CN110071807B - Block chain point-to-point node authentication method, system and computer readable storage medium - Google Patents
Block chain point-to-point node authentication method, system and computer readable storage medium Download PDFInfo
- Publication number
- CN110071807B CN110071807B CN201910225548.9A CN201910225548A CN110071807B CN 110071807 B CN110071807 B CN 110071807B CN 201910225548 A CN201910225548 A CN 201910225548A CN 110071807 B CN110071807 B CN 110071807B
- Authority
- CN
- China
- Prior art keywords
- node
- point
- certificate
- authentication
- block chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a block chain point-to-point node authentication method, a system and a computer readable storage medium, wherein the point-to-point node authentication method comprises a certificate issuing process and a point-to-point authentication process; the certificate issuing process comprises the following steps: the node of the block chain applies for the block chain, and the block chain generates an encryption certificate after being checked and verified to the node applying for the block chain; (II) point-to-point authentication flow: and the node A and the node B perform mutual authentication based on the random code and the certificate. The block chain point-to-point node authentication method, the block chain point-to-point node authentication system and the computer readable storage medium are easy to implement and have the advantages of decentralization and flexible and convenient use.
Description
Technical Field
The invention relates to a block chain point-to-point node authentication method, a system and a computer readable storage medium.
Background
The point-to-point technology is the hot technology at present, and the point-to-point technology comprises the following steps: also known as P2P, P2P is an abbreviation for peer-to-peer length in english, i.e., person-to-person. Point-to-point in this patent refers primarily to between two services in a P2P network.
Current peer-to-peer networks either do not have authentication or are certified by a centralized server.
First, many existing peer-to-peer networks do not have any authentication mechanism, that is, any number of points can enter the whole network at any time, and if the peer-to-peer network has strict requirements on nodes, for example, the requirements meet certain performance and stability, the open peer-to-peer network cannot meet the requirements.
Secondly, the traditional certificate issuing, such as WEB, is performed through a centralized organization, which has risks brought by centralization, such as credibility, monopoly, and the like.
Therefore, the invention designs a decentralized authentication mechanism for the point-to-point network based on the block chain, effectively solves the node authentication mechanism in the point-to-point network, and simultaneously avoids the centralization problem of a certificate issuing organization.
Therefore, it is desirable to design a new method, system and computer readable storage medium for blockchain peer-to-peer node authentication.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a block chain point-to-point node authentication method, system and computer readable storage medium, which are easy to implement.
The technical solution of the invention is as follows:
a block chain point-to-point node authentication method is characterized by comprising a certificate signing and issuing process and a point-to-point authentication process;
the certificate issuing process comprises the following steps:
the method comprises the steps that a node needing to be authenticated applies for a block chain contract, and the block chain contract is verified according to a fixed flow and then generates an encryption certificate to the node applying for;
(II) point-to-point authentication flow:
and the node A and the node B perform mutual authentication based on the random code and the certificate.
The certificate issuing process comprises the following steps:
(1) the node provides basic information to apply for a certificate to the blockchain;
(2) and the block chain carries out Hash operation according to the basic information provided by the nodes, and then carries out encryption signature by using a private key of the block chain to generate a certificate to the nodes.
When a node applies for, a transfer is carried out to a fixed account of the block chain to generate a transaction ID, and the block chain contract needs to verify that the node applying for the certificate really provides the mortgage assets through the transaction ID.
The specific flow of the point-to-point authentication is as follows:
(1) after receiving the connection request, a node A sends a random code to a node B, and then waits for the node B to respond;
(2) the node B provides the certificate and original text information when applying for the certificate, and simultaneously responses to the node A after encrypting the received random code by using a private key of the node B;
(3) the node A checks the certificate responded by the node B:
performing hash operation on the certificate original text, decrypting the certificate by using a public key provided by a block chain center, and finally comparing whether the obtained hash values are matched or not;
(4) after the node A verifies the certificate sent by the node B, a public key corresponding to the certificate of the node B is obtained, and the encrypted random code sent by the node B is analyzed by the public key;
(5) and the node A continuously checks whether the random code is matched with the random code sent by the node A, and if so, the verification of the node A and the node B is finished.
A blockchain based point-to-point node authentication system, comprising:
the block chain is used for verifying the authentication request of the node and issuing a certificate;
a node in a blockchain having the following modules:
(1) the certificate request module is used for applying for a certificate to the blockchain;
(2) a module that makes an authentication request to another node: for making an authentication request to another node;
(3) a verification module: verifying authentication data sent by another node, wherein the authentication data comprises a certificate signed and issued by a block chain;
and the block chain point-to-point node authentication method is adopted to implement certificate issuing and point-to-point authentication.
A computer-readable storage medium, having stored thereon a computer program, which, when executed by a processor, is capable of implementing the aforementioned point-to-point node authentication method to implement certificate issuance and point-to-point authentication.
Has the advantages that:
the block chain point-to-point node authentication method, the block chain point-to-point node authentication system and the computer readable storage medium adopt a block chain based certificate issuing and point-to-point authentication scheme, and can bring the following benefits to a point-to-point network:
1. the invention can effectively seal the point-to-point network and provide solid basic support for the closed network.
2. The invention completes coverage from certificate issue to actual authentication, and can be directly applied to a point-to-point network environment needing node authentication.
Drawings
Fig. 1 is a flow diagram of a method, system, and computer-readable storage medium for block chain peer-to-peer node authentication.
Detailed Description
The invention will be described in further detail below with reference to the following figures and specific examples:
example 1:
as shown in fig. 1, the present invention may perform certificate issuance and provide for node authentication in a peer-to-peer network.
Firstly, certificate issuing based on a block chain mainly solves the problem of centralized pain points of the traditional issuing structure, and links an issuing process and an issuing result to form a fair and public certificate record.
The specific issuing process comprises the following steps:
1. nodes mortgage certain assets to ensure stability of the services that can be provided.
2. The node provides basic information to apply for a certificate to the blockchain.
3. The blockchain validates mortgage assets of the node.
4. And the block chain carries out Hash operation according to the basic information provided by the nodes, and then carries out encryption signature by using a private key of the block chain to generate a certificate to the nodes.
Brief introduction to Hash operations: hash, which is generally translated as a Hash, or transliteration, is a process of converting an input of arbitrary length (also called pre-map image) into an output of fixed length by a hashing algorithm, where the output is a Hash value. This transformation is a kind of compression mapping, i.e. the space of hash values is usually much smaller than the space of inputs, different inputs may hash to the same output, so it is not possible to determine a unique input value from a hash value. In short, it is a function of compressing a message of an arbitrary length to a message digest of a certain fixed length.
Secondly, when a node in the peer-to-peer network requests to link the other party, the node immediately requires the other party to perform identity authentication, wherein the authentication direction is bidirectional, namely, the validity of the certificate of the other party is mutually verified.
The authentication process of a specific party is as follows:
1. after receiving the connection request, a node A immediately sends a random code to the past, and then waits for the response of the other party.
2. The opposite node B needs to provide the certificate and the original text information when applying for the certificate, and simultaneously uses the private key of the opposite node B to encrypt the received random code and respond.
3. The node A checks the certificate responded by the node B: and carrying out Hash operation on the certificate original text, decrypting the certificate by using a public key provided by the block chain center, and finally comparing whether the obtained Hash values are matched or not.
4. After the node A verifies the certificate sent by the B, the public key corresponding to the certificate of the B is obtained, and then the encrypted random code sent by the B is verified by using the public key.
5. Node a continues to check whether the random code matches its own past.
And finally, combining certificate issuing and node authentication processes to form a complete set of block chain-based point-to-point node authentication scheme.
Claims (5)
1. A block chain point-to-point node authentication method is characterized by comprising a certificate signing and issuing process and a point-to-point authentication process;
the certificate issuing process comprises the following steps:
the method comprises the steps that a node needing to be authenticated applies for a block chain contract, and the block chain contract is verified according to a fixed flow and then generates an encryption certificate to the node applying for; when a node applies for, transferring accounts to a fixed account of a blockchain to generate a transaction ID, and verifying that the node applying for a certificate really provides mortgage assets through the transaction ID by a blockchain contract;
(II) point-to-point authentication flow:
and the node A and the node B perform mutual authentication based on the random code and the certificate.
2. The method of claim 1, wherein the certificate issuance process comprises the following steps:
(1) the node provides basic information to apply for a certificate to the blockchain;
(2) and the block chain carries out Hash operation according to the basic information provided by the nodes, and then carries out encryption signature by using a private key of the block chain to generate a certificate to the nodes.
3. A method of block chain point-to-point node authentication according to any of claims 1-2, wherein the specific flow of point-to-point authentication is as follows:
(1) after receiving the connection request, a node A sends a random code to a node B, and then waits for the node B to respond;
(2) the node B provides the certificate and original text information when applying for the certificate, and simultaneously responses to the node A after encrypting the received random code by using a private key of the node B;
(3) the node A checks the certificate responded by the node B:
performing hash operation on the certificate original text, decrypting the certificate by using a public key provided by a block chain center, and finally comparing whether the obtained hash values are matched or not;
(4) after the node A verifies the certificate sent by the node B, a public key corresponding to the certificate of the node B is obtained, and the encrypted random code sent by the node B is analyzed by the public key;
(5) and the node A continuously checks whether the random code is matched with the random code sent by the node A, and if so, the verification of the node A and the node B is finished.
4. A block chain based point-to-point node authentication system, comprising:
the block chain is used for verifying the authentication request of the node and issuing a certificate;
a node in a blockchain having the following modules:
(1) the certificate request module is used for applying for a certificate to the blockchain;
(2) a module that makes an authentication request to another node: for making an authentication request to another node;
(3) a verification module: verifying authentication data sent by another node, wherein the authentication data comprises a certificate signed and issued by a block chain;
performing certificate issuance and peer-to-peer authentication using the blockchain peer-to-peer node authentication method of any one of claims 1 to 2.
5. A computer-readable storage medium, having stored thereon a computer program which, when executed by a processor, is capable of implementing the peer-to-peer node authentication method as claimed in any one of claims 1-2 to implement certificate issuance and peer-to-peer authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910225548.9A CN110071807B (en) | 2019-03-22 | 2019-03-22 | Block chain point-to-point node authentication method, system and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910225548.9A CN110071807B (en) | 2019-03-22 | 2019-03-22 | Block chain point-to-point node authentication method, system and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110071807A CN110071807A (en) | 2019-07-30 |
| CN110071807B true CN110071807B (en) | 2022-03-01 |
Family
ID=67366444
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910225548.9A Active CN110071807B (en) | 2019-03-22 | 2019-03-22 | Block chain point-to-point node authentication method, system and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110071807B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112446701B (en) * | 2019-09-03 | 2024-04-05 | 上海唯链信息科技有限公司 | Identity authentication method, equipment and storage device based on blockchain |
| CN110601816B (en) * | 2019-09-18 | 2021-09-28 | 腾讯科技(深圳)有限公司 | Lightweight node control method and device in block chain system |
| CN111131171B (en) * | 2019-12-03 | 2021-05-11 | 深圳前海微众银行股份有限公司 | A method and device for node authentication based on blockchain network |
| CN111818074B (en) * | 2020-07-17 | 2022-08-05 | 上海朝夕网络技术有限公司 | Distributed network node authentication method based on chip |
| CN114285861B (en) * | 2021-12-21 | 2023-03-21 | 西安交通大学 | Decentralized trusted identity authentication method based on alliance chain |
| CN117478302B (en) * | 2023-12-28 | 2024-03-01 | 湖南天河国云科技有限公司 | Block chain-based privacy node identity verification method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107592293A (en) * | 2017-07-26 | 2018-01-16 | 阿里巴巴集团控股有限公司 | The means of communication, digital certificate management method, device and electronic equipment between block chain node |
| CN108182581A (en) * | 2017-12-29 | 2018-06-19 | 北京欧链科技有限公司 | A kind of bookkeeping methods and device of block chain |
| CN108512667A (en) * | 2018-04-16 | 2018-09-07 | 北京天德科技有限公司 | A kind of certification certificates constructing method based on block chain |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180082290A1 (en) * | 2016-09-16 | 2018-03-22 | Kountable, Inc. | Systems and Methods that Utilize Blockchain Digital Certificates for Data Transactions |
-
2019
- 2019-03-22 CN CN201910225548.9A patent/CN110071807B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107592293A (en) * | 2017-07-26 | 2018-01-16 | 阿里巴巴集团控股有限公司 | The means of communication, digital certificate management method, device and electronic equipment between block chain node |
| CN108182581A (en) * | 2017-12-29 | 2018-06-19 | 北京欧链科技有限公司 | A kind of bookkeeping methods and device of block chain |
| CN108512667A (en) * | 2018-04-16 | 2018-09-07 | 北京天德科技有限公司 | A kind of certification certificates constructing method based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110071807A (en) | 2019-07-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110071807B (en) | Block chain point-to-point node authentication method, system and computer readable storage medium | |
| CN110569674B (en) | Authentication method and device based on block chain network | |
| CN110958111B (en) | Block chain-based identity authentication mechanism of electric power mobile terminal | |
| CN101777978B (en) | Method and system based on wireless terminal for applying digital certificate and wireless terminal | |
| CN114499876B (en) | Internet of Things data storage method based on blockchain and NB-IoT chip | |
| CN113328997B (en) | Alliance chain crossing system and method | |
| CN108769010B (en) | Method and device for node invited registration | |
| CN101383707A (en) | Light-weight authentication system and key algorithm | |
| US20110167258A1 (en) | Efficient Secure Cloud-Based Processing of Certificate Status Information | |
| US11367065B1 (en) | Distributed ledger system for electronic transactions | |
| CN114051031B (en) | Encryption communication method, system, equipment and storage medium based on distributed identity | |
| CN113360861A (en) | Mortgage loan oriented decentralized identity method based on repeater cross-chain | |
| JP2022549070A (en) | Computer-implemented methods and systems for storing authenticated data on a blockchain | |
| CN113255014B (en) | Data processing method based on block chain and related equipment | |
| CN114531680A (en) | Lightweight IBC bidirectional identity authentication system and method based on quantum key | |
| CN111882410A (en) | Tax information query method and system based on block chain | |
| Garba et al. | LightCERT4IoTs: Blockchain-based lightweight certificates authentication for IoT applications | |
| CN114266069A (en) | House transaction electronic data sharing system and method based on block chain technology | |
| CN111353780B (en) | Authorization verification method, device and storage medium | |
| CN110690969A (en) | Method and system for completing bidirectional SSL/TLS authentication in cooperation of multiple parties | |
| Yang et al. | UCBIS: An improved consortium blockchain information system based on UBCCSP | |
| CN113328854B (en) | Service processing method and system based on block chain | |
| Parameswarath et al. | Privacy-Preserving User-Centric Authentication Protocol for IoT-Enabled Vehicular Charging System Using Decentralized Identity | |
| CN114172655A (en) | Secure multi-party computing data system, method, equipment and data processing terminal | |
| CN112926983A (en) | Block chain-based deposit certificate transaction encryption system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |