CN113569210A - Distributed identity authentication method, device access method and device - Google Patents
Distributed identity authentication method, device access method and device Download PDFInfo
- Publication number
- CN113569210A CN113569210A CN202110778279.6A CN202110778279A CN113569210A CN 113569210 A CN113569210 A CN 113569210A CN 202110778279 A CN202110778279 A CN 202110778279A CN 113569210 A CN113569210 A CN 113569210A
- Authority
- CN
- China
- Prior art keywords
- user
- value
- service provider
- cloud service
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 89
- 238000012545 processing Methods 0.000 claims description 20
- 230000008569 process Effects 0.000 claims description 17
- 230000002441 reversible effect Effects 0.000 claims description 13
- 238000012795 verification Methods 0.000 claims description 9
- 230000007704 transition Effects 0.000 claims description 5
- 230000006870 function Effects 0.000 description 12
- 238000010586 diagram Methods 0.000 description 7
- 238000000605 extraction Methods 0.000 description 7
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- FFBHFFJDDLITSX-UHFFFAOYSA-N benzyl N-[2-hydroxy-4-(3-oxomorpholin-4-yl)phenyl]carbamate Chemical compound OC1=C(NC(=O)OCC2=CC=CC=C2)C=CC(=C1)N1CCOCC1=O FFBHFFJDDLITSX-UHFFFAOYSA-N 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 150000001875 compounds Chemical class 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The application discloses a distributed identity authentication method, a device access method and a device. The distributed identity authentication method comprises the following steps: the terminal equipment acquires user information; the terminal equipment acquires the encryption information of the user from the block chain based on the user information; the terminal equipment calculates based on the encrypted information and the user information to obtain a first value; the terminal equipment sends the first value to the authentication cloud service provider so that the authentication cloud service provider can verify the identity of the user based on the first value. According to the method and the device, the identity authentication of the user can be completed based on the encrypted information corresponding to the user stored in the block chain, and the problems of data leakage and single point of failure caused by a centralized registration center are solved.
Description
Technical Field
The present application relates to the field of block chain technologies, and in particular, to a distributed identity authentication method, a device access method, and an apparatus.
Background
Mobile cloud computing provides additional computing resource capacity for resource-constrained terminal devices. However, in order to use services provided by different cloud providers, a mobile user must register a user identity at different cloud providers while having to remember a plurality of identities and credentials to access various cloud providers, and such an authentication method is complicated and cumbersome.
Currently, although many single sign-on schemes have emerged to eliminate multiple repeated registrations of mobile users accessing cloud providers. However, most of these solutions rely on a trusted third party registry, which is a centralized entity that manages the identity information of all mobile users registered with it. A centralized registry has full control over the data it owns, resulting in an increased likelihood of user data leakage and risk of single point of failure.
Disclosure of Invention
The application provides a distributed identity authentication method, a device access method and a device, which can finish the identity authentication of a user based on encrypted information corresponding to the user stored in a block chain, and avoid the problems of data leakage and single point failure caused by a centralized registration center.
In order to achieve the above object, the present application provides a distributed identity authentication method, including:
the terminal equipment acquires user information;
the terminal equipment acquires the encryption information of the user from the block chain based on the user information;
the terminal equipment calculates based on the encrypted information and the user information to obtain a first value;
the terminal equipment sends the first value to the authentication cloud service provider so that the authentication cloud service provider can verify the identity of the user based on the first value.
In order to achieve the above object, the present application provides a distributed identity authentication method, including:
the authentication cloud service provider acquires a first value from the terminal equipment, wherein the first value is obtained by calculating the terminal equipment based on user encryption information and user information, and the user encryption information is obtained by the terminal equipment from the block chain based on the user information;
verifying the first value by the authentication cloud service provider;
and if the authentication passes the verification, the identity authentication message is sent to the terminal equipment to complete the identity authentication.
To achieve the above object, the present application provides a device access method, including:
the authentication cloud service provider obtains an access request and a first value sent by the terminal equipment, wherein the first value is obtained by the terminal equipment through calculation based on user encryption information and user information, and the user encryption information is obtained by the terminal equipment from a block chain based on the user information;
verifying the first value by the authentication cloud service provider;
and if the verification is passed, the authentication cloud service provider grants the authority of accessing the authentication cloud service provider to the terminal equipment.
To achieve the above object, the present application also provides an electronic device, which includes a processor; the processor is used for executing instructions to realize the method.
To achieve the above object, the present application also provides a computer-readable storage medium for storing instructions/program data that can be executed to implement the above method.
When the terminal equipment performs identity authentication, user information is obtained firstly, then encrypted information of a user is obtained from the block chain based on the user information, then the terminal equipment can calculate based on the encrypted information of the user and the user information to obtain a first value, and then the first value is sent to the authentication cloud service provider, so that the authentication cloud service provider completes user identity authentication under the condition that the first value authentication is passed, the identity authentication of the user can be completed based on the encrypted information corresponding to the user stored in the block chain, different servers registered to the block chain can authenticate the identity of the user based on the encrypted information corresponding to the user in the block chain, a centralized server is not needed to manage the information of the user, and the problems of data leakage and single-point faults are avoided.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic flowchart illustrating an embodiment of a block chain-based user registration method according to the present application;
fig. 2 is a schematic flowchart of another embodiment of a user registration method based on a block chain according to the present application;
FIG. 3 is a schematic flow chart diagram illustrating an embodiment of a distributed identity authentication method according to the present application;
fig. 4 is a schematic view of a workflow of a terminal device in the distributed identity authentication method of the present application;
FIG. 5 is a schematic view of a workflow of authenticating a cloud service provider in the distributed identity authentication method of the present application;
FIG. 6 is a schematic flow chart diagram illustrating another embodiment of a distributed identity authentication method according to the present application;
FIG. 7 is a schematic structural diagram of an embodiment of an electronic device of the present application;
FIG. 8 is a schematic structural diagram of an embodiment of a computer-readable storage medium according to the present application.
Detailed Description
The description and drawings illustrate the principles of the application. It will thus be appreciated that those skilled in the art will be able to devise various arrangements that, although not explicitly described or shown herein, embody the principles of the application and are included within its scope. Moreover, all examples herein are principally intended expressly to be only for pedagogical purposes to aid the reader in understanding the principles of the application and the concepts provided by the inventors and thus further the art, and are not to be construed as being limited to such specifically recited examples and conditions. Additionally, the term "or" as used herein refers to a non-exclusive "or" (i.e., "and/or") unless otherwise indicated (e.g., "or otherwise" or in the alternative). Moreover, the various embodiments described herein are not necessarily mutually exclusive, as some embodiments may be combined with one or more other embodiments to form new embodiments.
The method aims to solve the problems of user data leakage and single point of failure in the existing technical scheme of managing the user identity through a centralized registration center.
The application provides a user registration method based on a block chain, when a user registers to a cloud service provider through terminal equipment, the cloud service provider can process user information into encrypted information and upload the encrypted information to the block chain, so that other cloud service providers can also perform user identity authentication by using the encrypted information stored in the block chain, the user does not need to perform identity registration at different cloud service providers, the user identity information is managed through the block chain, a centralized registration center is not needed, the problems of data leakage and single-point faults are avoided, the encrypted information of the user information is stored in the block chain, and the safety of the user information can be improved.
The following describes the block chain-based user registration method in detail, where a flowchart of an embodiment of the block chain-based user registration method is specifically shown in fig. 1 and fig. 2, and the block chain-based user registration method of the present embodiment includes the following steps. The application field of the user registration method based on the block chain is not limited, and the user registration method based on the block chain can be applied to the cross-border trade field or the Internet of things device management field. It should be noted that the following step numbers are only used for simplifying the description, and are not intended to limit the execution order of the steps, and the execution order of the steps in the present embodiment may be arbitrarily changed without departing from the technical idea of the present application.
S101: the registration cloud service provider obtains a registration request of a user carrying user information.
In an implementation manner, the terminal device may directly send the registration request of the user carrying the user information to the registration cloud service provider, so that the registration cloud service provider may obtain the registration request of the user carrying the user information.
In another implementation manner, both the user and the registered cloud facilitator are nodes in a blockchain maintained by the user and the registered cloud facilitator, and the user can interact data with the registered cloud facilitator through the blockchain, so that the registered cloud facilitator provides services only according to a received registration request and user information of the user, but cannot know who the user provided with the services is, and privacy of the user can be protected.
In addition, the terminal equipment can encrypt the registration request of the user carrying the user information and send the encrypted data to the registration cloud service provider so as to improve the security of the user information. Moreover, the terminal device may select a cloud service provider as a cloud service provider (i.e., a registered cloud service provider) for receiving the registration request of the user, encrypt the registration request of the user carrying the user information with a public key of the registered cloud service provider, and send the encrypted registration request of the user to the registered cloud service provider, so that only the registered cloud service provider can decrypt the encrypted registration request of the user with its own private key to ensure the security of the user information.
The public key of the registered cloud service provider can be uploaded to the block chain by the registered cloud service provider when the registered cloud service provider registers in the block chain, so that the terminal device can obtain the public key of the registered cloud service provider from the block chain. In other embodiments, the registered cloud service provider may send the public key to some blockchain nodes selected by the registered cloud service provider, or may directly broadcast the public key over the whole network to send the public key to all blockchain nodes.
The computing process in which the public key of the cloud facilitator is registered may be: the registered cloud service provider selects at least one private key, such as x and y; the public key is then calculated using the private key. The public key Q can be calculated, for example, using the formula Q ═ x + y; wherein x and y are private keys selected by the registered cloud service provider, and P is a base point of the elliptic curve equation.
In addition, the user can select a registered cloud service provider nearby, and then the registration request of the user carrying the user information is sent to the registered cloud service provider nearby, so that the registered cloud service provider nearby selects processes the user information, each cloud service provider in the block chain is responsible for the registration request of the user node adjacent to the cloud service provider, and partition processing is achieved.
S102: and the registered cloud service provider calculates at least one piece of encryption information based on the own secret key and the user information.
After the registered cloud service provider obtains the registration request of the user carrying the user information, the registered cloud service provider can process the user information in response to the registration request of the user, so that the subsequent registered cloud service provider uploads the processed at least one piece of encryption information to the block chain to complete the registration of the user, and the user and other cloud service providers can obtain the at least one piece of encryption information corresponding to the user from the block chain, thereby authenticating the identity of the user when the user logs in or visits, allowing the user to log in a plurality of cloud service providers by only one-time registration, avoiding the problems of data leakage and single-point failure because a centralized registration center is not needed to manage the identity information of the user.
Optionally, the registered cloud service provider may perform reversible calculation on the user information based on a key of the registered cloud service provider to obtain the first encryption information, so that after the registered cloud service provider issues the first encryption information to the blockchain, the user may obtain the first encryption information from the blockchain, the user may calculate an estimated value of the key of the registered cloud service provider through the user information and the first encryption information obtained from the blockchain, and if the user information is correct, the estimated value of the key of the registered cloud service provider is equal to a true value of the key of the registered cloud service provider, so that the user identity authentication may pass.
The user information may include associated information obtained by processing the biometric features of the user by the user terminal. The registered cloud service provider can perform reversible calculation on the associated information based on a key of the registered cloud service provider to obtain first encrypted information, so that if the biological characteristics of the user acquired by the terminal device during user login are matched with the biological characteristics acquired during identity registration, the terminal device can calculate correct associated information based on the biological characteristics of the user acquired during user login, and further calculate the true value of the key of the registered cloud service provider so as to complete identity authentication of the user.
Further, the association information of the user may be obtained by associating the biometric characteristic of the user with the initial identification of the user. Specifically, the terminal device of the user can perform fuzzy extraction on the biological features of the user to obtain a key string; then, the key string is associated with the initial user identifier to obtain an associated value; and then carrying out hash processing on the correlation value to obtain correlation information.
Specifically, the calculation formula of the associated information is as follows: gen (BIO)i)=>(Bi,BF);
B1=h(IDi||Bi);
Wherein Gen (.) is a mother function of the fuzzy extractor; b isiThe key string is obtained by fuzzy extraction of biological characteristics; b isFA public copy string obtained by fuzzy extraction of biological characteristics; i is the correlation operation;
is an exclusive or operation; h (.) is a one-way hash function; IDiIs the initial identification of the user.
In an implementation manner, after the user identity registration is completed based on the implementation manner, and when the user logs in, the terminal device may send the calculated value of the key of the registered cloud service provider to the authentication cloud service provider, so that the authentication cloud service provider verifies the calculated value of the key, and if the verification is passed, the authentication cloud service provider passes the user identity verification.
In another implementation, because the authentication cloud service provider may not be the same as the registration cloud service provider, and the authentication cloud service provider may not know the true value of the key of the registration cloud service provider, in order to facilitate the authentication cloud service provider to verify the identity of the user, the registration cloud service provider may set two keys, namely, a first key and a second key, based on which the registration cloud service provider calculates the user information to obtain the first encrypted information, and based on which the registration cloud service provider calculates the first identifier of the registration cloud service provider to obtain the second encrypted information; in addition, the registered cloud service provider can also multiply a preset value by using the first key to obtain third encrypted information; the registered cloud service provider can also multiply the preset value by using a second key to obtain fourth encrypted information; then, in step S103, the first encrypted information, the second encrypted information, the third encrypted information and the fourth encrypted information are uploaded to the block chain, so that the terminal device used by the user when the user logs in can calculate a first key based on the user information and the first encrypted information obtained from the block chain, and multiply the first key and the fourth encrypted information obtained from the block chain to obtain a first value, and further the authentication cloud service provider can obtain information such as a first identifier of the registered cloud service provider, and calculate a second key using the information such as the first identifier of the registered cloud service provider and the second encrypted information obtained from the block chain, and obtain a second value using the second key and the third encrypted information obtained from the block chain, and if the user information used when the terminal device calculates the first value is correct and the calculation process is correct, then the second value will be the same as the first value, under the condition, the authentication cloud service provider passes the authentication of the user identity, so that the cloud service providers except the registered cloud service provider on the blockchain can also authenticate the identity of the user by using at least one piece of encryption information of the user, and the cloud service provider does not need to acquire information such as the biological characteristics of the user in the registration and login processes, so that the safety of the biological characteristic information of the user can be ensured. In order to describe the first, second, third and fourth encryption information, the first, second, third and fourth encryption information may be referred to as encryption information corresponding to a user, the first and fourth encryption information may be collectively referred to as encryption information of the user, and the second and third encryption information may be collectively referred to as encryption information of a registered cloud service provider.
The preset value may be a randomly generated random number, or may be a numerical value obtained by processing user information and/or identification information of a registered cloud service provider. Specifically, the user information may include a user identifier, and the preset value may be calculated for the user identifier and a second identifier of a registered cloud service provider. Further, in order to ensure the user information and the cloud service provider information, the identities of the user information and the cloud service provider information may be hidden by using an equation such as an elliptic curve, and specifically, the preset value may be obtained by performing elliptic curve calculation on the sum of the user identifier and the second identifier by a registered cloud service provider. The user identifier may be an initial identifier of the user, or may be a value obtained by performing hash processing on the initial identifier of the user.
The specific calculation formula of the first encryption information may be:
wherein A is4First encrypted information for the user, B1Is associated information of a user, nAFirst key, ID, for registering cloud facilitatorjTo register the second identification of the cloud server,
is an exclusive or operation.
And the specific calculation formula of the second encryption information may be:
wherein, PCSecond encrypted information corresponding to the user, h (S) a first identification of a registered cloud service provider, nBSecond Key, ID, to register cloud facilitatorjA second identification of the registered cloud facilitator,
is an exclusive or operation.
And the specific calculation formula of the third encryption information may be: pA=nA×P.(IDj+h(IDi));
Wherein, PAFor the third encrypted information, nAFirst key, ID, for registering cloud facilitatorjTo register a second identity, h (ID), of the cloud facilitatori) And identifying the user.
And the specific calculation formula of the fourth encryption information may be: pB=nB×P.(IDj+h(IDi));
Wherein, PBFourth encryption information, n, corresponding to the userBSecond Key, ID, to register cloud facilitatorjTo register a second identity, h (ID), of the cloud facilitatori) And identifying the user.
In addition, the first identifier of the registered cloud service provider may be obtained by processing a second identifier of the registered cloud service provider.
Specifically, the registered cloud service provider may first generate a first random number r;
then, the formula S is equal to h (r)1.P||IDj) Calculating an intermediate value, wherein | | is a correlation operation, P is a base point of an elliptic curve equation, and h is a one-way hash function h (): {0,1}* ->Zp, r is a first random number, S is an intermediate value;
and performing hash processing on the intermediate value S to obtain a first identifier h (S) of the registered cloud service provider.
The intermediate value can be saved in a local server by a registered cloud service provider. The second identifier and/or the first identifier of the registered cloud service provider can be stored on the blockchain, so that the authentication cloud service provider obtains the second identifier and/or the first identifier of the registered cloud service provider corresponding to the user from the blockchain, and the identity of the registered user can be authenticated. The second identifier and/or the first identifier of the registered cloud facilitator may be uploaded to the block chain by the registered cloud facilitator itself when the registered cloud facilitator registers in the block chain.
It can be understood that the user registration method based on the block chain is executed based on the block chain. In order to facilitate management of user identities and authentication of the user identities, at least part of cloud service providers can determine the base points of a unified hash function and an elliptic curve equation and the like at the initial stage of building a block chain, and the base points of the unified hash function and the elliptic curve equation are issued to the block chain, so that the terminal equipment and the cloud service providers can perform data processing by using the same hash function and the same base points of the elliptic curve equation, the terminal equipment and the cloud service providers can quickly and accurately perform key conversion, the condition that the user identity authentication fails due to external reasons that the terminal equipment and the cloud service providers use inconsistent hash functions and the base points of the elliptic curve equation is avoided, and a safe identity authentication channel can be provided for the user and the cloud service providers.
In addition, before step S102, the registered cloud facilitator may check whether the user has already registered on the blockchain based on the user information; if the account number is registered, the registered cloud service provider can ignore the registration request and send a prompt to the terminal equipment to prompt the user that the account number is registered; if not, go to step S102.
S103: and the registration cloud service provider uploads at least one piece of encryption information to the block chain so as to complete the registration of the user.
After obtaining the at least one encryption information based on step S102, the registered cloud facilitator may upload the at least one encryption information to the blockchain. And the registration cloud service provider can also send a successful registration message to the terminal equipment so as to enable the user to know that the user has successfully registered.
In addition, the terminal device may register some parameters (e.g., common copy string, fuzzy extraction function Gen (), copy function Rep (), one-way hash h (), time interval Δ t, base point P, and a) generated in the registration process1) And storing the data on the own equipment.
Wherein A is1Is obtained by the formula
Calculating; wherein, IDiThe initial identification of the user; b isiIs the associated information of the user; PW (pseudo wire)iIs a password entered by the user; slMay be a secret with a life cycle generated by processing the user biometric.
After the encrypted information corresponding to the user is uploaded to the block chain based on the user registration method based on the block chain or other user registration methods, the terminal device and the authentication cloud service provider can perform identity authentication on the user by using the encrypted information corresponding to the user in the block chain. The cloud service provider is a cloud service provider, and the cloud service provider can be a complete node in a blockchain and can own a complete copy of a blockchain distributed account book, so that the cloud service provider can search encrypted information corresponding to users registered by other cloud service providers on the blockchain, and identity authentication of the users can be performed conveniently. Specifically, as shown in fig. 3, the method for performing distributed identity authentication using the above-mentioned encryption information may include the following steps.
S201: the terminal device acquires user information.
S202: the terminal equipment acquires the encryption information of the user from the block chain based on the user information.
S203: the terminal device calculates based on the encryption information of the user and the user information to obtain a first value.
S204: the first value is verified by the authentication cloud service provider.
S205: and if the authentication passes the verification, the authentication cloud service provider sends the identity authentication message to the terminal equipment to complete identity authentication.
When the terminal equipment performs identity authentication, user information can be obtained firstly, so that the terminal equipment can obtain encryption information of a user from the blockchain based on the user information, the terminal equipment can calculate based on the encryption information of the user and the user information to obtain a first value, so that the user identity authentication can be completed under the condition that the authentication cloud service provider passes the first value authentication, the identity authentication of the user can be completed based on the encryption information corresponding to the user stored in the blockchain, different servers registered to the blockchain can authenticate the identity of the user based on the encryption information corresponding to the user in the blockchain, a centralized server is not needed to manage the information of the user, and the problems of data leakage and single-point faults are avoided.
In a first implementation manner, when the user is registered, the encryption information of the user is obtained by the registered cloud service provider through reversible calculation of the user information based on the key of the registered cloud service provider, then in step S203, the terminal device may calculate by using the user information and the encryption information of the user to obtain an estimated value of the key of the registered cloud service provider, and send the estimated value of the key of the registered cloud service provider as a first value to the authentication cloud service provider, so that the authentication cloud service provider authenticates the estimated value of the key of the registered cloud service provider, and if the authentication is passed, the authentication cloud service provider may send the identity authentication message to the terminal device to complete identity authentication of the user. Specifically, in step S204, the authentication cloud service provider may determine a true value of the key of the registration cloud service provider based on information such as an identifier of the registration cloud service provider corresponding to the user (for example, if the authentication cloud service provider is not the registration cloud service provider, the authentication cloud service provider may directly request the registration cloud service provider to obtain the true value of the key of the registration cloud service provider); and if the authentication cloud service provider determines that the key true value of the registered cloud service provider is consistent with the key calculation value of the registered cloud service provider sent by the terminal equipment, the first value passes the authentication.
In the second implementation manner, in step S203, the terminal device may estimate using the user information and the encryption information of the user to derive an estimated value of the key of the registered cloud service provider; the terminal equipment can calculate by using the calculated value of the secret key of the registered cloud service provider to obtain a first value, then the first value is sent to the authentication cloud service provider to enable the authentication cloud service provider to authenticate the first value, and if the authentication cloud service provider authenticates the first value, the authentication cloud service provider sends an identity authentication message to the terminal equipment to finish identity authentication of the user, namely the user identity authentication is passed. Optionally, in step S204, the authentication cloud service provider may calculate a second value based on the first value, the identifier of the registered cloud service provider, and the encryption information of the registered cloud service provider; confirming whether the first value and the second value are consistent; and if the first value is the same as the second value, the authentication cloud service provider passes the authentication of the first value.
In a third implementation manner, in order to facilitate different authentication cloud service providers to verify the identity of a user, when the user registers, the registration cloud service provider may obtain four pieces of encryption information, namely first encryption information, second encryption information, third encryption information, and fourth encryption information, corresponding to the user, by using two keys, namely a first key and a second key. Specifically, in step S202, the terminal device may obtain, from the blockchain, the first encryption information and the fourth encryption information that are stored on the blockchain when the user registers through the user information; then, in step S203, the terminal device calculates an estimated value of a first key of the registered cloud service provider by using the first encryption information and the user information; multiplying the extrapolated value of the first key by the fourth encryption information to obtain a first value; then, the terminal device sends the first value to an authentication cloud service provider, so that the authentication cloud service provider calculates a second key of the registration cloud service provider based on second encryption information corresponding to the user and the identifier of the registration cloud service provider in step S204; then multiplying the calculated second key by the third encryption information to obtain a second value; the authentication cloud service provider confirms whether the calculated second value is consistent with the first value or not; if the first value is consistent with the second value, the first value is verified to be passed, namely the user identity authentication is passed, and at the moment, the identity authentication message can be sent to the terminal equipment to finish the identity authentication of the user.
In a fourth implementation manner, in step S202, the terminal device may obtain, from the blockchain, the first encryption information and the fourth encryption information that are stored in the blockchain when the user registers through the user information; then, in step S203, the terminal device calculates an estimated value of a first key of the registered cloud service provider by using the first encryption information and the user information; multiplying the extrapolated value of the first key by the fourth encryption information to obtain a first intermediate value; the terminal equipment carries out reversible processing on the first intermediate value and the first encryption information to obtain a first value; the terminal device sends the first value to the authentication cloud service provider, so that the authentication cloud service provider calculates a second key of the registration cloud service provider based on the identifier of the registration cloud service provider and second encryption information acquired from the blockchain in step S204; then multiplying the calculated second key by third encryption information obtained from the block chain to obtain a second intermediate value; the authentication cloud service provider reversibly processes the second intermediate value, the first value and the first encryption information obtained from the block chain to obtain a second transition value; then the authentication cloud service provider carries out reversible calculation on the second transition value, the second intermediate value and the first encryption information to obtain a second value; then the authentication cloud service provider confirms whether the calculated second value is consistent with the first value or not; if the first value is consistent with the second value, the first value is verified to be passed, and the identity authentication message can be sent to the terminal equipment to finish the identity authentication of the user.
Optionally, the user information may include a user password, and the identifier of the registered cloud service provider includes the first identifier and the second identifier. The step of the terminal device performing reversible processing on the first intermediate value and the first encryption information may include: the terminal equipment processes the initial user identifier, the user password, the current key string and a second identifier of a registered cloud service provider to obtain a first correlation value; and then the terminal equipment carries out exclusive OR operation on the first correlation value, the first intermediate value and the first encryption information to obtain a first value.
Wherein, the calculation formula of the first correlation value can be as follows:
A5=h(IDi||PWi||Bi*||r2||T1||IDj);
wherein A is5Is a first associated value, IDiAn initial identification for the user; PW (pseudo wire)iA password for the user; b isiIs the current key string of the user; r is2Is a second random number; t is1Is the first time, IDjIs a second identification of the registered cloud facilitator. Wherein the second random number r2And a first time T1The terminal device may be generated in the case of obtaining user encryption information from the blockchain.
In addition, the calculation formula of the first value may be:
wherein A is6Is a first value, A5Is a first correlation value, D1Is a first intermediate value, A4First encrypted information for the user.
Further, in the foregoing implementation manner, the authentication cloud service provider may specifically perform reversible calculation (for example, exclusive or calculation) on the first identifier, the second identifier, and the second encryption information of the registered cloud service provider, so as to obtain an estimated value of the second key of the registered cloud service provider.
In addition, the user information may include the current biometric features of the user, which, in step S203 in the above-described implementation, the terminal device may process the current biometric characteristic to obtain current associated information of the user, then the terminal equipment carries out reversible operation by using the current associated information of the user and the encrypted information of the user to calculate the estimated value of the key of the registered cloud service provider, therefore, when the user identity is authenticated, the terminal equipment can send the first value obtained by processing the biological characteristics of the user to the authentication cloud service provider, instead of directly sending the user biological characteristics to the authentication cloud service provider, the user biological characteristics can be ensured not to be sent to other equipment on the premise of authenticating the user identity by using the user biological characteristics, and the terminal equipment does not need to store the user biological characteristics so as to protect the biological characteristic security of the user.
Further, the user information may also include an initial identification of the user. In step S203, the terminal device may process the initial identifier of the user based on the current biometric features of the user to obtain the current association information of the user.
Specifically, the step of the terminal device processing the initial identification of the user based on the current biometric features of the user may include: the terminal equipment can perform fuzzy extraction on the current biological characteristics of the user to obtain a current key string; then, the current key string is associated with the initial user identifier to obtain an associated value; and then carrying out hash processing on the correlation value to obtain correlation information.
Specifically, the calculation formula of the current associated information is as follows: gen (BIO)i*)=>(Bi*,BF*);
B1*=h(IDi||Bi*);
Wherein BIOiThe current biological characteristics are the biological characteristics acquired from the user when the terminal equipment logs in or accesses the authentication cloud service provider or when the user performs identity authentication on the authentication cloud service provider; gen (.) is the mother function of the fuzzy extractor; b isiThe method comprises the steps of obtaining a current key string by fuzzy extraction of current biological features of a user; b isFThe method comprises the steps of obtaining a current public copy string by fuzzy extraction of current biological features of a user; i is the correlation operation;
is an exclusive or operation; h (.) is a one-way hash function; IDiIs the initial identification of the user.
In addition, the initial identifier of the user may also be used to distinguish different users, so in step S202, the terminal device may find, from the blockchain, the encrypted information of the user stored in the blockchain distributed ledger when the user registers, by using the initial identifier of the user or using the user identifier obtained by processing the initial identifier.
Accordingly, after the first value is obtained from the terminal device, the authentication cloud provider may query the encrypted information, such as the first encrypted information, the second encrypted information, and the third encrypted information, corresponding to the user from the blockchain based on the user identifier or based on the user identifier and the identifier of the authentication cloud provider, so as to perform step S204 to verify the first value.
The authentication cloud service provider can determine information such as an identifier of a registration cloud service provider corresponding to the user based on the following method. For example, in step S204, the authentication cloud provider may find information such as an identifier of the registered cloud provider from the blockchain by using information such as a user identifier in the user information. For another example, after the terminal device calculates the first value, the terminal device may send the first value and the identifier of the registered cloud service provider to the authentication cloud service provider, so that the authentication cloud service provider may receive the identifier of the registered cloud service provider while receiving the first value.
In addition, when the first value is acquired from the terminal device, the authentication cloud service provider may use the current time as the second time T2And judging the second time T2And a first time T1Whether the difference value of (a) is within the validity period DeltaT; and if so, inquiring the encryption information corresponding to the user from the block chain based on the user identification or based on the user identification and the identification of the authentication cloud service provider.
Further, before inquiring the encryption information corresponding to the user from the blockchain based on the user identification or based on the user identification and the identification of the authentication cloud service provider, the authentication cloud service provider can also verify whether the user logs off on the blockchain based on the user identification; if the user logs off, the request is terminated, and the steps S204 and S205 are not executed; if the user does not log off, steps S204 and S205 are performed to verify the first value based on the queried encryption information corresponding to the user.
Further, in step S205 of the above implementation, the authentication cloud provider may generate an authentication message based on the first value and transmit the generated authentication message to the terminal device.
The identity authentication message may be generated by the following formula, but is not limited thereto:
wherein A is8For identity authentication messages, A5Is the second transition value, A6Is a first value, r2Is a second random number, T3At a third time, r3Is a third random number. Wherein. The third time and the third random number may be generated in a case where the authentication cloud facilitator passes the authentication of the first value.
In addition, the authentication cloud service provider may send the third time to the terminal device while sending the identity authentication message to the terminal device, so that the terminal device may confirm the time point T when the terminal device receives the identity authentication message4And a third time T3If the difference value is within the validity period delta T, the identity authentication is successful.
As shown in fig. 4, the steps of implementing the distributed identity authentication method for the terminal device are as follows.
S301: the terminal device acquires user information.
S302: the terminal equipment acquires the encryption information of the user from the block chain based on the user information.
S303: the terminal device performs calculation based on the encryption information and the user information to obtain a first value.
S304: the terminal equipment sends the first value to the authentication cloud service provider so that the authentication cloud service provider can verify the identity of the user based on the first value.
The above steps are similar to the related steps in the embodiment shown in fig. 3, and detailed description is omitted. When the terminal equipment performs identity authentication, user information is obtained firstly, then encrypted information of a user is obtained from the blockchain based on the user information, then the terminal equipment can calculate based on the encrypted information of the user and the user information to obtain a first value, and then the first value is sent to the authentication cloud service provider, so that the authentication cloud service provider can complete user identity authentication under the condition that the first value is authenticated, the identity authentication of the user can be completed based on the encrypted information corresponding to the user stored in the blockchain, different servers registered to the blockchain can authenticate the identity of the user based on the encrypted information corresponding to the user in the blockchain, a centralized server is not needed to manage the information of the user, and the problems of data leakage and single-point faults are avoided.
For the cloud service provider authentication, please refer to fig. 5 for steps of implementing the distributed identity authentication method, and fig. 5 is a schematic diagram of a workflow of the cloud service provider authentication in the distributed identity authentication method of the present application.
S401: the authentication cloud service provider acquires the first value from the terminal device.
The first value is calculated by the terminal device based on the encryption information of the user and the user information, and the encryption information of the user is obtained by the terminal device from the block chain based on the user information.
S402: the first value is verified by the authentication cloud service provider.
S403: and if the authentication passes the verification, the identity authentication message is sent to the terminal equipment to complete the identity authentication.
In this embodiment, the steps are similar to those in the embodiment shown in fig. 3, and detailed description is omitted. After receiving the first value from the terminal device, the authentication cloud service provider sends the identity authentication message to the terminal device to complete identity authentication under the condition that the first value is authenticated, wherein the first value is obtained by the terminal device through calculation based on the encryption information and the user information of the user, and the encryption information of the user is obtained by the terminal device from the block chain based on the user information.
In order to better explain the distributed identity authentication method of the present application, the following specific embodiment of user identity authentication is provided for illustrative explanation:
example 1
As shown in fig. 6, the distributed identity authentication method of the present embodiment includes the following steps:
1. user MUiExtracting its identification ID from a terminal deviceiPassword PWiBiological characteristic BIOiAnd provides access authentication to the block chain to the CSPjA request for (2);
2. after the block link receives the access request and the related information, the encryption information A stored in the previous registration is used4,PBSending the data to a user;
3. the user receives A from the tile link4,PBThen, a second random number r is generated2First time T1And calculate
A5=h(IDi||PWi||Bi*||r2||T1||IDj),
D1=nA×PB,
The user will then calculate the above first time T1A second random number r2And a first value A6The information is sent to the corresponding authentication cloud service provider CSPjTo perform identity authentication;
4. authentication cloud service provider CSPjReceiving user MUiTransmitted first value A6Waiting for information, verifying the second time T2And a first time T1If the difference value of (A) is within the validity period Delta T, the identification h (ID) of the user is passedi) And a second identification ID of the registered cloud service providerjRequesting encryption information corresponding to a user from a block chain;
5. block link receiving authentication cloud service provider CSPjH (ID) of transmissioni) And IDjVerifying whether the user is logged off on the distributed account book, if so, terminating the request, otherwise, inquiring the obtained A4,PAAnd PCReturned to the authentication cloud service provider CSPj;
6. Authentication cloud service provider CSPjReceiving A sent by a block chain4,PAAnd PCAnd verifying whether the locally generated key is consistent with the key sent by the user through local calculation:
S1=nB×PA,
verifying the second value A6Whether or not it is equal to the first value A6If yes, generating a third random number r3Third time T3And encrypts the information into an authentication message A8Send to user MUi
7. User MUiReceiving authentication cloud service provider CSPjComing from<A8,T3>First, the current time stamp T is checked4And a third time T3If the difference value is within the validity period delta T, the identity authentication is successful.
The identity authentication method of the present application can be applied to a plurality of application scenarios, for example, the following two application scenarios.
In an application scenario, before the terminal device accesses the authentication cloud service provider, the identity authentication method of the application may be executed, so that the authentication cloud service provider grants an access right to the terminal device after passing the identity authentication of the user using the terminal device. Specifically, in step S202, in the application scenario, the terminal device may submit an access request of the user to the authentication cloud service provider to a blockchain commonly maintained by the terminal device and the authentication cloud service provider, so that the blockchain sends the encrypted information of the user to the terminal device in response to the access request. The access request sent by the terminal device may carry information such as a user identifier, so that the blockchain finds encrypted information of the user stored in the blockchain when the user registers based on the information such as the user identifier.
In another application scenario, before the terminal device interacts with the authentication cloud service provider, the identity authentication method of the present application may be executed, so that the authentication cloud service provider performs information interaction with the terminal device after the authentication cloud service provider passes the identity authentication of the user using the terminal device.
In addition, if the user needs to update or retrieve the password because the user forgets the password, the user can use his/her current biometric BIOiAnd identification IDiInput into the terminal device so that the terminal device can provide the user with the current biometric BIOiAnd identification IDiAnd verifying, wherein if the verification is successful, the terminal equipment can agree with the password resetting request of the user, and at the moment, the user can input a new password or obtain the reset new password based on the terminal equipment.
BIO of terminal equipment to current biological characteristics of useriAnd identification IDiThe process of performing the verification can be as follows:
terminal equipment uses copy function of fuzzy extractor to carry out BIO on current biological characteristicsiPerforming calculations, i.e. using the formula Rep (BIO)i*,PF)=BiCalculating to obtain current key string Bi*;
Current key string B of terminal equipment to useriAnd identification ID of useriMaking the association, i.e. using formula B1*=h(IDi||BiIs calculated to obtain the current associated information B1*;
Terminal equipment verifies current associated information B of user1And associated information B stored on terminal equipment1Whether the two are consistent;
if so, a new secret s with a life cycle is generatednAnd based on the new password PWi nGeneration of a novel A1 nE.g. using formulae
Perform calculations to generate a new A1 nAnd use of a new compound A1 nReplacing A in original Mobile device1Therefore, the password is updated/retrieved without the participation of a cloud service provider in the whole process.
Referring to fig. 7, fig. 7 is a schematic structural diagram of an embodiment of an electronic device 20 according to the present application. The electronic device 20 of the present application includes a processor 22, and the processor 22 is configured to execute instructions to implement the method provided by any embodiment and any non-conflicting combination of the above-described user registration method based on blockchain.
The electronic device 20 may be a terminal such as a mobile phone or a notebook computer, or may be a server.
The processor 22 may also be referred to as a CPU (Central Processing Unit). The processor 22 may be an integrated circuit chip having signal processing capabilities. The processor 22 may also be a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. A general purpose processor may be a microprocessor or the processor 22 may be any conventional processor or the like.
The electronic device 20 may further include a memory 21 for storing instructions and data required for operation of the processor 22.
Referring to fig. 8, fig. 8 is a schematic structural diagram of a computer-readable storage medium according to an embodiment of the present disclosure. The computer readable storage medium 30 of the embodiments of the present application stores instructions/program data 31 that when executed enable the methods provided by any of the above embodiments of the methods of the present application, as well as any non-conflicting combinations. The instructions/program data 31 may form a program file stored in the storage medium 30 in the form of a software product, so as to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute all or part of the steps of the methods according to the embodiments of the present application. And the aforementioned storage medium 30 includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, or various media capable of storing program codes, or a computer, a server, a mobile phone, a tablet, or other devices.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a unit is merely a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
The above embodiments are merely examples and are not intended to limit the scope of the present disclosure, and all modifications, equivalents, and flow charts using the contents of the specification and drawings of the present disclosure or those directly or indirectly applied to other related technical fields are intended to be included in the scope of the present disclosure.
Claims (12)
1. A distributed identity authentication method, the method comprising:
the terminal equipment acquires user information;
the terminal equipment acquires the encryption information of the user from a block chain based on the user information;
the terminal equipment calculates based on the encryption information and the user information to obtain a first value;
the terminal equipment sends the first value to an authentication cloud service provider so that the authentication cloud service provider can verify the identity of the user based on the first value.
2. The distributed identity authentication method of claim 1,
the step of calculating by the terminal device based on the encryption information and the user information to obtain a first value includes:
the terminal equipment carries out calculation based on the encryption information, the registered cloud service provider identification and the user information to obtain a first value;
the step of having the authentication cloud service to verify the identity of the user based on the first value comprises:
the authentication cloud service provider sends an identity authentication message to the terminal equipment to complete identity authentication under the condition that the authentication cloud service provider confirms that the first value is consistent with the second value, the second value is obtained by the authentication cloud service provider through calculation based on the identification and encryption information of the registration cloud service provider and the first value, and the registration cloud service provider is a cloud service provider which responds to the registration request of the user to complete user registration.
3. The distributed identity authentication method of claim 1, wherein the user information comprises a current biometric characteristic of the user and an initial identification of the user, and the step of calculating by the terminal device based on the encryption information and the user information to obtain the first value comprises:
the terminal equipment processes the initial identification based on the current biological characteristics to obtain current associated information;
and the terminal equipment calculates based on the current associated information and the encrypted information to obtain the first value.
4. The distributed identity authentication method according to claim 3, wherein the user encryption information includes first encryption information, the identifier of the registered cloud service provider includes a second identifier, and the step of calculating, by the terminal device, based on the current association information and the user encryption information to obtain the first value includes:
the terminal equipment carries out reversible calculation on the current associated information, the first encrypted information and the second identification of the registered cloud service provider to obtain a calculation value of a first key of the registered cloud service provider, wherein the registered cloud service provider is a cloud service provider which responds to the registration request of the user and completes user registration;
and the terminal equipment calculates based on the calculated value of the first key to obtain the first value.
5. The distributed identity authentication method of claim 4, wherein the user encryption information comprises second encryption information, the terminal device performs calculation based on the estimated value of the first key, and the step of obtaining the first value comprises:
the terminal equipment multiplies the deduction value of the first secret key by fourth encryption information to obtain a first intermediate value;
and the terminal equipment carries out reversible processing on the first intermediate value and the first encryption information to obtain the first value.
6. The distributed identity authentication method of claim 5, wherein the user information comprises the user password, and the reversible processing of the first intermediate value and the first encrypted information by the terminal device to obtain the first value comprises:
the terminal equipment processes the initial identification, the password of the user, the current key string and a second identification of a registered cloud service provider to obtain a first correlation value;
the terminal equipment carries out exclusive OR operation on the first correlation value, the first intermediate value and the first encryption information to obtain a first value;
and the current key string is obtained by extracting the current biological characteristics by the terminal equipment by using a fuzzy extractor.
7. An identity authentication method, the method comprising:
the method comprises the steps that an authentication cloud service provider obtains a first value from a terminal device, wherein the first value is obtained by the terminal device through calculation based on user encryption information and user information, and the user encryption information is obtained by the terminal device from a block chain based on the user information;
the authentication cloud service provider verifies the first value;
and if the authentication is passed, sending the identity authentication message to the terminal equipment to complete identity authentication.
8. The identity authentication method of claim 7, wherein the step of verifying the first value by the authentication cloud facilitator comprises:
the authentication cloud service provider requests encryption information of a registration cloud service provider from a blockchain through a user identifier, wherein the registration cloud service provider is a service provider which responds to a registration request of the user and completes user registration;
the authentication cloud service provider calculates to obtain a second value based on the identification and the encryption information of the registration cloud service provider and the first value;
and the authentication cloud service provider confirms that the first value is consistent with the second value, and then sends the identity authentication message to the terminal equipment to complete identity authentication.
9. The identity authentication method of claim 8, wherein the identity of the registered cloud facilitator comprises a first identity and a second identity, the encryption information of the registered cloud facilitator comprises a second encryption information and a third encryption information,
the step that the authentication cloud service provider calculates a second value based on the identification and the encryption information of the registration cloud service provider and the first value comprises the following steps:
the authentication cloud service provider requests first encryption information of the user from the blockchain based on the user identification;
the step that the authentication cloud service provider calculates a second value based on the identification and the encryption information of the registration cloud service provider and the first value comprises the following steps:
the authentication cloud service provider calculates the first identification, the second identification and the second encryption information of the registration cloud service provider to obtain a calculation value of a second key of the registration cloud service provider;
the authentication cloud service provider multiplies the calculation value of the second key by the third encryption information to obtain a second intermediate value;
the authentication cloud service provider carries out reversible calculation on the second intermediate value, the first encryption information and the first value to obtain a second transition value;
and the authentication cloud service provider performs reversible calculation on the second transition value, the second intermediate value and the first encryption information to obtain the second value.
10. A method for device access, the method comprising:
the method comprises the steps that an authentication cloud service provider obtains an access request and a first value sent by terminal equipment, wherein the first value is obtained by the terminal equipment through calculation based on user encryption information and user information, and the user encryption information is obtained by the terminal equipment from a block chain based on the user information;
the authentication cloud service provider verifies the first value;
and if the verification is passed, the authentication cloud service provider grants the authority of accessing the authentication cloud service provider to the terminal equipment.
11. An electronic device, characterized in that the electronic device comprises a processor; the processor is configured to execute instructions to implement the method of any one of claims 1-10.
12. A computer-readable storage medium, characterized in that a program file capable of implementing the method of any one of claims 1-10 is stored in the computer-readable storage medium.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110778279.6A CN113569210B (en) | 2021-07-09 | 2021-07-09 | Distributed identity authentication method, device access method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110778279.6A CN113569210B (en) | 2021-07-09 | 2021-07-09 | Distributed identity authentication method, device access method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113569210A true CN113569210A (en) | 2021-10-29 |
| CN113569210B CN113569210B (en) | 2024-11-22 |
Family
ID=78164272
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110778279.6A Active CN113569210B (en) | 2021-07-09 | 2021-07-09 | Distributed identity authentication method, device access method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113569210B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112948784A (en) * | 2021-03-23 | 2021-06-11 | 中国信息通信研究院 | Internet of things terminal identity authentication method, computer storage medium and electronic equipment |
| CN115242435A (en) * | 2022-06-13 | 2022-10-25 | 中国电子科技集团公司第三十研究所 | Multi-factor authentication system and method with verifiable attribute |
| CN115766115A (en) * | 2022-10-28 | 2023-03-07 | 支付宝(杭州)信息技术有限公司 | Identity authentication method and device, storage medium and electronic equipment |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101464724B1 (en) * | 2013-10-15 | 2014-11-27 | 순천향대학교 산학협력단 | OpenID Based User Authentication Scheme for Multi-clouds Environment |
| KR101659226B1 (en) * | 2015-05-27 | 2016-09-30 | 인하대학교 산학협력단 | Method and system for remote biometric verification using fully homomorphic encryption |
| CN106533696A (en) * | 2016-11-18 | 2017-03-22 | 江苏通付盾科技有限公司 | Block chain-based identity authentication methods, authentication server and user terminal |
| EP3206151A1 (en) * | 2016-02-15 | 2017-08-16 | Bundesdruckerei GmbH | Method and system for authenticating a mobile telecommunication terminal on a service computer system and mobile telecommunication terminal |
| CN107196966A (en) * | 2017-07-05 | 2017-09-22 | 北京信任度科技有限公司 | The identity identifying method and system of multi-party trust based on block chain |
| CN109359464A (en) * | 2018-10-29 | 2019-02-19 | 南通大学 | A wireless security authentication method based on blockchain technology |
| CN109862041A (en) * | 2019-03-27 | 2019-06-07 | 深圳市网心科技有限公司 | A digital identity authentication method, device, device, system and storage medium |
| CN109983466A (en) * | 2018-09-27 | 2019-07-05 | 区链通网络有限公司 | A kind of account management system and management method, storage medium based on block chain |
| CN110069918A (en) * | 2019-04-11 | 2019-07-30 | 苏州同济区块链研究院有限公司 | A kind of efficient double factor cross-domain authentication method based on block chain technology |
| CN110457878A (en) * | 2019-08-14 | 2019-11-15 | 北京中电普华信息技术有限公司 | A blockchain-based identity authentication method, device and system |
| CN110858969A (en) * | 2018-08-23 | 2020-03-03 | 刘高峰 | Client registration method, device and system |
| CN111148094A (en) * | 2019-12-30 | 2020-05-12 | 全链通有限公司 | Registration method of 5G user terminal, user terminal equipment and medium |
| CN112052444A (en) * | 2020-10-10 | 2020-12-08 | 江苏工程职业技术学院 | Authentication system and method of identity authentication system based on block chain technology |
-
2021
- 2021-07-09 CN CN202110778279.6A patent/CN113569210B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101464724B1 (en) * | 2013-10-15 | 2014-11-27 | 순천향대학교 산학협력단 | OpenID Based User Authentication Scheme for Multi-clouds Environment |
| KR101659226B1 (en) * | 2015-05-27 | 2016-09-30 | 인하대학교 산학협력단 | Method and system for remote biometric verification using fully homomorphic encryption |
| EP3206151A1 (en) * | 2016-02-15 | 2017-08-16 | Bundesdruckerei GmbH | Method and system for authenticating a mobile telecommunication terminal on a service computer system and mobile telecommunication terminal |
| CN106533696A (en) * | 2016-11-18 | 2017-03-22 | 江苏通付盾科技有限公司 | Block chain-based identity authentication methods, authentication server and user terminal |
| CN107196966A (en) * | 2017-07-05 | 2017-09-22 | 北京信任度科技有限公司 | The identity identifying method and system of multi-party trust based on block chain |
| CN110858969A (en) * | 2018-08-23 | 2020-03-03 | 刘高峰 | Client registration method, device and system |
| CN109983466A (en) * | 2018-09-27 | 2019-07-05 | 区链通网络有限公司 | A kind of account management system and management method, storage medium based on block chain |
| CN109359464A (en) * | 2018-10-29 | 2019-02-19 | 南通大学 | A wireless security authentication method based on blockchain technology |
| CN109862041A (en) * | 2019-03-27 | 2019-06-07 | 深圳市网心科技有限公司 | A digital identity authentication method, device, device, system and storage medium |
| CN110069918A (en) * | 2019-04-11 | 2019-07-30 | 苏州同济区块链研究院有限公司 | A kind of efficient double factor cross-domain authentication method based on block chain technology |
| CN110457878A (en) * | 2019-08-14 | 2019-11-15 | 北京中电普华信息技术有限公司 | A blockchain-based identity authentication method, device and system |
| CN111148094A (en) * | 2019-12-30 | 2020-05-12 | 全链通有限公司 | Registration method of 5G user terminal, user terminal equipment and medium |
| CN112052444A (en) * | 2020-10-10 | 2020-12-08 | 江苏工程职业技术学院 | Authentication system and method of identity authentication system based on block chain technology |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112948784A (en) * | 2021-03-23 | 2021-06-11 | 中国信息通信研究院 | Internet of things terminal identity authentication method, computer storage medium and electronic equipment |
| CN112948784B (en) * | 2021-03-23 | 2024-05-14 | 中国信息通信研究院 | Internet of Things terminal identity authentication method, computer storage medium and electronic device |
| CN115242435A (en) * | 2022-06-13 | 2022-10-25 | 中国电子科技集团公司第三十研究所 | Multi-factor authentication system and method with verifiable attribute |
| CN115242435B (en) * | 2022-06-13 | 2023-05-26 | 中国电子科技集团公司第三十研究所 | Multi-factor authentication system and method with verifiable attribute |
| CN115766115A (en) * | 2022-10-28 | 2023-03-07 | 支付宝(杭州)信息技术有限公司 | Identity authentication method and device, storage medium and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113569210B (en) | 2024-11-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Mandal et al. | Certificateless-signcryption-based three-factor user access control scheme for IoT environment | |
| EP3570515B1 (en) | Method, device, and system for invoking network function service | |
| EP3550783B1 (en) | Internet of things device burning verification method and apparatus | |
| JP6716745B2 (en) | Blockchain-based authorization authentication method, terminal and server using this | |
| RU2414086C2 (en) | Application authentication | |
| US8978100B2 (en) | Policy-based authentication | |
| US9185146B2 (en) | Service providing system | |
| EP2553894B1 (en) | Certificate authority | |
| CN108292454A (en) | Access management | |
| WO2011134395A1 (en) | Authentication method and device, authentication centre and system | |
| KR20170106515A (en) | Multi-factor certificate authority | |
| CN113569210B (en) | Distributed identity authentication method, device access method and device | |
| JP2018517367A (en) | Service provider certificate management | |
| JP2013504832A (en) | Method and apparatus for reliable authentication and logon | |
| US20120311331A1 (en) | Logon verification apparatus, system and method for performing logon verification | |
| US11777743B2 (en) | Method for securely providing a personalized electronic identity on a terminal | |
| US8234497B2 (en) | Method and apparatus for providing secure linking to a user identity in a digital rights management system | |
| JP5992535B2 (en) | Apparatus and method for performing wireless ID provisioning | |
| CN110771087B (en) | Private key update | |
| KR102118556B1 (en) | Method for providing private blockchain based privacy information management service | |
| US9882891B2 (en) | Identity verification | |
| CN116232599A (en) | Internet of things identity authentication method, internet of things terminal and server | |
| CN113569209B (en) | User registration method and device based on block chain | |
| JP2017139026A (en) | Method and apparatus for reliable authentication and logon | |
| Soni et al. | A User Convenient Secure Authentication Scheme for Accessing e-Governance Services |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |