[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN108777684A - Identity identifying method, system and computer readable storage medium - Google Patents

Identity identifying method, system and computer readable storage medium Download PDF

Info

Publication number
CN108777684A
CN108777684A CN201810543425.5A CN201810543425A CN108777684A CN 108777684 A CN108777684 A CN 108777684A CN 201810543425 A CN201810543425 A CN 201810543425A CN 108777684 A CN108777684 A CN 108777684A
Authority
CN
China
Prior art keywords
identity
agency
letter
requestor
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810543425.5A
Other languages
Chinese (zh)
Other versions
CN108777684B (en
Inventor
张育明
潘海清
陈鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZHAOSHANG BANK CO Ltd
China Merchants Bank Co Ltd
Original Assignee
ZHAOSHANG BANK CO Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZHAOSHANG BANK CO Ltd filed Critical ZHAOSHANG BANK CO Ltd
Priority to CN201810543425.5A priority Critical patent/CN108777684B/en
Publication of CN108777684A publication Critical patent/CN108777684A/en
Application granted granted Critical
Publication of CN108777684B publication Critical patent/CN108777684B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • General Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Health & Medical Sciences (AREA)
  • Power Engineering (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a kind of identity identifying methods, are applied to identity authorization system, the identity authorization system includes agency's server and transaction node, and this method includes:Agency's server obtains the identity information of simultaneously checking request person when receiving block chain transaction request;When being verified, the service message after obtaining the letter of identity of requestor and signing via requestor signs again to service message by the agency's private key pre-saved;The letter of identity of service message, requestor by the service message after signing again, the letter of identity of the agency pre-saved, and after signing via requestor is sent to transaction node corresponding with transaction request;Transaction node is authenticated the validity of agency and requestor's identity.The invention also discloses a kind of identity authorization systems and a kind of computer readable storage medium.The present invention can be realized carries out safely and effectively authentication to block chain participant.

Description

Identity identifying method, system and computer readable storage medium
Technical field
The present invention relates to Internet technical field more particularly to identity identifying method, system and computer-readable storage mediums Matter.
Background technology
In recent years, with the continuous development of internet finance, block chain technology is gradually introduced bank and other financial mechanism In business transaction.So-called block chain technology, it is a kind of that conventional encryption technique and Internet advertising distribution technology are combined and to be formed A kind of completely new net application technology, during the internet business based on block chain technology, member identities in block chain Certification is to ensure one of the important step of block chain transaction authenticity and safety.
Finance block chain has participant more at present, and identity is complicated, and not fully credible feature, thus how right Block chain participant carry out safely and effectively authentication, to ensure block chain transaction authenticity and safety be at present urgently Problem to be solved.
Invention content
It is a primary object of the present invention to propose a kind of identity identifying method, system and computer readable storage medium, purport Safely and effectively authentication is carried out to block chain participant realizing.
To achieve the above object, the present invention provides a kind of identity identifying method, is applied to identity authorization system, the identity Verification System includes agency's server and transaction node, and the identity identifying method includes the following steps:
Agency's server obtains when receiving block chain transaction request and the identity of checking request person is believed Breath;
When being verified, agency's server obtains the letter of identity of the requestor and via the request Service message after person's signature signs again to the service message by the agency's private key pre-saved;
Agency's server is by the service message after signing again, the identity card of the agency pre-saved Book, and be sent to and the transaction request via the letter of identity of service message, the requestor after requestor signature Corresponding transaction node;
The transaction node according to it is described sign again after service message, the agency letter of identity, and via The letter of identity of service message, the requestor after requestor's signature, to the agency and requestor's body The validity of part is authenticated.
Preferably, agency's server obtains and the step of identity information of checking request person includes:
Agency's server obtains the identity information of the requestor carried in the transaction request;
Agency's server judges to whether there is the identity of the requestor in preset identity information database Information, if so, judging that the identity information of the requestor is verified.
Preferably, the identity information of the requestor includes at least one in access password, device identification and biological characteristic Kind.
Preferably, the letter of identity of service message, the agency after the transaction node is signed again according to, And the letter of identity of the service message, the requestor after signing via the requestor, to the agency and described ask The step of validity of the person's of asking identity is authenticated include:
The transaction node judges whether the letter of identity of the agency is effective;
If the letter of identity of the agency is effective, the transaction node is according to the letter of identity of the agency With it is described sign again after service message, the validity of agency's identity is authenticated;
When the identity of the agency is authenticated to be effective, the transaction node judges the identity card of the requestor Whether book is effective;
If the letter of identity of the requestor is effective, the transaction node is according to the letter of identity and warp of the requestor Service message after being signed by the requestor, is authenticated the validity of requestor's identity.
Preferably, the transaction node judges that the whether effective step of the letter of identity of the agency includes:
Whether the transaction node judges the letter of identity of the agency in the preset term of validity;
If the letter of identity of the agency, in the preset term of validity, the transaction node obtains preset trust Root certificate, and judge whether the letter of identity of the agency is issued by the corresponding certification authority of the trust root certificate Hair;
If the letter of identity of the agency is issued by the corresponding certification authority of the trust root certificate, The transaction node judges that the letter of identity of the agency is from certification authority website downloadable authentication revocation list It is no to be present in the certificate revocation list;
If the letter of identity of the agency is not present in the certificate revocation list, the agency is judged Letter of identity be effective.
Preferably, the transaction node according to the letter of identity of the agency and it is described sign again after business report Text, the step of being authenticated to the validity of agency's identity include:
The transaction node reads the public key of the agency from the letter of identity of the agency;
The transaction node according to the public key of the agency to it is described sign again after service message carry out sign test, if It is verified, then judges that the identity of the agency is effective.
Preferably, the identity authorization system further includes certification authority server, and agency's server exists When receiving block chain transaction request, obtain and checking request person identity information the step of before, further include:
Agency's server initiates letter of identity application request to the certification authority server;
The certification authority server obtains the identity letter of the applicant carried in the letter of identity application request The public key of breath and applicant, and anonymization processing is made to the identity information of the applicant;
The certification authority server is by the identity information of anonymization treated the applicant and the application The public key of person is bound, and to generate the letter of identity of the applicant, and the letter of identity of the applicant is handed down to institute State agency's server.
Preferably, the applicant includes the agency and triggers the requestor of the block chain transaction request.
In addition, to achieve the above object, the present invention also provides a kind of identity authorization system, the identity authorization system packet It includes:Agency's server, transaction node and authentication program, the authentication program is by agency's server The step of identity identifying method as described above being realized when being executed with the transaction node.
In addition, to achieve the above object, it is described computer-readable the present invention also provides a kind of computer readable storage medium Authentication program is stored on storage medium, the authentication program realizes identity as described above when being executed by processor The step of authentication method.
Identity identifying method proposed by the present invention, the external authentication by using agency and transaction node internal authentication The double-deck authentication mode being combined, that is, agency's server is when receiving block chain transaction request, first to requestor's Identity information carries out external certificate, after being verified, then agency and requestor's identity is carried out on block chain transaction node Internal authentication.This bilayer authentication mode ensure that the agency and block chain transaction requester for participating in the transaction of block chain Identity is authentic and valid, is conducive to the authenticity and the safety that ensure the transaction of block chain.
Description of the drawings
Fig. 1 is the terminal structure schematic diagram for the hardware running environment that the embodiment of the present invention is related to;
Fig. 2 is the flow diagram of identity identifying method first embodiment of the present invention;
Fig. 3 is the refinement step schematic diagram of step S40 in identity identifying method second embodiment of the present invention;
Fig. 4 is the refinement step schematic diagram of step S41 in Fig. 3;
Fig. 5 is the flow diagram of identity identifying method 3rd embodiment of the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific implementation mode
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The primary solutions of the embodiment of the present invention are:Agency's server when receiving block chain transaction request, Obtain the identity information of simultaneously checking request person;When being verified, agency server obtain requestor letter of identity and Service message after signing via requestor signs again to service message by the agency's private key pre-saved;Generation Reason authority server is signed by the service message after signing again, the letter of identity of the agency pre-saved, and via requestor The letter of identity of service message, requestor after name is sent to transaction node corresponding with transaction request;Transaction node is according to again The letter of identity of service message, agency after signature, and service message, requestor after signing via requestor identity Certificate is authenticated the validity of agency and requestor's identity.
Finance block chain has participant more at present, and identity is complicated, and not fully credible feature, thus how right Block chain participant carry out safely and effectively authentication, to ensure block chain transaction authenticity and safety be at present urgently Problem to be solved.
Identity identifying method proposed by the present invention, the external authentication by using agency and transaction node internal authentication The double-deck authentication mode being combined, that is, agency's server is when receiving block chain transaction request, first to requestor's Identity information carries out external certificate, after being verified, then agency and requestor's identity is carried out on block chain transaction node Internal authentication.This bilayer authentication mode ensure that the agency and block chain transaction requester for participating in the transaction of block chain Identity is authentic and valid, is conducive to the authenticity and the safety that ensure the transaction of block chain.
As shown in Figure 1, the terminal structure schematic diagram for the hardware running environment that Fig. 1, which is the embodiment of the present invention, to be related to.
Terminal of the embodiment of the present invention is agency's server and transaction node, which can be PC, can also It is the packaged type terminal device that smart mobile phone, tablet computer, pocket computer etc. have display function.
As shown in Figure 1, the terminal may include:Processor 1001, such as CPU, network interface 1004, user interface 1003, memory 1005, communication bus 1002.Wherein, communication bus 1002 is for realizing the connection communication between these components. User interface 1003 may include display screen (Display), input unit such as keyboard (Keyboard), optional user interface 1003 can also include standard wireline interface and wireless interface.Network interface 1004 may include optionally that the wired of standard connects Mouth, wireless interface (such as WI-FI interfaces).Memory 1005 can be high-speed RAM memory, can also be stable memory (non-volatile memory), such as magnetic disk storage.Memory 1005 optionally can also be independently of aforementioned processor 1001 storage device.
It will be understood by those skilled in the art that the restriction of the not structure paired terminal of terminal structure shown in Fig. 1, can wrap It includes than illustrating more or fewer components, either combines certain components or different components arrangement.
As shown in Figure 1, as may include that operating system, network are logical in a kind of memory 1005 of computer storage media Believe module, Subscriber Interface Module SIM and authentication program.
In terminal shown in Fig. 1, network interface 1004 is mainly used for connecting background server, is carried out with background server Data communicate;User interface 1003 is mainly used for connecting client (user terminal), with client into row data communication;And processor 1001 can be used for calling the authentication program stored in memory 1005, and execute following operation:
Agency's server obtains when receiving block chain transaction request and the identity of checking request person is believed Breath;
When being verified, agency's server obtains the letter of identity of the requestor and via the request Service message after person's signature signs again to the service message by the agency's private key pre-saved;
Agency's server is by the service message after signing again, the identity card of the agency pre-saved Book, and be sent to and the transaction request via the letter of identity of service message, the requestor after requestor signature Corresponding transaction node;
The transaction node according to it is described sign again after service message, the agency letter of identity, and via The letter of identity of service message, the requestor after requestor's signature, to the agency and requestor's body The validity of part is authenticated.
Further, processor 1001 can call the authentication program stored in memory 1005, also execute following Operation:
Agency's server obtains the identity information of the requestor carried in the transaction request;
Agency's server judges to whether there is the identity of the requestor in preset identity information database Information, if so, judging that the identity information of the requestor is verified.
Further, the identity information of the requestor include in access password, device identification and biological characteristic at least It is a kind of.
Further, processor 1001 can call the authentication program stored in memory 1005, also execute following Operation:
The transaction node judges whether the letter of identity of the agency is effective;
If the letter of identity of the agency is effective, the transaction node is according to the letter of identity of the agency With it is described sign again after service message, the validity of agency's identity is authenticated;
When the identity of the agency is authenticated to be effective, the transaction node judges the identity card of the requestor Whether book is effective;
If the letter of identity of the requestor is effective, the transaction node is according to the letter of identity and warp of the requestor Service message after being signed by the requestor, is authenticated the validity of requestor's identity.
Further, processor 1001 can call the authentication program stored in memory 1005, also execute following Operation:
Whether the transaction node judges the letter of identity of the agency in the preset term of validity;
If the letter of identity of the agency, in the preset term of validity, the transaction node obtains preset trust Root certificate, and judge whether the letter of identity of the agency is issued by the corresponding certification authority of the trust root certificate Hair;
If the letter of identity of the agency is issued by the corresponding certification authority of the trust root certificate, The transaction node judges that the letter of identity of the agency is from certification authority website downloadable authentication revocation list It is no to be present in the certificate revocation list;
If the letter of identity of the agency is not present in the certificate revocation list, the agency is judged Letter of identity be effective.
Further, processor 1001 can call the authentication program stored in memory 1005, also execute following Operation:
The transaction node reads the public key of the agency from the letter of identity of the agency;
The transaction node according to the public key of the agency to it is described sign again after service message carry out sign test, if It is verified, then judges that the identity of the agency is effective.
Further, processor 1001 can call the authentication program stored in memory 1005, also execute following Operation:
Agency's server initiates letter of identity application request to the certification authority server;
The certification authority server obtains the identity letter of the applicant carried in the letter of identity application request The public key of breath and applicant, and anonymization processing is made to the identity information of the applicant;
The certification authority server is by the identity information of anonymization treated the applicant and the application The public key of person is bound, and to generate the letter of identity of the applicant, and the letter of identity of the applicant is handed down to institute State agency's server.
Further, the applicant includes the agency and triggers the requestor of the block chain transaction request.
Based on above-mentioned hardware configuration, each embodiment of identity identifying method of the present invention is proposed.
It is the flow diagram of identity identifying method first embodiment of the present invention with reference to Fig. 2, Fig. 2.The present embodiment identity is recognized Card method is applied to identity authorization system, which includes agency's server and transaction node, practical application In, agency can be business bank or other financial services providers, and transaction node is that block chain participant is traded When involved block chain node.The identity identifying method includes:
Step S10, agency's server obtain and checking request person when receiving block chain transaction request Identity information;
In the step, agency's server receives block chain transaction request first, under normal circumstances, block chain transaction Request is triggered by block chain participant;Then, agency's server parses the block chain transaction request received, with The identity information of the requestor wherein carried is got, certain agency's server can also be asked receiving the transaction of block chain After asking, requestor is prompted to input the identity information of oneself;Later, agency's server believes the identity of the requestor got Breath is verified.
In one embodiment, the identity information of the requestor includes in access password, device identification and biological characteristic At least one, wherein access password includes but not limited to user name, password, dynamic password, short message verification code etc., equipment mark Know including but not limited to MAC (Media Access Control, media access control) address of equipment, unique identification number Deng biological characteristic includes but not limited to fingerprint, vocal print, iris etc..Specifically, access password, device identification and life can be based on A kind of identity information in object feature is verified, and such as only with the verification mode of user name+password, can also combine a variety of bodies Part information is verified, and such as uses the verification mode of user name+password+fingerprint, and when specific implementation can be flexibly arranged.
Above-mentioned steps S10 may further include:Agency's server obtains to be carried in the transaction request The identity information of requestor;Agency's server judges to whether there is the request in preset identity information database The identity information of person, if so, judging that the identity information of the requestor is verified.
In the person's of making requests on authentication, agency's server can obtain the requestor's carried in transaction request Then identity information judges the identity information that whether there is requestor in preset identity information database, wherein identity information Data-base recording is all in the identity information of the block chain participants of agency's registration;If being deposited in identity information database In the identity information of requestor, illustrate that requestor registers in agency, agency's server can decision request at this time The identity information of person is verified.
Step S20, when being verified, agency's server obtain the requestor letter of identity and via Service message after requestor's signature signs the service message by the agency's private key pre-saved again Name;
After the identity information of requestor is verified, agency's server further parses transaction request, With the service message after getting the letter of identity of the requestor wherein carried and signing via requestor.Wherein, requestor Letter of identity is issued by certification authority (CA, Certificate Authority), and CA is responsible for distribution & management number The authoritative institution of word certificate.
In the transaction of block chain, requestor has the unsymmetrical key of oneself, i.e. public key and private key, and requestor passes through oneself Private key sign to service message after, the service message after signature is sent to agency's server;Agency takes Business device also has the unsymmetrical key of oneself, and service message after signature via requestor is received when acting on behalf of authority server Afterwards, it is signed again to the service message by the own private key pre-saved, the service message sent after signing again can be with Regard requestor and the behavior that agency can not deny as.
Step S30, agency's server is by the service message after signing again, the agency pre-saved Letter of identity, and via the requestor sign after service message, the requestor letter of identity be sent to it is described The corresponding transaction node of transaction request;
In the step, agency's server is by the service message after signing again, the agency that pre-saves Letter of identity, and via the requestor sign after service message, the requestor letter of identity be sent to together with it is upper State the corresponding transaction node of transaction request.Wherein, it is corresponding with transaction request transaction include but not limited to the same trade contract, transfer accounts, Remittance, clearance and quick payment etc.;The letter of identity of agency is equally issued by certification authority CA.
Step S40, the transaction node according to it is described sign again after service message, the agency identity card Book, and service message, the requestor after signing via the requestor letter of identity, to the agency and described The validity of requestor's identity is authenticated.
In the step, transaction node according to receive it is above-mentioned sign again after service message, the agency body Part certificate, and service message, the requestor after signing via the requestor letter of identity, to the agency and The validity of requestor's identity is authenticated.
When the validity to agency and requestor's identity is authenticated, the identity based on PKI may be used Authentication techniques, the validity of the service message after first verifying that the letter of identity of agency and signing again, then checking request person Letter of identity and the validity of service message after signing via the requestor illustrate generation when being both verified Reason mechanism is true agency, and requestor is true block chain participant.Due in network data transmission, attacking The information that person may forge or intercept requests person and agency send, to carry out illegal transaction, therefore, to agency and Requestor carries out dual-identity authentication, can ensure that the agency to participate in business and requestor are legal, to ensure that The safety of block chain transaction.
When agency and requestor's identity are authenticated to be effective, transaction node is executed and is merchandised with the block chain Corresponding transactional operation is asked, in the process, agency's server can also record transaction node and be based on digital asset money Packet carries out the detailed log information of relevant operation, and auxiliary card is provided to track the unlawful activities such as the crime of robber's brush, anti money washing for the later stage According to support.
The identity identifying method that the present embodiment proposes, by using recognizing inside the external authentication of agency and transaction node Demonstrate,prove the double-deck authentication mode being combined, that is, agency's server is when receiving block chain transaction request, first to requestor Identity information carry out external certificate, after being verified, then agency and requestor's body are carried out on block chain transaction node The internal authentication of part.This bilayer authentication mode ensure that the agency for participating in the transaction of block chain and block chain transaction requester Identity be authentic and valid, be conducive to ensure block chain transaction authenticity and safety.
Further, it is based on identity identifying method first embodiment of the present invention, proposes identity identifying method second of the present invention Embodiment.
It is the refinement step schematic diagram of step S40 in identity identifying method second embodiment of the present invention with reference to Fig. 3, Fig. 3.Base In above-mentioned embodiment shown in Fig. 2, step S40 may include:
Step S41, the transaction node judge whether the letter of identity of the agency is effective;
If the letter of identity of the agency is effective, S42 is thened follow the steps, the transaction node is according to the proxy machine The letter of identity of structure and it is described sign again after service message, the validity of agency's identity is authenticated;
When the identity of the agency is authenticated to be effective, step S43 is executed, is asked described in the transaction node judgement Whether the letter of identity for the person of asking is effective;
If the letter of identity of the requestor is effective, S44 is thened follow the steps, the transaction node is according to the requestor's Letter of identity and via the requestor sign after service message, the validity of requestor's identity is authenticated.
In the present embodiment, transaction node is in the letter of identity for receiving the service message after signing again, agency, and After letter of identity via service message, requestor after requestor signature, need successively to agency and requestor The validity of identity be authenticated.
First, transaction node judges whether the letter of identity of agency is effective.
It is the refinement step schematic diagram of step S41 in Fig. 3, above-mentioned steps S41 with reference to Fig. 4, Fig. 4 in a judgment mode It may further include:
Whether step S411, the transaction node judge the letter of identity of the agency in the preset term of validity;
If the letter of identity of the agency in the preset term of validity, thens follow the steps S412, the transaction node Preset trust root certificate is obtained, and judges the letter of identity of the agency whether by the corresponding card of the trust root certificate Book issuing organization is issued;
If the letter of identity of the agency is issued by the corresponding certification authority of the trust root certificate, Step S413 is executed, the transaction node judges the proxy machine from certification authority website downloadable authentication revocation list The letter of identity of structure whether there is in the certificate revocation list;
If the letter of identity of the agency is not present in the certificate revocation list, S414 is thened follow the steps, is sentenced The letter of identity of the fixed agency is effective.
Specifically, transaction node can read the term of validity of the certificate from the letter of identity of agency first, if working as The preceding time in the term of validity, then illustrates that the certificate is not out of date, and transaction node is preset at clear by the acquisition of itself browser at this time The trust root certificate look in device, and judge the letter of identity of agency whether by the corresponding certificate authority of the trust root certificate Mechanism is issued, wherein and certification authority can be root of trust, can also be the two level certification authority under root of trust, If judging, the letter of identity of agency is issued by the corresponding certification authority of the trust root certificate, transaction node Further from corresponding certification authority website downloadable authentication revocation list (CRL, Certificate Revocation List), and judge that the letter of identity of agency whether there is in the certificate revocation list, if being not present, illustrate to act on behalf of The letter of identity of mechanism is not revoked, and the letter of identity of i.e. judgement agency is effective at this time.By this judgment mode, Realize the accurate judgement of the validity to the letter of identity of agency.
Certainly, in more judgment modes, can also select the term of validity, the legitimacy of certification authority of certificate with And certificate is in one or both of certificate revocation list with the presence or absence of being judged, when specific implementation, can be flexibly arranged.
When judging that the letter of identity of agency is effective, transaction node further according to the letter of identity of agency and Service message after signing again is authenticated the validity of agency's identity, and specific authentication mode is:Transaction node is from generation The public key for reading agency in the letter of identity of mechanism is managed, and the service message after signing again is tested by the public key Label illustrate that the service message after this signs again is to judge agency at this time transmitted by the agency if being verified Identity is effective, otherwise the identity of judgement agency is invalid, when it is invalid to judge the identity of agency, is terminated This block chain merchandises and returns to identity invalid information to agency's server.
When the identity of agency is authenticated to be effective, transaction node further judge requestor letter of identity whether Effectively, if the letter of identity of requestor is effective, letter of identity further according to requestor and after signing via the requestor Service message is authenticated the validity of requestor's identity.Wherein, judge whether the letter of identity of requestor is effective and right The concrete mode that the validity of requestor's identity is authenticated can refer to the above-mentioned authentication mode to agency, not go to live in the household of one's in-laws on getting married herein It states.
Further, it is the flow diagram of identity identifying method 3rd embodiment of the present invention with reference to Fig. 5, Fig. 5.Based on upper The embodiment stated, the identity authorization system further includes certification authority server, before step S10, can also include:
Step S50, agency's server initiates letter of identity application to the certification authority server asks It asks;
Step S60, the certification authority server obtain the applicant carried in the letter of identity application request Identity information and applicant public key, and anonymization processing is made to the identity information of the applicant;
Step S70, the certification authority server by the identity information of anonymization treated the applicant and The public key of the applicant is bound, to generate the letter of identity of the applicant, and by the letter of identity of the applicant It is handed down to agency's server.
Further, applicant includes agency and triggers the requestor of the block chain transaction request.
In the present embodiment, before carrying out block chain transaction, transaction initiator and agency are required for issuing to certificate Mechanism application letter of identity is sent out, is prepared with providing premise for follow-up authentication.When agency applies for the letter of identity of itself When, letter of identity application request directly is initiated to certification authority server, when transaction initiator applies for the identity card of itself , can be with agency by agreement mechanism to certification authority application letter of identity when book, agency needs to the true of applicant at this time Real identity information is verified, and after being verified, then is initiated letter of identity application to certification authority server and is asked, In, the public key of the identity information and applicant of applicant is carried in letter of identity application request.
When certification authority server receives the letter of identity application request that agency's server is sent, obtain The public key of the identity information and applicant of the applicant carried in letter of identity application request, and to the identity information of applicant Make anonymization processing, anonymization processing shows as mapping of the true identity to identity, such as ID → ID ', anonymization Mapping relations only have certification authority oneself to know, to reach the purpose of " foreground is voluntary, backstage real name ";Then, certificate Issuing organization server binds anonymization treated the identity information of applicant and the public key of applicant, to generate Shen Please person letter of identity, and the letter of identity of applicant is handed down to agency's server, thus completes issuing for letter of identity Hair.
The present invention also provides a kind of identity authorization systems.
Identity authorization system of the present invention includes:Agency's server, transaction node and authentication program, the identity Authentication procedure realizes identity identifying method as described above when being executed by agency's server and the transaction node Step.
Wherein, authentication program is performed realized method and can refer to each implementation of identity identifying method of the present invention Example, details are not described herein again.
The present invention also provides a kind of computer readable storage mediums.
Authentication program is stored on computer readable storage medium of the present invention, the authentication program is by processor The step of identity identifying method as described above is realized when execution.
Wherein, the authentication program run on the processor is performed realized method and can refer to the present invention The each embodiment of identity identifying method, details are not described herein again.
It should be noted that herein, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that process, method, article or system including a series of elements include not only those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or system institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including this There is also other identical elements in the process of element, method, article or system.
The embodiments of the present invention are for illustration only, can not represent the quality of embodiment.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on this understanding, technical scheme of the present invention substantially in other words does the prior art Going out the part of contribution can be expressed in the form of software products, which is stored in one as described above In storage medium (such as ROM/RAM, magnetic disc, CD), including some instructions use so that a station terminal equipment (can be mobile phone, Computer, server, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
It these are only the preferred embodiment of the present invention, be not intended to limit the scope of the invention, it is every to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims (10)

1. a kind of identity identifying method, which is characterized in that be applied to identity authorization system, the identity authorization system includes agency Authority server and transaction node, the identity identifying method include the following steps:
Agency's server obtains the identity information of simultaneously checking request person when receiving block chain transaction request;
When being verified, agency's server obtains the letter of identity of the requestor and is signed via the requestor Service message after name signs again to the service message by the agency's private key pre-saved;
Agency's server by the service message after signing again, the letter of identity of the agency pre-saved, And via the requestor sign after service message, the requestor letter of identity be sent to it is corresponding with the transaction request Transaction node;
The transaction node according to it is described sign again after service message, the agency letter of identity, and via described The letter of identity of service message, the requestor after requestor's signature, to the agency and requestor's identity Validity is authenticated.
2. identity identifying method as described in claim 1, which is characterized in that agency's server, which is obtained and verified, asks The step of identity information for the person of asking includes:
Agency's server obtains the identity information of the requestor carried in the transaction request;
Agency's server judges the identity information with the presence or absence of the requestor in preset identity information database, If so, judging that the identity information of the requestor is verified.
3. identity identifying method as claimed in claim 2, which is characterized in that the identity information of the requestor includes accessing mouth It enables, at least one of device identification and biological characteristic.
4. identity identifying method as described in claim 1, which is characterized in that after the transaction node is signed again according to Service message, the agency letter of identity, and the service message after signing via the requestor, the requestor Letter of identity, the step of being authenticated to the validity of the agency and requestor's identity include:
The transaction node judges whether the letter of identity of the agency is effective;
If the letter of identity of the agency is effective, letter of identity and institute of the transaction node according to the agency The service message after signing again is stated, the validity of agency's identity is authenticated;
When the identity of the agency is authenticated to be effective, the transaction node judges that the letter of identity of the requestor is It is no effective;
If the letter of identity of the requestor is effective, the transaction node is according to the letter of identity of the requestor and via institute The service message after requestor's signature is stated, the validity of requestor's identity is authenticated.
5. identity identifying method as claimed in claim 4, which is characterized in that the transaction node judges the agency The whether effective step of letter of identity includes:
Whether the transaction node judges the letter of identity of the agency in the preset term of validity;
If the letter of identity of the agency, in the preset term of validity, the transaction node obtains preset root of trust card Book, and judge whether the letter of identity of the agency is issued by the corresponding certification authority of the trust root certificate;
It is described if the letter of identity of the agency is issued by the corresponding certification authority of the trust root certificate Transaction node judges whether the letter of identity of the agency is deposited from certification authority website downloadable authentication revocation list It is in the certificate revocation list;
If the letter of identity of the agency is not present in the certificate revocation list, the body of the agency is judged Part certificate is effective.
6. identity identifying method as claimed in claim 4, which is characterized in that the transaction node is according to the agency Letter of identity and it is described sign again after service message, the step of being authenticated to the validity of agency's identity wraps It includes:
The transaction node reads the public key of the agency from the letter of identity of the agency;
The transaction node according to the public key of the agency to it is described sign again after service message carry out sign test, if verification Pass through, then judges that the identity of the agency is effective.
7. such as identity identifying method according to any one of claims 1 to 6, which is characterized in that the identity authorization system is also Including certification authority server, agency's server is obtained and is verified when receiving block chain transaction request Before the step of identity information of requestor, further include:
Agency's server initiates letter of identity application request to the certification authority server;
The certification authority server obtain the applicant carried in letter of identity application request identity information and The public key of applicant, and anonymization processing is made to the identity information of the applicant;
The certification authority server is by the identity information of anonymization treated the applicant and the applicant Public key is bound, and to generate the letter of identity of the applicant, and the letter of identity of the applicant is handed down to the generation Manage authority server.
8. identity identifying method as claimed in claim 7, which is characterized in that the applicant includes the agency and touches The requestor for sending out block chain transaction request described.
9. a kind of identity authorization system, which is characterized in that the identity authorization system includes:Agency's server, transaction section Point and authentication program, the authentication program are realized when being executed by agency's server and the transaction node Such as the step of identity identifying method according to any one of claims 1 to 6.
10. a kind of computer readable storage medium, which is characterized in that be stored with identity on the computer readable storage medium and recognize Program is demonstrate,proved, such as authentication according to any one of claims 1 to 6 is realized when the authentication program is executed by processor The step of method.
CN201810543425.5A 2018-05-30 2018-05-30 Identity authentication method, system and computer readable storage medium Active CN108777684B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810543425.5A CN108777684B (en) 2018-05-30 2018-05-30 Identity authentication method, system and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810543425.5A CN108777684B (en) 2018-05-30 2018-05-30 Identity authentication method, system and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN108777684A true CN108777684A (en) 2018-11-09
CN108777684B CN108777684B (en) 2021-07-13

Family

ID=64028130

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810543425.5A Active CN108777684B (en) 2018-05-30 2018-05-30 Identity authentication method, system and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN108777684B (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109547200A (en) * 2018-11-21 2019-03-29 上海点融信息科技有限责任公司 Certificate distribution method and corresponding calculating equipment and medium in block chain network
CN109615386A (en) * 2018-11-28 2019-04-12 优钱付(浙江)信息科技有限公司 KYC anti money washing method, apparatus, equipment and the medium of recurrent wrIting block chain
CN109754267A (en) * 2018-12-29 2019-05-14 百度在线网络技术(北京)有限公司 Brand authorization method, device, equipment and medium based on block chain
CN109768865A (en) * 2019-01-18 2019-05-17 深圳市威赫科技有限公司 Block chain upper body part under credible performing environment digitizes realization method and system
CN109949040A (en) * 2019-02-22 2019-06-28 北京神荼科技有限公司 Risk control method, device and the storage medium of logical card operation
CN110276615A (en) * 2019-06-21 2019-09-24 成都高新信息技术研究院 A kind of mobile cut-in method of block chain digital asset and system
CN110493237A (en) * 2019-08-26 2019-11-22 深圳前海环融联易信息科技服务有限公司 Identity management method, device, computer equipment and storage medium
CN110535872A (en) * 2019-09-12 2019-12-03 腾讯科技(深圳)有限公司 The method and apparatus of request of data are handled in block chain network
CN110597913A (en) * 2019-09-17 2019-12-20 腾讯科技(深圳)有限公司 Transaction information tracking method, device, system, storage medium and computer equipment
CN110717162A (en) * 2019-09-29 2020-01-21 南京金宁汇科技有限公司 Block chain multi-factor identity authentication method, system and storage medium
CN110990484A (en) * 2019-11-27 2020-04-10 深圳前海环融联易信息科技服务有限公司 Block chain based information storage method and system, computer equipment and storage medium
CN111062716A (en) * 2019-11-29 2020-04-24 支付宝(杭州)信息技术有限公司 Method and device for generating block chain signature data and block chain transaction initiating system
CN111400727A (en) * 2019-01-03 2020-07-10 菜鸟智能物流控股有限公司 Access control method and device of block chain and electronic equipment
CN111612456A (en) * 2020-04-27 2020-09-01 深圳壹账通智能科技有限公司 Expired digital certificate management and control method, system, device and storage medium
CN111628871A (en) * 2020-05-28 2020-09-04 广东工业大学 Block chain transaction processing method and device, electronic equipment and storage medium
WO2020248656A1 (en) * 2019-06-12 2020-12-17 创新先进技术有限公司 Method and apparatus for unlocking account in block chain
CN112307445A (en) * 2020-09-30 2021-02-02 深圳百纳维科技有限公司 Identity management method and device based on block chain
CN112446784A (en) * 2019-09-03 2021-03-05 上海唯链信息科技有限公司 Block chain transaction verification method and related device
CN114066453A (en) * 2021-11-17 2022-02-18 中国银行股份有限公司 Background-free auditing transaction processing method and system under asymmetric certificate system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102594558A (en) * 2012-01-19 2012-07-18 东北大学 Anonymous digital certificate system and verification method of trustable computing environment
CN104618307A (en) * 2013-11-04 2015-05-13 航天信息股份有限公司 Online banking transaction authentication system based on trusted computing platform
CN106230824A (en) * 2016-07-29 2016-12-14 浙商银行股份有限公司 A kind of mobile device authentic authentication system and method
CN106651331A (en) * 2016-12-22 2017-05-10 飞天诚信科技股份有限公司 Digital currency-based electronic transaction method and system
US20170289803A1 (en) * 2016-02-23 2017-10-05 T-Mobile Usa, Inc. Cellular Device Authentication
CN107579827A (en) * 2017-06-06 2018-01-12 江苏慧世联网络科技有限公司 It is a kind of that method is signed based on the electronic document of trusted third party and facial recognition techniques
CN107682378A (en) * 2017-11-22 2018-02-09 国民认证科技(北京)有限公司 A kind of real name identification method and system based on block chain

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102594558A (en) * 2012-01-19 2012-07-18 东北大学 Anonymous digital certificate system and verification method of trustable computing environment
CN104618307A (en) * 2013-11-04 2015-05-13 航天信息股份有限公司 Online banking transaction authentication system based on trusted computing platform
US20170289803A1 (en) * 2016-02-23 2017-10-05 T-Mobile Usa, Inc. Cellular Device Authentication
CN106230824A (en) * 2016-07-29 2016-12-14 浙商银行股份有限公司 A kind of mobile device authentic authentication system and method
CN106651331A (en) * 2016-12-22 2017-05-10 飞天诚信科技股份有限公司 Digital currency-based electronic transaction method and system
CN107579827A (en) * 2017-06-06 2018-01-12 江苏慧世联网络科技有限公司 It is a kind of that method is signed based on the electronic document of trusted third party and facial recognition techniques
CN107682378A (en) * 2017-11-22 2018-02-09 国民认证科技(北京)有限公司 A kind of real name identification method and system based on block chain

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109547200A (en) * 2018-11-21 2019-03-29 上海点融信息科技有限责任公司 Certificate distribution method and corresponding calculating equipment and medium in block chain network
CN109615386A (en) * 2018-11-28 2019-04-12 优钱付(浙江)信息科技有限公司 KYC anti money washing method, apparatus, equipment and the medium of recurrent wrIting block chain
CN109754267A (en) * 2018-12-29 2019-05-14 百度在线网络技术(北京)有限公司 Brand authorization method, device, equipment and medium based on block chain
CN111400727A (en) * 2019-01-03 2020-07-10 菜鸟智能物流控股有限公司 Access control method and device of block chain and electronic equipment
CN111400727B (en) * 2019-01-03 2023-08-22 菜鸟智能物流控股有限公司 Block chain access control method and device and electronic equipment
CN109768865A (en) * 2019-01-18 2019-05-17 深圳市威赫科技有限公司 Block chain upper body part under credible performing environment digitizes realization method and system
CN109949040A (en) * 2019-02-22 2019-06-28 北京神荼科技有限公司 Risk control method, device and the storage medium of logical card operation
WO2020248656A1 (en) * 2019-06-12 2020-12-17 创新先进技术有限公司 Method and apparatus for unlocking account in block chain
CN110276615A (en) * 2019-06-21 2019-09-24 成都高新信息技术研究院 A kind of mobile cut-in method of block chain digital asset and system
CN110493237A (en) * 2019-08-26 2019-11-22 深圳前海环融联易信息科技服务有限公司 Identity management method, device, computer equipment and storage medium
CN112446784A (en) * 2019-09-03 2021-03-05 上海唯链信息科技有限公司 Block chain transaction verification method and related device
CN110535872B (en) * 2019-09-12 2021-06-01 腾讯科技(深圳)有限公司 Method and apparatus for processing data requests in a blockchain network
CN110535872A (en) * 2019-09-12 2019-12-03 腾讯科技(深圳)有限公司 The method and apparatus of request of data are handled in block chain network
CN110597913A (en) * 2019-09-17 2019-12-20 腾讯科技(深圳)有限公司 Transaction information tracking method, device, system, storage medium and computer equipment
CN110597913B (en) * 2019-09-17 2023-11-24 腾讯科技(深圳)有限公司 Transaction information tracking method, device, system, storage medium and computer equipment
CN110717162B (en) * 2019-09-29 2022-04-22 南京金宁汇科技有限公司 Block chain multi-factor identity authentication method, system and storage medium
CN110717162A (en) * 2019-09-29 2020-01-21 南京金宁汇科技有限公司 Block chain multi-factor identity authentication method, system and storage medium
CN110990484A (en) * 2019-11-27 2020-04-10 深圳前海环融联易信息科技服务有限公司 Block chain based information storage method and system, computer equipment and storage medium
CN110990484B (en) * 2019-11-27 2023-10-24 深圳前海环融联易信息科技服务有限公司 Information storage method, system, computer equipment and storage medium based on block chain
CN111062716A (en) * 2019-11-29 2020-04-24 支付宝(杭州)信息技术有限公司 Method and device for generating block chain signature data and block chain transaction initiating system
CN111062716B (en) * 2019-11-29 2021-06-22 支付宝(杭州)信息技术有限公司 Method and device for generating block chain signature data and block chain transaction initiating system
CN111612456A (en) * 2020-04-27 2020-09-01 深圳壹账通智能科技有限公司 Expired digital certificate management and control method, system, device and storage medium
CN111628871A (en) * 2020-05-28 2020-09-04 广东工业大学 Block chain transaction processing method and device, electronic equipment and storage medium
CN111628871B (en) * 2020-05-28 2021-09-03 广东工业大学 Block chain transaction processing method and device, electronic equipment and storage medium
CN112307445B (en) * 2020-09-30 2021-08-10 深圳百纳维科技有限公司 Identity management method and device based on block chain
CN112307445A (en) * 2020-09-30 2021-02-02 深圳百纳维科技有限公司 Identity management method and device based on block chain
CN114066453A (en) * 2021-11-17 2022-02-18 中国银行股份有限公司 Background-free auditing transaction processing method and system under asymmetric certificate system

Also Published As

Publication number Publication date
CN108777684B (en) 2021-07-13

Similar Documents

Publication Publication Date Title
CN108777684A (en) Identity identifying method, system and computer readable storage medium
CN111429254B (en) Business data processing method and device and readable storage medium
CN112307455B (en) Identity authentication method and device based on block chain and electronic equipment
CN109691014B (en) Biometric identification and verification between internet of things devices and applications
CN105659559B (en) Verifying security of a remote server
US8515847B2 (en) System and method for password-free access for validated users
AU2004272083B2 (en) System and method for risk based authentication
Council Authentication in an internet banking environment
CA2662033C (en) Transaction authorisation system & method
CN110046482A (en) Identity verification method and its system
CN109409876A (en) Electronic contract signature method, apparatus, equipment and storage medium based on block chain
US20090305667A1 (en) Method and system for mobile identity verification and security
WO2020147709A1 (en) Identity authentication method, personal security kernel node, device and medium
CN107181765A (en) Network digital identity identifying method based on block chain technology
CN107070667A (en) Identity identifying method, user equipment and server
CN110149328A (en) Interface method for authenticating, device, equipment and computer readable storage medium
WO2008095011A2 (en) Methods and systems for authentication of a user
CN108242999A (en) Key escrow method, equipment and computer readable storage medium
CN112700250B (en) Identity authentication method, device and system in financial scene
CN105978855A (en) System and method for protecting personal information security in real-name system
CN111881483A (en) Resource account binding method, device, equipment and medium based on block chain
CN111897879A (en) Transaction record sharing method and device based on block chain network and electronic equipment
CN112785410A (en) Relying party risk adjustment indicator systems and methods
Chetalam Enhancing Security of MPesa Transactions by Use of Voice Biometrics
Bosworth et al. Entities, identities, identifiers and credentials—what does it all mean?

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant