[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN112104665B - Block chain-based identity authentication method and device, computer and storage medium - Google Patents

Block chain-based identity authentication method and device, computer and storage medium Download PDF

Info

Publication number
CN112104665B
CN112104665B CN202011203214.0A CN202011203214A CN112104665B CN 112104665 B CN112104665 B CN 112104665B CN 202011203214 A CN202011203214 A CN 202011203214A CN 112104665 B CN112104665 B CN 112104665B
Authority
CN
China
Prior art keywords
block
identity
node
main chain
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011203214.0A
Other languages
Chinese (zh)
Other versions
CN112104665A (en
Inventor
刘友为
郭懿心
韦德志
王兆创
王�章
郑伟涛
乔小强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202011203214.0A priority Critical patent/CN112104665B/en
Publication of CN112104665A publication Critical patent/CN112104665A/en
Application granted granted Critical
Publication of CN112104665B publication Critical patent/CN112104665B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The embodiment of the application discloses an identity verification method, an identity verification device, a computer and a storage medium based on a block chain, which are suitable for the field of data transmission in big data, and the method comprises the following steps: acquiring an authentication request of a user for the block subchain, and searching a target core main chain node based on the authentication request; the identity authentication request comprises an identity certificate to be authenticated and identity information to be authenticated of the user; sending the identity certificate to be verified and the identity information to be verified of the user to a target core main chain node, so that the target core main chain node performs identity verification on the user based on the identity certificate to be verified and the identity information to be verified, and obtaining an identity verification result of the user; and acquiring an authentication result sent by the target core main chain node, and determining the access authority of the user to the block subchain according to the authentication result. By adopting the method and the device, the verification times and complexity of the user can be reduced, and the verification cost and resources are saved.

Description

Block chain-based identity authentication method and device, computer and storage medium
Technical Field
The present application relates to the field of blockchain technologies, and in particular, to a method and an apparatus for identity authentication based on a blockchain, a computer, and a storage medium.
Background
With the increasing maturity of blockchain technology, combined with the characteristics of decentralization of blockchains, the application of blockchains is becoming more and more widespread. In the field of block chains, there are scenarios in which a platform interfaces with multiple block chains, for example, an enterprise information management platform may manage multiple data of an enterprise, and interface with an enterprise tax information chain and a ticket information chain associated with the enterprise. When the enterprise needs to authorize and inquire the enterprise data of the enterprise in the enterprise information management platform, the enterprise needs to be authenticated in the block chain needing to be inquired, so that the enterprise can repeatedly authenticate the enterprise data of the enterprise, and if the authentication process is complex, a large amount of resources can be consumed by repeated authentication, so that the authentication cost and the authentication resources for the user are improved.
Disclosure of Invention
The embodiment of the application provides an identity authentication method and device based on a block chain, computer equipment and a storage medium, which can reduce the times and complexity of user authentication and save authentication cost and resources.
An embodiment of the present application provides an identity authentication method based on a blockchain, including:
acquiring an authentication request of a user for the block subchain, and searching a target core main chain node based on the authentication request; the identity authentication request comprises an identity certificate to be authenticated and identity information to be authenticated of the user;
sending the identity certificate to be verified and the identity information to be verified of the user to a target core main chain node, so that the target core main chain node performs identity verification on the user based on the identity certificate to be verified and the identity information to be verified, and obtaining an identity verification result of the user;
and acquiring an authentication result sent by the target core main chain node, and determining the access authority of the user to the block subchain according to the authentication result.
An embodiment of the present application provides an identity authentication method based on a blockchain, including:
acquiring a to-be-verified identity certificate and to-be-verified identity information of a user, which are sent by a block subchain node;
if the identity certificate to be verified exists in the block main chain, determining the identity certificate to be verified as a legal identity certificate, acquiring a main chain public key from the block main chain, and decrypting the legal identity certificate by adopting the main chain public key to obtain effective hash corresponding to effective identity information;
and determining the identity authentication result of the user according to the matching relation between the effective hash and the identity information to be authenticated, and sending the identity authentication result to the block subchain node.
An embodiment of the present application provides an identity authentication apparatus based on a blockchain, where the apparatus includes:
the main chain searching module is used for acquiring an authentication request of a user for the block subchain and searching a target core main chain node based on the authentication request; the identity authentication request comprises an identity certificate to be authenticated and identity information to be authenticated of the user;
the identity authentication module is used for sending the identity certificate to be authenticated and the identity information to be authenticated of the user to the target core main chain node, so that the target core main chain node authenticates the identity of the user based on the identity certificate to be authenticated and the identity information to be authenticated, and the identity authentication result of the user is obtained;
and the authority determining module is used for acquiring the authentication result sent by the target core main chain node and determining the access authority of the user to the block subchain according to the authentication result.
In terms of searching for a target core backbone node based on an authentication request, the backbone searching module includes:
the network searching unit is used for searching the core main chain node network based on the identity authentication request; the core backbone node network comprises at least two core backbone nodes; the core main chain node comprises a block main chain, and the block main chain and the block subchain belong to the same alliance chain;
and the node determining unit is used for acquiring node information of each core main chain node in the at least two core main chain nodes and searching a target core main chain node from the at least two core main chain nodes based on the node information.
The node information comprises the total network bandwidth and the bandwidth occupancy rate;
in finding a target core backbone node from among at least two core backbone nodes based on node information, the node determination unit includes:
the bandwidth determining subunit is used for determining the idle bandwidth of each core main chain node in at least two core main chain nodes based on the total network bandwidth and the bandwidth occupancy rate;
a node determination subunit for determining a core backbone node having a largest free bandwidth as a target core backbone node.
In the aspect of determining the access right of the user to the block child chain according to the authentication result, the right determining module is specifically configured to:
if the identity verification result is an identity legal result, determining that the user has access authority to the block subchain;
if the identity authentication result is an identity abnormal result, determining that the user does not have access authority to the block subchain, and guiding the user to perform identity authentication to the block main chain; the block backbone is in the target core backbone node.
Wherein, the device still includes:
the device comprises a voting sending module, a voting sending module and a voting sending module, wherein the voting sending module is used for acquiring a first voting result aiming at least two candidate block chains and broadcasting the first voting result to a candidate node where the at least two candidate block chains are located;
the voting acquisition module is used for acquiring a second voting result of the candidate node aiming at the at least two candidate block chains, selecting a block main chain from the at least two candidate block chains based on the first voting result and the second voting result, and determining the candidate block chains except the block main chain in the at least two candidate block chains as the block sub-chains;
and the node determining module is used for determining the candidate node where the block main chain is located as the target core main chain node.
Wherein, the device still includes:
the block generation module is used for generating an identity verification block according to the identity verification result, the identity certificate to be verified, the identity information to be verified and the target core main chain node, and adding the identity verification block into the block subchain;
the identity verification module is used for acquiring an identity verification block from the block subchain when an identity verification request aiming at a user is acquired;
the result acquisition module is used for carrying out identity authentication on the user based on the identity information to be authenticated in the identity authentication block to obtain an identity authentication result;
and the abnormity detection module is used for determining that the target core main chain node is an abnormal node if the identity verification result is inconsistent with the identity verification result in the identity verification block.
An embodiment of the present application provides an identity authentication apparatus based on a blockchain, where the apparatus includes:
the identity acquisition module is used for acquiring the identity certificate to be verified and the identity information to be verified of the user, which are sent by the block subchain node;
the certificate analysis module is used for determining the identity certificate to be verified as a legal identity certificate if the identity certificate to be verified exists in the block main chain, acquiring a main chain public key from the block main chain, and decrypting the legal identity certificate by adopting the main chain public key to obtain effective hash corresponding to effective identity information;
the result acquisition module is used for determining the identity authentication result of the user according to the matching relation between the effective hash and the identity information to be authenticated;
and the result sending module is used for sending the identity verification result to the block subchain node.
Wherein, this result acquisition module includes:
the hash acquisition unit is used for converting the identity information to be verified into a hash to be verified through a hash algorithm;
the information matching unit is used for determining that the effective hash is matched with the identity information to be verified if the hash to be verified is the same as the effective hash, and determining the identity legal result as the identity verification result of the user;
the information matching unit is further configured to determine that the valid hash is not matched with the identity information to be verified if the hash to be verified is different from the valid hash, and determine an identity abnormal result as an identity verification result of the user.
Wherein, this result acquisition module includes:
the identification obtaining unit is used for obtaining the cluster identification of the user according to the legal identity certificate if the effective hash is matched with the identity information to be verified;
and the identification matching unit is used for acquiring the authority block subchain identification associated with the cluster identification, acquiring the identification of the block subchain included by the block subchain node, and determining the identity legal result as the identity verification result of the user if the identification of the block subchain belongs to the authority block subchain identification.
Wherein, the device still includes:
the characteristic acquisition module is used for acquiring effective identity information sent by a user, acquiring facial characteristics of the user and acquiring personal information of the user according to the facial characteristics;
the certificate generation module is used for signing the effective identity information by adopting a main chain private key of the block main chain to generate a legal identity certificate if the effective identity information is matched with the personal information;
and the certificate sending module is used for sending the legal identity certificate to the user so that the user sends an identity authentication request to the block subchain node based on the legal identity certificate.
Wherein, the device still includes:
the communication acquisition module is used for acquiring effective identity information sent by a user, acquiring a communication mode of the user and sending verification data to the user based on the communication mode;
the certificate generation module is also used for signing the valid identity information by adopting a main chain private key of the block main chain to generate a legal identity certificate if verification data returned by the user is obtained;
the credential sending module is further configured to send the legal identity credential to the user, so that the user sends an identity authentication request to the block subchain node based on the legal identity credential.
Wherein, the device still includes:
the block acquisition module is used for acquiring block information of a block main chain; the block information comprises the block depth of a block main chain and the data type of the block;
the key generation module is used for generating a main chain key pair according to the block depth and the block data type; the main chain key pair comprises a main chain public key and a main chain private key;
and the block storage module is used for generating a key block according to the main chain key pair and adding the key block into the block main chain.
One aspect of the embodiments of the present application provides a computer device, including a processor, a memory, and an input/output interface;
the processor is respectively connected to the memory and the input/output interface, where the input/output interface is used for data interaction of each node in a block chain, the memory is used for storing a program code, and the processor is used for calling the program code to execute the block chain-based identity authentication method implemented in one aspect of the embodiment of the present application.
An aspect of the embodiments of the present application provides a computer-readable storage medium, where a computer program is stored, where the computer program includes program instructions, and the program instructions, when executed by a processor, perform an identity authentication method based on a blockchain, as implemented in an aspect of the embodiments of the present application.
An aspect of an embodiment of the present application provides a computer program product or a computer program, which includes computer instructions stored in a computer-readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to perform the method provided in the various alternatives in one aspect of the embodiments of the application.
The embodiment of the application has the following beneficial effects:
according to the method and the device, the identity authentication request of the user for the block subchain is obtained, and the target core main chain node is searched based on the identity authentication request; the identity authentication request comprises an identity certificate to be authenticated and identity information to be authenticated of the user; sending the identity certificate to be verified and the identity information to be verified of the user to a target core main chain node, so that the target core main chain node performs identity verification on the user based on the identity certificate to be verified and the identity information to be verified, and obtaining an identity verification result of the user; and acquiring an authentication result sent by the target core main chain node, and determining the access authority of the user to the block subchain according to the authentication result. The method and the device have the advantages that the user is authenticated in one block chain (block main chain) in the block chain network, namely, the user authentication result in the block chain network can be obtained, so that when the user is authenticated in other block chains (namely, the block sub chains) in the block chain network, the user authentication result can be directly authenticated based on the block main chain in the block chain network and serves as the user authentication result, when the user is authenticated by a plurality of block chains, only one authentication process is needed, the times and complexity of user authentication are reduced, and the cost and resources consumed by the user authentication are saved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is an alternative schematic diagram of a block structure provided in the present application;
fig. 2 is a schematic network diagram of identity verification based on a blockchain according to an embodiment of the present application;
fig. 3 is a schematic diagram of an authentication scenario based on a block chain according to an embodiment of the present application;
fig. 4 is a flowchart of an identity authentication method based on a blockchain according to an embodiment of the present disclosure;
fig. 5 is a data architecture diagram of a blockchain network according to an embodiment of the present disclosure;
fig. 6 is a schematic flowchart of another block chain-based identity authentication provided in an embodiment of the present application;
fig. 7 is a schematic diagram of a credential lookup scenario provided in an embodiment of the present application;
fig. 8 is an interaction flow diagram of an identity authentication method based on a blockchain according to an embodiment of the present disclosure;
fig. 9 is a schematic diagram of an identity authentication apparatus based on a block chain according to an embodiment of the present application;
fig. 10 is a schematic diagram of another block chain-based identity authentication apparatus according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application can store and transmit data in a block chain (such as a block main chain, a block subchain and the like) and data between nodes in a block chain network based on a cloud technology, and is suitable for the field of data transmission in big data.
The Cloud technology (Cloud technology) is a hosting technology for unifying series resources such as hardware, software, network and the like in a wide area network or a local area network to realize calculation, storage, processing and sharing of data.
Cloud technology (Cloud technology) is based on a general term of network technology, information technology, integration technology, management platform technology, application technology and the like applied in a Cloud computing business model, can form a resource pool, is used as required, and is flexible and convenient. Cloud computing technology will become an important support. Background services of the technical network system require a large amount of computing and storage resources, such as video websites, picture-like websites and more web portals. With the high development and application of the internet industry, each article may have its own identification mark and needs to be transmitted to a background system for logic processing, data in different levels are processed separately, and various industrial data need strong system background support and can only be realized through cloud computing.
The Big data (Big data) refers to a data set which cannot be captured, managed and processed by a conventional software tool within a certain time range, and is a massive, high-growth-rate and diversified information asset which can have stronger decision-making power, insight discovery power and flow optimization capability only by a new processing mode. With the advent of the cloud era, big data has attracted more and more attention, and the big data needs special technology to effectively process a large amount of data within a tolerance elapsed time. The method is suitable for the technology of big data, and comprises a large-scale parallel processing database, data mining, a distributed file system, a distributed database, a cloud computing platform, the Internet and an extensible storage system. When a plurality of block chains (including a block main chain and a plurality of block sub chains) exist in the block chain network, the scheme of the application can generate a large amount of data, a big data technology can be adopted, and the implementation efficiency of the scheme of the application is improved.
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product services layer, and an application services layer. And the Block chain comprises a series of blocks (blocks) which are mutually connected according to the generated chronological order, new blocks cannot be removed once being added into the Block chain, and recorded data submitted by nodes in the Block chain system are recorded in the blocks.
Referring to fig. 1, fig. 1 is an optional schematic diagram of a Block Structure (Block Structure) provided in this embodiment of the present application, where each Block includes a hash value of a transaction record (hash value of the Block) stored in the Block and a hash value of a previous Block, and the blocks are connected by the hash value to form a Block chain. The block may include information such as a time stamp at the time of block generation. As shown in fig. 1, block 1 includes data (i.e., transaction data stored in block 1), a previous block hash, and a local block hash, where the previous block hash is the hash of a previous block of block 1, e.g., in fig. 1, block 1 is the first block in the block chain, and then the previous block hash in block 1 may be null. Block 2 includes data (i.e., transaction data stored in block 2), a previous block hash, and a current block hash, where the previous block hash is the hash of a block (i.e., block 1) previous to block 2. Block 3 includes data (i.e., transaction data stored in block 3), a previous block hash, and a current block hash, where the previous block hash is the hash of the block (i.e., block 2) previous to block 3.
Referring to fig. 2, fig. 2 is a schematic diagram of a network for identity authentication based on a blockchain according to an embodiment of the present disclosure. As shown in fig. 2, a user 201 sends an authentication request to a blockchain node 202, the blockchain node 202 obtains the authentication request of the user 201 for a blockchain, searches a target core main chain node 203 based on the authentication request, and sends an authentication credential and authentication information of the user 201 to be authenticated, which are carried in the authentication request, to the target core main chain node 203. The target core main chain node 203 performs identity authentication on the user 201 according to the acquired identity credential to be authenticated and the acquired identity information to be authenticated, obtains an identity authentication result of the user 201, and sends the identity authentication result to the blockchain node 202. The blockchain node 202 determines the access authority of the user 201 to the blockchain according to the authentication result sent by the target core main chain node 203. By the method and the device, when the block subchain node 202 acquires the identity authentication request of the user 201 for the block subchain, the identity authentication of the user 201 is not needed, the identity authentication result of the target core main chain node 203 for the user 201 can be directly used as the identity authentication result of the user 201, so that the identity authentication of the user is performed once based on the target core main chain node 203, the identity authentication results of the block subchain, the block main chain in the target core main chain node 203 and the like for the user can be obtained, the times and complexity of authentication of the user are reduced, and the authentication cost and resources are saved.
The node (e.g., the target core main chain node, the block subchain node, etc.) may be a server or a terminal device, or may be a system composed of a server and a terminal device, where the terminal device mentioned above may be an electronic device, including but not limited to a mobile phone, a tablet computer, a desktop computer, a notebook computer, a palm computer, a wearable device (e.g., a smart watch, a smart bracelet, etc.), an Augmented Reality/Virtual Reality (AR/VR) device, a helmet display, a smart speaker, a digital camera, a camera, and other Mobile Internet Devices (MID) with network access capability. The above-mentioned server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a Content Delivery Network (CDN), a big data and artificial intelligence platform, and the like.
Further, please refer to fig. 3, where fig. 3 is a schematic diagram of an authentication scenario based on a block chain according to an embodiment of the present application. As shown in fig. 3, the method implemented in the embodiment of the present application is described by taking the presence of a user access platform as an example, where the user access platform is used to manage a user and perform data interaction with the blockchain network 302. The blockchain network 302 may be a federation chain, which is a member and limited third parties for a particular group, and in which a plurality of preselected nodes are designated as billers, and is a blockchain between private and public chains. The blockchain network 302 may include a blockchain main chain and a plurality of blockchain subchains, such as blockchain subchain 1 and blockchain subchain 2. The user 301 requests the user access platform for authentication of the block main chain, the user access platform sends an authentication request of the user for the block main chain to a target core main chain node where the block main chain is located, the block main chain performs authentication on the user 301 based on the authentication request, if the authentication is passed, a legal identity certificate of the user 301 is generated, and the legal identity certificate is sent to the user access platform.
The user 301 requests the user access platform for authentication of the block subchain 1, and the user access platform sends an authentication request to the block subchain node 1 where the block subchain 1 is located, where the authentication request includes an authentication credential to be authenticated of the user 301 and the like. The blockchain node 1 sends the identity credential to be verified to the target core main chain node, and the target core main chain node may perform identity verification on the user 301 based on the identity credential to be verified to obtain an identity verification result, and feed the identity verification result back to the blockchain node 1 where the blockchain node 1 is located. The blockchain node 1 determines the access right of the user 301 to the blockchain 1 based on the authentication result.
The user 301 requests the user access platform for authentication of the block subchain 2, and the user access platform sends an authentication request to the block subchain node 2 where the block subchain 2 is located, where the authentication request includes an authentication credential to be authenticated of the user 301 and the like. The blockchain node 2 sends the identity credential to be verified to the target core main chain node, and the target core main chain node may perform identity verification on the user 301 based on the identity credential to be verified to obtain an identity verification result, and feed the identity verification result back to the blockchain node 2 where the blockchain node 2 is located. The blockchain node 2 determines the access right of the user 301 to the blockchain 2 based on the authentication result.
Similarly, when the user 301 accesses any one of the block subchains based on the user access platform, the user 301 directly uses the authentication result of the block main chain to the user 301 to determine the access authority of the user 301 to the block subchain, so that in the block chain network 302, only one authentication needs to be performed on the user 301, and all the block chains (including the block main chain, each block subchain and the like) in the block chain network 302 acquire the authentication result of the user 301, thereby reducing the authentication times and complexity of the user, and further saving the authentication cost and resources in the block chains.
Further, please refer to fig. 4, where fig. 4 is a flowchart of an identity authentication method based on a block chain according to an embodiment of the present application. As shown in fig. 4, a description is given by using a blockchain sub-chain node where a blockchain is located as an execution subject, where the blockchain sub-chain node may include one or at least two blockchain sub-chains. The identity authentication process based on the block chain comprises the following steps:
step S401, acquiring an authentication request of a user for the block subchain, and searching for a target core main chain node based on the authentication request.
In the embodiment of the application, a blockchain node acquires an authentication request of a user for a blockchain, and searches a target core main chain node based on the authentication request, wherein the authentication request comprises an authentication certificate to be authenticated and authentication information of the user. Wherein the blockchain node comprises a blockchain. The identity authentication request may be sent by the user directly to the blockchain sub-node, or may be sent by the user to the blockchain sub-node based on the user access platform, in other words, the user may directly perform data interaction with the blockchain network, or may perform data interaction with the blockchain network through the user access platform. The blockchain network comprises a blockchain main chain and blockchain subchains, wherein a node where the blockchain main chain is located is a core main chain node, a node where the blockchain subchains are located is a blockchain subchain node, the blockchain network can comprise one or at least two blockchain subchains, and the number of the core main chain nodes can be one or at least two. When the number of the core main chain nodes is at least two, the target core main chain node can be searched from the at least two core main chain nodes; when the number of the core backbone nodes is one, the core backbone node can be directly determined as the target core backbone node.
Wherein the blockchain node may search for a core backbone node network based on the authentication request; the core backbone node network comprises at least two core backbone nodes; the core backbone node comprises a block backbone, the block backbone and the block subchain belong to the same federation chain. The node information of each core main chain node in the at least two core main chain nodes is obtained, and the target core main chain node is searched from the at least two core main chain nodes based on the node information.
The node information may include a total network bandwidth amount and a bandwidth occupancy rate. The blockchain node can determine the idle bandwidth of each core main chain node in at least two core main chain nodes based on the total network bandwidth and the bandwidth occupancy rate; the core backbone node with the largest free bandwidth is determined as the target core backbone node. Optionally, the node information may include a node communication distance, and the core main chain node having the smallest node communication distance with the blockchain node is determined as the target core main chain node. Optionally, the node information may include a node priority, and a core main chain node corresponding to the highest node priority is determined as the target core main chain node. The node information may be obtained according to needs, and is not limited to the above-mentioned information.
Optionally, after the blockchain node finds the core main chain node network, the blockchain node may also directly broadcast the to-be-verified identity credential and the to-be-verified identity information of the user to at least two core main chain nodes in the core main chain node network, and at this time, the at least two core main chain nodes may be regarded as the target core main chain node.
Referring to fig. 5, fig. 5 is a diagram of a data architecture of a blockchain network according to an embodiment of the present disclosure. As shown in fig. 5, there are a blockchain node 5021, a blockchain node 5022, a blockchain node 5023, etc. in the blockchain network 502, and a core backbone node network 503, and the user 501 can request authentication from any one blockchain node. For example, when the user 501 applies for accessing the blockchain sub-1, it may be considered that the user 501 requests authentication from the blockchain sub-node 5021 where the blockchain sub-1 is located.
The core backbone node network 503 includes a core backbone node 5031, a core backbone node 5032, a core backbone node 5033, a core backbone node 5034, and the like. Taking the blockchain sub-chain 1 as an example, the node where the blockchain sub-chain 1 is located is a blockchain sub-chain node 5021, the user 501 sends an authentication request to the blockchain sub-chain node 5021, the blockchain sub-chain node 5021 searches a target core main chain node from the core main chain node network 503 based on the authentication request, and assuming that the core main chain node 5032 is found to be the target core main chain node, the blockchain sub-chain node 5021 sends an identity credential to be authenticated and identity information to be authenticated in the authentication request to the core main chain node 5032.
The core backbone node may be determined in advance, and the local node may obtain a first voting result for the at least two candidate block chains, and broadcast the first voting result to the candidate node where the at least two candidate block chains are located. And acquiring a second voting result of the candidate node aiming at the at least two candidate block chains, selecting a block main chain from the at least two candidate block chains based on the first voting result and the second voting result, and determining the candidate block chains except the block main chain in the at least two candidate block chains as the block sub-chains. And determining the candidate node where the block main chain is located as a target core main chain node, and determining the candidate node where the block subchain is located as a block subchain node, namely, the local node is the block subchain node.
Specifically, at least two candidate nodes exist in the blockchain network, the local node belongs to the at least two candidate nodes, and each candidate node includes a candidate blockchain, where one candidate node may include one or at least two candidate blockchains, in other words, the number of candidate blockchains included in the blockchain network may be greater than or equal to the number of candidate nodes. The local node may obtain blocking information of at least two candidate blockchains, which may include one or a random combination of at least two of a block depth, a block data type, a block occupation space or a block capacity, etc. The local node performs consensus on the block information of the at least two candidate block chains to obtain a first voting result of the at least two candidate block chains, and broadcasts the first voting result to candidate nodes except the local node in the at least two candidate nodes; similarly, the other candidate nodes may perform consensus on the block information of the at least two candidate block chains to obtain second voting results of the at least two candidate block chains, and broadcast the second voting results, at this time, the local node may obtain the second voting results sent by the other candidate nodes, select a block main chain from the at least two candidate block chains according to the first voting result and the second voting result, and mark the candidate block chains in the at least two candidate block chains except the block main chain as the block sub chains. If the candidate block chain recorded in the local node is a block main chain, the local node is a core main chain node; if the candidate block chain recorded in the local node is the block subchain, the local node is the block subchain node, and similarly, the candidate node where the block subchain is located is determined as the block subchain node, and the candidate node where the block main chain is located is determined as the core main chain node.
In this step, an authentication request of a user for the block subchain is obtained, and an execution subject of a target core main chain node is searched for as a node already determined as the block subchain node based on the authentication request, that is, the execution subject is the block subchain node where the block subchain to which the authentication request is directed is located.
Step S402, the identity certificate to be verified and the identity information to be verified of the user in the identity verification request are sent to the target core main chain node, so that the target core main chain node performs identity verification on the user based on the identity certificate to be verified and the identity information to be verified, and an identity verification result of the user is obtained.
In the embodiment of the application, the block sub-link node sends the identity certificate to be verified and the identity information to be verified of the user in the acquired identity verification request to the target core main chain node. The target core main chain node can perform identity authentication on the user based on the identity certificate to be authenticated and the identity information to be authenticated to obtain an identity authentication result of the user, and the identity authentication result is sent to the block subchain node.
Step S403, obtaining an authentication result sent by the target core main chain node, and determining an access right of the user to the block subchain according to the authentication result.
In this embodiment of the present application, the blockchain child node obtains the authentication result sent by the target core main chain node, and uses the authentication result as the authentication result for the user. If the identity verification result is an identity legal result, determining that the user has access authority to the block subchain; if the identity authentication result is an identity abnormal result, determining that the user does not have access authority to the block subchain, and guiding the user to perform identity authentication to the block main chain; the block backbone is in the target core backbone node. Specifically, when it is determined that the user does not have access rights to the blockchain, the blockchain node may send a rights exception message to the user, where the rights exception message may include an authentication interface of the blockchain. The block subchain node can guide the user to request the core main chain node where the block main chain is located to perform identity authentication through the identity authentication interface, the core main chain node performs identity authentication on the user to generate a legal identity certificate of the user, the legal identity certificate is sent to the user, and the user can send an identity authentication request to the block subchain node where the block subchain is located again based on the legal identity certificate.
The block subchain node can generate an identity verification block according to an identity verification result, an identity certificate to be verified, identity information to be verified and a target core main chain node, and the identity verification block is added into the block subchain. The identity authentication block may be broadcasted to each node in the federation chain by the blockchain node, so that the identity authentication block is identified by each node, and when the identity authentication block passes the identification, the identity authentication block is added to the blockchain. When an identity verification request for a user is acquired, the block subchain node can acquire an identity verification block from the block subchain; performing identity authentication on the user based on the identity information to be authenticated in the identity authentication block to obtain an identity authentication result; and if the identity verification result is inconsistent with the identity verification result in the identity verification block, determining that the target core main chain node is an abnormal node. When the user does not recognize the acquired identity authentication result, the user can send an identity verification request to the block child chain node; or, when the blockchain sub-node rechecks the authenticated user, the user to be verified may be randomly selected to obtain an identity verification request for the user to be verified. In other words, the identity verification request may be generated when the blockchain node rechecks the identity verification result of the user.
According to the method and the device, the identity authentication request of the user for the block subchain is obtained, and the target core main chain node is searched based on the identity authentication request; the identity authentication request comprises an identity certificate to be authenticated and identity information to be authenticated of the user; sending the identity certificate to be verified and the identity information to be verified of the user to a target core main chain node, so that the target core main chain node performs identity verification on the user based on the identity certificate to be verified and the identity information to be verified, and obtaining an identity verification result of the user; and acquiring an authentication result sent by the target core main chain node, and determining the access authority of the user to the block subchain according to the authentication result to realize the authentication of the user. The method comprises the steps that a plurality of block chains exist in a block chain network, a block main chain and a plurality of block sub-chains exist in the plurality of block chains, each block sub-chain can recognize an identity verification result of the block main chain, so that a legal identity certificate of a user is generated after the block main chain performs identity verification on the user, the block sub-chains directly send an acquired identity certificate to be verified of the user to the block main chain, and the block main chain acquires the identity verification result of the user based on the identity certificate to be verified, the legal identity certificate and the like. The block sub-chain acquires the authentication result sent by the block main chain, and determines the access right of the user, so that the user is authenticated once in the block chain network, and all the block chains can obtain the authentication result of the user, thereby reducing the times and complexity of user authentication in the block chain network, and saving authentication cost and resources.
Further, referring to fig. 6, fig. 6 is a schematic flowchart of another identity verification based on a blockchain according to an embodiment of the present application. As shown in fig. 6, with the target core backbone node as the execution subject, the identity authentication method based on the blockchain includes the following steps:
step S601, obtain the to-be-verified identity credential and the to-be-verified identity information of the user sent by the blockchain node.
In this embodiment of the application, the target core main chain node may obtain the to-be-verified identity credential and the to-be-verified identity information of the user, which are sent by the block subchain node. And acquiring a block main chain, and searching the identity certificate to be verified from the block main chain. Optionally, when the target core main chain node stores the legal identity credential in the block main chain, the user identifier corresponding to the legal identity credential is stored at the same time, and the target core main chain node may obtain the user identifier corresponding to the identity credential to be verified, and search for the block associated with the user identifier from the block main chain. If the block associated with the user identifier is not obtained, determining that the identity certificate to be verified does not exist in the main chain of the block; and if the block associated with the user identification is acquired, determining that the identity certificate to be verified exists in the main chain of the block. Further, if the block associated with the user identifier is obtained, the target core main chain node may obtain a legal identity credential from the block associated with the user identifier, and if the identity credential to be verified is the same as the legal identity credential, it is determined that the identity credential to be verified exists in the main chain of the block; if the identity certificate to be verified is different from the legal identity certificate, determining that the identity certificate to be verified does not exist in the block main chain.
For example, please refer to fig. 7, fig. 7 is a schematic view illustrating a credential lookup scenario according to an embodiment of the present application. As shown in fig. 7, the target core backbone node obtains the user identifier corresponding to the identity credential to be verified, searches for the block associated with the user identifier from the block backbone 701, and determines that the identity credential to be verified does not exist in the block backbone 701 if the block associated with the user identifier is not found. If the block 702 associated with the user identifier is found, a legal identity credential is obtained from the block 702 associated with the user identifier, if the identity credential to be verified is the same as the legal identity credential, it is determined that the identity credential to be verified exists in the block main chain 701, and if the identity credential to be verified is different from the legal identity credential, it is determined that the identity credential to be verified does not exist in the block main chain 701.
Step S602, if the identity credential to be verified exists in the block main chain, determining the identity credential to be verified as a legal identity credential, obtaining a main chain public key from the block main chain, and decrypting the legal identity credential by using the main chain public key to obtain an effective hash corresponding to the effective identity information.
In the embodiment of the present application, if the identity credential to be verified exists in the block main chain, the identity credential to be verified is a legal identity credential, and the identity credential to be verified can be determined as a legal identity credential. The target core backbone node may obtain a backbone public key from the block backbone, decrypt the legal identity credential using the backbone public key, obtain an effective hash corresponding to the effective identity information, and execute step S603. Optionally, the target core main chain node may further obtain a main chain private key from the block main chain, and sign the identity information to be verified by using the main chain private key to generate a signature to be verified. And if the identity certificate to be verified does not exist in the block main chain, determining the identity abnormal result as the identity verification result of the user.
Step S603, determining an authentication result of the user according to a matching relationship between the valid hash and the identity information to be authenticated, and sending the authentication result to the block child chain node.
In the embodiment of the application, the target core main chain node can match the effective hash with the identity information to be verified, and if the effective hash is matched with the identity information to be verified, the identity legal result is determined as the identity verification result of the user; and if the effective hash is not matched with the identity information to be verified, determining the identity abnormal result as the identity verification result of the user. Specifically, the target core main chain node converts the identity information to be verified into hash to be verified through a hash algorithm. If the hash to be verified is the same as the effective hash, determining that the effective hash is matched with the identity information to be verified, and determining an identity legal result as an identity verification result of the user; and if the hash to be verified is different from the effective hash, determining that the effective hash is not matched with the identity information to be verified, and determining the identity abnormal result as the identity verification result of the user.
Or, if the valid hash matches the identity information to be verified, the target core main chain node may obtain the cluster identifier to which the user belongs according to the legal identity credential. And if the identifier of the block subchain belongs to the identifier of the authority block subchain, determining an identity legal result as an identity verification result of the user. Wherein the permission blockchain identification comprises an identification of a blockchain that is accessible by the associated cluster identification. For example, the block chain network includes a block sub-chain 1, a block sub-chain 2, a block sub-chain 3, and a block sub-chain 4, and a cluster identifier to which the user belongs is obtained according to the legal identity credential, where the cluster identifier is a company a, and it is assumed that an authority block sub-chain identifier associated with the company a includes an identifier of the block sub-chain 1 and an identifier of the block sub-chain 4. And the target core main chain node searches the identifier of the block subchain from the authority block subchain identifier, and if the identifier of the block subchain is found in the authority block subchain identifier, the identity legal result is determined as the identity verification result of the user.
Further, the target core main chain node can convert the identity information to be verified into the hash to be verified through a hash algorithm. If the hash to be verified is different from the effective hash, determining that the effective hash is not matched with the identity information to be verified, and determining an identity abnormal result as an identity verification result of the user; if the hash to be verified is the same as the valid hash, the identity verification result is determined based on the cluster identifier, and the process can be referred to as the process related to the cluster identifier.
Before each step shown in fig. 6, the target core backbone node performs authentication on the user, and the process is specifically as follows:
the target core main chain node can acquire effective identity information sent by a user, acquire facial features of the user and acquire personal information of the user according to the facial features; if the effective identity information is matched with the personal information, the effective identity information is signed by adopting a main chain private key of the block main chain to generate a legal identity certificate; and sending the legal identity certificate to the user so that the user sends an identity verification request to the block subchain node based on the legal identity certificate.
Or the target core main chain node can also acquire effective identity information sent by the user, acquire the communication mode of the user and send verification data to the user based on the communication mode; if the verification data returned by the user is obtained, the main chain private key of the block main chain is adopted to sign the effective identity information, and a legal identity certificate is generated; and sending the legal identity certificate to the user so that the user sends an identity verification request to the block subchain node based on the legal identity certificate. For example, if the communication mode is a short message mode, a short message can be sent to the user, the content of the short message is verification data, and if the target core main chain node acquires the verification data returned by the user, it indicates that the user receives the verification data, and the user identity passes verification, so as to generate a legal identity certificate of the user.
Wherein the public key of the main chain and the private key of the main chain are generated based on the block information of the block main chain. Specifically, the target core backbone node may obtain block information of the block backbone, where the block information includes a block depth and a block data type of the block backbone; generating a main chain key pair according to the block depth and the block data type; the main chain key pair comprises a main chain public key and a main chain private key; a key block is generated from the main chain key pair, and the key block is added to the block main chain. The tile data type may be derived based on the type of content stored in the tile main chain, such as a financial type, a game type, or a deposit certificate type; alternatively, the tile data type may be derived based on the type of data stored in the tile main chain, such as a text type, a voice type, an image type, a video type, or a hybrid type, and the like, which is not limited herein. Optionally, the target core backbone node may also generate the backbone key pair according to block information in the block backbone, except for the block depth and the block data type.
Optionally, if at least two core main chain nodes in the block chain network include a block main chain, a main chain key pair may be generated by any one of the at least two core main chain nodes, the main chain key pair is broadcast to other core main chain nodes, and if each core main chain node passes through the main chain key pair, a key block is generated according to the main chain key pair, and the key block is added to the block main chain.
The method comprises the steps that identity certificates to be verified and identity information to be verified of users sent by a block subchain node are obtained; if the identity certificate to be verified exists in the block main chain, determining the identity certificate to be verified as a legal identity certificate, acquiring a main chain public key from the block main chain, and decrypting the legal identity certificate by adopting the main chain public key to obtain effective hash corresponding to effective identity information; and determining the identity authentication result of the user according to the matching relation between the effective hash and the identity information to be authenticated, and sending the identity authentication result to the block subchain node. The target core main chain node authenticates the user based on the acquired identity certificate to be authenticated and the acquired identity information to be authenticated, the authentication process is simple, interaction with the user is not needed, data comparison can be directly carried out to authenticate the user, the complexity of user authentication in a block chain network is reduced, and resources and time consumed by authentication can be saved.
Further, please refer to fig. 8, where fig. 8 is a schematic interaction flow diagram of an identity authentication method based on a block chain according to an embodiment of the present application. As shown in fig. 8, taking the presence of the user access platform as an example, the identity authentication method based on the blockchain includes the following steps:
step S801, the user requests authentication from the block main chain based on the user access platform.
In an embodiment of the application, a user may request authentication from a block backbone based on a user access platform.
Step S802, the user access platform sends an identity authentication request to the target core main chain node.
In the embodiment of the application, the user access platform determines a target core main chain node where the block main chain is located, and sends an identity authentication request to the target core main chain node.
Step S803, the target core backbone node sends a legal identity credential to the user access platform.
In this embodiment of the application, the target core backbone node performs identity authentication on the user, and if the authentication passes, a legal identity credential of the user is generated, and the legal identity credential is sent to the user access platform, where the generation process of the legal identity credential may refer to the specific description shown in fig. 6, and is not described herein again.
In step S804, the user requests to perform authentication on the blockchain.
In an embodiment of the present application, a user requests an access platform of the user to perform authentication on a blockchain.
Step S805, the user access platform sends an authentication request to the blockchain node.
In this embodiment of the application, the user access platform sends an authentication request to the node of the blockchain where the blockchain is located, and this process may be shown as step S401 in fig. 4.
In step S806, the blockchain child node sends the identity credential to be verified and the identity information to be verified to the target core main chain node.
In the embodiment of the present application, the process may be shown in step S402 in fig. 4, and is not described herein again.
In step S807, the target core backbone node authenticates the user.
In this embodiment of the application, the target core backbone node performs identity authentication on the user to obtain an identity authentication result of the user, which may be shown in steps S601 to S603 in fig. 6, and is not described herein again.
Step S808, the target core main chain node returns an authentication result to the block subchain node.
In the embodiment of the present application, the target core main chain node returns an authentication result to the block subchain node.
In step S809, the blockchain node determines the access right of the user to the blockchain based on the authentication result.
In the embodiment of the application, if the identity verification result is an identity legal result, it is determined that the user has an access right to the block subchain; if the identity verification result is an identity abnormal result, it is determined that the user does not have access right to the block child chain, which may be specifically referred to step S403 in fig. 4, and details are not described here.
According to the method and the device, data interaction is carried out between the target core main chain node and the block subchain node, the user is authenticated, one-time authentication of the user in the block chain network is realized, and when the user accesses the block subchain, the access authority of the user can be determined according to the authentication result, so that the times and complexity of authentication of the user in the block chain network can be reduced, and time and resources required by authentication are saved.
Further, referring to fig. 9, fig. 9 is a schematic diagram of an identity authentication apparatus based on a blockchain according to an embodiment of the present application. The blockchain-based authentication apparatus may be a computer program (including program code) running in a computer device, for example, the blockchain-based authentication apparatus is an application software; the apparatus may be used to perform the corresponding steps in the methods provided by the embodiments of the present application. As shown in fig. 9, the blockchain-based authentication apparatus 900 may be used in the computer device in the embodiment corresponding to fig. 4, specifically, the blockchain-based authentication apparatus 900 may include: a main chain searching module 11, an identity verifying module 12 and an authority determining module 13.
The main chain searching module 11 is configured to obtain an authentication request of a user for the block subchain, and search a target core main chain node based on the authentication request; the identity authentication request comprises an identity certificate to be authenticated and identity information to be authenticated of the user;
the identity authentication module 12 is configured to send an identity credential to be authenticated and identity information to be authenticated of the user to the target core main chain node, so that the target core main chain node performs identity authentication on the user based on the identity credential to be authenticated and the identity information to be authenticated to obtain an identity authentication result of the user;
and the permission determining module 13 is configured to obtain an authentication result sent by the target core main chain node, and determine an access permission of the user to the block subchain according to the authentication result.
In searching for a target core backbone node based on an authentication request, the backbone searching module 11 includes:
a network searching unit 111, configured to search a core backbone node network based on the authentication request; the core backbone node network comprises at least two core backbone nodes; the core main chain node comprises a block main chain, and the block main chain and the block subchain belong to the same alliance chain;
the node determining unit 112 is configured to obtain node information of each of the at least two core backbone nodes, and search a target core backbone node from the at least two core backbone nodes based on the node information.
The node information comprises the total network bandwidth and the bandwidth occupancy rate;
in searching for a target core backbone node from among at least two core backbone nodes based on node information, the node determining unit 112 includes:
a bandwidth determining subunit 1121, configured to determine an idle bandwidth of each core backbone node of the at least two core backbone nodes based on the total network bandwidth and the bandwidth occupancy;
a node determining subunit 1122, configured to determine a core backbone node having the largest free bandwidth as the target core backbone node.
In terms of determining the access right of the user to the block child chain according to the authentication result, the right determining module 13 is specifically configured to:
if the identity verification result is an identity legal result, determining that the user has access authority to the block subchain;
if the identity authentication result is an identity abnormal result, determining that the user does not have access authority to the block subchain, and guiding the user to perform identity authentication to the block main chain; the block backbone is in the target core backbone node.
Wherein, the apparatus 900 further comprises:
a voting sending module 14, configured to obtain a first voting result for the at least two candidate block chains, and broadcast the first voting result to a candidate node where the at least two candidate block chains are located;
a vote obtaining module 15, configured to obtain a second vote result of the candidate node for the at least two candidate block chains, select a block main chain from the at least two candidate block chains based on the first vote result and the second vote result, and determine candidate block chains of the at least two candidate block chains except the block main chain as the block sub-chains;
and a node determining module 16, configured to determine a candidate node where the block main chain is located as a target core main chain node.
Wherein, the apparatus 900 further comprises:
the block generating module 17 is configured to generate an authentication block according to the authentication result, the to-be-authenticated identity credential, the to-be-authenticated identity information, and the target core main chain node, and add the authentication block to the block sub-chain;
an identity verification module 18, configured to, when an identity verification request for a user is obtained, obtain an identity verification block from the block sub-chain;
the result obtaining module 19 is configured to perform identity authentication on the user based on the identity information to be authenticated in the identity authentication block, so as to obtain an identity verification result;
and the anomaly detection module 20 is configured to determine that the target core backbone node is an abnormal node if the identity verification result is inconsistent with the identity verification result in the identity verification block.
The embodiment of the application describes an identity authentication device based on a block chain, which searches a target core main chain node based on an identity authentication request by acquiring the identity authentication request of a user for the block sub-chain; the identity authentication request comprises an identity certificate to be authenticated and identity information to be authenticated of the user; sending the identity certificate to be verified and the identity information to be verified of the user to a target core main chain node, so that the target core main chain node performs identity verification on the user based on the identity certificate to be verified and the identity information to be verified, and obtaining an identity verification result of the user; and acquiring an authentication result sent by the target core main chain node, and determining the access authority of the user to the block subchain according to the authentication result to realize the authentication of the user. The method comprises the steps that a plurality of block chains exist in a block chain network, a block main chain and a plurality of block sub-chains exist in the plurality of block chains, each block sub-chain can recognize an identity verification result of the block main chain, so that a legal identity certificate of a user is generated after the block main chain performs identity verification on the user, the block sub-chains directly send an acquired identity certificate to be verified of the user to the block main chain, and the block main chain acquires the identity verification result of the user based on the identity certificate to be verified, the legal identity certificate and the like. The block sub-chain acquires the authentication result sent by the block main chain, and determines the access right of the user, so that the user is authenticated once in the block chain network, and all the block chains can obtain the authentication result of the user, thereby reducing the times and complexity of user authentication in the block chain network, and saving authentication cost and resources.
Further, referring to fig. 10, fig. 10 is a schematic diagram of another identity verification apparatus based on a blockchain according to an embodiment of the present application. The blockchain-based authentication apparatus may be a computer program (including program code) running in a computer device, for example, the blockchain-based authentication apparatus is an application software; the apparatus may be used to perform the corresponding steps in the methods provided by the embodiments of the present application. As shown in fig. 10, the blockchain-based authentication apparatus 1000 may be used in the computer device in the embodiment corresponding to fig. 6, specifically, the blockchain-based authentication apparatus 1000 may include: an identity acquisition module 21, a certificate analysis module 22, a result acquisition module 23 and a result sending module 24.
The identity acquiring module 21 is configured to acquire an identity credential to be authenticated and identity information to be authenticated of a user, which are sent by a block subchain node;
the certificate analysis module 22 is configured to determine the identity certificate to be verified as a legal identity certificate if the identity certificate to be verified exists in the block main chain, obtain a main chain public key from the block main chain, and decrypt the legal identity certificate by using the main chain public key to obtain an effective hash corresponding to the effective identity information;
the result obtaining module 23 is configured to determine an authentication result of the user according to a matching relationship between the valid hash and the identity information to be authenticated;
and a result sending module 24, configured to send the authentication result to the blockchain node.
The result obtaining module 23 includes:
a hash obtaining unit 231, configured to convert the identity information to be verified into a hash to be verified through a hash algorithm;
an information matching unit 232, configured to determine that the valid hash matches the identity information to be verified if the hash to be verified is the same as the valid hash, and determine an identity legitimacy result as an identity verification result of the user;
the information matching unit 232 is further configured to determine that the valid hash is not matched with the identity information to be verified if the hash to be verified is different from the valid hash, and determine an identity abnormal result as an identity verification result of the user.
The result obtaining module 23 includes:
an identifier obtaining unit 233, configured to obtain, if the valid hash matches the identity information to be verified, a cluster identifier to which the user belongs according to the legal identity credential;
the identifier matching unit 234 is configured to obtain an authority block subchain identifier associated with the cluster identifier, obtain an identifier of a block subchain included in the block subchain node, and determine an identity validity result as an identity authentication result of the user if the identifier of the block subchain belongs to the authority block subchain identifier.
Wherein, the apparatus 1000 further comprises:
the feature acquisition module 25 is configured to acquire valid identity information sent by a user, acquire facial features of the user, and acquire personal information of the user according to the facial features;
the certificate generation module 26 is configured to sign the valid identity information by using the main chain private key of the block main chain if the valid identity information matches the personal information, and generate a legal identity certificate;
and the credential sending module 27 is configured to send the legal identity credential to the user, so that the user sends an authentication request to the blockchain node based on the legal identity credential.
Wherein, the apparatus 1000 further comprises:
the communication acquisition module 28 is used for acquiring effective identity information sent by a user, acquiring a communication mode of the user, and sending verification data to the user based on the communication mode;
the credential generating module 26 is further configured to sign the valid identity information by using a main chain private key of the block main chain to generate a legal identity credential if the verification data returned by the user is obtained;
the credential sending module 27 is further configured to send the legal identity credential to the user, so that the user sends an authentication request to the blockchain node based on the legal identity credential.
Wherein, the apparatus 1000 further comprises:
a block acquiring module 29, configured to acquire block information of a block main chain; the block information comprises the block depth of a block main chain and the data type of the block;
a key generation module 30, configured to generate a main chain key pair according to the block depth and the block data type; the main chain key pair comprises a main chain public key and a main chain private key;
the block storage module 31 is configured to generate a key block according to the main chain key pair, and add the key block to the block main chain.
The embodiment of the application describes an identity verification device based on a block chain, the device takes a target core main chain node as an execution main body, and realizes that the target core main chain node performs identity verification on a user based on an acquired identity certificate to be verified and identity information to be verified.
Referring to fig. 11, fig. 11 is a schematic structural diagram of a computer device according to an embodiment of the present application. As shown in fig. 11, the computer device 1100 in the embodiment of the present application may include: one or more processors 1101, memory 1102, and input-output interface 1103. The processor 1101, the memory 1102, and the input/output interface 1103 are connected by a bus 1104. The memory 1102 is configured to store a computer program, where the computer program includes program instructions, and the input/output interface 1103 is configured to perform data interaction between a block sub-link node and a core main-link node in a block chain, between core main-link nodes, and between a user and the block sub-link node or the core main-link node; the processor 1101 is configured to execute the program instructions stored in the memory 1102 to perform the following operations:
acquiring an authentication request of a user for the block subchain, and searching a target core main chain node based on the authentication request; the identity authentication request comprises an identity certificate to be authenticated and identity information to be authenticated of the user;
sending the identity certificate to be verified and the identity information to be verified of the user to a target core main chain node, so that the target core main chain node performs identity verification on the user based on the identity certificate to be verified and the identity information to be verified, and obtaining an identity verification result of the user;
and acquiring an authentication result sent by the target core main chain node, and determining the access authority of the user to the block subchain according to the authentication result.
Alternatively, the following operations are performed:
acquiring a to-be-verified identity certificate and to-be-verified identity information of a user, which are sent by a block subchain node;
if the identity certificate to be verified exists in the block main chain, determining the identity certificate to be verified as a legal identity certificate, acquiring a main chain public key from the block main chain, and decrypting the legal identity certificate by adopting the main chain public key to obtain effective hash corresponding to effective identity information;
and determining the identity authentication result of the user according to the matching relation between the effective hash and the identity information to be authenticated, and sending the identity authentication result to the block subchain node.
In some possible embodiments, the processor 1101 may be a Central Processing Unit (CPU), and the processor may be other general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, a discrete gate or transistor logic device, a discrete hardware component, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 1102 may include both read-only memory and random-access memory, and provides instructions and data to the processor 1101 and the input/output interface 1103. A portion of the memory 1102 may also include non-volatile random access memory. For example, memory 1102 may also store device type information.
In a specific implementation, the computer may execute, through each built-in functional module, the implementation manner provided in each step in fig. 4, fig. 6, or fig. 8, which may be specifically referred to the implementation manner provided in each step in fig. 4, fig. 6, or fig. 8, and is not described herein again.
The embodiment of the present application provides a computer device, including: the processor, the input/output interface and the memory, the processor obtains the computer instructions in the memory, and executes the steps of the method shown in fig. 4, fig. 6 or fig. 8 to perform the identity authentication operation based on the block chain. With computer instructions in the memory, the processor performs the steps of: acquiring a to-be-verified identity certificate and to-be-verified identity information of a user, which are sent by a block subchain node; if the identity certificate to be verified exists in the block main chain, determining the identity certificate to be verified as a legal identity certificate, acquiring a main chain public key from the block main chain, and decrypting the legal identity certificate by adopting the main chain public key to obtain effective hash corresponding to effective identity information; and determining the identity authentication result of the user according to the matching relation between the effective hash and the identity information to be authenticated, and sending the identity authentication result to the block subchain node. The method and the device have the advantages that the user can be subjected to primary identity authentication in the blockchain network, the user can use the result of the identity authentication when accessing any blockchain in the blockchain network subsequently, primary authentication and multiple use are realized, the times and complexity of user authentication in the blockchain network are reduced, and time and resources required by user authentication are saved.
An embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, where the computer program includes program instructions, and when the program instructions are executed by the processor, the method for verifying an identity based on a block chain provided in each step in fig. 4, fig. 6, or fig. 8 may be implemented, for specific reference, an implementation manner provided in each step in fig. 4, fig. 6, or fig. 8 may be implemented, and details of the implementation manner are not described herein again. In addition, the beneficial effects of the same method are not described in detail. For technical details not disclosed in embodiments of the computer-readable storage medium referred to in the present application, reference is made to the description of embodiments of the method of the present application. By way of example, program instructions may be deployed to be executed on one computer device or on multiple computer devices at one site or distributed across multiple sites and interconnected by a communication network, which may comprise a blockchain network.
The computer-readable storage medium may be the identity authentication device based on the blockchain provided in any of the foregoing embodiments or an internal storage unit of the computer, such as a hard disk or a memory of the computer. The computer readable storage medium may also be an external storage device of the computer, such as a plug-in hard disk, a Smart Memory Card (SMC), a Secure Digital (SD) card, a flash memory card (flash card), and the like, provided on the computer. Further, the computer-readable storage medium may also include both an internal storage unit and an external storage device of the computer. The computer-readable storage medium is used for storing the computer program and other programs and data required by the computer. The computer readable storage medium may also be used to temporarily store data that has been output or is to be output.
Embodiments of the present application also provide a computer program product or computer program comprising computer instructions stored in a computer-readable storage medium. The processor of the computer device reads the computer instruction from the computer-readable storage medium, and executes the computer instruction, so that the computer device executes the method provided in the various optional manners in fig. 4, thereby implementing that a user performs one-time authentication in the blockchain network, all nodes in the blockchain network can obtain the result of the authentication, and when the user accesses the blockchain, the blockchain can determine the access authority of the user according to the authentication result of this time, thereby reducing the number of times and complexity of authenticating the user in the blockchain network, and saving the time and resources required for authentication.
The terms "first," "second," and the like in the description and in the claims and drawings of the embodiments of the present application are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "comprises" and any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, apparatus, product, or apparatus that comprises a list of steps or elements is not limited to the listed steps or modules, but may alternatively include other steps or modules not listed or inherent to such process, method, apparatus, product, or apparatus.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The method and the related apparatus provided by the embodiments of the present application are described with reference to the flowchart and/or the structural diagram of the method provided by the embodiments of the present application, and each flow and/or block of the flowchart and/or the structural diagram of the method, and the combination of the flow and/or block in the flowchart and/or the block diagram can be specifically implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block or blocks of the block diagram. These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block or blocks of the block diagram. These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block or blocks.
The above disclosure is only for the purpose of illustrating the preferred embodiments of the present application and is not to be construed as limiting the scope of the present application, so that the present application is not limited thereto, and all equivalent variations and modifications can be made to the present application.

Claims (15)

1. An identity authentication method based on a blockchain, the method comprising:
acquiring block information of at least two candidate block chains, selecting a block main chain from the at least two candidate block chains based on the block information, and determining candidate block chains except the block main chain from the at least two candidate block chains as block sub-chains;
determining the candidate node where the block main chain is located as a core main chain node, and determining the candidate node where the block subchain is located as a block subchain node;
if the local node belongs to the block subchain node, acquiring an authentication request of a user for the block subchain, and searching a target core main chain node from the core main chain node based on the authentication request; the identity authentication request comprises an identity certificate to be authenticated and identity information to be authenticated of the user;
sending the identity certificate to be verified and the identity information to be verified of the user to the target core main chain node, so that the target core main chain node performs identity verification on the user based on the identity certificate to be verified and the identity information to be verified, and obtaining an identity verification result of the user;
and acquiring the identity authentication result sent by the target core main chain node, and determining the access authority of the user to the block subchain according to the identity authentication result.
2. The method of claim 1, wherein the finding a target core backbone node from the core backbone nodes based on the authentication request comprises:
searching a core backbone node network based on the authentication request; the core backbone node network comprises at least two core backbone nodes; the core backbone node comprises the block backbone, the block backbone and the block subchain belong to a same federation chain;
and acquiring node information of each core main chain node in the at least two core main chain nodes, and searching a target core main chain node from the at least two core main chain nodes based on the node information.
3. The method of claim 2, wherein the node information includes a total amount of network bandwidth and a bandwidth occupancy;
the searching for a target core backbone node from the at least two core backbone nodes based on the node information comprises:
determining an idle bandwidth of each of the at least two core backbone nodes based on the total network bandwidth and the bandwidth occupancy;
the core backbone node with the largest free bandwidth is determined as the target core backbone node.
4. The method of claim 1, wherein the determining the access rights of the user to the blockchain according to the authentication result comprises:
if the identity verification result is an identity legal result, determining that the user has the access right to the block subchain;
if the identity authentication result is an identity abnormal result, determining that the user does not have access authority to the block sub-chain, and guiding the user to perform identity authentication to a block main chain; the block backbone is in the target core backbone node.
5. The method of claim 1, wherein the obtaining block information of at least two candidate block chains, selecting a block main chain from the at least two candidate block chains based on the block information, and determining candidate block chains of the at least two candidate block chains other than the block main chain as block sub-chains comprises:
acquiring block information of at least two candidate block chains, performing consensus on the block information of the at least two candidate block chains to obtain a first voting result aiming at the at least two candidate block chains, and broadcasting the first voting result to a candidate node where the at least two candidate block chains are located;
acquiring a second voting result of the candidate node for the block information of the at least two candidate block chains, selecting a block main chain from the at least two candidate block chains based on the first voting result and the second voting result, and determining candidate block chains except the block main chain from the at least two candidate block chains as block sub-chains.
6. The method of claim 1, wherein the method further comprises:
generating an identity verification block according to the identity verification result, the identity certificate to be verified, the identity information to be verified and the target core main chain node, and adding the identity verification block into the block subchain;
when an identity verification request for the user is acquired, acquiring the identity verification block from the block subchain;
performing identity authentication on the user based on the identity information to be authenticated in the identity authentication block to obtain an identity verification result;
and if the identity verification result is inconsistent with the identity verification result in the identity verification block, determining that the target core main chain node is an abnormal node.
7. An identity authentication method based on a blockchain, the method comprising:
acquiring block information of at least two candidate block chains, selecting a block main chain from the at least two candidate block chains based on the block information, and determining candidate block chains except the block main chain from the at least two candidate block chains as block sub-chains;
determining the candidate node where the block main chain is located as a core main chain node, and determining the candidate node where the block subchain is located as a block subchain node;
if the local node belongs to the core main chain node, acquiring a to-be-verified identity certificate and to-be-verified identity information of the user, which are sent by the block subchain node;
if the identity certificate to be verified exists in the block main chain, determining the identity certificate to be verified as a legal identity certificate, acquiring a main chain public key from the block main chain, and decrypting the legal identity certificate by adopting the main chain public key to obtain an effective hash corresponding to effective identity information;
and determining an identity authentication result of the user according to the matching relation between the effective hash and the identity information to be authenticated, and sending the identity authentication result to the block subchain node.
8. The method of claim 7, wherein the determining the authentication result of the user according to the matching relationship between the valid hash and the identity information to be authenticated comprises:
converting the identity information to be verified into hash to be verified through a hash algorithm;
if the hash to be verified is the same as the effective hash, determining that the effective hash is matched with the identity information to be verified, and determining an identity legal result as an identity verification result of the user;
and if the hash to be verified is different from the effective hash, determining that the effective hash is not matched with the identity information to be verified, and determining an identity abnormal result as the identity verification result of the user.
9. The method of claim 7, wherein the determining the authentication result of the user according to the matching relationship between the valid hash and the identity information to be authenticated comprises:
if the effective hash is matched with the identity information to be verified, acquiring a cluster identifier to which the user belongs according to the legal identity certificate;
and if the identifier of the block subchain belongs to the identifier of the authority block subchain, determining an identity legal result as an identity verification result of the user.
10. The method of claim 7, wherein the method further comprises:
acquiring the effective identity information sent by the user, acquiring facial features of the user, and acquiring personal information of the user according to the facial features;
if the valid identity information is matched with the personal information, adopting a main chain private key of the block main chain to sign the valid identity information to generate the legal identity certificate;
and sending the legal identity certificate to the user so that the user sends an identity verification request to the block subchain node based on the legal identity certificate.
11. The method of claim 7, wherein the method further comprises:
obtaining the effective identity information sent by the user, obtaining a communication mode of the user, and sending verification data to the user based on the communication mode;
if the verification data returned by the user is obtained, signing the valid identity information by adopting a main chain private key of the block main chain to generate the legal identity certificate;
and sending the legal identity certificate to the user so that the user sends an identity verification request to the block subchain node based on the legal identity certificate.
12. An apparatus for identity verification based on blockchain, the apparatus comprising:
the apparatus is configured to obtain block information of at least two candidate block chains, select a block main chain from the at least two candidate block chains based on the block information, and determine candidate block chains other than the block main chain from the at least two candidate block chains as block sub-chains;
a node determining module, configured to determine a candidate node where the block main chain is located as a core main chain node, and determine a candidate node where the block sub-chain is located as a block sub-chain node;
the main chain searching module is used for acquiring an authentication request of a user for the block subchain if the local node belongs to the block subchain node, and searching a target core main chain node from the core main chain node based on the authentication request; the identity authentication request comprises an identity certificate to be authenticated and identity information to be authenticated of the user;
the identity authentication module is used for sending the identity certificate to be authenticated of the user and the identity information to be authenticated to the target core main chain node so that the target core main chain node authenticates the identity of the user based on the identity certificate to be authenticated and the identity information to be authenticated to obtain an identity authentication result of the user;
and the authority determining module is used for acquiring the identity authentication result sent by the target core main chain node and determining the access authority of the user to the block subchain according to the identity authentication result.
13. An apparatus for identity verification based on blockchain, the apparatus comprising:
the apparatus is configured to obtain block information of at least two candidate block chains, select a block main chain from the at least two candidate block chains based on the block information, and determine candidate block chains other than the block main chain from the at least two candidate block chains as block sub-chains;
the device is further configured to determine a candidate node where the block main chain is located as a core main chain node, and determine a candidate node where the block sub-chain is located as a block sub-chain node;
the information acquisition module is used for acquiring the identity certificate to be verified and the identity information to be verified of the user, which are sent by the block subchain node, if the local node belongs to the core main chain node;
the certificate analysis module is used for determining the identity certificate to be verified as a legal identity certificate if the identity certificate to be verified exists in the block main chain, acquiring a main chain public key from the block main chain, and decrypting the legal identity certificate by adopting the main chain public key to obtain an effective hash corresponding to effective identity information;
and the verification feedback module is used for determining an identity verification result of the user according to the matching relation between the effective hash and the identity information to be verified, and sending the identity verification result to the block subchain node.
14. A computer device comprising a processor, a memory, an input output interface;
the processor is connected with the memory and the input/output interface respectively, wherein the input/output interface is used for data interaction between each node in the block chain, the memory is used for storing program codes, and the processor is used for calling the program codes to execute the method according to any one of claims 1-6 or execute the method according to any one of claims 7-11.
15. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program comprising program instructions which, when executed by a processor, perform the method according to any one of claims 1-6, or perform the method according to any one of claims 7-11.
CN202011203214.0A 2020-11-02 2020-11-02 Block chain-based identity authentication method and device, computer and storage medium Active CN112104665B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011203214.0A CN112104665B (en) 2020-11-02 2020-11-02 Block chain-based identity authentication method and device, computer and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011203214.0A CN112104665B (en) 2020-11-02 2020-11-02 Block chain-based identity authentication method and device, computer and storage medium

Publications (2)

Publication Number Publication Date
CN112104665A CN112104665A (en) 2020-12-18
CN112104665B true CN112104665B (en) 2021-02-12

Family

ID=73784412

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011203214.0A Active CN112104665B (en) 2020-11-02 2020-11-02 Block chain-based identity authentication method and device, computer and storage medium

Country Status (1)

Country Link
CN (1) CN112104665B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112734331A (en) * 2020-12-30 2021-04-30 福建慧连物流科技有限公司 Waybill client information verification method
CN112800441B (en) * 2021-01-05 2023-08-29 上海零数众合信息科技有限公司 Rights management method of energy platform based on blockchain
CN112887375B (en) * 2021-01-13 2022-08-05 中南林业科技大学 Block chain-based message verification method and equipment
CN113098838B (en) * 2021-02-21 2022-08-26 西安电子科技大学 Trusted distributed identity authentication method, system, storage medium and application
CN113157698B (en) * 2021-04-23 2022-10-28 上海和数软件有限公司 Data query verification method and system based on block chain technology
CN113300837B (en) * 2021-04-25 2022-07-26 从法信息科技有限公司 Cross-chain verification method and device based on block certification and electronic equipment
CN113206851B (en) * 2021-05-06 2022-04-05 杭州复杂美科技有限公司 Parallel chain consensus method, computer device, and storage medium
CN113420169B (en) * 2021-06-22 2023-03-21 重庆紫光华山智安科技有限公司 File storage and query method, system, electronic equipment and medium
CN113382018A (en) * 2021-06-29 2021-09-10 深圳市高德信通信股份有限公司 Multi-chain management method and system based on block chain
CN114338107B (en) * 2021-12-17 2024-06-14 中寰卫星导航通信有限公司 Safety control method and device
CN114710362B (en) * 2022-04-22 2024-10-25 中国工商银行股份有限公司 Identity authentication method and device based on block chain and electronic equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109889503A (en) * 2019-01-22 2019-06-14 平安科技(深圳)有限公司 Identity management method, electronic device and storage medium based on block chain
CN111355780A (en) * 2020-02-18 2020-06-30 杭州云象网络技术有限公司 Block chain-based Internet of things monitoring management method and system
CN111600900A (en) * 2020-05-26 2020-08-28 牛津(海南)区块链研究院有限公司 Single sign-on method, server and system based on block chain

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107464106B (en) * 2017-07-25 2021-01-26 北京果仁宝科技有限公司 Method and system for transaction between main chain and side chain of block chain
CN109379429A (en) * 2018-10-25 2019-02-22 龚玉环 A kind of multichain management method and system based on block chain
CN110687821B (en) * 2019-11-14 2021-10-29 腾讯科技(深圳)有限公司 Intelligent home control system and method based on block chain
CN111353175B (en) * 2020-05-22 2021-01-22 腾讯科技(深圳)有限公司 Data processing method, device, equipment, block chain system and storage medium
CN111832001B (en) * 2020-07-20 2024-05-24 国家信息中心 Identity management method and identity management system based on block chain

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109889503A (en) * 2019-01-22 2019-06-14 平安科技(深圳)有限公司 Identity management method, electronic device and storage medium based on block chain
CN111355780A (en) * 2020-02-18 2020-06-30 杭州云象网络技术有限公司 Block chain-based Internet of things monitoring management method and system
CN111600900A (en) * 2020-05-26 2020-08-28 牛津(海南)区块链研究院有限公司 Single sign-on method, server and system based on block chain

Also Published As

Publication number Publication date
CN112104665A (en) 2020-12-18

Similar Documents

Publication Publication Date Title
CN112104665B (en) Block chain-based identity authentication method and device, computer and storage medium
WO2022262078A1 (en) Access control method based on zero-trust security, and device and storage medium
CN110958118B (en) Certificate authentication management method, device, equipment and computer readable storage medium
CN108769230B (en) Transaction data storage method, device, server and storage medium
CN101356773B (en) Ad-hoc creation of group based on contextual information
CN111164594A (en) System and method for mapping decentralized identity to real entity
CN100533455C (en) Apparatus and method for managing a plurality of certificates
EP3537684B1 (en) Apparatus, method, and program for managing data
US11811945B2 (en) Blockchain identities
US11366891B2 (en) Method and system for facilitating an identification of an application
CN111416709B (en) Voting method, device, equipment and storage medium based on block chain system
WO2023071751A1 (en) Authentication method and communication apparatus
CN110910110B (en) Data processing method and device and computer storage medium
Patil et al. Blockchain-PUF-based secure authentication protocol for Internet of Things
CN112069529B (en) Block chain-based volume management method and device, computer and storage medium
CN117376000A (en) Block chain-based data processing method, device, equipment and storage medium
CN116095671A (en) Resource sharing method based on meta universe and related equipment thereof
CN111294315B (en) Block chain-based security authentication method, block chain-based security authentication device, block chain-based security authentication equipment and storage medium
CN116192394A (en) Block consensus method, apparatus, computer, readable storage medium, and program product
CN112184150A (en) Multi-party approval method, device and system in data sharing exchange and electronic device
CN116032494B (en) Data interaction method, blockchain predictor, device and medium
US20240143730A1 (en) Multi-factor authentication using blockchain
CN118353606B (en) Block chain-based network threat information sharing method, system, equipment and medium
CN117595996A (en) Electronic signature processing method and device, electronic equipment and storage medium
CN117395018A (en) Biological data processing method, apparatus, computer device, and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40036283

Country of ref document: HK