CN110572392A - Identity authentication method based on HyperLegger network - Google Patents
Identity authentication method based on HyperLegger network Download PDFInfo
- Publication number
- CN110572392A CN110572392A CN201910849758.5A CN201910849758A CN110572392A CN 110572392 A CN110572392 A CN 110572392A CN 201910849758 A CN201910849758 A CN 201910849758A CN 110572392 A CN110572392 A CN 110572392A
- Authority
- CN
- China
- Prior art keywords
- information
- user
- identity
- network
- identity authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000012795 verification Methods 0.000 claims description 11
- 230000005540 biological transmission Effects 0.000 claims description 9
- 238000004364 calculation method Methods 0.000 claims description 2
- 230000002452 interceptive effect Effects 0.000 claims description 2
- 238000013475 authorization Methods 0.000 claims 2
- 230000008569 process Effects 0.000 abstract description 6
- 230000007246 mechanism Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 4
- 230000008520 organization Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000000969 carrier Substances 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an identity authentication method based on a HyperLegger network, which is used for performing identity authentication on a terminal node in a block chain network. The method comprises the following steps: the terminal receives the signed identity registration information and registers identity information to contract equipment preset in the block chain; and returning the registered information to the original equipment, and calculating the authentication algorithm of the returned data and the originally requested registration information by the original equipment, and then confirming whether the identity authentication information passes or not according to the calculated result. The invention improves the safety of the authentication and the credit degree of the authentication process on the basis of the block chain identity authentication.
Description
Technical Field
The invention relates to the technical field of block chains, in particular to an identity authentication method based on a Hyperridge network.
background
when using some networking devices to perform more convenient and faster operations, the users need to go through the processes of registration, login, authentication, transmission and the like of various network identities. Now, the network identity of the people is basically in a real name system, and the important basic information of the people is contained in the network identity.
in recent years, illegal behaviors related to identity, such as phishing and infringement, urgently need to construct a set of complete and feasible identity authentication management system to protect information and property security of citizens. Similar to some network transaction application scenarios, there is an entity behind the back, and how to make the network identity correspond to the network identity is the category of the identity authentication management system, and a series of problems related to the network identity can occur without a good solution.
Identity authentication: identity authentication is also called as "identity verification" or "identity authentication", and refers to a process of confirming an identity of an operator in a computer and a computer network system, so as to determine whether the user has access and use rights to a certain resource, thereby enabling access policies of the computer and the network system to be reliably and effectively executed, preventing an attacker from impersonating a legitimate user to obtain the access rights of the resource, ensuring the security of the system and data, and authorizing the legitimate interests of the accessor.
For example, some large-scale enterprises or research and development institutions need to have perfect identity recognition to prevent the loss of confidential information, and existing identity authentication stores identity information into a network cloud disk and authenticates the identity information through the network cloud disk.
However, in the prior art, data is transmitted in an open channel, and the data transmission is guaranteed to be non-leakage. Once the data transmission speed is reduced or the data is lost, the use effect of the user is influenced; once the data is tampered or attacked by a malicious adversary in the transmission process, the whole process of processing the data is considered unsafe. Therefore, it is a problem to be solved at present to improve data transmission performance and data security under the IOT platform. The block chain is an invention application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm, a mathematical algorithm for establishing trust and obtaining rights and interests among different nodes is realized in a block chain system, the block chain is used for storing data, the safety is realized, the data cannot be tampered, and the application range of the block chain is wide.
Therefore, an identity authentication method based on the Hyperhedger network is provided, the identity authentication method based on the Hyperhedger network is researched and analyzed, and the following problems are mainly solved:
(1) Security issues for data. Because the body area network is in a public channel, a security problem that data is lost or stolen is caused by attacking, tampering or replaying and the like of data by a malicious adversary. In a body area network, a disaster may occur once data is tampered.
(2) the problem of data transmission. When data is transmitted in different networks, different communication protocols need to be used, so that formats of different protocols need to be converted mutually, a large amount of communication overhead is generated, and communication efficiency is reduced.
(3) the cost of the equipment. A large number of sensors and routers are needed in the body area network to ensure the collection and transmission of data. Invisibly, the cost and energy consumption of communication is increased.
disclosure of Invention
Aiming at the defects, the invention provides the identity authentication method based on the HyperLegger network, which is used for performing identity authentication on the terminal node in the block chain network and effectively ensuring the information security.
An identity authentication method based on a HyperLegger network specifically comprises the following steps:
the method comprises the following steps: signing identity registration information sent by a user terminal, and providing signed data for a terminal user;
Step two: the terminal receives the signed identity registration information and registers the identity information to contract equipment preset in the block chain;
step three: and returning the registered information to the original equipment, and calculating the authentication algorithm of the returned data and the originally requested registration information by the original equipment, and then confirming whether the identity authentication information passes or not according to the calculated result.
preferably, in the step one, the identity registration information sent by the user terminal is signed, and then the signed data is provided to the terminal user. The method mainly comprises the steps that a terminal user registers application to a server through an encryption channel and sends Au, K and Mix information to the server; the system comprises a server, Au, a register date and other description information, wherein the Au is a digital transaction address of a terminal user and an identifier of the terminal user, the K is a symmetric key encrypted by interactive information between the terminal user and the server, and the Mix is the register date and other description information added by the terminal user;
The server (generates a check code CV as MSEx (hash (Au | K | | | Mix)), wherein the MSEx () represents x bits before the check code is intercepted, "|" represents that two byte streams in front and back are connected in series, and the CV is sent to a terminal user through an encryption channel;
Preferably, in the second step, the terminal receives the signed identity registration information and registers the identity information to contract equipment preset in the block chain, the identity registration information is mainly packaged onto the block chain network, the terminal user uses UID, CV and Au to form ID-hash (Au | | | CV | | | UID), and uses private key su to sign the ID, wherein the UID is the terminal user registration name or other information; enabling the CV of the end user not to exist in a clear text form on the blockchain network, and proving that the CV is owned by the end user through a signature;
After the user is successfully registered, the user becomes a user node, the participating node applies the supervision public key of the application user to encrypt the hash value of the network identity document information and the user identity document information to generate first encryption information, signs the first encryption information by using a first private key of the participating node, and then sends an authentication broadcast message to the blockchain network.
preferably, in step three, the registered information is returned to the original device, and the original device performs authentication algorithm calculation on the returned data and the originally requested registration information, and then confirms whether the identity authentication information passes or not according to the calculated result. The terminal user sends the CV and Au of the terminal user to the server and keeps the verification time as TbFirstly, the server searches whether the ID signed by the terminal user exists in the block chain network, namely, the public key pu of the user is adopted to verify the correctness of the ID, if the ID exists, the next step is carried out, otherwise, the verification is quitted.
The server searches for information such as the corresponding heap keys K and Mix, calculates CV ═ MSEx (hash (Au | | K | | | Mix)), compares whether CV ═ CV' is true, and if yes, the user verification is successful.
Compared with the prior art, the invention has the following beneficial effects: the identity authentication method based on the Hyperridge network is invented, and the encryption method and the structural characteristics of the block chain are used. One block not only has the hash value of the block, but also has the characteristics of the hash value of the previous block, so that the block cannot be tampered. Once data in a block is tampered or a block is maliciously replaced, the data can be immediately known by the block network. Thus, it is safe and effective to authenticate the identity by means of the characteristics of the block.
Drawings
FIG. 1 is a flowchart of identity authentication method based on Hyperhedger network
FIG. 2 is a flowchart of user registration in the identity authentication method based on Hyperridge network
FIG. 3 is a flowchart of identity authentication of a user by an application system in an identity authentication method based on a Hyperhedger network
Detailed Description
the present invention is further illustrated by the following figures and examples, which include, but are not limited to, the following examples.
Example (b):
(1) And user registration:
(1.1) generating a public key and a private key when a user registers for the first time, and initiating a registration request to an application system;
(1.2) submitting real-name information, a public key, a private key and signature information of the real-name information, the public key and the private key to an application system by a user;
(1.3) the application system carries out real-name authentication on the user through an authoritative identity authentication source;
(1.4) the application system calculates real-name information, a public key and the signature of the application system on the real-name information and the public key to generate user attribute card information, wherein the user attribute card information comprises a user ID, the real-name information, a real-name authentication source, a public key, an attribute card issuing mechanism identifier, an attribute card issuing mechanism public key and the signature of the attribute card issuing mechanism on the user ID, the real-name information, the real-name authentication source, the public key, the attribute card issuing mechanism identifier and the attribute card issuing mechanism public key;
(1.5) the application system calculates the abstract of the user attribute card information;
(1.6) the application system uses the public key to encrypt the user attribute card information;
(1.7) the application system issues the encrypted ciphertext of the user attribute card information and the abstract of the plaintext of the user attribute card information to a block chain, so that the fact that data in the user attribute card information are real, complete and cannot be tampered is guaranteed, and meanwhile, the privacy of a user is protected through encryption;
(2) The application server authentication module performs signature verification
the application server authentication module executes the storage of the user attribute card information block chain, and can realize the following functions in the user registration process;
the application server authentication module executes the query and comparison of the user attribute card information block chain, and can realize the following functions in the identity authentication process: calculating hash of the user attribute card information according to the decrypted user attribute card information submitted by a plurality of users, inquiring and comparing hash values through a block chain, analyzing real-name information, and verifying the signature of an attribute card issuing organization.
(3) and identity authentication:
(3.1) the user initiates an authentication request to the application system, and the application system returns an authentication challenge to the user, wherein the authentication challenge is a random number;
(3.2) the user signs the authentication challenge using the private key;
(3.3) the application system uses a public key to verify the authentication challenge signature, and if the verification is successful, the user is indicated to have the private key;
(3.4) in the step (2.3), after the verification is successful, the user decrypts the information of each user attribute card and submits the information of the plurality of decrypted user attribute cards to the application system;
(3.5) the application system calculates the hash of the user attribute card information, and inquires and compares the hash value through a block chain;
And (3.6) the application system analyzes the real-name information and verifies the signature of the attribute card issuing organization.
The carriers of the private key include but are not limited to a U shield, a mobile phone shield, a password card and an encryption machine; the authoritative identity authentication source comprises but is not limited to public security, telecommunication and banks, and the real-name authentication is carried out on the user through the authoritative identity authentication source so as to realize the credible identity authentication of multiple parties; the real name information includes, but is not limited to, a user name, a user identification card, and a user phone number.
In the invention, a public key and a private key are generated when a user registers for the first time, each application system carries out real-name authentication on the user through an authoritative certification authority and generates corresponding user attribute card information, and the user attribute card information is encrypted through the public key and then stored in a block chain, so that the user has the private key, and the real-name information and the public key of the user are safely stored in the block chain after being certified by a multi-party certification authority; when an application system needs a user to complete the login of an identity authentication account, the application system verifies a private key of the user, meanwhile, the application system verifies the authenticity and integrity of a plurality of user attribute card information held by the user through a block chain, analyzes real name information of the user, and verifies the signature of an attribute card information issuing organization, so that the real name authentication of the user is realized.
Claims (5)
1. An identity authentication method based on HyperLegger network is used for identity authentication of terminal nodes in a block chain network, and is characterized by comprising the following steps
The method comprises the following steps: signing identity registration information sent by a user terminal, and providing signed data for a terminal user;
Step two: the terminal receives the signed identity registration information and registers the identity information to contract equipment preset in the block chain;
Step three: and returning the registered information to the original equipment, and calculating the authentication algorithm of the returned data and the originally requested registration information by the original equipment, and then confirming whether the identity authentication information passes or not according to the calculated result.
2. the identity authentication method based on the Hyperledger network of claim 1, wherein in the step one, the identity registration information sent by the user terminal is signed, and then the signed data is provided to the terminal user. The method mainly comprises the steps that a terminal user registers application to a server through an encryption channel and sends Au, K and Mix information to the server; the system comprises a server, Au, a register date and other description information, wherein the Au is a digital transaction address of a terminal user and an identifier of the terminal user, the K is a symmetric key encrypted by interactive information between the terminal user and the server, and the Mix is the register date and other description information added by the terminal user;
And the server (generates a check code CV ═ MSEx (hash (Au | K | | Mix)), wherein MSEx () represents x bits before the check code is intercepted, "|" represents that two byte streams before and after the check code is intercepted in series, and the CV is sent to the terminal user through an encryption channel.
3. the identity authentication method based on the Hyperhedger network according to claim 1, wherein in the second step, the terminal receives the signed identity registration information to perform identity information registration to contract equipment preset in the block chain, the identity registration information is mainly packaged to the block chain network, the terminal user uses UID, CV and Au to form ID-hash (Au | | CV | | UID), and uses a private key su to sign the ID, wherein UID is the terminal user registration name or other information; enabling the CV of the end user not to exist in clear text on the blockchain network and proving that the CV is owned by the end user through signature.
4. the identity authentication method based on the Hyperledger network of claim 1, wherein in step three, the registered information is returned to the original device, the original device performs authentication algorithm calculation on the returned data and the originally requested registered information, and then determines whether the identity authentication information passes according to the calculated result. The terminal user sends the CV and Au of the terminal user to the server and keeps the verification time as TbFirstly, the server searches whether the ID signed by the terminal user (U) exists in the block chain network, namely, the user public key pu is adopted to verify the correctness of the ID, if the ID exists, the next step is carried out, otherwise, the verification is quitted.
the server searches for information such as the corresponding heap keys K and Mix, calculates CV ═ MSEx (hash (Au | | K | | | Mix)), compares whether CV ═ CV' is true, and if yes, the user verification is successful.
5. The identity authentication method based on the HyperLegger network as claimed in claim 1, wherein in step three, a valid user is ensured to join after authentication is successful, and a user is linked to the block chain for permanent storage after verification; the recorded information field is associated and corresponding to the generation time stamp and has uniqueness and non-tamper property; the attribute authorization service is provided after identity authentication is passed, and authorization comprises attribute information of name and gender; the signature service carries out encryption transmission on the user information according to the digital signature, and the security of the user information is ensured.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910849758.5A CN110572392A (en) | 2019-09-09 | 2019-09-09 | Identity authentication method based on HyperLegger network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910849758.5A CN110572392A (en) | 2019-09-09 | 2019-09-09 | Identity authentication method based on HyperLegger network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110572392A true CN110572392A (en) | 2019-12-13 |
Family
ID=68778790
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910849758.5A Pending CN110572392A (en) | 2019-09-09 | 2019-09-09 | Identity authentication method based on HyperLegger network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110572392A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112347513A (en) * | 2020-11-13 | 2021-02-09 | 北京科技大学 | Block chain node identity authentication method and system based on channel state information |
| CN113259311A (en) * | 2021-03-17 | 2021-08-13 | 西安电子科技大学 | Decentralized identity authentication system based on block chain |
| CN113487321A (en) * | 2021-07-06 | 2021-10-08 | 域世安(北京)科技有限公司 | Identity identification and verification method and system based on block chain wallet |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107181765A (en) * | 2017-07-25 | 2017-09-19 | 光载无限(北京)科技有限公司 | Network digital identity identifying method based on block chain technology |
| CN107196966A (en) * | 2017-07-05 | 2017-09-22 | 北京信任度科技有限公司 | The identity identifying method and system of multi-party trust based on block chain |
| CN108777673A (en) * | 2018-04-12 | 2018-11-09 | 三维通信股份有限公司 | One kind carrying out Bidirectional identity authentication method in block chain |
-
2019
- 2019-09-09 CN CN201910849758.5A patent/CN110572392A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107196966A (en) * | 2017-07-05 | 2017-09-22 | 北京信任度科技有限公司 | The identity identifying method and system of multi-party trust based on block chain |
| CN107181765A (en) * | 2017-07-25 | 2017-09-19 | 光载无限(北京)科技有限公司 | Network digital identity identifying method based on block chain technology |
| CN108777673A (en) * | 2018-04-12 | 2018-11-09 | 三维通信股份有限公司 | One kind carrying out Bidirectional identity authentication method in block chain |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112347513A (en) * | 2020-11-13 | 2021-02-09 | 北京科技大学 | Block chain node identity authentication method and system based on channel state information |
| CN112347513B (en) * | 2020-11-13 | 2024-02-13 | 北京科技大学 | Block chain node identity authentication method and system based on channel state information |
| CN113259311A (en) * | 2021-03-17 | 2021-08-13 | 西安电子科技大学 | Decentralized identity authentication system based on block chain |
| CN113259311B (en) * | 2021-03-17 | 2022-07-12 | 西安电子科技大学 | Blockchain-based decentralized identity authentication system |
| CN113487321A (en) * | 2021-07-06 | 2021-10-08 | 域世安(北京)科技有限公司 | Identity identification and verification method and system based on block chain wallet |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11799656B2 (en) | Security authentication method and device | |
| CN110069918B (en) | Efficient double-factor cross-domain authentication method based on block chain technology | |
| CN111797427B (en) | Blockchain user identity supervision method and system giving consideration to privacy protection | |
| CN113301022B (en) | Internet of things equipment identity security authentication method based on block chain and fog calculation | |
| CN109687965B (en) | A real-name authentication method for protecting user identity information in the network | |
| CN109361668A (en) | A method of reliable data transmission | |
| CN108964919A (en) | The lightweight anonymous authentication method with secret protection based on car networking | |
| Nagaraju et al. | SecAuthn: provably secure multi-factor authentication for the cloud computing systems | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| CN104243494A (en) | Data processing method | |
| CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
| CN110572392A (en) | Identity authentication method based on HyperLegger network | |
| CN116743470A (en) | Service data encryption processing method and device | |
| Sharma et al. | Advanced multi-factor user authentication scheme for E-governance applications in smart cities | |
| CN112037870B (en) | Double-server light-weight searchable encryption method and system supporting data partitioning | |
| CN104811421A (en) | Secure communication method and secure communication device based on digital rights management | |
| CN116112234B (en) | A method, system, medium and device for electronic signature security verification | |
| CN114374519B (en) | Data transmission method, system and equipment | |
| Kim et al. | Secure IoT Device Authentication Scheme using Key Hiding Technology | |
| CN110532741B (en) | Personal information authorization method, certification center and service provider | |
| Jia et al. | A Critique of a Lightweight Identity Authentication Protocol for Vehicular Networks. | |
| Azzahra et al. | Formal Analysis of SMAP Fog/Edge Protocol Using AVISPA | |
| Bella | What is correctness of security protocols? | |
| CN110191457A (en) | Anonymous Authentication and Key Agreement Method for Desynchronized Global Mobile Roaming Network | |
| CN118233218B (en) | Remote authentication system and method based on distributed trusted execution environment application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191213 |
|
| RJ01 | Rejection of invention patent application after publication |