CN106534160B - Identity authentication method and system based on block chain - Google Patents
Identity authentication method and system based on block chain Download PDFInfo
- Publication number
- CN106534160B CN106534160B CN201611094966.1A CN201611094966A CN106534160B CN 106534160 B CN106534160 B CN 106534160B CN 201611094966 A CN201611094966 A CN 201611094966A CN 106534160 B CN106534160 B CN 106534160B
- Authority
- CN
- China
- Prior art keywords
- information
- transaction information
- transaction
- script
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 230000009466 transformation Effects 0.000 claims description 60
- 238000004422 calculation algorithm Methods 0.000 claims description 18
- 238000010586 diagram Methods 0.000 description 6
- 230000008901 benefit Effects 0.000 description 4
- 230000011664 signaling Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000000844 transformation Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses an identity authentication method and system based on a block chain, wherein the identity authentication method based on the block chain comprises the following steps: the terminal equipment sends an identity authentication request to an application server; the identity authentication request includes an authentication factor; the application server receives the identity authentication request and generates first transaction information according to an authentication factor in the identity authentication request; the application server broadcasts the first transaction information to the blockchain network; the application server sends the first transaction number information of the first transaction information to the terminal equipment; the terminal equipment receives the first transaction number information, generates second transaction information according to the first transaction number information and the authentication factor, and broadcasts the second transaction information to the blockchain network; and the block chain network performs identity authentication on the terminal equipment according to the first transaction information and the second transaction information to obtain an authentication result. According to the technical scheme provided by the invention, the identity authentication of the terminal equipment can be safely and conveniently carried out through the block chain network.
Description
Technical Field
The invention relates to the technical field of internet, in particular to an identity authentication method and system based on a block chain.
Background
In the internet technology, when a user logs in a certain application server, the application server often needs to perform identity authentication on the user, so as to determine whether the user has the right to access and use certain resources, i.e., whether the user is an authorized user, so that an access policy of the internet can be reliably and effectively executed, an attacker is prevented from impersonating the authorized user to obtain the access right and the use right of the resources, and data security and legal benefit of the authorized user are ensured.
In the prior art, identity authentication can be performed through a third-party authentication server, and the specific process is as follows: the user sends an identity authentication request to a third-party authentication server through terminal equipment, the identity authentication request comprises information required by an application server, the third-party authentication server verifies the identity authentication request, signs the information required by the application server after the verification is passed, and returns an authentication result to the terminal equipment, the authentication result comprises a signature of the information required by the third-party authentication server to the application server, then the terminal equipment sends the authentication result to the application server, and the application server can verify the identity of the terminal equipment according to the signature in the authentication result. However, if the third party authentication server leaks information or the information is tampered, a great loss may be brought to the user and the application server on the terminal device side.
Disclosure of Invention
In view of the above, the present invention is proposed to provide a block chain based identity authentication method and system that overcomes or at least partially solves the above problems.
According to an aspect of the present invention, there is provided a block chain-based identity authentication method, including:
the terminal equipment sends an identity authentication request to an application server; wherein, the identity authentication request comprises an authentication factor;
the application server receives the identity authentication request and generates first transaction information according to an authentication factor in the identity authentication request;
the application server broadcasts the first transaction information to the blockchain network;
the application server sends the first transaction number information of the first transaction information to the terminal equipment;
the terminal equipment receives the first transaction number information, generates second transaction information according to the first transaction number information and the authentication factor, and broadcasts the second transaction information to the blockchain network;
and the block chain network performs identity authentication on the terminal equipment according to the first transaction information and the second transaction information to obtain an authentication result.
According to another aspect of the present invention, there is provided a blockchain-based identity authentication system, the system including: the system comprises terminal equipment, an application server and a block chain network; wherein,
the terminal device is used for: sending an identity authentication request to an application server; wherein the identity authentication request comprises an authentication factor;
the application server is configured to: receiving an identity authentication request, and generating first transaction information according to an authentication factor in the identity authentication request; broadcasting the first transaction information to a block chain network, and sending first transaction number information of the first transaction information to terminal equipment;
the terminal device is further configured to: receiving the first transaction number information, generating second transaction information according to the first transaction number information and the authentication factor, and broadcasting the second transaction information to the block chain network;
the blockchain network is used for: and according to the first transaction information and the second transaction information, performing identity authentication on the terminal equipment to obtain an authentication result.
According to the technical scheme provided by the invention, the application server generates first transaction information according to an authentication factor in an identity authentication request of the terminal equipment, broadcasts the first transaction information to the blockchain network, sends the first transaction number information of the first transaction information to the terminal equipment, then the terminal equipment generates second transaction information according to the first transaction number information and the authentication factor, broadcasts the second transaction information to the blockchain network, and then the blockchain network performs identity authentication on the terminal equipment according to the first transaction information and the second transaction information to obtain an authentication result. According to the technical scheme provided by the invention, the identity authentication can be safely and conveniently carried out on the terminal equipment through the block link network, and in addition, the credibility of the identity authentication is also increased by utilizing the characteristic that the block links can not be tampered.
The above description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 shows a signaling flow diagram of a block chain based identity authentication method according to an embodiment of the present invention;
fig. 2 shows a signaling flow diagram of a block chain based identity authentication method according to another embodiment of the present invention;
fig. 3 shows a block diagram of an identity authentication system based on a blockchain according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Fig. 1 shows a signaling flow diagram of an identity authentication method based on a block chain according to an embodiment of the present invention, as shown in fig. 1, the method includes the following steps:
step S100, the terminal equipment sends an identity authentication request to the application server.
Wherein the identity authentication request includes an authentication factor. In particular, the authentication factor includes one or more of: user name information, user password information, device fingerprint information, dynamic codes and behavior habit information. In addition, the authentication factor may also include other information that may be used to authenticate an identity, which is not limited herein.
Step S101, the application server receives the identity authentication request and generates first transaction information according to the authentication factor in the identity authentication request.
The application server receives an identity authentication request sent by the terminal equipment, and then generates first transaction information according to an authentication factor in the identity authentication request.
In step S102, the application server broadcasts the first transaction information to the blockchain network.
After generating the first transaction information, the application server broadcasts the first transaction information to the blockchain network. Wherein the blockchain has the property of being not tampered.
Step S103, the application server sends the first transaction number information of the first transaction information to the terminal equipment.
Specifically, the first transaction number information of the first transaction information may be obtained by calculating the first transaction information by using a hash algorithm. In order to enable the terminal device to obtain the first transaction information, the application server sends the first transaction number information of the first transaction information to the terminal device.
And step S104, the terminal equipment receives the first transaction number information, generates second transaction information according to the first transaction number information and the authentication factor, and broadcasts the second transaction information to the blockchain network.
After receiving the first transaction number information sent by the application server, the terminal device generates second transaction information according to the first transaction number information and the authentication factor, and then broadcasts the generated second transaction information to the blockchain network.
And step S105, the block chain network authenticates the identity of the terminal equipment according to the first transaction information and the second transaction information to obtain an authentication result.
Since the first transaction information and the second transaction information are both broadcast to the blockchain network, in step S105, the blockchain network can perform identity authentication on the terminal device according to the first transaction information and the second transaction information to obtain an authentication result. Wherein, the authentication result includes: a first authentication result and a second authentication result. Specifically, the first authentication result is an authentication result that the authentication is successful, and the second authentication result is an authentication result that the authentication is failed.
According to the identity authentication method based on the block chain, provided by the embodiment of the invention, the application server generates first transaction information according to an authentication factor in an identity authentication request of the terminal equipment, broadcasts the first transaction information to the block chain network, sends the first transaction number information of the first transaction information to the terminal equipment, then the terminal equipment generates second transaction information according to the first transaction number information and the authentication factor, broadcasts the second transaction information to the block chain network, and then the block chain network authenticates the identity of the terminal equipment according to the first transaction information and the second transaction information to obtain an authentication result. According to the technical scheme provided by the invention, the identity authentication can be safely and conveniently carried out on the terminal equipment through the block chain network, and in addition, the identity authentication reliability is also increased by utilizing the characteristic that the block chain cannot be tampered.
Fig. 2 shows a signaling flow diagram of a block chain-based identity authentication method according to another embodiment of the present invention, as shown in fig. 2, the method includes the following steps:
step S200, the terminal equipment sends an identity authentication request to the application server.
Wherein the identity authentication request includes an authentication factor. In particular, the authentication factor includes one or more of: user name information, user password information, device fingerprint information, dynamic codes and behavior habit information. Those skilled in the art can also use other information that can be used for authenticating identity as an authentication factor according to actual needs, and is not limited herein.
Step S201, the application server receives the identity authentication request, and generates script information according to the identity authentication request.
After receiving the identity authentication request, the application server generates script information according to the identity authentication request.
Step S202, the application server obtains a mathematical transformation result by using the authentication factor and the script information in the identity authentication request.
Specifically, the authentication factor in the identity authentication request is mathematically changed by using the script information to obtain a mathematical transformation result. For example, the authentication factor in the identity authentication request is used as the input information corresponding to the script information, the script information is used to obtain the output information, and the obtained output information is the mathematical transformation result. The mathematical variation includes, but is not limited to, addition, subtraction, and, xor, and hash.
Step S203, the application server calculates a script hash value corresponding to the script information by using a hash algorithm.
And the application server performs hash operation on the script information by utilizing a hash algorithm to obtain a script hash value corresponding to the script information.
In step S204, the application server generates first transaction information according to the block chain address information, the script hash value, and the mathematical transformation result of the script information.
The script information has corresponding block chain address information, and the script information can be obtained according to the block chain address information of the script information. Since the transaction information includes transaction input information and transaction output information, the application server may generate the first transaction information by using the token of the blockchain as the transaction input information of the first transaction information and using the blockchain address information, the script hash value, and the mathematical transformation result of the script information as the transaction output information of the first transaction information in step S204.
In step S205, the application server broadcasts the first transaction information to the blockchain network.
After generating the first transaction information, the application server broadcasts the first transaction information to the blockchain network. The application server broadcasts the blockchain address information, the script hash value and the mathematical transformation result of the script information to the blockchain network in the form of first transaction information.
Step S206, the application server sends the first transaction number information of the first transaction information to the terminal equipment.
Specifically, the first transaction number information of the first transaction information is obtained by calculating the first transaction information by using a hash algorithm. Optionally, before step S206, the method may further include: and the application server calculates the first transaction information by utilizing a Hash algorithm to obtain first transaction number information of the first transaction information.
Step S207, the terminal device receives the first transaction number information, and acquires the first transaction information according to the first transaction number information.
Since the first transaction number information of the first transaction information is obtained by calculating the first transaction information by using a hash algorithm, the first transaction information can be obtained according to the first transaction number information after the terminal device receives the first transaction number information.
And step S208, the terminal equipment obtains script information according to the first transaction information.
Since the first transaction information is generated according to the blockchain address information of the script information, the script hash value and the mathematical transformation result, the terminal device can obtain the blockchain address information of the script information according to the first transaction information, and then can obtain the script information according to the blockchain address information of the script information.
In step S209, the terminal device generates second transaction information according to the first transaction number information, the script information, the authentication factor, and the blockchain address information of the application server.
The application server has corresponding blockchain address information, and the application server can be determined according to the blockchain address information of the application server. Specifically, the terminal device may use the first transaction number information, the script information, and the authentication factor as transaction input information of the second transaction information, and use the block chain address information of the application server as transaction output information of the second transaction information, thereby generating the second transaction information.
In step S210, the terminal device broadcasts the second transaction information to the blockchain network.
After generating the second transaction information, the terminal device broadcasts the second transaction information to the blockchain network. The method is equivalent to that the terminal equipment broadcasts the first transaction number information, the script information, the authentication factor and the blockchain address information of the application server to the blockchain network in the form of second transaction information.
Step S211, the blockchain network performs identity authentication on the terminal device according to the first transaction information and the second transaction information to obtain an authentication result.
Since the first transaction information and the second transaction information are both broadcast to the blockchain network, in step S211, the blockchain network may perform identity authentication on the terminal device according to the first transaction information and the second transaction information to obtain an authentication result.
The block chain network can obtain the block chain address information, the script hash value and the mathematical transformation result of the script information corresponding to the first transaction information according to the first transaction information, and similarly, the second transaction information can be generated according to the first transaction number information, the script information, the authentication factor and the block chain address information of the application server, and the block chain network can obtain the first transaction number information, the script information, the authentication factor and the block chain address information of the application server corresponding to the second transaction information according to the second transaction information.
Specifically, the blockchain network obtains script information corresponding to the second transaction information according to the second transaction information; and calculating the script information corresponding to the second transaction information by utilizing a hash algorithm to obtain a hash value of the script to be authenticated. And the block chain network obtains a script hash value corresponding to the first transaction information according to the first transaction information.
After the script hash value to be authenticated and the script hash value corresponding to the first transaction information are obtained, the blockchain network judges whether the script hash value to be authenticated is the same as the script hash value corresponding to the first transaction information.
If the block chain network judges that the hash value of the script to be authenticated is the same as the hash value of the script corresponding to the first transaction information, the block chain network obtains an authentication factor corresponding to the second transaction information according to the second transaction information and obtains a mathematical transformation result to be authenticated according to the authentication factor and the script information corresponding to the second transaction information; then, the block chain network obtains a mathematical transformation result corresponding to the first transaction information according to the first transaction information; after the mathematical transformation result to be authenticated and the mathematical transformation result corresponding to the first transaction information are obtained, the block chain network judges whether the mathematical transformation result to be authenticated is the same as the mathematical transformation result corresponding to the first transaction information. If the authentication mathematical transformation result obtained by judgment is the same as the mathematical transformation result corresponding to the first transaction information, the block chain network obtains a first authentication result, namely an authentication result of successful authentication; and if the obtained authentication mathematical transformation result is judged to be not the same as the mathematical transformation result corresponding to the first transaction information, the block chain network obtains a second authentication result, and the authentication result of authentication failure is obtained.
And if the block chain network judges that the hash value of the script to be authenticated is not the same as the hash value of the script corresponding to the first transaction information, the block chain network obtains a second authentication result.
In this embodiment, in the process of authenticating the identity of the terminal device by the blockchain network, the blockchain network not only verifies the hash value of the script, but also verifies the mathematical transformation result, so that the identity authentication can be performed more comprehensively and accurately, and a reliable authentication result can be obtained.
Other ways of verifying the validity of the transaction are the same as the ways of verifying the validity of the transaction by the blockchain network in the prior art, and are not described herein again.
In practical application, identity authentication can be performed on the terminal device by the miner node in the block chain network according to the first transaction information and the second transaction information. If identity authentication is carried out on the terminal equipment by the miner node in the block chain network, a first authentication result is obtained, namely the authentication is successful, the miner node broadcasts second transaction information in the block chain network, and after the identity authentication is achieved by all the nodes in the block chain network, the second transaction information is written into the block chain.
Step S212, the blockchain network sends the authentication result to the application server.
The blockchain network can obtain blockchain address information of the application server according to the second transaction information, and can send the authentication result to the application server according to the blockchain address information of the application server, so that the application server can know whether the identity authentication of the terminal equipment is successful or not.
According to the identity authentication method based on the blockchain, provided by the embodiment of the invention, the application server generates first transaction information according to the blockchain address information, the script hash value and the mathematical transformation result of the script information, broadcasts the first transaction information to the blockchain network, sends the first transaction number information of the first transaction information to the terminal equipment, the terminal equipment generates second transaction information according to the first transaction number information, the script information, the authentication factor and the blockchain address information of the application server, broadcasts the second transaction information to the blockchain network, and then the blockchain network authenticates the identity of the terminal equipment according to the first transaction information and the second transaction information to obtain the authentication result. According to the technical scheme provided by the invention, the hash value of the script and the mathematical transformation result are stored and verified through the blockchain network, so that the identity authentication of the terminal equipment can be safely, conveniently and accurately carried out, and in addition, the credibility of the identity authentication is also increased by utilizing the characteristic that the blockchain cannot be tampered.
Fig. 3 is a block diagram illustrating a block chain-based identity authentication system according to an embodiment of the present invention, and as shown in fig. 3, the system includes: terminal device 310, application server 320, and blockchain network 330.
The terminal device 310 is configured to: an authentication request is sent to the application server 320.
Wherein the identity authentication request includes an authentication factor. Those skilled in the art can use the information that can be used to authenticate the identity as an authentication factor according to actual needs, and is not limited herein. For example, the authentication factor may include one or more of: user name information, user password information, device fingerprint information, dynamic codes and behavior habit information.
The application server 320 is configured to: receiving an identity authentication request, and generating first transaction information according to an authentication factor in the identity authentication request; and broadcasting the first transaction information to the blockchain network, and sending the first transaction number information of the first transaction information to the terminal equipment.
Specifically, the application server 320 includes: a first receiving module 321, a first processing module 322, a first generating module 323, a first broadcasting module 324, and a first transmitting module 325. The first receiving module 321 is configured to: an identity authentication request is received. The first processing module 322 is configured to: generating script information according to the identity authentication request; obtaining a mathematical transformation result by using an authentication factor and script information in the identity authentication request; and calculating to obtain a script hash value corresponding to the script information by using a hash algorithm. The first generating module 323 is configured to: and generating first transaction information according to the block chain address information, the script hash value and the mathematical transformation result of the script information. The first broadcasting module 324 is configured to: the first transaction information is broadcast to a blockchain network. The first sending module 325 is configured to: the first transaction number information of the first transaction information is sent to the terminal device 310.
The first processing module 322 in the application server 320 uses the script information to mathematically change the authentication factor in the identity authentication request, so as to obtain a mathematical transformation result. For example, the authentication factor in the identity authentication request is used as the input information corresponding to the script information, the script information is used to obtain the output information, and the obtained output information is the mathematical transformation result. Mathematical variations include, but are not limited to, addition operations, subtraction operations, and operations, exclusive or operations, hash operations, and the like.
Since the transaction information includes transaction input information and transaction output information, the first generation module 323 in the application server 320 may generate the first transaction information by using the token of the block chain as the transaction input information of the first transaction information and using the block chain address information, the script hash value, and the mathematical transformation result of the script information as the transaction output information of the first transaction information. After the first generating module 323 generates the first transaction information, the first broadcasting module 324 in the application server 320 broadcasts the first transaction information to the blockchain network 330, which is equivalent to the first broadcasting module 324 broadcasting the blockchain address information, the script hash value and the mathematical transformation result of the script information to the blockchain network in the form of the first transaction information.
Optionally, the application server 320 is further configured to: and calculating the first transaction information by utilizing a Hash algorithm to obtain first transaction number information of the first transaction information. Specifically, the first processing module 322 in the application server 320 calculates the first transaction information by using a hash algorithm, so as to obtain first transaction number information of the first transaction information.
The terminal device 310 is further configured to: and receiving the first transaction number information, generating second transaction information according to the first transaction number information and the authentication factor, and broadcasting the second transaction information to the blockchain network.
Specifically, the terminal device 310 includes: a second transmitting module 311, a second receiving module 312, a second processing module 313, a second generating module 314, and a second broadcasting module 315. Wherein the second sending module 311 is configured to: an authentication request is sent to the application server 320. The second receiving module 312 is configured to: first transaction number information is received. The second processing module 313 is configured to: acquiring first transaction information according to the first transaction number information; and obtaining script information according to the first transaction information. The second generating module 314 is configured to: and generating second transaction information according to the first transaction number information, the script information, the authentication factor and the block chain address information of the application server. The second broadcast module 315 is configured to: the second transaction information is broadcast to the blockchain network 330.
Since the first transaction number information of the first transaction information is obtained by calculating the first transaction information by using a hash algorithm, after the second receiving module 312 in the terminal device 310 receives the first transaction number information, the second processing module 313 acquires the first transaction information according to the first transaction number information. Since the first transaction information is generated according to the blockchain address information of the script information, the script hash value, and the mathematical transformation result, the second processing module 313 may obtain the blockchain address information of the script information according to the first transaction information, and may obtain the script information according to the blockchain address information of the script information.
The second generating module 314 in the terminal device 310 may then generate second transaction information according to the first transaction number information, the script information, the authentication factor, and the blockchain address information of the application server. Specifically, the second generating module 314 may use the first transaction number information, the script information, and the authentication factor as the transaction input information of the second transaction information, and use the blockchain address information of the application server as the transaction output information of the second transaction information, thereby generating the second transaction information. After the second generating module 314 generates the second transaction information, the second broadcasting module 315 broadcasts the second transaction information to the blockchain network 330, which is equivalent to the second broadcasting module 315 broadcasting the first transaction number information, the script information, the authentication factor, and the blockchain address information of the application server to the blockchain network 330 in the form of the second transaction information.
The blockchain network 330 is configured to: and performing identity authentication on the terminal equipment 310 according to the first transaction information and the second transaction information to obtain an authentication result.
The blockchain network 330 includes: a third receiving module 331, a third processing module 332, a first authentication module 333, a fourth processing module 334, a second authentication module 335, and a result generation module 336.
The third receiving module 331 is configured to: first transaction information and second transaction information are received.
The third processing module 332 is configured to: obtaining script information corresponding to the second transaction information according to the second transaction information; calculating script information corresponding to the second transaction information by using a hash algorithm to obtain a hash value of the script to be authenticated; and obtaining a script hash value corresponding to the first transaction information according to the first transaction information.
The first authentication module 333 is configured to: and judging whether the hash value of the script to be authenticated is the same as the hash value of the script corresponding to the first transaction information.
The fourth processing module 334 is configured to: if the first authentication module 333 determines that the obtained script hash value to be authenticated is the same as the script hash value corresponding to the first transaction information, the authentication factor corresponding to the second transaction information is obtained according to the second transaction information, and the mathematical transformation result to be authenticated is obtained according to the authentication factor and the script information corresponding to the second transaction information; and obtaining a mathematical transformation result corresponding to the first transaction information according to the first transaction information.
The second authentication module 335 is configured to: and judging whether the mathematical transformation result to be authenticated is the same as the mathematical transformation result corresponding to the first transaction information.
The result generation module 336 is configured to: if the first authentication module 333 determines that the obtained script hash value to be authenticated is not the same as the script hash value corresponding to the first transaction information, a second authentication result is obtained; if the second authentication module 335 determines that the mathematical transformation result to be authenticated is the same as the mathematical transformation result corresponding to the first transaction information, a first authentication result is obtained; if the second authentication module 335 determines that the mathematical transformation result to be authenticated is not the same as the mathematical transformation result corresponding to the first transaction information, a second authentication result is obtained.
In this embodiment, the blockchain network not only verifies the hash value of the script, but also verifies the mathematical transformation result, so that the identity authentication can be performed more comprehensively and accurately, and a reliable authentication result can be obtained.
Optionally, the blockchain network 330 is further configured to send the authentication result to the application server 320, so that the application server 320 knows whether the identity authentication of the terminal device 310 is successful. Specifically, the blockchain network 330 may include a third sending module (not shown in the figure) for sending the authentication result to the application server 320.
According to the identity authentication system based on the blockchain, provided by the invention, the application server generates first transaction information according to the blockchain address information, the script hash value and the mathematical transformation result of the script information, broadcasts the first transaction information to the blockchain network, and sends the first transaction number information of the first transaction information to the terminal equipment, the terminal equipment generates second transaction information according to the first transaction number information, the script information, the authentication factor and the blockchain address information of the application server, and broadcasts the second transaction information to the blockchain network, and then the blockchain network authenticates the identity of the terminal equipment according to the first transaction information and the second transaction information to obtain the authentication result. According to the technical scheme provided by the invention, the hash value of the script and the mathematical transformation result are stored and verified through the block chain network, so that the identity authentication of the terminal equipment can be safely, conveniently and accurately carried out, and in addition, the identity authentication reliability is also increased by utilizing the characteristic that the block chain cannot be tampered.
Thus, it should be appreciated by those skilled in the art that while a number of exemplary embodiments of the invention have been illustrated and described in detail herein, many other variations or modifications consistent with the principles of the invention may be ascertained or derived from the disclosure directly without departing from the spirit and scope of the invention. Accordingly, the scope of the invention should be understood and interpreted to cover all such other variations or modifications.
As will be appreciated by one skilled in the art, embodiments of the present invention may be embodied as a system, apparatus, device, method or computer program product. In addition, the present invention is not intended to be limited to any particular programming language, it being understood that various programming languages may be used to implement the present invention as described herein, and any specific languages are provided for disclosure of enablement and best mode of the present invention.
It is noted that although several modules in the block chain based identity authentication system are described in detail in the above description, such division is merely exemplary and not mandatory. Those skilled in the art will appreciate that, in practice, the modules in the embodiments may be adaptively changed, a plurality of modules in the embodiments may be combined into one module, or one module may be divided into a plurality of modules.
Moreover, while operations for carrying out the invention are illustrated in the drawings in a particular order, this does not require or imply that all of the illustrated operations must be performed in that particular order to achieve desirable results. Some steps may be omitted, multiple steps may be combined into one step for execution, or one step may be divided into multiple steps for execution.
In summary, by applying the identity authentication method and system based on the blockchain of the present invention, the identity authentication can be safely and conveniently performed on the terminal device through the blockchain network, and in addition, the identity authentication reliability is further increased by using the characteristic that the blockchain cannot be tampered with.
The method and the specific implementation method of the invention are described in detail and corresponding examples are given. Of course, the present invention may have other embodiments besides the above embodiments, and all the technical solutions formed by using equivalent substitutions or equivalent transformations fall within the protection scope of the present invention.
Claims (12)
1. An identity authentication method based on a block chain is characterized by comprising the following steps:
the terminal equipment sends an identity authentication request to an application server; wherein the identity authentication request includes an authentication factor comprising one or more of: user name information, user password information, equipment fingerprint information, dynamic codes and behavior habit information;
the application server receives the identity authentication request and generates first transaction information according to an authentication factor in the identity authentication request;
the application server broadcasts the first transaction information to a blockchain network;
the application server sends first transaction number information of the first transaction information to the terminal equipment;
the terminal equipment receives the first transaction number information, generates second transaction information according to the first transaction number information and the authentication factor, and broadcasts the second transaction information to the block chain network;
the block chain network performs identity authentication on the terminal equipment according to the first transaction information and the second transaction information to obtain an authentication result;
the first transaction information is generated according to block chain address information, script hash values and mathematical transformation results of the script information; the script information is generated according to the identity authentication request; the second transaction information is generated according to the first transaction number information, the script information, the authentication factor and the block chain address information of the application server;
the block chain network performs identity authentication on the terminal device according to the first transaction information and the second transaction information, and obtaining an authentication result further includes: and the block chain network verifies the script hash value and the mathematical transformation result according to the first transaction information and the second transaction information to obtain an authentication result.
2. The blockchain-based identity authentication method of claim 1, wherein the receiving, by the application server, the identity authentication request, and the generating the first transaction information according to an authentication factor in the identity authentication request further comprises:
the application server receives the identity authentication request and generates script information according to the identity authentication request;
the application server obtains a mathematical transformation result by using the authentication factor and the script information in the identity authentication request;
the application server calculates a script hash value corresponding to the script information by using a hash algorithm;
and the application server generates first transaction information according to the block chain address information of the script information, the script hash value and the mathematical transformation result.
3. The blockchain-based identity authentication method according to claim 1, wherein before the application server sends the first transaction number information of the first transaction information to the terminal device, the method further comprises:
and the application server calculates the first transaction information by utilizing a Hash algorithm to obtain first transaction number information of the first transaction information.
4. The blockchain-based identity authentication method of claim 2, wherein the receiving the first transaction number information by the terminal device, generating second transaction information according to the first transaction number information and the authentication factor, and broadcasting the second transaction information to the blockchain network further comprises:
the terminal equipment receives the first transaction number information and acquires the first transaction information according to the first transaction number information;
the terminal equipment obtains the script information according to the first transaction information;
the terminal equipment generates second transaction information according to the first transaction number information, the script information, the authentication factor and the block chain address information of the application server;
and the terminal equipment broadcasts the second transaction information to the block chain network.
5. The identity authentication method based on the blockchain according to claim 4, wherein the identity authentication of the terminal device is performed by the blockchain network according to the first transaction information and the second transaction information, and obtaining the authentication result further comprises:
the block chain network obtains script information corresponding to the second transaction information according to the second transaction information;
the block chain network calculates script information corresponding to the second transaction information by using a hash algorithm to obtain a hash value of the script to be authenticated;
the block chain network obtains a script hash value corresponding to the first transaction information according to the first transaction information;
the block chain network judges whether the script hash value to be authenticated is the same as the script hash value corresponding to the first transaction information;
if the block chain network judges that the script hash value to be authenticated is the same as the script hash value corresponding to the first transaction information, the block chain network obtains an authentication factor corresponding to the second transaction information according to the second transaction information, and obtains a mathematical transformation result to be authenticated according to the authentication factor and the script information corresponding to the second transaction information; the block chain network obtains a mathematical transformation result corresponding to the first transaction information according to the first transaction information; the block chain network judges whether the mathematical transformation result to be authenticated is the same as the mathematical transformation result corresponding to the first transaction information; if so, the block chain network obtains a first authentication result; if not, the block chain network obtains a second authentication result;
and if the block chain network judges that the hash value of the script to be authenticated is not the same as the hash value of the script corresponding to the first transaction information, the block chain network obtains a second authentication result.
6. The blockchain-based identity authentication method according to any one of claims 1 to 5, wherein after the blockchain network performs identity authentication on the terminal device according to the first transaction information and the second transaction information and obtains an authentication result, the method further comprises:
and the block chain network sends the authentication result to the application server.
7. An identity authentication system based on a blockchain, comprising: the system comprises terminal equipment, an application server and a block chain network; wherein,
the terminal device is configured to: sending an identity authentication request to the application server; wherein the identity authentication request includes an authentication factor comprising one or more of: user name information, user password information, equipment fingerprint information, dynamic codes and behavior habit information;
the application server is configured to: receiving the identity authentication request, and generating first transaction information according to an authentication factor in the identity authentication request; broadcasting the first transaction information to a blockchain network, and sending first transaction number information of the first transaction information to the terminal equipment;
the terminal device is further configured to: receiving the first transaction number information, generating second transaction information according to the first transaction number information and the authentication factor, and broadcasting the second transaction information to the block chain network;
the blockchain network is to: according to the first transaction information and the second transaction information, identity authentication is carried out on the terminal equipment to obtain an authentication result;
the first transaction information is generated according to block chain address information, script hash values and mathematical transformation results of the script information; the script information is generated according to the identity authentication request; the second transaction information is generated according to the first transaction number information, the script information, the authentication factor and the block chain address information of the application server;
the blockchain network is further configured to: and verifying the script hash value and the mathematical transformation result according to the first transaction information and the second transaction information to obtain an authentication result.
8. The blockchain-based identity authentication system of claim 7, wherein the application server comprises: the system comprises a first receiving module, a first processing module, a first generating module, a first broadcasting module and a first sending module;
the first receiving module is configured to: receiving the identity authentication request;
the first processing module is configured to: generating script information according to the identity authentication request; obtaining a mathematical transformation result by using the authentication factor and the script information in the identity authentication request; calculating to obtain a script hash value corresponding to the script information by using a hash algorithm;
the first generation module is used for: generating first transaction information according to the block chain address information of the script information, the script hash value and the mathematical transformation result;
the first broadcast module is configured to: broadcasting the first transaction information to a blockchain network;
the first sending module is configured to: and sending the first transaction number information of the first transaction information to the terminal equipment.
9. The blockchain-based identity authentication system of claim 7, wherein the application server is further configured to:
and calculating the first transaction information by utilizing a Hash algorithm to obtain first transaction number information of the first transaction information.
10. The system according to claim 8, wherein the terminal device comprises: the first sending module, the first receiving module, the first processing module, the first generating module and the first broadcasting module are connected with the first receiving module;
the second sending module is configured to: sending the identity authentication request to the application server;
the second receiving module is configured to: receiving the first transaction number information;
the second processing module is configured to: acquiring the first transaction information according to the first transaction number information; obtaining the script information according to the first transaction information;
the second generation module is to: generating second transaction information according to the first transaction number information, the script information, the authentication factor and the block chain address information of the application server;
the second broadcast module is configured to: broadcasting the second transaction information to the blockchain network.
11. The blockchain-based identity authentication system of claim 10 wherein the blockchain network comprises: the system comprises a third receiving module, a third processing module, a first authentication module, a fourth processing module, a second authentication module and a result generating module;
the third receiving module is configured to: receiving the first transaction information and the second transaction information;
the third processing module is configured to: obtaining script information corresponding to the second transaction information according to the second transaction information; calculating script information corresponding to the second transaction information by using a hash algorithm to obtain a hash value of the script to be authenticated; obtaining a script hash value corresponding to the first transaction information according to the first transaction information;
the first authentication module is to: judging whether the script hash value to be authenticated is the same as the script hash value corresponding to the first transaction information;
the fourth processing module is configured to: if the first authentication module judges that the script hash value to be authenticated is the same as the script hash value corresponding to the first transaction information, the authentication factor corresponding to the second transaction information is obtained according to the second transaction information, and the mathematical transformation result to be authenticated is obtained according to the authentication factor and the script information corresponding to the second transaction information; obtaining a mathematical transformation result corresponding to the first transaction information according to the first transaction information;
the second authentication module is to: judging whether the mathematical transformation result to be authenticated is the same as the mathematical transformation result corresponding to the first transaction information;
the result generation module is configured to: if the first authentication module judges that the hash value of the script to be authenticated is not the same as the hash value of the script corresponding to the first transaction information, a second authentication result is obtained; if the second authentication module judges that the mathematical transformation result to be authenticated is the same as the mathematical transformation result corresponding to the first transaction information, a first authentication result is obtained; and if the second authentication module judges that the mathematical transformation result to be authenticated is not the same as the mathematical transformation result corresponding to the first transaction information, a second authentication result is obtained.
12. The blockchain-based identity authentication system according to any one of claims 7 to 11, wherein the blockchain network is further configured to:
and sending the authentication result to the application server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611094966.1A CN106534160B (en) | 2016-12-02 | 2016-12-02 | Identity authentication method and system based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611094966.1A CN106534160B (en) | 2016-12-02 | 2016-12-02 | Identity authentication method and system based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106534160A CN106534160A (en) | 2017-03-22 |
| CN106534160B true CN106534160B (en) | 2020-02-21 |
Family
ID=58354688
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611094966.1A Active CN106534160B (en) | 2016-12-02 | 2016-12-02 | Identity authentication method and system based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106534160B (en) |
Families Citing this family (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108875386A (en) * | 2017-05-16 | 2018-11-23 | 江峰 | A kind of multicenter finite field block catenary system framework with block issue mechanism and application demand issue mechanism |
| CN107147652B (en) * | 2017-05-18 | 2019-08-09 | 电子科技大学 | A secure fusion authentication method for user multi-modal identity based on blockchain |
| CN107332826B (en) * | 2017-06-09 | 2019-12-03 | 中国联合网络通信集团有限公司 | The communication means and device of block chain agent node |
| CN107171812A (en) * | 2017-07-18 | 2017-09-15 | 光载无限(北京)科技有限公司 | It is a kind of based on block chain without key signature infrastructure construction method |
| CN107181765A (en) * | 2017-07-25 | 2017-09-19 | 光载无限(北京)科技有限公司 | Network digital identity identifying method based on block chain technology |
| CN107493162A (en) * | 2017-07-25 | 2017-12-19 | 中国联合网络通信集团有限公司 | The implementation method and device of block chain node |
| CN107454110A (en) * | 2017-09-26 | 2017-12-08 | 武汉斗鱼网络科技有限公司 | A kind of data verification method and server |
| CN107682328A (en) * | 2017-09-26 | 2018-02-09 | 武汉斗鱼网络科技有限公司 | A kind of data verification method and client |
| CN107528855A (en) * | 2017-09-26 | 2017-12-29 | 武汉斗鱼网络科技有限公司 | A kind of data verification method and server |
| CN107465698A (en) * | 2017-09-26 | 2017-12-12 | 武汉斗鱼网络科技有限公司 | A kind of data verification method and server |
| CN107679149A (en) * | 2017-09-26 | 2018-02-09 | 武汉斗鱼网络科技有限公司 | A kind of data processing method and server |
| CN107623865A (en) * | 2017-09-26 | 2018-01-23 | 武汉斗鱼网络科技有限公司 | A data verification method and server |
| CN109840766B (en) * | 2017-11-27 | 2024-03-29 | 华为终端有限公司 | Equipment control method and related equipment |
| CN108009825A (en) * | 2017-11-29 | 2018-05-08 | 江苏安凰领御科技有限公司 | A kind of identity management system and method based on block chain technology |
| CN108320173A (en) * | 2017-12-12 | 2018-07-24 | 北京瑞卓喜投科技发展有限公司 | Integration processing method and device based on block chain technology |
| CN108540553B (en) * | 2018-04-08 | 2019-08-13 | 中国联合网络通信集团有限公司 | Internet of things data management method, platform and equipment |
| CN108882005B (en) * | 2018-04-13 | 2021-04-27 | 武汉斗鱼网络科技有限公司 | Barrage verification method, computer equipment and storage medium |
| CN108809953B (en) * | 2018-05-22 | 2020-09-01 | 飞天诚信科技股份有限公司 | A method and device for anonymous identity authentication based on blockchain |
| CN108924089B (en) * | 2018-05-29 | 2021-11-09 | 武汉斗鱼网络科技有限公司 | Client device identification method and device and client device |
| KR101982604B1 (en) * | 2018-08-23 | 2019-05-27 | 신호열 | Method for generating item based on blockchain |
| CN109257342B (en) * | 2018-09-04 | 2020-05-26 | 阿里巴巴集团控股有限公司 | Block chain cross-chain authentication method, system, server and readable storage medium |
| CN109194651B (en) * | 2018-09-04 | 2021-10-19 | 深信服科技股份有限公司 | Identity authentication method, device, equipment and storage medium |
| CN109493202A (en) * | 2018-09-27 | 2019-03-19 | 深圳壹账通智能科技有限公司 | Block chain account checking method, device, system, equipment and readable storage medium storing program for executing |
| CN109409134B (en) * | 2018-09-29 | 2021-08-31 | 浙江口碑网络技术有限公司 | Transaction data monitoring method and device, storage medium and electronic equipment |
| CN109379357B (en) * | 2018-10-18 | 2021-01-08 | 全链通有限公司 | Method and device for realizing block chain real-name system authentication based on social relationship guarantee |
| CN109302415B (en) * | 2018-11-09 | 2019-11-01 | 四川虹微技术有限公司 | A kind of authentication method, block chain node and storage medium |
| CN110263579B (en) * | 2018-11-16 | 2021-05-11 | 腾讯科技(深圳)有限公司 | Data processing method, system and related equipment |
| ES2871062T3 (en) | 2019-02-28 | 2021-10-28 | Advanced New Technologies Co Ltd | System and method for data management based on blockchain |
| CN111193736B (en) * | 2019-12-30 | 2020-12-29 | 江苏恒宝智能系统技术有限公司 | Information authentication method, device, system and storage medium |
| CN111833976A (en) * | 2020-07-02 | 2020-10-27 | 中南大学湘雅医院 | A blockchain-based follow-up management system for chronic arthritis patients |
| CN112637184B (en) * | 2020-12-18 | 2022-05-17 | 珠海格力电器股份有限公司 | Security authentication system, method, apparatus, device, and computer-readable storage medium |
| CN112685721A (en) * | 2020-12-23 | 2021-04-20 | 深圳供电局有限公司 | Electric energy meter authority authentication method and device, computer equipment and storage medium |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9876775B2 (en) * | 2012-11-09 | 2018-01-23 | Ent Technologies, Inc. | Generalized entity network translation (GENT) |
| US10007913B2 (en) * | 2015-05-05 | 2018-06-26 | ShoCard, Inc. | Identity management service using a blockchain providing identity transactions between devices |
| CN105701372B (en) * | 2015-12-18 | 2019-04-09 | 布比(北京)网络技术有限公司 | A kind of building of block chain identity and verification method |
| CN105975868A (en) * | 2016-04-29 | 2016-09-28 | 杭州云象网络技术有限公司 | Block chain-based evidence preservation method and apparatus |
| CN106096444B (en) * | 2016-06-12 | 2019-05-14 | 杨鹏 | A kind of identification based on biological information and social information's recording method and system |
| CN106100847B (en) * | 2016-06-14 | 2021-10-26 | 惠众商务顾问(北京)有限公司 | Method and device for verifying identity information of asymmetric encryption block chain |
| CN105976232B (en) * | 2016-06-24 | 2020-04-28 | 深圳前海微众银行股份有限公司 | Asset transaction method and device |
| CN105959307A (en) * | 2016-06-30 | 2016-09-21 | 中国科学院计算技术研究所 | Existence certification and authentication service method and system based on block chain technology |
-
2016
- 2016-12-02 CN CN201611094966.1A patent/CN106534160B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN106534160A (en) | 2017-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106534160B (en) | Identity authentication method and system based on block chain | |
| CN112019493B (en) | Identity authentication method, identity authentication device, computer equipment and medium | |
| TWI522836B (en) | Network authentication method and system for secure electronic transaction | |
| US20160080157A1 (en) | Network authentication method for secure electronic transactions | |
| KR101744747B1 (en) | Mobile terminal, terminal and method for authentication using security cookie | |
| CN108322416B (en) | Security authentication implementation method, device and system | |
| CN107453871B (en) | Password generation method, password verification method, payment method and payment device | |
| JP2016518661A (en) | IC card offline PIN verification method and IC card offline verification system | |
| CN110611647A (en) | Node joining method and device on block chain system | |
| CN111125665A (en) | Authentication method and device | |
| CN105743854A (en) | Security authentication system and method | |
| CN112422516B (en) | Trusted connection method and device based on power edge calculation and computer equipment | |
| CN113938323A (en) | JWT (Java virtual machine-based) based replay attack prevention method, device, equipment and storage medium | |
| WO2025001230A1 (en) | Digital certificate management method, apparatus, device and system and readable storage medium | |
| CN116707758A (en) | Authentication method, equipment and server of trusted computing equipment | |
| CN116232716A (en) | PUF-based OTA upgrading method and storage medium | |
| CN111698204A (en) | Bidirectional identity authentication method and device | |
| CN107770183B (en) | Data transmission method and device | |
| CN107979579B (en) | Security authentication method and security authentication equipment | |
| CN111988336A (en) | Access request processing method, device and system and computer equipment | |
| CN109145543B (en) | an identity authentication method | |
| Tomas et al. | Towards formal verification of cyber security standards | |
| CN109472121B (en) | User identity verification method, device, system and terminal equipment | |
| CN104268165B (en) | A kind of online query method and apparatus | |
| CN111628985A (en) | Security access control method, security access control device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |