CN109617692A - A kind of anonymous login method and system based on block chain - Google Patents

A kind of anonymous login method and system based on block chain Download PDF

Info

Publication number
CN109617692A
CN109617692A CN201811526788.4A CN201811526788A CN109617692A CN 109617692 A CN109617692 A CN 109617692A CN 201811526788 A CN201811526788 A CN 201811526788A CN 109617692 A CN109617692 A CN 109617692A
Authority
CN
China
Prior art keywords
user
parameter
block chain
attribute information
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811526788.4A
Other languages
Chinese (zh)
Other versions
CN109617692B (en
Inventor
刘云霞
李汝佳
王永浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Changxi Network Technology Co Ltd
Zhengzhou Normal University
Original Assignee
Shanghai Changxi Network Technology Co Ltd
Zhengzhou Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Changxi Network Technology Co Ltd, Zhengzhou Normal University filed Critical Shanghai Changxi Network Technology Co Ltd
Priority to CN201811526788.4A priority Critical patent/CN109617692B/en
Publication of CN109617692A publication Critical patent/CN109617692A/en
Application granted granted Critical
Publication of CN109617692B publication Critical patent/CN109617692B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of anonymous login methods based on block chain, including initialize to authorization server, and the public key of acquisition generates corresponding block chain address, and authorized certificate is sent to user;The whole attribute informations for enumerating user are obtained the identification parameters and checking parameter of user, and are cured in block chain using authorized certificate;Condition is logged according to system publication, attribute information required for selecting generates user's login credential;System receives user's login credential, is verified according to subscriber identity parameter and/or checking parameter to user's login credential, and whether confirmation active user meets the condition of logging in.The invention also discloses a kind of anonymous login systems based on block chain.Deficiency of the technical solution of the present invention for current anonymous login system; personal attribute information is encrypted using hash algorithm, rivest, shamir, adelman etc.; and be saved on block chain, the personal attribute information of user can be protected to greatest extent under the premise of guaranteeing user identity safety certification.

Description

A kind of anonymous login method and system based on block chain
Technical field
The invention belongs to computer system security fields, and in particular to a kind of anonymous login method based on block chain and be System.
Background technique
In the 21st century, is with the continuous development of information technology, and also day shows protrusion to information security issue.How information is ensured The safety of system has become the problem of whole society's concern.Information security mainly includes the content of following five aspect, i.e., need to guarantee to believe The safety of the confidentiality, authenticity, integrality, unauthorised copies and institute's parasitic system of breath.The model that information security itself includes Enclose it is very big, including how taking precautions against the leakage of commercial enterprise's secret, prevention teenager to the browsing of flame, personal information Leakage etc..
Therefore, the information security system under network environment is the key that ensure information security, including computer security operates System, various security protocols, security mechanism (digital signature, message authentication, data encryption etc.), until security system, such as UniNAC, DLP etc. can threaten global safety simply by the presence of security breaches.Information security refers to that information system is (including hard Part, software, data, people, physical environment and its infrastructure) be protected, not by the reason of accidental or malice and by It destroys, change, leakage, system is continuously reliably normally run, and information service is not interrupted, and finally realizes business continuance.
Under this demand, anonymity logs in technology and just seems very necessary.It is to enter behaviour with anonymous way that anonymity, which logs in, The process for making system or application program, in the case that anonymity logs in, access request people need not submit whole personal information.Mesh There are two types of preceding anonymous landing approaches: having authorization anonymity to log in (such as password password authentication scheme) and unauthorized anonymity logs in (such as illegal invasion).The core concept for having authorization to log in is to separate the certification of user with logging in for user, with OAuth For the agreement of the open authorization of 2.0 users, the information of user can be placed in the authorization server of centralization, when user needs When accessing third party system, third party system requires the authorization server of user's inconocenter to obtain authorization token.
But in the process, have the following problems: (1) authorization server of centralization stores all letters of user Breath, the data once capture all information by hacker and will be exposed, user caused by being captured at present because of centralized server The event of information leakage emerges one after another in recent years;(2) such login schemes do not provide the anonymous function of logging in, if authorization service Device and third party system are ganged up, then can easily be traceable to very much this user.That is, the information of user still have it is multiple Uncontrolled disclosure approach.
Summary of the invention
Aiming at the above defects or improvement requirements of the prior art, the present invention provides a kind of anonymities based on block chain to log in Method at least can partially solve the above problems.Technical solution of the present invention still can not be real for current anonymous login system Existing situation, using hash algorithm, rivest, shamir, adelman etc. encrypts personal attribute information, and is saved into block On chain, the personal attribute information of user can be protected to greatest extent under the premise of guaranteeing user identity safety certification.
To achieve the above object, according to one aspect of the present invention, a kind of anonymity side of logging in based on block chain is provided Method, which is characterized in that including
S1 initializes authorization server, generates corresponding block chain address according to the public key obtained after initialization, And authorized certificate is sent to user;
S2 enumerates whole attribute informations of user, carries out Hash operation to attribute information, obtains the identification parameters of user And checking parameter, and be cured in block chain using authorized certificate;
S3 logs in condition according to what system was issued, and attribute information required for selecting generates user's login credential, and is mentioned Give the system that request logs in;
S4 system receives user's login credential, according to subscriber identity parameter and/or checking parameter to user's login credential into Whether row verifying, confirmation active user meet the condition of logging in.
Preferably as one of technical solution of the present invention, step S1 includes,
S11 determines security parameter and/or Encryption Algorithm, is initialized to the public key of authorization server and openly;
S12 obtains the user information of authorization according to the corresponding block chain address of public key acquisition, corresponding storage;
S13 authorization server generates several random numbers at random and distributes to user, as authorized certificate.
Preferably as one of technical solution of the present invention, step S2 includes,
S21 enumerates whole attribute informations of user, obtains the attribute information list of user;
S22 obtains the checking parameter of user in conjunction with attribute information according to security parameter;
Authorized certificate, identification parameters and the checking parameter that distribution obtains are sent authorization server by S23;
S24 carries out signature processing to the identification parameters that pass through of authorization and checking parameter, and solidifies and be saved in block chain.
Preferably as one of technical solution of the present invention, step S3 includes,
S31 is according to business demand, and open to log in condition, the condition that logs in mentions one or more attribute informations of user It requires out;
The user that logs in is according to condition is logged in for S32 request, and corresponding attribute information is selected to generate the cryptographic Hash corresponding to it And/or certificate parameter;
S33 generates login credential, and the login credential includes the attribute information for meeting the condition of logging in, the Kazakhstan of the attribute information The identification parameters and checking parameter of uncommon value, certificate parameter and user.
Preferably as one of technical solution of the present invention, step S4 includes,
S41 receives user's login credential, determines that the identification parameters of user and checking parameter are stored in block chain;
S42 carries out Hash calculation to the attribute information of user, determines itself and attribute cryptographic Hash phase corresponding in certificate parameter It coincide;
S43 determines the login credential that active user provides according to the attribute information, checking parameter and certificate parameter of user It is consistent with the identification parameters being stored in block chain, as it is verified.
According to one aspect of the present invention, a kind of anonymous login system based on block chain is provided, which is characterized in that packet It includes
Initial module generates corresponding for initializing to authorization server according to the public key obtained after initialization Block chain address, and authorized certificate is sent to user;
Authorization module carries out Hash operation to attribute information, obtains user for enumerating whole attribute informations of user Identification parameters and checking parameter, and be cured in block chain using authorized certificate;
Log-in module logs in condition for what is issued according to system, attribute information required for selecting generate user log in Card, and it is submitted to the system that request logs in;
Authentication module receives user's login credential for system, according to subscriber identity parameter and/or checking parameter to user Login credential is verified, and whether confirmation active user meets the condition of logging in.
Preferably as one of technical solution of the present invention, step initial module includes,
Initialization module initializes the public key of authorization server for determining security parameter and/or Encryption Algorithm And openly;
Block chain module, for according to the corresponding block chain address of public key acquisition, corresponding storage to obtain user's letter of authorization Breath;
Authorized certificate module generates several random numbers at random for authorization server and distributes to user, as authorization with Card.
Preferably as one of technical solution of the present invention, authorization module includes,
Attribute module obtains the attribute information list of user for enumerating whole attribute informations of user;
Parameter module, for obtaining the checking parameter of user in conjunction with attribute information according to security parameter;
Request module, authorized certificate, identification parameters and checking parameter for obtaining distribution are sent to authorization server;
Signature blocks, identification parameters and checking parameter for passing through to authorization carry out signature processing, and solidify and be saved in In block chain.
Preferably as one of technical solution of the present invention, log-in module includes,
Condition module, for according to business demand, open to log in condition, the condition that logs in be to the one or more of user Attribute information claims;
Attribute information module selects corresponding attribute information to generate it for requesting the user logged according to condition is logged in Corresponding cryptographic Hash and/or certificate parameter;
Login credential module, for generating login credential, the login credential include the attribute information for meeting the condition of logging in, Cryptographic Hash, certificate parameter and the identification parameters of user and checking parameter of the attribute information.
Preferably as one of technical solution of the present invention, authentication module includes,
Verification module determines that the identification parameters of user and checking parameter are stored in for receiving user's login credential In block chain;
Attribute authentication module carries out Hash calculation for the attribute information to user, determines that it is corresponding with certificate parameter Attribute cryptographic Hash match;
Authentication module determines active user for the attribute information, checking parameter and certificate parameter according to user The login credential of offer is consistent with the identification parameters being stored in block chain, is as verified.
In general, through the invention it is contemplated above technical scheme is compared with the prior art, have below beneficial to effect Fruit:
1) technical solution of the present invention provides a kind of login method of anonymity, third party compared with general equal login methods Resource system just knows that whether the user has the right to log in, the specifying information without knowing the user.Even if authorization server and Three method, systems are ganged up, and can not also know the privacy information of user.
2) technical solution of the present invention, compared with general equal login methods, user data is stored using distributing, the number of user According to there is user oneself storage, authorization server without saving any content, even if attacker invaded authorization server still without Method damages the privacy of user.
3) technical solution of the present invention, compared with general multiple utilization authorization server login method, user oneself is generated Anonymous login credential, user decide the anonymous credentials for when and where generating what uses demand in its sole discretion, without carrying out with authorization server Interaction, greatly optimizes and logs in process.
Detailed description of the invention
Fig. 1 is the message structure synoptic chart of technical solution of the present invention embodiment;
Fig. 2 is the Merkle Tree exemplary diagram of technical solution of the present invention embodiment;
Fig. 3 is the Sign-On authentication flow chart of technical solution of the present invention embodiment.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.It should be appreciated that described herein, specific examples are only used to explain the present invention, not For limiting the present invention.As long as in addition, technical characteristic involved in the various embodiments of the present invention described below that Not constituting conflict between this can be combined with each other.The present invention is described in more detail With reference to embodiment.
As shown in figure 3, a kind of anonymous login method based on block chain is provided in the embodiment of technical solution of the present invention, It is mainly characterized by, and user passes through authorization server first and carries out verifying authorization, then breathes out to personal attribute information Uncommon operation, generates specific cryptographic Hash, and will be in corresponding information preservation to block chain.User need login system (or Say it is third party system) when, it is only necessary to the cryptographic Hash of part attribute information and part attribute information is provided, by being stored in Verification information on block chain can verify the identity of user, to realize that the anonymity of user logs in.
It should be strongly noted that the anonymity in the present embodiment logs in, it is not the simple name that conceals, but to user Identity carry out part covering encryption, only need to provide partial user attributes information when being logged in, so that passing through use The part identity information that family provides, which can determine if to meet, logs in condition.To the part identity information provided according to user It can only determine certain crowd's range, can not actually determine specific user identity.That is, by that will request to log in User is hidden in the crowd for meeting certain condition range, to achieve the purpose that anonymity.
Specifically, it as shown in Figure 1, in the present embodiment, first has to according to security parameter and rivest, shamir, adelman etc., it is right The public key and private key of authorization server are initialized, and the public key of the authorization server is disclosed, and according to the public key acquisition pair The block chain address ADR answered.Authorization server by initialization generates several random numbers at random, and is randomly assigned to use Family.In the present embodiment, random number is preferably expressed as { Rand0,Rand1,......,Randm-1,Randm}。
Further, user enumerates all properties information of itself, such as name, date of birth, gender, state Nationality ..., to obtain the set { attr of user's all properties0,attr1,.......,attrn-1,attrn, according to user Attribute set calculate obtain Merkle RootMerkle Root in the present embodiment is as shown in Figure 2.
Merkle Root for arbitrary user, in the present embodiment(identification parameters of user) preferably have such as Lower calculation formula:
Specifically it is exactly to carry out Hash operation by whole attribute informations to the user, finally obtains a representative The Merkle Root (cryptographic Hash) of user identity.Its principle is, is carried out continuously Hash operation to adjacent attribute, and incite somebody to action To result be iterated Hash operation.Because any character string carries out continuous Hash operation, (breathing out for identical cryptographic Hash is obtained Uncommon collision) probability is minimum, so that the cryptographic Hash of attribute can be used as the proof of identity mark of this user.
Above scheme is illustrated by taking Fig. 2 as an example, it is assumed that according to the name of user, date of birth, gender and nationality This several attribute informations can confirm the identity of user, then these attribute informations are divided into two groups, be iterated Hash respectively Operation, until obtaining last Merkle Root.As being that will represent the attr of name in Fig. 20With represent the date of birth attr1Hash operation is carried out, Hash (attr is obtained0, attr1), it is similar, obtain gender attribute information and nationality's attribute information Hash (attr2, attr3), then again to Hash (attr0, attr1) and Hash (attr2, attr3) Hash operation is carried out, Cryptographic Hash obtained is the Merkle Root in Fig. 2.
Due to carrying out Hash operation for any character string, (Hash collision) probability for obtaining identical cryptographic Hash is minimum, To which this Merkle Root can be used as the identification voucher of user.Preferably, to each attribute information in the present embodiment Hash operation is all carried out, i.e., for user i, the cryptographic Hash of j-th of attribute information has following expression:
hashij=Hash (attrij)。
Further, in Fig. 2 on the basis of Merkle Tree, selection parameter generates to one's name user as requested Checking parameter, checking parameter (the commitment ω in the present embodimenti) there is following expression:
Wherein G is ZpOn q rank subgroup, select random generator G=< g0>=...<gj>, h g0 a, r is random number, Aux is arbitrary number, is used to replace logon authentication code in the future.Parameter a is privacy parameters, is only in the possession of the user, other parameters are Open parameter.
Then, the random number and checking parameter that Merkle Root, distribution obtain are sent collectively to authorization service by user Device.Authorization server reads the random number of user's offer first, judges whether the random number in authorization server is distributed to user List of random numbers in, if, to user provide data be further processed after be sent in block chain, otherwise Refuse the authorization requests of the user.
Meet the user of determination requirement for random number, authorization server carries out signature processing to it first, then again into Row is sent, and detailed process is as follows:
Transaction=GenTran (version, input, output, data:userdata+signature)
After block chain node confirmation of the above-mentioned data parameters by certain data by permanent cured into block chain, anyone It can not all modify to the above-mentioned authentication information of the user, i.e. user's binding procedure for completing self attributes information. One as the present embodiment is preferred, in order to increase anonymity controlled and independent, can choose and above-mentioned step is performed a plurality of times Suddenly, i.e., signature processing repeatedly is carried out to the identification parameters and checking parameter that obtain according to customer attribute information, and is solidified guarantor It is stored in block chain.In other words, the technical solution in the present embodiment allows a user using more set cryptographic Hash (such as to identical Attribute information use different hash algorithms to obtain different cryptographic Hash etc.) carry out authentication, wherein each cryptographic Hash Can be different, but all it is the accurate true identity parameter of the user.
Simultaneously it is emphasized that during above scheme is implemented, user's continuous use repeatedly it is identical it is anonymous with Card may result in user anonymity mechanism forfeiture, more specifically, if the same user uses same class anonymous credentials (such as The only display age) same system connection is logged in repeatedly, which counter may release, this same class anonymous credentials belongs to together One user allows a user to exist to preferably realize the anti-traceability and anticorrelation of login system in the present embodiment It is authenticated on different authorization servers, and using there is hideing for different authorization server endorsement under different log on request Name voucher.
Herein technically, user can start to carry out anonymous access to third party system, and detailed process is as follows:
Firstly, third party system issues actual business demand, that indicates system logs in condition, such as only allows some group Personnel log in, or the personnel of certain age bracket is not allowed to log in, can freely set according to demand.Namely Say, can be logged in for user and certain threshold condition is set, can be user single attribute information (such as age, gender or Person nationality), it is also possible to the combination (such as age+gender) of multiple attribute informations, this is not made in technical solution of the present invention specific Restriction, also technical solution of the present invention is used the specific object classification in the present embodiment for illustrative purposes only, is not intended as to skill of the present invention The concrete restriction of art scheme.
Then, actual demand of the user according to third party system, the generation login credential of attribute information required for selecting, so The login credential is supplied to third party system afterwards.In the present embodiment, attribute information login credential is preferably as follows:
Wherein, authcode is logon authentication code, it should be noted that hashijAnd τijFor attribute attrjVerifying ginseng Number, τ hereinijIt is calculated as the algorithm of the Merkle proof of standard, τijCalculation formula is preferably as follows,
Wherein, ΓiCalculating use Susan Pedersen and promise to undertake algorithm because only user knows the parameter a of privacy and discrete The decomposition problem of logarithm, therefore only user can calculate rapidly Γi, calculation formula is preferably as follows:
hrg0 aux=hrg0 authcode
g0 arg0 aux=g0 ar′g0 authcode
It in other words, include following information in above-mentioned login credential: attribute information, the corresponding Hash of the attribute information The identification parameters of value, the certificate parameter of the attribute information, the checking parameter of user and user, third party is according to above- mentioned information pair The identity of user is verified.
In the present embodiment, the verification process of third party system is preferably as follows:
Third party's resource system according to the information scanning block chain in login credential, obtains firstAnd ωi, comparing it is No consistent in login credential, inconsistent then directly refuses log on request, unanimously then enters next step.Then right hashijIt is verified, i.e. verifying hashij=Hash (attrij) whether true, continue if setting up to τijWithIt is verified, Further to (ωi, Γi) verified, any one is unsatisfactory for, and refuses user and logs in, only above-mentioned in login credential Parameter information is verified, and is just allowed the user of current request to carry out anonymity and is logged in.
As it will be easily appreciated by one skilled in the art that the foregoing is merely illustrative of the preferred embodiments of the present invention, not to The limitation present invention, any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should all include Within protection scope of the present invention.

Claims (10)

1. a kind of anonymous login method based on block chain, which is characterized in that including
S1 initializes authorization server, generates corresponding block chain address according to the public key obtained after initialization, and will Authorized certificate is sent to user;
S2 enumerates whole attribute informations of user, carries out Hash operation to attribute information, obtains identification parameters and the school of user Parameter is tested, and is cured in block chain using authorized certificate;
S3 logs in condition according to what system was issued, and attribute information required for selecting generates user's login credential, and is submitted to Request the system logged in;
S4 system receives user's login credential, is tested according to subscriber identity parameter and/or checking parameter user's login credential Whether card, confirmation active user meet the condition of logging in.
2. a kind of anonymous login method based on block chain according to claim 1, wherein the step S1 includes,
S11 determines security parameter and/or Encryption Algorithm, is initialized to the public key of authorization server and openly;
S12 obtains the user information of authorization according to the corresponding block chain address of public key acquisition, corresponding storage;
S13 authorization server generates several random numbers at random and distributes to user, as authorized certificate.
3. a kind of anonymous login method based on block chain according to claim 1 or 2, wherein the step S2 includes,
S21 enumerates whole attribute informations of user, obtains the attribute information list of user;
S22 obtains the checking parameter of user in conjunction with attribute information according to security parameter;
Authorized certificate, identification parameters and the checking parameter that distribution obtains are sent authorization server by S23;
S24 carries out signature processing to the identification parameters that pass through of authorization and checking parameter, and solidifies and be saved in block chain.
4. described in any item a kind of anonymous login methods based on block chain according to claim 1~3, wherein the step S3 includes,
S31 is according to business demand, and open to log in condition, the condition that logs in wants one or more attribute informations proposition of user It asks;
The user that logs in is according to condition is logged in for S32 request, select corresponding attribute information generate cryptographic Hash corresponding to it and/or Certificate parameter;
S33 generates login credential, and the login credential includes the attribute information for meeting the condition of logging in, the Hash of the attribute information The identification parameters and checking parameter of value, certificate parameter and user.
5. a kind of anonymous login method based on block chain according to any one of claims 1 to 4, wherein the step S4 includes,
S41 receives user's login credential, determines that the identification parameters of user and checking parameter are stored in block chain;
S42 carries out Hash calculation to the attribute information of user, determines that it matches with attribute cryptographic Hash corresponding in certificate parameter;
S43 determines the login credential and guarantor that active user provides according to the attribute information, checking parameter and certificate parameter of user There are the identification parameters in block chain are consistent, as it is verified.
6. a kind of anonymous login system based on block chain, which is characterized in that including
Initial module generates corresponding block according to the public key obtained after initialization for initializing to authorization server Chain address, and authorized certificate is sent to user;
Authorization module carries out Hash operation to attribute information, obtains the body of user for enumerating whole attribute informations of user Part parameter and checking parameter, and be cured in block chain using authorized certificate;
Log-in module logs in condition for what is issued according to system, and attribute information required for selecting generates user's login credential, and It is submitted to the system that request logs in;
Authentication module receives user's login credential for system, is logged according to subscriber identity parameter and/or checking parameter to user Voucher is verified, and whether confirmation active user meets the condition of logging in.
7. a kind of anonymous login method based on block chain according to claim 6, wherein the step initial module packet It includes,
Initialization module initialize to the public key of authorization server and public for determining security parameter and/or Encryption Algorithm It opens;
Block chain module, for according to the corresponding block chain address of public key acquisition, corresponding storage to obtain the user information of authorization;
Authorized certificate module generates several random numbers for authorization server and distributes to user, at random as authorized certificate.
8. a kind of anonymous login method based on block chain according to claim 6 or 7, wherein the authorization module packet It includes,
Attribute module obtains the attribute information list of user for enumerating whole attribute informations of user;
Parameter module, for obtaining the checking parameter of user in conjunction with attribute information according to security parameter;
Request module, authorized certificate, identification parameters and checking parameter for obtaining distribution are sent to authorization server;
Signature blocks, identification parameters and checking parameter for passing through to authorization carry out signature processing, and solidify and be saved in block In chain.
9. according to a kind of described in any item anonymous login methods based on block chain of claim 6~8, wherein described to log in Module includes,
Condition module, for according to business demand, open to log in condition, the condition that logs in be to one or more attributes of user Information claims;
Attribute information module selects corresponding attribute information to generate its institute right for requesting the user logged according to condition is logged in The cryptographic Hash and/or certificate parameter answered;
Login credential module, for generating login credential, the login credential includes the attribute information for meeting the condition of logging in, the category Cryptographic Hash, certificate parameter and the identification parameters of user and checking parameter of property information.
10. according to a kind of described in any item anonymous login methods based on block chain of claim 6~9, wherein the verifying Module includes,
Verification module determines that the identification parameters of user and checking parameter are stored in block for receiving user's login credential In chain;
Attribute authentication module carries out Hash calculation for the attribute information to user, determines itself and category corresponding in certificate parameter Property cryptographic Hash matches;
Authentication module determines that active user provides for the attribute information, checking parameter and certificate parameter according to user Login credential it is consistent with the identification parameters being stored in block chain, be as verified.
CN201811526788.4A 2018-12-13 2018-12-13 Anonymous login method and system based on block chain Expired - Fee Related CN109617692B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811526788.4A CN109617692B (en) 2018-12-13 2018-12-13 Anonymous login method and system based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811526788.4A CN109617692B (en) 2018-12-13 2018-12-13 Anonymous login method and system based on block chain

Publications (2)

Publication Number Publication Date
CN109617692A true CN109617692A (en) 2019-04-12
CN109617692B CN109617692B (en) 2022-04-26

Family

ID=66008085

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811526788.4A Expired - Fee Related CN109617692B (en) 2018-12-13 2018-12-13 Anonymous login method and system based on block chain

Country Status (1)

Country Link
CN (1) CN109617692B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110958253A (en) * 2019-12-05 2020-04-03 全链通有限公司 Electronic voting method, device and storage medium based on block chain
CN111047763A (en) * 2019-12-05 2020-04-21 全链通有限公司 Electronic voting method, device and storage medium based on block chain
CN111355726A (en) * 2020-02-26 2020-06-30 广东工业大学 Identity authorization login method and device, electronic equipment and storage medium
CN111600900A (en) * 2020-05-26 2020-08-28 牛津(海南)区块链研究院有限公司 Single sign-on method, server and system based on block chain
CN111614687A (en) * 2020-05-26 2020-09-01 牛津(海南)区块链研究院有限公司 Identity verification method, system and related device
CN111985927A (en) * 2020-08-14 2020-11-24 上海朝夕网络技术有限公司 Block chain address authentication method and block chain transaction method based on social network
CN112367174A (en) * 2020-11-06 2021-02-12 深圳前海微众银行股份有限公司 Block chain consensus method and device based on attribute values
CN113011960A (en) * 2020-11-30 2021-06-22 腾讯科技(深圳)有限公司 Block chain-based data access method, device, medium and electronic equipment
CN113326327A (en) * 2021-06-15 2021-08-31 支付宝(杭州)信息技术有限公司 Block chain-based certificate query method, system and device
CN114268472A (en) * 2021-12-10 2022-04-01 杭州溪塔科技有限公司 User authentication method and system of application system based on block chain

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170257358A1 (en) * 2016-03-04 2017-09-07 ShoCard, Inc. Method and System for Authenticated Login Using Static or Dynamic Codes
CN107181765A (en) * 2017-07-25 2017-09-19 光载无限(北京)科技有限公司 Network digital identity identifying method based on block chain technology
CN107391944A (en) * 2017-07-27 2017-11-24 北京太云科技有限公司 A kind of electronic health record shared system based on block chain
US20180108024A1 (en) * 2016-06-03 2018-04-19 Chronicled, Inc Open registry for provenance and tracking of goods in the supply chain
CN108259438A (en) * 2016-12-29 2018-07-06 中移(苏州)软件技术有限公司 A kind of method and apparatus of the certification based on block chain technology
CN108809953A (en) * 2018-05-22 2018-11-13 飞天诚信科技股份有限公司 A kind of method and device of the anonymous Identity certification based on block chain
CN108881301A (en) * 2018-08-02 2018-11-23 珠海宏桥高科技有限公司 A kind of identity identifying method based on block chain
CN108959911A (en) * 2018-06-14 2018-12-07 联动优势科技有限公司 A kind of key chain generates, verification method and its device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170257358A1 (en) * 2016-03-04 2017-09-07 ShoCard, Inc. Method and System for Authenticated Login Using Static or Dynamic Codes
US20180108024A1 (en) * 2016-06-03 2018-04-19 Chronicled, Inc Open registry for provenance and tracking of goods in the supply chain
CN108259438A (en) * 2016-12-29 2018-07-06 中移(苏州)软件技术有限公司 A kind of method and apparatus of the certification based on block chain technology
CN107181765A (en) * 2017-07-25 2017-09-19 光载无限(北京)科技有限公司 Network digital identity identifying method based on block chain technology
CN107391944A (en) * 2017-07-27 2017-11-24 北京太云科技有限公司 A kind of electronic health record shared system based on block chain
CN108809953A (en) * 2018-05-22 2018-11-13 飞天诚信科技股份有限公司 A kind of method and device of the anonymous Identity certification based on block chain
CN108959911A (en) * 2018-06-14 2018-12-07 联动优势科技有限公司 A kind of key chain generates, verification method and its device
CN108881301A (en) * 2018-08-02 2018-11-23 珠海宏桥高科技有限公司 A kind of identity identifying method based on block chain

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
GAO Z , XU L: ""Blockchain-based Identity Management with Mobile Device"", 《CRYBLOCK"18: PROCEEDINGS OF THE 1ST WORKSHOP ON CRYPTOCURRENCIES AND BLOCKCHAINS FOR DISTRIBUTED SYSTEMS》 *
KEITH KOWAL: ""Implementing Authenticated Identity with Trusted Key and Auth0"", 《HTTPS:https://AUTH0.COM/BLOG/AUTHENTICATED-IDENTITY-TRUSTED-KEY-AUTH0/》 *
NAZRUL M. AHMAD; SITI FATIMAH ABDUL RAZAK: ""Improving Identity Management of Cloud-Based IoT Applications Using Blockchain"", 《2018 INTERNATIONAL CONFERENCE ON INTELLIGENT AND ADVANCED SYSTEM (ICIAS)》 *
刘敖迪; 杜学绘; 王娜; 李少卓: ""区块链技术及其在信息安全领域的研究进展"", 《软件学报》 *
宋宪荣; 张猛: ""网络可信身份认证技术问题研究"", 《网络空间安全》 *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111047763A (en) * 2019-12-05 2020-04-21 全链通有限公司 Electronic voting method, device and storage medium based on block chain
CN110958253A (en) * 2019-12-05 2020-04-03 全链通有限公司 Electronic voting method, device and storage medium based on block chain
CN111355726A (en) * 2020-02-26 2020-06-30 广东工业大学 Identity authorization login method and device, electronic equipment and storage medium
CN111600900B (en) * 2020-05-26 2022-09-02 牛津(海南)区块链研究院有限公司 Single sign-on method, server and system based on block chain
CN111600900A (en) * 2020-05-26 2020-08-28 牛津(海南)区块链研究院有限公司 Single sign-on method, server and system based on block chain
CN111614687A (en) * 2020-05-26 2020-09-01 牛津(海南)区块链研究院有限公司 Identity verification method, system and related device
CN111985927A (en) * 2020-08-14 2020-11-24 上海朝夕网络技术有限公司 Block chain address authentication method and block chain transaction method based on social network
CN111985927B (en) * 2020-08-14 2024-04-26 上海朝夕网络技术有限公司 Block chain address authentication method and block chain transaction method based on social network
CN112367174A (en) * 2020-11-06 2021-02-12 深圳前海微众银行股份有限公司 Block chain consensus method and device based on attribute values
CN113011960A (en) * 2020-11-30 2021-06-22 腾讯科技(深圳)有限公司 Block chain-based data access method, device, medium and electronic equipment
CN113326327B (en) * 2021-06-15 2022-04-19 支付宝(杭州)信息技术有限公司 Block chain-based certificate query method, system and device
CN113326327A (en) * 2021-06-15 2021-08-31 支付宝(杭州)信息技术有限公司 Block chain-based certificate query method, system and device
CN114268472A (en) * 2021-12-10 2022-04-01 杭州溪塔科技有限公司 User authentication method and system of application system based on block chain
CN114268472B (en) * 2021-12-10 2023-12-15 杭州溪塔科技有限公司 User authentication method and system of application system based on block chain

Also Published As

Publication number Publication date
CN109617692B (en) 2022-04-26

Similar Documents

Publication Publication Date Title
US11496310B2 (en) Methods and systems for universal storage and access to user-owned credentials for trans-institutional digital authentication
CN109617692A (en) A kind of anonymous login method and system based on block chain
US11606352B2 (en) Time-based one time password (TOTP) for network authentication
CN108768988B (en) Block chain access control method, block chain access control equipment and computer readable storage medium
AU2018202251B2 (en) Parameter based key derivation
JP4790731B2 (en) Derived seed
CN112580102A (en) Multi-dimensional digital identity authentication system based on block chain
CN110874464A (en) Method and equipment for managing user identity authentication data
US11924332B2 (en) Cryptographic systems and methods using distributed ledgers
CN106992988B (en) Cross-domain anonymous resource sharing platform and implementation method thereof
KR102549337B1 (en) Systems and methods for biometric protocol standards
CN114239046A (en) Data sharing method
CN103220141A (en) Sensitive data protecting method and system based on group key strategy
Guo et al. Using blockchain to control access to cloud data
JP2014529124A (en) Method for managing and inspecting data from various identity domains organized into structured sets
CN109450636A (en) The integrity verification method of group data in a kind of cloud storage
Lyu et al. NSSIA: A New Self‐Sovereign Identity Scheme with Accountability
Wadhwa et al. Framework for user authenticity and access control security over a cloud
US20140245412A1 (en) Linking credentials in a trust mechanism
Barreto et al. Secure storage of user credentials and attributes in federation of clouds
KR101389981B1 (en) Data delegation method for public cloud storage service and data access method for the delegated data
Hiremath et al. Homomorphic authentication scheme for proof of retrievability with public verifiability
CN112036884A (en) Signature method and related equipment
CN113992380B (en) Trusted employee certificate authentication method and system based on network mapping certificate
Raja et al. An enhanced study on cloud data services using security technologies

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20220426