh) * 2020-02-19 2020-06-19 深圳前海微众银行股份有限公司 一种账户私钥的重置方法及装置
CN111339199A (zh) * 2020-02-28 2020-06-26 中国工商银行股份有限公司 一种区块链密钥恢复方法和装置
US20200228318A1 (en) * 2018-09-21 2020-07-16 NEC Laboratories Europe GmbH Method for signing a new block in a decentralized blockchain consensus network
US20200334674A1 (en) * 2019-04-19 2020-10-22 Coinbase, Inc. Systems and methods for blockchain administration
KR20200129939A (ko) * 2019-05-10 2020-11-18 주식회사 메디블록 블록체인 네트워크에서 계정을 관리하는 방법, 시스템 및 비일시성의 컴퓨터 판독 가능 기록 매체
CN114049121A (zh) * 2021-11-24 2022-02-15 深圳前海微众银行股份有限公司 基于区块链的账户重置方法和设备

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10439812B2 (en) * 2018-02-02 2019-10-08 SquareLink, Inc. Technologies for private key recovery in distributed ledger systems
EP3815014A4 (fr) * 2018-06-28 2022-03-30 Coinbase Inc. Procédé de récupération de portefeuille
CN109474424B (zh) * 2018-12-17 2020-08-18 江苏恒宝智能系统技术有限公司 区块链账户密钥备份及恢复的方法、系统
US11748687B2 (en) * 2019-03-28 2023-09-05 Ebay Inc. Dynamically generating visualization data based on shipping events

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200228318A1 (en) * 2018-09-21 2020-07-16 NEC Laboratories Europe GmbH Method for signing a new block in a decentralized blockchain consensus network
CN109951295A (zh) * 2019-02-27 2019-06-28 百度在线网络技术(北京)有限公司 密钥处理和使用方法、装置、设备及介质
CN110022316A (zh) * 2019-03-29 2019-07-16 阿里巴巴集团控股有限公司 创建区块链账户及重置账户密钥的方法和装置
US20200334674A1 (en) * 2019-04-19 2020-10-22 Coinbase, Inc. Systems and methods for blockchain administration
KR20200129939A (ko) * 2019-05-10 2020-11-18 주식회사 메디블록 블록체인 네트워크에서 계정을 관리하는 방법, 시스템 및 비일시성의 컴퓨터 판독 가능 기록 매체
CN111311260A (zh) * 2020-02-19 2020-06-19 深圳前海微众银行股份有限公司 一种账户私钥的重置方法及装置
CN111339199A (zh) * 2020-02-28 2020-06-26 中国工商银行股份有限公司 一种区块链密钥恢复方法和装置
CN114049121A (zh) * 2021-11-24 2022-02-15 深圳前海微众银行股份有限公司 基于区块链的账户重置方法和设备

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116455676A (zh) * 2023-06-14 2023-07-18 章和技术(广州)有限公司 一种设备改密方法、装置、电子设备及存储介质
CN116455676B (zh) * 2023-06-14 2024-01-26 章和技术(广州)有限公司 一种设备改密方法、装置、电子设备及存储介质

Also Published As

Publication number Publication date
CN114049121A (zh) 2022-02-15
CN114049121B (zh) 2023-04-07

Similar Documents

Publication Publication Date Title
US10116453B2 (en) Method for distributed trust authentication
US11533297B2 (en) Secure communication channel with token renewal mechanism
WO2020087805A1 (fr) Procédé d'authentification de confiance utilisant deux valeurs cryptographiques et un chiffrement chaotique dans un réseau de mesure et de commande
WO2020182151A1 (fr) Procédés de division et de récupération de clé, produit de programme, support d'informations et système
WO2023093319A1 (fr) Procédé de réinitialisation de compte à base de chaîne de blocs, et dispositif
CN106104562B (zh) 机密数据安全储存和恢复系统及方法
KR102580509B1 (ko) 복수의 스토리지 노드를 통해 대규모 블록체인의 안전한 저장을 가능하게 하는 컴퓨터 구현 시스템 및 방법
US8059818B2 (en) Accessing protected data on network storage from multiple devices
WO2018045568A1 (fr) Procédé de contrôle d'accès orienté vers une plateforme de service de stockage en nuage et système associé
CN109359464B (zh) 一种基于区块链技术的无线安全认证方法
TW201918049A (zh) 可信遠端證明方法、裝置和系統
US11038699B2 (en) Method and apparatus for performing multi-party secure computing based-on issuing certificate
CN108173827B (zh) 基于区块链思维的分布式sdn控制平面安全认证方法
Frymann et al. Asynchronous remote key generation: An analysis of yubico's proposal for W3C webauthn
Albalawi et al. A survey on authentication techniques for the internet of things
WO2022143498A1 (fr) Procédé et appareil de commande d'accès, et dispositif côté réseau, terminal et nœud de chaîne de blocs
WO2023151427A1 (fr) Procédé, dispositif et système de transmission de clé quantique
US11418329B1 (en) Shared secret implementation of proxied cryptographic keys
WO2020215572A1 (fr) Procédé et dispositif de communication d'authentification, support de stockage, et dispositif informatique
JP2015192446A (ja) プログラム、暗号処理方法、及び暗号処理装置
JP2016522637A (ja) 共有秘密を含意するセキュア化されたデータチャネル認証
WO2022143935A1 (fr) Procédé et système basés sur une chaîne de blocs pour un contrôle d'accès sdp
WO2017020669A1 (fr) Procédé et dispositif d'authentification d'identité de nœud dans un système distribué
Li et al. Blockchain-based portable authenticated data transmission for mobile edge computing: a universally composable secure solution
Zhou et al. Trusted channels with password-based authentication and TPM-based attestation

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22897404

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE