[go: up one dir, main page]

CN109359691B - Identity verification method and system based on block chain - Google Patents

Identity verification method and system based on block chain Download PDF

Info

Publication number
CN109359691B
CN109359691B CN201811237886.6A CN201811237886A CN109359691B CN 109359691 B CN109359691 B CN 109359691B CN 201811237886 A CN201811237886 A CN 201811237886A CN 109359691 B CN109359691 B CN 109359691B
Authority
CN
China
Prior art keywords
verification
certificate
user
information
voiceprint
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811237886.6A
Other languages
Chinese (zh)
Other versions
CN109359691A (en
Inventor
路成业
王凌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Iallchain Co Ltd
Original Assignee
Iallchain Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Iallchain Co Ltd filed Critical Iallchain Co Ltd
Priority to CN201811237886.6A priority Critical patent/CN109359691B/en
Publication of CN109359691A publication Critical patent/CN109359691A/en
Application granted granted Critical
Publication of CN109359691B publication Critical patent/CN109359691B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/16Human faces, e.g. facial parts, sketches or expressions
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/50Maintenance of biometric data or enrolment thereof
    • G06V40/53Measures to keep reference information secret, e.g. cancellable biometrics

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Multimedia (AREA)
  • Human Computer Interaction (AREA)
  • Data Mining & Analysis (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Oral & Maxillofacial Surgery (AREA)
  • Evolutionary Computation (AREA)
  • Evolutionary Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides an identity verification method and system based on a block chain, wherein the method comprises the following steps: the user node generates certificate information and certificate basic information, and sends a certificate verification request to verification equipment after signing; verifying the validity of the signature by the verification equipment, and if the signature passes the verification, verifying the voiceprint information and the head portrait of the user and verifying the basic information; and the verification equipment matches the verification basic information with the certificate basic information, if the matching is successful, the certificate head portrait encrypted by the user voiceprint key is decrypted according to the user voiceprint information and a preset algorithm, so that each participating node determines whether the user node successfully verifies the certificate information, and if the verification is successful, the authentication success information is written into the block and is broadcast to the block chain network. Therefore, on-line authentication of certificate information is realized, authentication limitation is reduced, and authentication efficiency and security are improved on the basis of ensuring authentication reliability.

Description

Identity verification method and system based on block chain
Technical Field
The present invention relates to the field of communications technologies, and in particular, to an identity authentication method and system based on a block chain.
Background
At present, with the development of the legislation society, it is the mainstream to manage citizens through identity card and other certificate information, however, in the related art, the verification mode of the certificate information needs a specific registration device for authentication, the authentication efficiency is low, the authentication limit is high, and the method is difficult to be popularized to the general public for use, for example, the current identity card verification is completed by an offline identity card reader. The manufacturer authorized by the relevant department produces the card reader, and the built-in special security module is embedded for verification. And the authentication is only authorized by a specified unit, and the authentication can not be completed by the general public. Therefore, the authentication efficiency is not high, and the authentication operation is difficult to popularize.
Disclosure of Invention
The invention provides an identity authentication method and system based on a block chain, and aims to solve the technical problems that in the prior art, identity authentication efficiency is low, limitation is strong, and popularization cannot be achieved.
A first embodiment of the present invention provides an identity authentication method based on a blockchain, including: the user node generates certificate information, wherein the certificate information comprises: the certificate authentication method comprises the steps that certificate types, certificate numbers, certificate head portraits encrypted through a voiceprint key of a user and certificate basic information are applied, and after the certificate information and a user public key are signed by a user private key, a certificate authentication request is sent to authentication equipment; the verification equipment receives the certificate verification request, verifies the validity of the user private key by using the user public key, and if the verification is passed, inquires a prestored identity database corresponding to the certificate type, acquires user voiceprint information and verification head portrait corresponding to the certificate number, and verifies basic information; the verification equipment matches the verification basic information with the certificate basic information, if the matching is successful, the certificate head portrait encrypted by the user voiceprint key is decrypted according to the user voiceprint information and a preset algorithm, the decrypted certificate head portrait is matched with the verification head portrait, if the matching is successful, after the certificate information is signed by an equipment private key, a certificate verification success response is fed back to the user node, so that the user node applies the user private key to sign the verification success response and then sends the signature to each participating node of a block chain network; the participating node applies a prestored user public key to perform signature verification on the user private key, after the verification is passed, the prestored equipment public key is applied to perform signature verification on the equipment private key, and after the verification is passed, an identity verification success message is sent to the block chain network; and if the proportion of the mining node acquiring the participation node sending the identity verification success message in the preset time exceeds a preset first threshold value, determining that the certificate information of the user node is successfully verified, writing the authentication success message into the block and broadcasting the authentication success message to the block chain network.
A second embodiment of the present invention provides an identity verification system based on a blockchain, including: the certificate information system comprises a user node, verification equipment, a participation node and a mining node, wherein the user node is used for generating certificate information, and the certificate information comprises: the certificate authentication method comprises the steps that certificate types, certificate numbers, certificate head portraits encrypted through a voiceprint key of a user and certificate basic information are applied, and after the certificate information and a user public key are signed by a user private key, a certificate authentication request is sent to authentication equipment; the verification equipment is used for receiving the certificate verification request, verifying the validity of the user private key by using the user public key, inquiring a prestored identity database corresponding to the certificate type if the verification is passed, and acquiring user voiceprint information and verification head portrait corresponding to the certificate number and verification basic information; the verification equipment is further used for matching the verification basic information with the certificate basic information, if the matching is successful, the certificate head portrait encrypted by the user voiceprint key is decrypted according to the user voiceprint information and a preset algorithm, the decrypted certificate head portrait is matched with the verification head portrait, if the matching is successful, a private key of the equipment is used for signing the certificate information, and a certificate verification success response is fed back to the user node, so that the user node applies the private key of the user to sign the verification success response and then sends the signature to each participating node of the block chain network; the participating node is used for applying a prestored user public key to perform signature verification on the user private key, applying a prestored equipment public key to perform signature verification on the equipment private key after the verification is passed, and sending an identity verification success message to the block chain network after the verification is passed; and the mining node is used for determining that the certificate information of the user node is successfully verified if the proportion of the participating nodes which acquire the identity verification success message within the preset time exceeds a preset first threshold value, writing the authentication success message into the block and broadcasting the authentication success message to the block chain network.
A third embodiment of the present invention provides a computer apparatus including: the system comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the computer program to realize the identity authentication method based on the block chain according to the embodiment.
A fourth embodiment of the present invention provides a non-transitory computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the blockchain-based authentication method according to the above embodiment.
The technical scheme provided by the embodiment of the invention has the following beneficial effects:
the user node generates certificate information, wherein the certificate information comprises: the certificate type, the certificate number, the certificate head portrait encrypted by the user's voiceprint key and the certificate basic information, after the certificate information and the user's public key are signed by the user's private key, the certificate verification request is sent to the verification device, the verification device receives the certificate verification request, the validity of the user's private key is verified by the user's public key, if the verification is passed, the prestored identity database corresponding to the certificate type is inquired, the user's voiceprint information and the verification head portrait corresponding to the certificate number are obtained, and the verification basic information, the verification device matches the verification basic information with the certificate basic information, if the matching is successful, the certificate head portrait encrypted by the user's voiceprint key is decrypted according to the user's voiceprint information and a preset algorithm, the decrypted certificate head portrait is matched with the verification head portrait, if the matching is successful, the certificate information is signed by the device's private key, feeding back a certificate verification success response to the user node, so that the user node applies a user private key to sign a verification success response and then sends the response to each participating node of the block chain network, further, the participating nodes apply a pre-stored user public key to sign and verify the user private key, after the verification is passed, the pre-stored equipment public key is applied to sign and verify the equipment private key, after the verification is passed, an identity verification success message is sent to the block chain network, and finally, if the mining node obtains the proportion of the participating nodes sending the identity verification success message within a preset time and exceeds a preset first threshold value, the certificate information verification success of the user node is determined, and the authentication success message is written into the block and is broadcasted to the block chain network. Therefore, on-line authentication of certificate information is realized, authentication limitation is reduced, and authentication efficiency and security are improved on the basis of ensuring authentication reliability.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which,
fig. 1 is a schematic structural diagram of an identity verification system based on a blockchain according to an embodiment of the present invention;
fig. 2 is a schematic view of an application scenario of an identity verification system based on a blockchain according to an embodiment of the present invention; and
fig. 3 is a flowchart of an identity verification method based on a blockchain according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
Based on the description of the background art, it is understood that, in the prior art, since a specific registration device is needed for authentication, the authentication efficiency is low, the authentication limit is high, even if a website can perform online identity authentication in the western medicine technology, only whether the name and the certificate number of the user are consistent is fed back, the identity of the licensee cannot be authenticated, the authentication reliability is low, and a centralized query server is easy to receive denial of service attacks.
In order to solve the technical problem, the invention provides an identity authentication method based on a block chain, which puts through the restriction between the block chain authentication technology and the authentication between related legal departments, thereby realizing the online authentication of certificate information, reducing the authentication restriction, and improving the authentication efficiency and the security on the basis of ensuring the authentication reliability.
In order to clarify the description, firstly, the identity verification system based on the block chain according to the embodiment of the present invention is described, fig. 1 is a schematic structural diagram of the identity verification system based on the block chain according to an embodiment of the present invention, as shown in fig. 1, the system includes a user node 100, a verification device 200, a participating node 300, and a mining node 400, wherein the user node 100 corresponds to a terminal device held by a user to be authenticated, the user node and the user are in a hidden binding relationship, and based on that the user node 100 can ensure that the user currently performing identity verification is the user himself instead of some other illegal users holding user identity information, the user node 100 can be understood as all nodes capable of performing identity verification in the block chain network, and the verification device 200 can correspond to a verification device authorized by a part with higher authority, including a handheld terminal verification device, the computer verification device and the like are not limited herein, and the authentication is performed based on the verification device 200, so that the reliability of the verification result is ensured, and the participating node 300 is a node which refers to the authentication of the verification user node 100 in the block chain network, and may be a mining node or any other type of node.
In the execution process of the system, the user node, the participation node, the mining node and the verification device perform identity verification when communicating based on a public key certificate technology, wherein the core of the public key technology is a pair of keys, and the basic principle is as follows: information content encrypted by one key can only be decrypted by another key with which it is paired. The encrypted public key can be widely issued to the correspondent concerned, and the encrypted private key needs to be stored safely. The verification device may not be a node in the blockchain network due to the limitations of certain confidentiality and security, may communicate with the user node based on wireless technologies such as bluetooth, infrared, WIFI, and the like, may also be in communication connection in a wired manner such as a circuit, and is not limited herein.
Referring to fig. 2, in an actual execution process, a user node generates credential information, where the credential information includes: the certificate type, the certificate number, the certificate head portrait encrypted by the user's voiceprint key and the certificate basic information are signed by the user private key, and then a certificate verification request is sent to verification equipment (step 1).
And then, the verification device receives the certificate verification request, verifies the validity of the private key of the user by using the public key of the user, if the verification is passed, the verification request is sent by the user node, but the verification request is not spoofed by an illegal node, so that a prestored identity database corresponding to the certificate type is inquired, and the user voiceprint information and the verification head portrait corresponding to the certificate number and the verification basic information are obtained (step 2).
And then, the verification equipment matches the verification basic information with the certificate basic information, if the matching is successful, the certificate head portrait encrypted by the user voiceprint key is decrypted according to the user voiceprint information and a preset algorithm, the decrypted certificate head portrait is matched with the verification head portrait, if the matching is successful, the user identity is reliable, furthermore, after the certificate information is signed by applying an equipment private key, a certificate verification success response is fed back to the user node, so that the user node applies the user private key to sign the verification success response and sends the certificate head portrait to each participating node of the block chain network (step 3), wherein in step 3, the certificate head portrait encrypted by the user voiceprint key is decrypted according to the user voiceprint information and the preset algorithm, and therefore, the reliability of the verification is guaranteed because the voiceprint information is uniquely corresponding to the user.
Certainly, even if the user node sends a message that the verification is successful, in order to ensure the authenticity and reliability of the message, other reference nodes are required to jointly supervise and verify, that is, the participating nodes apply the pre-stored user public key to perform signature verification on the user private key, after the verification is passed, the pre-stored device public key is applied to perform signature verification on the device private key, and after the verification is passed, the identity verification success message is sent to the blockchain network (step 4).
Finally, if the proportion of the participating nodes which send the identity verification success message acquired by the mining node in the preset time exceeds a preset first threshold value, the certificate information of the user node is determined to be successfully verified, and the authentication success message is written into the block and is broadcasted to the block chain network (step 5). That is to say, after the authentication identity verification of the more involved nodes is successful, the user identity information verification is determined to be legal, and the reliability of the verification is further ensured.
Certainly, in this embodiment, the participating node performs signature verification on the user private key by using the pre-stored user public key, and sends an authentication failure message to the blockchain network after the verification fails, or performs signature verification on the device private key by using the pre-stored device public key, and sends an authentication failure message to the blockchain network after the verification fails, and if the mining node acquires that the proportion of the participating node sending the authentication failure message exceeds a preset second threshold value within a preset time, it determines that the certificate information of the user node fails to be verified, and writes the authentication failure message into the block and broadcasts the block chain network.
Therefore, the identity verification system based on the block chain combines the identity verification block chain networks of the users, wherein the identity verification is combined with the verification equipment verification authorized by the part with higher authority, the reliability of the verification result is ensured, the authentication pressure is divided into the mining node and the participating node in the block chain network, the authentication limit is reduced, the technical support is provided for the general application and popularization of the identity verification, and the authentication efficiency is high.
In order to describe details of the authentication in the embodiment of the present invention in more detail, so that those skilled in the art will make the block chain-based authentication process of the present invention clearer, the following description focuses on the block chain-based authentication method side to describe details of the authentication process.
Fig. 3 is a flowchart of an identity verification method based on a blockchain according to an embodiment of the present invention, as shown in fig. 3, the method includes:
step 101, a user node generates certificate information, wherein the certificate information comprises: the certificate type, the certificate number, the certificate head portrait encrypted by the user's voiceprint key and the certificate basic information are signed by the user private key, and then a certificate verification request is sent to verification equipment.
The user private key and the user public key are used for carrying out identity preliminary verification on the user node, the user private key is held by the user node, and the user public key is broadcasted to the block chain network in a broadcasting mode, so that other nodes in the block chain network verify the reliability of the user node based on the corresponding relation between the user public key and the user private key.
In addition, the certificate types include identity cards, passports, medical insurance cards and other certificates which can represent the uniqueness of the identity of the user, and the certificate number is a unique code corresponding to the certificate type. In the embodiment of the invention, in order to protect the privacy information of the user, the certificate head portrait in the certificate information is encrypted by the voiceprint key of the user, wherein the voiceprint key of the user is generated based on the voiceprint of the user, the voiceprint of the user corresponds to the user one by one and is difficult to crack, the certificate head portrait of the user cannot be obtained even if the identity authentication request is intercepted, and the security of the certificate head portrait of the user is ensured, and the basic information of the certificate comprises the certificate validity period and the like, the user address and the like.
Specifically, the user node may send the certificate verification request to the verification device based on a wireless manner or may send the certificate verification request to the verification device based on a wired manner according to a different communication environment with the verification device.
And 102, the verification equipment receives the certificate verification request, verifies the validity of the private key of the user by using the public key of the user, inquires a prestored identity database corresponding to the certificate type if the verification is passed, and acquires user voiceprint information and verification head portrait corresponding to the certificate number and verification basic information.
Specifically, after the verification device receives the verification request, firstly, in order to avoid that the verification request which should be checked completely is sent by other illegal nodes, firstly, the identity of the user node is preliminarily verified, based on the corresponding relation between the user public key and the user private key, the validity of the user private key is verified by applying the user public key, if the verification result shows that the user public key is matched with the user private key, the verification is passed, and the current verification request is sent by the user node, so that a preset identity database corresponding to the certificate type is inquired, wherein the identity database stores the certificate user number corresponding to the certificate type, the corresponding user voiceprint information and verification head image, and verification basic information, wherein, as the verification device is authorized to be used by a part with absolute authority, the information in the identity database has absolute reliability, in addition, the verification basic information corresponds to the certificate basic information and can include certificate validity period, user address and other information.
And 103, matching the verification basic information with the certificate basic information by the verification equipment, decrypting the certificate head portrait encrypted by the user voiceprint key according to the user voiceprint information and a preset algorithm if the verification equipment is successfully matched with the certificate head portrait, and feeding back a certificate verification success response to the user node after the certificate information is signed by the private key of the application equipment if the verification equipment is successfully matched with the certificate head portrait, so that the user node signs the verification success response by applying the user private key to each participating node of the block chain network.
Similarly, the device private key and the device public key are used for identity verification of the verification device, the device private key is held by the verification device, and the device public key is broadcasted to the blockchain network in a broadcast mode, so that other nodes in the blockchain network verify the authenticity of the verification device based on the corresponding relation between the device public key and the device private key.
Specifically, in order to improve the resource utilization rate and improve the matching efficiency, in this embodiment, the user identity is first roughly verified, the verification device matches the verification basic information with the certificate basic information, if the matching is successful, such as if the validity period is consistent with the user address, the fine verification is further performed, decrypting the certificate head portrait encrypted by the voiceprint key of the user according to the user interrogation information and a preset algorithm, matching the decrypted certificate head portrait with the verification head portrait, if the two are successfully matched, indicating that the certificate head portrait is also legal, the application device private key thus signs the certificate information, to indicate that the verification message was sent by the verification device itself, and further, a certificate verification success response is fed back to the user node, so that the user node signs the verification success response of the application user private key and then sends the signature to each participating node of the block chain network.
It should be noted that, in the embodiment of the present invention, the certificate head portrait in the authentication message may be included in the certificate, or may be acquired in real time through a camera or other devices, and when the certificate head portrait is acquired in real time by the user, based on whether the certificate image acquired in real time by the user is consistent with the head portrait in the identity database, the user identity is authenticated again, and the reliability of the authentication result is further ensured.
In addition, in the actual execution process, according to different application scenarios, different ways of decrypting the certificate head portrait encrypted by the user's voiceprint key are performed according to user voiceprint information and a preset algorithm, as a possible implementation way, the user voiceprint information is processed, voiceprint features such as voiceprint size, spectrum distribution and the like are extracted, voiceprint vectors corresponding to the voiceprint features are generated, the voiceprint vectors are calculated according to the preset decryption algorithm, a voiceprint private key is obtained, and then the voiceprint private key is used for decrypting the certificate head portrait encrypted by the user's voiceprint key to obtain the certificate head portrait. In the embodiment, the verification is unsuccessful no matter whether the voiceprint information is not matched or the head portrait of the certificate is not matched, so that the accuracy of the verification result is ensured.
In the embodiment of the invention, in order to ensure the comprehensiveness of the identity verification process and facilitate the user node to know the verification result in real time, if the verification equipment knows that the verification basic information fails to match with the certificate basic information or that the decrypted certificate head portrait fails to match with the verification head portrait, the verification equipment applies a private key to sign the certificate information and feeds back a certificate verification failure response to the user node.
And step 104, the participating node applies a pre-stored user public key to perform signature verification on the user private key, after the verification is passed, the pre-stored equipment public key is applied to perform signature verification on the equipment private key, and after the verification is passed, an identity verification success message is sent to the blockchain network.
It is understood that even if the user node sends a verification success response that the authentication device verifies that the identity of the user node is legal, in order to ensure the reliability of the verification result, it is necessary to jointly supervise whether the verification result is authentic based on other participating nodes.
Specifically, the participating node applies a pre-stored user public key to perform signature verification on the user private key, and after the verification is passed, the participating node indicates that the current verification success response is sent by the user node, so that whether the response is sent by verification equipment determined by an authority department is further verified, namely, the pre-stored equipment public key is used for performing signature verification on the equipment private key, and after the verification is passed, an identity verification success message is sent to the blockchain network.
And 105, if the proportion of the mining node acquiring the participating nodes sending the identity verification success message in the preset time exceeds a preset first threshold value, determining that the certificate information of the user node is verified successfully, writing the authentication success message into the block, and broadcasting the authentication success message to the block chain network.
In order to maintain the verification order, in the embodiment of the present invention, after most of the participating nodes accept the successful authentication, the user node is considered to be successfully authenticated, that is, if the proportion of the participating nodes that acquire the successful authentication message within the preset time exceeds a preset first threshold, for example, exceeds half of the participating nodes, it is determined that the certificate information of the user node is successfully verified, and the successful authentication message is written into the block and broadcasted to the block chain network.
The preset time is set based on the network condition of the current blockchain network, and the like, in the preset time, the mining node can generally successfully receive the verification message sent by the participating node, and in the preset time, other illegal nodes intercepting the participating node generally cannot complete the operation of sending the tampered verification message to the mining node.
In one embodiment of the invention, in order to ensure the intuitiveness of the verification, the participating nodes apply the pre-stored user public key to perform signature verification on the user private key, after the verification fails, an identity verification failure message is sent to the blockchain network, or the pre-stored equipment public key is applied to perform signature verification on the equipment private key, after the verification fails, the identity verification failure message is sent to the blockchain network, at this time, in order to avoid that some malicious participating nodes disturb the verification environment, the verification messages of other participating nodes still need to be synthesized to determine the verification result, namely, if the proportion of the participating nodes which send the identity verification failure message obtained by the mining nodes in the preset time exceeds the preset second threshold value, the verification failure of the certificate information of the user nodes is determined, and the authentication failure message is written into the block and is broadcasted to the blockchain network.
It should be understood that, in the identity verification system based on the blockchain in the embodiment of the present invention, issuance conditions such as certificate information update and the like may also be implemented based on the current system composition structure, so as to ensure flexibility of the identity verification system based on the blockchain.
Specifically, the user node receives certificate expiration updating prompt information sent by the verification device, and sends a certificate expiration updating request to the verification device after signing certificate information and certificate validity information by using a user private key, so that the verification device sends new certificate information, online certificate handling and the like are realized, and the life of a user is greatly facilitated.
To sum up, in the identity verification method based on the block chain according to the embodiment of the present invention, the user node generates the certificate information, where the certificate information includes: the certificate type, the certificate number, the certificate head portrait encrypted by the user's voiceprint key and the certificate basic information, after the certificate information and the user's public key are signed by the user's private key, the certificate verification request is sent to the verification device, the verification device receives the certificate verification request, the validity of the user's private key is verified by the user's public key, if the verification is passed, the prestored identity database corresponding to the certificate type is inquired, the user's voiceprint information and the verification head portrait corresponding to the certificate number are obtained, and the verification basic information, the verification device matches the verification basic information with the certificate basic information, if the matching is successful, the certificate head portrait encrypted by the user's voiceprint key is decrypted according to the user's voiceprint information and a preset algorithm, the decrypted certificate head portrait is matched with the verification head portrait, if the matching is successful, the certificate information is signed by the device's private key, feeding back a certificate verification success response to the user node, so that the user node applies a user private key to sign a verification success response and then sends the response to each participating node of the block chain network, further, the participating nodes apply a pre-stored user public key to sign and verify the user private key, after the verification is passed, the pre-stored equipment public key is applied to sign and verify the equipment private key, after the verification is passed, an identity verification success message is sent to the block chain network, and finally, if the mining node obtains the proportion of the participating nodes sending the identity verification success message within a preset time and exceeds a preset first threshold value, the certificate information verification success of the user node is determined, and the authentication success message is written into the block and is broadcasted to the block chain network. Therefore, on-line authentication of certificate information is realized, authentication limitation is reduced, and authentication efficiency and security are improved on the basis of ensuring authentication reliability.
In order to implement the foregoing embodiments, the present invention further provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the computer device implements the block chain based identity authentication method as described in the foregoing embodiments.
In order to implement the above embodiments, the present invention also proposes a non-transitory computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, is capable of implementing the block chain based identity authentication method as described in the foregoing embodiments.
In the present invention, the terms "first", "second" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
In the present invention, unless otherwise expressly stated or limited, the first feature "on" or "under" the second feature may be directly contacting the first and second features or indirectly contacting the first and second features through an intermediate. Also, a first feature "on," "over," and "above" a second feature may be directly or diagonally above the second feature, or may simply indicate that the first feature is at a higher level than the second feature. A first feature being "under," "below," and "beneath" a second feature may be directly under or obliquely under the first feature, or may simply mean that the first feature is at a lesser elevation than the second feature.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.

Claims (7)

1. An identity authentication method based on a block chain is characterized by comprising the following steps:
the user node generates certificate information, wherein the certificate information comprises: the certificate authentication method comprises the steps that certificate types, certificate numbers, certificate head portraits encrypted through a voiceprint key of a user and certificate basic information are applied, and after the certificate information and a user public key are signed by a user private key, a certificate authentication request is sent to authentication equipment;
the verification equipment receives the certificate verification request, verifies the validity of the user private key by using the user public key, and if the verification is passed, inquires a prestored identity database corresponding to the certificate type, acquires user voiceprint information and verification head portrait corresponding to the certificate number, and verifies basic information;
the verification equipment matches the verification basic information with the certificate basic information, if the matching is successful, the certificate head portrait encrypted by the user voiceprint key is decrypted according to the user voiceprint information and a preset algorithm, the decrypted certificate head portrait is matched with the verification head portrait, if the matching is successful, after the certificate information is signed by an equipment private key, a certificate verification success response is fed back to the user node, so that the user node applies the user private key to sign the verification success response and then sends the signature to each participating node of a block chain network;
the participating node applies a prestored user public key to perform signature verification on the user private key, after the verification is passed, the prestored equipment public key is applied to perform signature verification on the equipment private key, and after the verification is passed, an identity verification success message is sent to the block chain network;
if the proportion of the participating nodes which acquire the identity verification success message within the preset time exceeds a preset first threshold value, the mining node determines that the certificate information of the user node is verified successfully, writes the authentication success message into a block and broadcasts the block chain network;
the participating node applies a prestored user public key to perform signature verification on the user private key, and sends an identity verification failure message to the blockchain network after the verification fails, or applies a prestored equipment public key to perform signature verification on the equipment private key, and sends an identity verification failure message to the blockchain network after the verification fails;
if the proportion of the participating nodes which send the identity verification failure message acquired by the mining node in the preset time exceeds a preset second threshold value, determining that the certificate information of the user node fails to be verified, writing the authentication failure message into a block and broadcasting the authentication failure message to the block chain network;
and the user node receives the certificate expiration updating prompt information sent by the verification equipment, applies the user private key to sign the certificate information and the certificate validity period information, and then sends a certificate expiration updating request to the verification equipment.
2. The method of claim 1, wherein decrypting the user's voiceprint key encrypted certificate avatar based on the user's voiceprint information and a predetermined algorithm comprises:
processing the user voiceprint information, extracting voiceprint features, and generating a voiceprint vector corresponding to the voiceprint features;
calculating the voiceprint vector according to a preset decryption algorithm to obtain a voiceprint private key;
and decrypting the certificate head portrait encrypted by the voiceprint private key of the user by using the voiceprint private key to obtain the certificate head portrait.
3. The method of claim 1, further comprising:
and if the verification equipment knows that the verification basic information fails to be matched with the certificate basic information or that the decrypted certificate head portrait fails to be matched with the verification head portrait, the verification equipment feeds a certificate verification failure response back to the user node after applying a private key of the equipment to sign the certificate information.
4. An identity verification system based on a blockchain, comprising: user nodes, verification devices, participating nodes, and mining nodes, wherein,
the user node is configured to generate credential information, where the credential information includes: the certificate verification method comprises the steps that certificate types, certificate numbers, certificate head portraits encrypted through a voiceprint key of a user and certificate basic information are applied, a user private key is used for signing certificate information and a user public key, and then a certificate verification request is sent to verification equipment, wherein a user node corresponds to terminal equipment held by the user of certificate information to be verified;
the verification equipment is used for receiving the certificate verification request, verifying the validity of the user private key by using the user public key, inquiring a prestored identity database corresponding to the certificate type if the verification is passed, and acquiring user voiceprint information and verification head portrait corresponding to the certificate number and verification basic information;
the verification equipment is further used for matching the verification basic information with the certificate basic information, if the matching is successful, the certificate head portrait encrypted by the user voiceprint key is decrypted according to the user voiceprint information and a preset algorithm, the decrypted certificate head portrait is matched with the verification head portrait, if the matching is successful, a private key of the equipment is used for signing the certificate information, and a certificate verification success response is fed back to the user node, so that the user node applies the private key of the user to sign the verification success response and then sends the signature to each participating node of the block chain network;
the participating node is used for applying a prestored user public key to perform signature verification on the user private key, applying a prestored equipment public key to perform signature verification on the equipment private key after the verification is passed, and sending an identity verification success message to the block chain network after the verification is passed;
the mining node is used for determining that the certificate information of the user node is successfully verified if the proportion of the participating nodes which acquire the identity verification success message within the preset time exceeds a preset first threshold value, writing the authentication success message into the block and broadcasting the authentication success message to the block chain network;
the participating node is further configured to perform signature verification on the user private key by using a pre-stored user public key, and send an authentication failure message to the blockchain network after the verification fails, or perform signature verification on the device private key by using a pre-stored device public key, and send an authentication failure message to the blockchain network after the verification fails;
the mining node is further used for determining that the certificate information of the user node fails to verify if the proportion of the participating nodes which acquire the identity verification failure message within the preset time exceeds a preset second threshold value, writing the authentication failure message into the block and broadcasting the authentication failure message to the block chain network;
the user node is further configured to receive certificate expiration update prompt information sent by the verification device, apply the user private key to sign the certificate information and the certificate validity period information, and send a certificate expiration update request to the verification device.
5. The system of claim 4, wherein the authentication device decrypts the user's voiceprint key encrypted certificate avatar based on the user voiceprint information and a preset algorithm, comprising:
processing the user voiceprint information, extracting voiceprint features, and generating a voiceprint vector corresponding to the voiceprint features;
calculating the voiceprint vector according to a preset decryption algorithm to obtain a voiceprint private key;
and decrypting the certificate head portrait encrypted by the voiceprint private key of the user by using the voiceprint private key to obtain the certificate head portrait.
6. A computer arrangement comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the block chain based authentication method according to any one of claims 1-3 when executing the computer program.
7. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a blockchain-based authentication method according to any one of claims 1 to 3.
CN201811237886.6A 2018-10-24 2018-10-24 Identity verification method and system based on block chain Active CN109359691B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811237886.6A CN109359691B (en) 2018-10-24 2018-10-24 Identity verification method and system based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811237886.6A CN109359691B (en) 2018-10-24 2018-10-24 Identity verification method and system based on block chain

Publications (2)

Publication Number Publication Date
CN109359691A CN109359691A (en) 2019-02-19
CN109359691B true CN109359691B (en) 2020-11-06

Family

ID=65346380

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811237886.6A Active CN109359691B (en) 2018-10-24 2018-10-24 Identity verification method and system based on block chain

Country Status (1)

Country Link
CN (1) CN109359691B (en)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110166423B (en) * 2019-04-02 2021-09-10 创新先进技术有限公司 User credit determination method, device and system and data processing method
CN110287971B (en) * 2019-05-22 2023-11-14 平安银行股份有限公司 Data verification method, device, computer equipment and storage medium
CN110324314B (en) * 2019-05-23 2023-04-18 深圳壹账通智能科技有限公司 User registration method and device, storage medium and electronic equipment
CN112365630B (en) * 2019-07-24 2022-06-14 华为技术有限公司 Lock control method, communication device, communication equipment and storage medium
CN110572262A (en) * 2019-09-20 2019-12-13 中国银行股份有限公司 Block chain alliance chain construction method, device and system
CN110750576A (en) * 2019-09-25 2020-02-04 周羽 Block chain-based paper-electricity integrated certificate query method and system and storage medium
CN110851813B (en) * 2019-11-11 2021-01-26 北京海益同展信息科技有限公司 Identity verification method, node device of block chain system and block chain system
CN111131153B (en) * 2019-11-18 2021-11-23 西安电子科技大学 Biological identity information authentication method based on 5G cloud and mist mixed unified authentication platform
CN110995670B (en) * 2019-11-20 2022-02-25 深圳市雄帝科技股份有限公司 Block chain-based digital identity information management method and system
CN111526160B (en) * 2020-05-26 2022-08-09 中国联合网络通信集团有限公司 Secret information processing method and server
CN111832046B (en) * 2020-07-02 2024-02-23 中通服创发科技有限责任公司 Trusted data certification method based on blockchain technology
CN111818074B (en) * 2020-07-17 2022-08-05 上海朝夕网络技术有限公司 Distributed network node authentication method based on chip
CN111914231A (en) * 2020-07-23 2020-11-10 中国联合网络通信集团有限公司 Blockchain-based authentication method, system, device and storage medium
CN111914240B (en) * 2020-07-28 2023-09-15 中国联合网络通信集团有限公司 Identity verification method and system based on blockchain and notarization party node
CN112104631B (en) * 2020-09-07 2023-01-31 中国联合网络通信集团有限公司 Identity verification method and device based on block chain network
CN112217807B (en) * 2020-09-25 2022-09-16 山西特信环宇信息技术有限公司 A cone block chain key generation method, authentication method and system
CN112712372B (en) * 2020-12-30 2024-03-01 东软集团股份有限公司 Alliance chain cross-chain system and information calling method
CN115099814B (en) * 2022-06-13 2024-08-02 马上消费金融股份有限公司 Information processing method, device, equipment and storage medium
CN115396087B (en) * 2022-06-20 2024-04-30 中国联合网络通信集团有限公司 Identity authentication method, device, equipment and medium based on temporary identity certificate
CN120358102B (en) * 2025-06-24 2025-09-19 北京诺君安信息技术股份有限公司 Online passport verification method, system, terminal and medium based on secure transmission

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1777101A (en) * 2005-11-22 2006-05-24 大连理工大学 Real-time identity authentication method based on mobile phone, bluetooth and two-dimensional barcode
US9876646B2 (en) * 2015-05-05 2018-01-23 ShoCard, Inc. User identification management system and method
EP3348019A1 (en) * 2015-09-11 2018-07-18 Aware, Inc. Biometric verification of a blockchain database transaction contributor
CN105701372B (en) * 2015-12-18 2019-04-09 布比(北京)网络技术有限公司 A kind of building of block chain identity and verification method
CN107231331B (en) * 2016-03-23 2020-10-27 创新先进技术有限公司 Method and device for realizing acquisition and issuing of electronic certificate
CN107257340B (en) * 2017-06-19 2019-10-01 阿里巴巴集团控股有限公司 A kind of authentication method, authentication data processing method and equipment based on block chain

Also Published As

Publication number Publication date
CN109359691A (en) 2019-02-19

Similar Documents

Publication Publication Date Title
CN109359691B (en) Identity verification method and system based on block chain
CN111949953B (en) Identity authentication method, system and device based on block chain and computer equipment
CN108876374B (en) Block chain network identity document authentication method and system
US11336641B2 (en) Security enhanced technique of authentication protocol based on trusted execution environment
EP3343831B1 (en) Identity authentication method and apparatus
CN110138562B (en) Certificate issuing method, device and system of intelligent equipment
US8479001B2 (en) Self-authentication communication device and device authentication system
CN112165382B (en) Software authorization method and device, authorization server side and terminal equipment
CN107493273A (en) Identity identifying method, system and computer-readable recording medium
CN107733636B (en) Authentication method and authentication system
US11177963B2 (en) Method for authenticating a user based on an image relation rule and corresponding first user device, server and system
JP2004304751A5 (en)
CN106921640A (en) Identity identifying method, authentication device and Verification System
CN111130798B (en) Request authentication method and related equipment
CN105553926A (en) Authentication method, server, and terminal
CN108171019B (en) Anti-counterfeiting verification method, anti-counterfeiting verification system, anti-counterfeiting verification device and storage medium
CN104426659A (en) Dynamic password generating method, authentication method, authentication system and corresponding equipment
KR20110083886A (en) Apparatus and method for authenticating another portable terminal in the portable terminal
CN111031061A (en) Verification method and gateway equipment
CN113079506A (en) Network security authentication method, device and equipment
CN114143198A (en) Firmware upgrading method
CN109670289B (en) Method and system for identifying legality of background server
CN111970122A (en) Official APP identification method, mobile terminal and application server
CN109936522B (en) Equipment authentication method and equipment authentication system
CN115242471B (en) Information transmission method, information transmission device, electronic equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 100191 1107c, 11 / F, Xueyuan international building, 1 Zhichun Road, Haidian District, Beijing

Applicant after: IALLCHAIN Co.,Ltd.

Address before: 100043 5158, 5 floor, 11 Shixing street, Shijingshan District, Beijing.

Applicant before: IALLCHAIN Co.,Ltd.

GR01 Patent grant
GR01 Patent grant