[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN113572616B - Authentication method and device based on distributed bidding platform and related equipment - Google Patents

Authentication method and device based on distributed bidding platform and related equipment Download PDF

Info

Publication number
CN113572616B
CN113572616B CN202110712856.1A CN202110712856A CN113572616B CN 113572616 B CN113572616 B CN 113572616B CN 202110712856 A CN202110712856 A CN 202110712856A CN 113572616 B CN113572616 B CN 113572616B
Authority
CN
China
Prior art keywords
node
data
public key
certificate
authenticated
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110712856.1A
Other languages
Chinese (zh)
Other versions
CN113572616A (en
Inventor
牛问哲
袁建
周子岩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huaneng Tendering Co ltd
Original Assignee
Huaneng Tendering Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huaneng Tendering Co ltd filed Critical Huaneng Tendering Co ltd
Priority to CN202110712856.1A priority Critical patent/CN113572616B/en
Publication of CN113572616A publication Critical patent/CN113572616A/en
Application granted granted Critical
Publication of CN113572616B publication Critical patent/CN113572616B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a distributed bidding platform-based authentication method, a distributed bidding platform-based authentication device, computer equipment and a distributed bidding platform-based authentication medium, wherein the method comprises the following steps: in this embodiment, the first node encrypts to-be-authenticated data to other broadcast to-be-authenticated data, where the to-be-authenticated data is obtained by encrypting to-be-issued data by using a private key of a node certificate of the first node, the node certificate of the first node is a CA certificate issued by the first node, the second node obtains a public key of the node certificate of the first node stored in the second node as the first public key, the second node performs signature verification on the to-be-authenticated data by using the first public key to obtain a signature verification result, if the signature verification result of the second node is passed, the to-be-authenticated data is used as authentication data, and performs data consensus storage by a node of the blockchain network to store the authentication data in the blockchain network.

Description

Authentication method and device based on distributed bidding platform and related equipment
Technical Field
The invention relates to the technical field of blockchains, in particular to a distributed bidding platform-based authentication method, a distributed bidding platform-based authentication device, computer equipment and media.
Background
In the bidding field, different bidding platforms are asymmetric for information acquisition, such as information sources including related information published in a bidding sharing platform, related information published by a bidding related supervision, and the like. For inter-institution identity mutual authentication, a distributed CA authentication architecture based on blockchain may be employed.
The problems of inter-institution mutual identification and bidding platform user identity identification are all that all institutions adopt the same trusted third party CA certificate system, but the mode is too centralized in control, the risk of single-point failure exists, and the security of data in the bidding platform authentication process is difficult to ensure.
Disclosure of Invention
The embodiment of the invention provides a distributed bidding platform based authentication method, a distributed bidding platform based authentication device, computer equipment and a storage medium, so as to improve data security in the bidding platform authentication process.
In order to solve the above technical problems, an embodiment of the present application provides a distributed bidding platform authentication method, including:
The method comprises the steps that a first node broadcasts data to be authenticated to other broadcasting, wherein the data to be authenticated is obtained by encrypting data to be issued by adopting a private key of a node certificate of the first node, and the node certificate of the first node is a CA certificate issued by the first node;
A second node obtains a public key of a node certificate of the first node stored in the second node as a first public key, wherein the second node is any node in the other nodes;
the second node adopts the first public key to check the data to be authenticated to obtain a check result;
and if the signature verification result of the second node is passed, taking the data to be authenticated as authentication data, executing data consensus storage through the nodes of the blockchain network, and storing the authentication data into the blockchain network.
Optionally, before the first node broadcasts the data to be authenticated to other nodes, the distributed bidding platform based authentication method further comprises:
When the first node receives a certificate application request of a platform user, verifying user information contained in the certificate application request, and distributing a public key to the platform user by adopting a root certificate of the first node after verification is passed;
When receiving user uploading data encrypted by a public key of a platform user, the first node performs identity authentication on the platform user, and after the authentication is passed, the user uploading data is encrypted and stored, and the encrypted and stored user uploading data is used as the data to be authenticated.
Optionally, after the verification is passed, encrypting and storing the user uploading data, and taking the user uploading data stored in an encrypting way as the data to be authenticated includes:
Constructing the user uploading data into a transaction body;
And signing and storing the transaction body by adopting the root certificate private key of the first node.
Optionally, before the second node obtains, as the first public key, the public key of the node certificate of the first node stored in the second node, the method includes:
The first node sends the public key corresponding to the root certificate to other nodes in the network;
And the second node receives the public key corresponding to the root certificate, and associates the public key with the first node and stores the public key in the self node.
Optionally, the data to be authenticated is obtained by encrypting by adopting a national encryption asymmetric encryption algorithm SM 2.
Optionally, the second node performs signature verification on the data to be authenticated by adopting the first public key, and obtaining a signature verification result includes:
Each second node adopts a national encryption asymmetric encryption algorithm SM2 to check the data to be authenticated according to the first public key;
and determining that the signature verification result is the signature verification passing after acquiring any message that the second node passes the signature verification.
In order to solve the above technical problems, the embodiment of the present application further provides a distributed bidding platform authentication device, which includes:
The data broadcasting module is used for broadcasting data to be authenticated to other nodes, wherein the data to be authenticated is obtained by encrypting data to be issued by adopting a private key of a node certificate of the first node, and the node certificate of the first node is a CA certificate issued by the first node;
The public key acquisition module is used for acquiring a public key of the node certificate of the first node stored in the second node by the second node as a first public key, wherein the second node is any node in the other nodes;
The data signing verification module is used for verifying the data to be authenticated by the second node through the first public key to obtain a signing verification result;
and the data storage module is used for taking the data to be authenticated as authentication data if the signature verification result of the second node is passed, executing data consensus storage through the nodes of the blockchain network and storing the authentication data into the blockchain network.
Optionally, the distribution-based bidding platform authentication device further comprises:
The public key distribution module is used for verifying the user information contained in the certificate application request when the first node receives the certificate application request of the platform user, and distributing a public key to the platform user by adopting the root certificate of the first node after the verification is passed;
And the data receiving module is used for carrying out identity authentication on the platform user by the first node when receiving the user uploading data encrypted by the platform user through the public key, carrying out encryption storage on the user uploading data after the authentication is passed, and taking the user uploading data stored in an encryption mode as the data to be authenticated.
Optionally, the data receiving module includes:
The transaction body construction unit is used for constructing the user uploading data into a transaction body;
and the data signing unit is used for signing and storing the transaction body by adopting the root certificate private key of the first node.
Optionally, the distribution-based bidding platform authentication device further comprises:
The public key distribution module is used for sending the public key corresponding to the root certificate to other nodes in the network by the first node;
And the public key storage module is used for receiving the public key corresponding to the root certificate by the second node and storing the public key and the first node in the own node in a correlated way.
Optionally, the data signing verification module includes:
The data signing verification unit is used for each second node to verify the data to be authenticated by adopting a national encryption asymmetric encryption algorithm SM2 according to the first public key;
And the result determining unit is used for determining that the signature verification result is the signature verification passing after acquiring any message that the second node passes the signature verification.
In order to solve the technical problem, the embodiment of the application also provides a computer device, which comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the steps of the authentication method based on the distributed bidding platform are realized when the processor executes the computer program.
In order to solve the above technical problem, an embodiment of the present application further provides a computer readable storage medium, where a computer program is stored, where the computer program, when executed by a processor, implements the steps of the above-mentioned distributed bidding platform authentication method.
According to the distributed bidding platform authentication method, device, computer equipment and storage medium, through the embodiment, the first node broadcasts data to be authenticated to other nodes, the data to be authenticated is obtained by encrypting the data to be issued by adopting the private key of the node certificate of the first node, the node certificate of the first node is the CA certificate issued by the first node, the second node obtains the public key of the node certificate of the first node stored in the second node as the first public key, the second node adopts the first public key to check the data to be authenticated to obtain the checking result, if the checking result of the second node is passed, the data to be authenticated is used as the authentication data, and the data to be authenticated is stored in the block chain network by executing data consensus through the nodes of the block chain network, so that verification is realized without depending on other main nodes, the mutual influence among all the nodes can be avoided, and the security in the bidding platform data authentication process is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments of the present invention will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic illustration of an application environment in which the present application may be applied;
FIG. 2 is a flow chart of one embodiment of a distributed bidding platform based authentication method of the present application;
FIG. 3 is a schematic diagram illustrating one embodiment of a distributed-based bidding platform authentication apparatus, in accordance with the present application;
FIG. 4 is a schematic structural diagram of one embodiment of a computer device in accordance with the present application.
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used in the description of the applications herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "comprising" and "having" and any variations thereof in the description of the application and the claims and the description of the drawings above are intended to cover a non-exclusive inclusion. The terms first, second and the like in the description and in the claims or in the above-described figures, are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, as shown in fig. 1, fig. 1 is a schematic diagram of an application environment based on a distributed bidding platform authentication method in an embodiment of the present application, the distributed bidding platform authentication method provided in the present application may be applied in an application environment as shown in fig. 1, where a blockchain is composed of a plurality of nodes capable of communicating with each other, each node may be regarded as a block storage, each block storage is used to store data, each data node includes all data, the block storage data has a complete history record and may be rapidly restored and expanded, a regional chain is divided into public chains, private chains and alliance chains, any node is open, each mechanism/node may participate in the blockchain calculation, any mechanism/node may download to obtain complete blockchain data, the private chains are some blockchains and do not wish to participate in the system, and are not disclosed for the outside, and are applicable to internal data management and audit or open test of a specific mechanism, the alliance chains are all participated in each node, all nodes are all in peer-to-peer nodes, all data may be completely exited from a hash chain, and a hash function is more than one entity may need to be completely and completely complete to be added to a hash-based system in a hash-based network, and a hash function has a full-size and a hash function is realized.
Referring to fig. 2, fig. 2 shows a distributed bidding platform authentication method according to an embodiment of the present invention, and the method is applied to the application environment in fig. 1 for explanation, and is described in detail as follows:
S201: the first node broadcasts data to be authenticated to other nodes, wherein the data to be authenticated is obtained by encrypting the data to be issued by adopting a private key of a node certificate of the first node, and the node certificate of the first node is a CA certificate issued by the first node.
Specifically, each bidding platform is a node in the blockchain network, each node stores a root certificate (including public and private keys) corresponding to the node and certificates (including public keys) issued by other nodes, in this embodiment, the node needing to perform information sharing is used as a first node, the first node needs to verify identity through other nodes of the blockchain network before performing information sharing, so as to ensure the authenticity and reliability of data sources.
Optionally, in order to ensure data security, the data to be authenticated is encrypted, and as a preferred mode, the data to be authenticated in this embodiment is obtained by encrypting by adopting a cryptographic asymmetric encryption algorithm SM 2.
Among them, the bidding platform in this embodiment includes, but is not limited to, a bidding public service platform, a bidding procurement information platform, a bidding supervision, and the like.
In a specific optional embodiment, before step S201, the distributed bidding platform authentication method further includes:
When receiving a certificate application request of a platform user, a first node verifies user information contained in the certificate application request, and after verification is passed, a public key is distributed to the platform user by adopting a root certificate of the first node;
When receiving user uploading data encrypted by a platform user through a public key, a first node performs identity authentication on the platform user, and after the authentication is passed, the user uploading data is encrypted and stored, and the encrypted and stored user uploading data is used as data to be authenticated.
Specifically, for a platform user using a bidding platform, a certificate of the user needs to be acquired, and when uploading information to the bidding platform, the uploading information of the platform user is encrypted through the certificate, so that the non-repudiation of the data is ensured, and the process of acquiring the certificate by the platform user is as follows: and the user submits personal identity information, wherein the personal identity information comprises, but is not limited to, an account number, a password, an identity card number, a name, a department belonging to the user on the platform, and the like, after the platform node verifies the identity of the applicant, a public key is distributed to the user by utilizing a root certificate, the public key and the applicant identity information are bound together, and after signing, a certificate is formed and sent to the applicant.
Further, the user needs to store the CA certificate of the user in the local client, when the user uploads the digital information by the client, the user public key in the CA certificate is used for encrypting the digital information, so that the integrity and the safety of the digital information transmission are ensured, and meanwhile, the digital signature of the identity authentication node in the CA certificate and the user identity information are carried. The digital signature of the identity verification node can ensure the authenticity of the certificate information, and the digital information is signed by the CA certificate so as to ensure the non-repudiation of the digital information.
In a specific optional embodiment, after the verification is passed, encrypting and storing the user uploading data, wherein the step of using the user uploading data stored in an encrypting way as the data to be authenticated comprises the following steps:
constructing user uploading data into a transaction body;
and signing and storing the transaction body by adopting the root certificate private key of the first node.
Specifically, in this embodiment, the transaction body is a data structure, and the data structure is specifically formed by a plurality of parts, each part represents a group of data, in this embodiment, the data is configured into a transaction body, and when the data is linked, the chain can obtain corresponding data through analysis, so as to implement timely processing of the sent information, and further can verify and store the sent information. The transaction body contains data as follows: uplink data, data source address, data upload address, whether or not to use contract type (if contracts are used) through consensus, signature information. The transaction body can be java class, one class has a plurality of attributes, each attribute corresponds to various data above, various data are packaged, and the transaction body is transmitted to the node.
After the transaction body arrives, the blockchain node analyzes the transaction body through own code logic to obtain signature information in the transaction body, performs signature verification, passes the signature verification, obtains corresponding data to store, performs io operation on the data through serialization and a disk, and stores the data in leveldb, wherein leveldb is a place where the blockchain data is stored, similar to a database, and occupies disk space of a server. Meanwhile, the SM2 algorithm is utilized to sign the transaction body based on the root certificate private key, the environment where the signature is located is the blockchain operation environment, and then the signed transaction body is sent to other nodes through a communication network among the blockchain nodes.
S202: the second node obtains a public key of a node certificate of the first node stored in the second node as the first public key, wherein the second node is any node in other nodes.
The second node is any one of the other nodes mentioned in S201, each node in the blockchain network stores a public key corresponding to a node certificate of the other node, and after receiving the broadcast information of the first node, acquires the public key corresponding to the node certificate of the first node from the stored public keys, and uses the public key as the first public key.
Note that, in this embodiment, the number of the second nodes may be one or more, which is not limited in particular.
In a specific optional embodiment, before step S202, the distributed bidding platform authentication method further includes:
the first node sends the public key corresponding to the root certificate to other nodes in the network;
And the second node receives the public key corresponding to the root certificate, and associates the public key with the first node and stores the public key in the self node.
In this embodiment, the first node sends the public key corresponding to the root certificate to other nodes in the blockchain network in advance, and when the first node needs to perform data authentication on the uploaded data, the other nodes are facilitated to perform quick signature verification through the stored public key, so that signature verification efficiency and accuracy are improved.
S203: and the second node adopts the first public key to carry out signature verification on the data to be authenticated, and a signature verification result is obtained.
In a specific optional embodiment, in step S203, the second node performs signature verification on the data to be authenticated by using the first public key, and the obtaining a signature verification result includes:
Each second node adopts a national encryption asymmetric encryption algorithm SM2 to check and sign the data to be authenticated according to the first public key;
And when the message that any one of the second nodes passes the signature verification is obtained, determining that the signature verification result is the signature verification pass.
In this embodiment, the plurality of nodes all have own root certificates, each node can issue certificates for its own user by using its own root certificate, and each node has the root certificate public key of other nodes except its own, that is, when one node a broadcasts the transaction body to other nodes, other nodes can verify directly according to the public key of the node a stored by itself, and do not rely on other main nodes to verify, so that each node cannot affect each other.
S204: if the signature verification result of the second node is passed, the data to be authenticated is used as authentication data, and the data consensus storage is executed through the nodes of the blockchain network, so that the authentication data is stored in the blockchain network.
It should be noted that, in this embodiment, all participants are not required to sign a transaction, a first node receives a transaction, after signing the transaction, after broadcasting to other nodes, the other nodes directly sign the transaction, and then directly store the transaction in a second node through signing.
In this embodiment, the first node encrypts to-be-authenticated data to other broadcast to-be-authenticated data, where the to-be-authenticated data is obtained by encrypting to-be-issued data by using a private key of a node certificate of the first node, the node certificate of the first node is a CA certificate issued by the first node, the second node obtains a public key of the node certificate of the first node stored in the second node as the first public key, the second node performs signature verification on the to-be-authenticated data by using the first public key to obtain a signature verification result, if the signature verification result of the second node is passed, the to-be-authenticated data is used as authentication data, and performs data consensus storage by a node of a blockchain network, so that verification is realized without depending on other main nodes, and thus, each node cannot be affected, and safety in a bidding platform data authentication process is improved.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic, and should not limit the implementation process of the embodiment of the present invention.
Fig. 3 shows a schematic block diagram of a distributed bidding platform authentication apparatus based on a one-to-one correspondence with the distributed bidding platform authentication method of the above embodiment. As shown in fig. 3, the distributed bidding platform authentication apparatus includes a data broadcasting module 31, a public key acquisition module 32, a data signing module 33 and a data storage module 34. The functional modules are described in detail as follows:
the data broadcasting module 31 is configured to broadcast data to be authenticated to other nodes, where the data to be authenticated is obtained by encrypting data to be issued by using a private key of a node certificate of the first node, and the node certificate of the first node is a CA certificate issued by the first node;
A public key obtaining module 32, configured to obtain, by a second node, a public key of a node certificate of a first node stored in the second node, as the first public key, where the second node is any one of the other nodes;
the data signing verification module 33 is configured to verify signing of the data to be authenticated by using the first public key by using the second node, so as to obtain a signing verification result;
And the data storage module 34 is configured to take the data to be authenticated as authentication data if the signature verification result of the second node is passed, perform data consensus storage through the nodes of the blockchain network, and store the authentication data to the blockchain network.
Optionally, the distribution-based bidding platform authentication device further comprises:
The public key distribution module is used for verifying the user information contained in the certificate application request when the first node receives the certificate application request of the platform user, and distributing a public key to the platform user by adopting the root certificate of the first node after the verification is passed;
and the data receiving module is used for carrying out identity verification on the platform user by the first node when receiving the user uploading data encrypted by the platform user through the public key, carrying out encryption storage on the user uploading data after the verification is passed, and taking the user uploading data stored in an encryption mode as data to be authenticated.
Optionally, the data receiving module includes:
The transaction body construction unit is used for constructing the user uploading data into a transaction body;
And the data signing unit is used for signing and storing the transaction body by adopting the root certificate private key of the first node.
Optionally, the distribution-based bidding platform authentication device further comprises:
the public key distribution module is used for transmitting the public key corresponding to the root certificate to other nodes in the network by the first node;
and the public key storage module is used for receiving the public key corresponding to the root certificate by the second node and storing the public key and the first node in the own node in an associated manner.
Optionally, the data tag verification module 33 includes:
the data signing verification unit is used for signing the data to be authenticated by each second node according to the first public key by adopting a national encryption asymmetric encryption algorithm SM 2;
and the result determining unit is used for determining that the signature verification result is the signature verification passing after acquiring the message that any one of the second nodes passes the signature verification.
Specific limitations regarding the distributed bidding platform authentication apparatus may be found in the above description of the distributed bidding platform authentication method, and will not be described in detail herein. The various modules in the distributed bidding platform based authentication apparatus described above may be implemented in whole or in part in software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In order to solve the technical problems, the embodiment of the application also provides computer equipment. Referring specifically to fig. 4, fig. 4 is a basic structural block diagram of a computer device according to the present embodiment.
The computer device 4 comprises a memory 41, a processor 42, a network interface 43 communicatively connected to each other via a system bus. It is noted that only a computer device 4 having a component connection memory 41, a processor 42, a network interface 43 is shown in the figures, but it is understood that not all of the illustrated components are required to be implemented and that more or fewer components may be implemented instead. It will be appreciated by those skilled in the art that the computer device herein is a device capable of automatically performing numerical calculation and/or information processing according to a preset or stored instruction, and its hardware includes, but is not limited to, a microprocessor, an Application SPECIFIC INTEGRATED Circuit (ASIC), a Programmable gate array (Field-Programmable GATE ARRAY, FPGA), a digital Processor (DIGITAL SIGNAL Processor, DSP), an embedded device, and the like.
The computer equipment can be a desktop computer, a notebook computer, a palm computer, a cloud server and other computing equipment. The computer equipment can perform man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch pad or voice control equipment and the like.
The memory 41 includes at least one type of readable storage medium including flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or D interface display memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the storage 41 may be an internal storage unit of the computer device 4, such as a hard disk or a memory of the computer device 4. In other embodiments, the memory 41 may also be an external storage device of the computer device 4, such as a plug-in hard disk, a smart memory card (SMART MEDIA CARD, SMC), a Secure Digital (SD) card, a flash memory card (FLASH CARD) or the like, which are provided on the computer device 4. Of course, the memory 41 may also comprise both an internal memory unit of the computer device 4 and an external memory device. In this embodiment, the memory 41 is generally used to store an operating system and various application software installed on the computer device 4, such as program code based on distributed bidding platform authentication. Further, the memory 41 may be used to temporarily store various types of data that have been output or are to be output.
The processor 42 may be a central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor, or other data processing chip in some embodiments. The processor 42 is typically used to control the overall operation of the computer device 4. In this embodiment, the processor 42 is configured to execute a program code stored in the memory 41 or process data, such as a program code for executing control of an electronic file.
The network interface 43 may comprise a wireless network interface or a wired network interface, which network interface 43 is typically used for establishing a communication connection between the computer device 4 and other electronic devices.
The present application also provides another embodiment, namely, a computer readable storage medium storing an interface display program executable by at least one processor to cause the at least one processor to perform the steps of the distributed-based bidding platform authentication method as described above.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present application.
It is apparent that the above-described embodiments are only some embodiments of the present application, but not all embodiments, and the preferred embodiments of the present application are shown in the drawings, which do not limit the scope of the patent claims. This application may be embodied in many different forms, but rather, embodiments are provided in order to provide a thorough and complete understanding of the present disclosure. Although the application has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described in the foregoing description, or equivalents may be substituted for elements thereof. All equivalent structures made by the content of the specification and the drawings of the application are directly or indirectly applied to other related technical fields, and are also within the scope of the application.

Claims (7)

1. The distributed bidding platform-based authentication method is applied to a blockchain network comprising at least two bidding platforms or related institutions, each bidding platform or related institution corresponds to one node in the blockchain network, and is characterized in that each node stores a root certificate corresponding to the node and certificates issued by other nodes, the first node is a node corresponding to the bidding platform for information sharing, and the second node is another bidding platform, and the method comprises the following steps:
when a first node receives a certificate application request of a platform user, verifying user information contained in the certificate application request, and distributing a public key to the platform user by adopting a root certificate of the first node after verification is passed;
when receiving user uploading data encrypted by a platform user through a public key, the first node performs identity verification on the platform user, and after verification is passed, the user uploading data is encrypted and stored, and the encrypted and stored user uploading data is used as data to be authenticated;
The first node sends the public key corresponding to the root certificate to other nodes in the network;
The second node receives the public key corresponding to the root certificate, and associates the public key with the first node and stores the public key in the self node;
The method comprises the steps that a first node broadcasts data to be authenticated to other nodes, wherein the data to be authenticated is obtained by encrypting data to be issued by adopting a private key of a node certificate of the first node, and the node certificate of the first node is a CA certificate issued by the first node;
A second node obtains a public key of a node certificate of the first node stored in the second node as a first public key, wherein the second node is any node in the other nodes;
the second node adopts the first public key to check the data to be authenticated to obtain a check result;
and if the signature verification result of the second node is passed, taking the data to be authenticated as authentication data, executing data consensus storage through the nodes of the blockchain network, and storing the authentication data into the blockchain network.
2. The distributed bidding platform based authentication method of claim 1, wherein after the verification is passed, encrypting the user upload data, and using the encrypted user upload data as the data to be authenticated comprises:
Constructing the user uploading data into a transaction body;
And signing and storing the transaction body by adopting the root certificate private key of the first node.
3. The distributed bidding platform authentication method according to claim 1, wherein the data to be authenticated is obtained by encrypting by adopting a national encryption asymmetric encryption algorithm SM 2.
4. The distributed bidding platform based authentication method of claim 3, wherein the second node performs signature verification on the data to be authenticated using the first public key, and obtaining a signature verification result comprises:
Each second node adopts a national encryption asymmetric encryption algorithm SM2 to check the data to be authenticated according to the first public key;
and determining that the signature verification result is the signature verification passing after acquiring any message that the second node passes the signature verification.
5. A distributed bidding platform-based authentication device applied to a blockchain network comprising at least two bidding platforms or related institutions, wherein each bidding platform or related institution corresponds to one node in the blockchain network, and the distributed bidding platform-based authentication device is characterized in that each node stores a root certificate corresponding to the node and certificates issued by other nodes, the first node corresponds to the bidding platform for information sharing, the second node corresponds to the other bidding platform, and the distributed bidding platform-based authentication device comprises:
The public key distribution module is used for verifying the user information contained in the certificate application request when the first node receives the certificate application request of the platform user, and distributing a public key to the platform user by adopting the root certificate of the first node after the verification is passed;
The data receiving module is used for carrying out identity verification on the platform user by the first node when receiving user uploading data encrypted by the platform user through a public key, carrying out encryption storage on the user uploading data after verification is passed, and taking the user uploading data stored in an encryption mode as data to be authenticated;
The public key distribution module is used for sending the public key corresponding to the root certificate to other nodes in the network by the first node;
The public key storage module is used for receiving a public key corresponding to the root certificate by the second node and storing the public key and the first node in the own node in an associated manner;
the data broadcasting module is used for broadcasting data to be authenticated to other nodes by a first node, wherein the data to be authenticated is obtained by encrypting data to be issued by adopting a private key of a node certificate of the first node, and the node certificate of the first node is a CA certificate issued by the first node;
The public key acquisition module is used for acquiring a public key of the node certificate of the first node stored in the second node by the second node as a first public key, wherein the second node is any node in the other nodes;
The data signing verification module is used for verifying the data to be authenticated by the second node through the first public key to obtain a signing verification result;
and the data storage module is used for taking the data to be authenticated as authentication data if the signature verification result of the second node is passed, executing data consensus storage through the nodes of the blockchain network and storing the authentication data into the blockchain network.
6. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the distributed bidding platform based authentication method of any of claims 1 to 4 when the computer program is executed.
7.A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the distributed bidding platform authentication method of any of claims 1 to 4.
CN202110712856.1A 2021-06-25 2021-06-25 Authentication method and device based on distributed bidding platform and related equipment Active CN113572616B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110712856.1A CN113572616B (en) 2021-06-25 2021-06-25 Authentication method and device based on distributed bidding platform and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110712856.1A CN113572616B (en) 2021-06-25 2021-06-25 Authentication method and device based on distributed bidding platform and related equipment

Publications (2)

Publication Number Publication Date
CN113572616A CN113572616A (en) 2021-10-29
CN113572616B true CN113572616B (en) 2024-06-28

Family

ID=78162792

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110712856.1A Active CN113572616B (en) 2021-06-25 2021-06-25 Authentication method and device based on distributed bidding platform and related equipment

Country Status (1)

Country Link
CN (1) CN113572616B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110247757A (en) * 2019-04-19 2019-09-17 中国工商银行股份有限公司 Block chain processing method based on national secret algorithm, apparatus and system
CN110751544A (en) * 2019-10-18 2020-02-04 中国联合网络通信集团有限公司 Bidding information, supervision information and bid evaluation information processing method, terminal and system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110311883B (en) * 2018-03-27 2020-11-10 华为技术有限公司 Identity management method, device, communication network and storage medium
CN110061846B (en) * 2019-03-14 2022-08-23 深圳壹账通智能科技有限公司 Method, device and computer readable storage medium for identity authentication and confirmation of user node in block chain

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110247757A (en) * 2019-04-19 2019-09-17 中国工商银行股份有限公司 Block chain processing method based on national secret algorithm, apparatus and system
CN110751544A (en) * 2019-10-18 2020-02-04 中国联合网络通信集团有限公司 Bidding information, supervision information and bid evaluation information processing method, terminal and system

Also Published As

Publication number Publication date
CN113572616A (en) 2021-10-29

Similar Documents

Publication Publication Date Title
CN111737724B (en) Data processing method and device, intelligent equipment and storage medium
US12095932B2 (en) Digital certificate verification method and apparatus, computer device, and storage medium
JP7093428B2 (en) Digital certificate management methods, devices, computer devices and computer programs
US10824701B2 (en) System and method for mapping decentralized identifiers to real-world entities
CN111314172B (en) Block chain-based data processing method, device, equipment and storage medium
CN110569674A (en) Block chain network-based authentication method and device
CN110362357A (en) A kind of configuration file management method and device of application program
CN112527912A (en) Data processing method and device based on block chain network and computer equipment
CN111343170B (en) Electronic signing method and system
CN111460457A (en) Real estate property registration supervision method, device, electronic equipment and storage medium
CN112953978A (en) Multi-signature authentication method, device, equipment and medium
CN111461799B (en) Data processing method, data processing device, computer equipment and medium
CN114760071B (en) Zero-knowledge proof based cross-domain digital certificate management method, system and medium
CN111385096A (en) Block chain network, signature processing method, terminal and storage medium
CN116975901A (en) Identity verification method, device, equipment, medium and product based on block chain
CN108833104A (en) A kind of signature method, verification method and the device of file
CN112069529B (en) Block chain-based volume management method and device, computer and storage medium
CN113572616B (en) Authentication method and device based on distributed bidding platform and related equipment
CN112529537A (en) Patent licensing method, device, equipment and storage medium based on block chain
CN118114222A (en) Authentication method, device, system, equipment and medium for data product
CN112163917B (en) Bill processing method and device based on blockchain, medium and electronic equipment
CN115549984A (en) Cross-chain transaction method, device, equipment and storage medium
CN113326527A (en) Credible digital signature system and method based on block chain
CN112184150A (en) Multi-party approval method, device and system in data sharing exchange and electronic device
CN114362960B (en) Resource account data supervision method and device, computer equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant