The content of the invention
One or more problems, the embodiment of the invention provides a kind of authentication method based on block chain in view of the above
And device.
A kind of first aspect, there is provided authentication method based on block chain.The method includes:
Producing private key and corresponding produce public key by block chain tra nsfer digital asset is used for according to generating random number;
Coded treatment is carried out to producing public key, generation is transferred to address;
Based on producing private key, to intending the transfer numerical value of the digital asset of transfer and being transferred to address and other necessary informations are entered
Row digital signature;
Based on shifting numerical value, being transferred to address, digital signature and producing public key, digital asset transfer data are obtained;
By digital asset shift data broadcasting to block chain in, with cause:
Certification end carries out one-level certification to digital asset transfer data, or
After the one-level certification, the service end and certification end be common digital asset transfer data are carried out it is many
Level certification.
A kind of second aspect, there is provided authentication method based on block chain.The method includes:
Receiving terminal broadcasts the digital asset transfer data in block chain;
Digital asset transfer data to being received carry out one-level certification, or
It is common with the terminal that multi-stage authentication is carried out to digital asset transfer data after the one-level certification;
The digital asset transfer data include:Intend transfer digital asset transfer numerical value, be transferred to address, digital signature, for leading to
That crosses block chain tra nsfer digital asset produces public key.
A kind of third aspect, there is provided authentication device based on block chain.The device includes:
Key generating unit, for according to generating random number be used for by block chain tra nsfer digital asset produce private key and
It is corresponding to produce public key;
Scalar/vector, for carrying out coded treatment to producing public key, generation is transferred to address;
Digital signature unit, for based on private key is produced, to intending the transfer numerical value of the digital asset of transfer and being transferred to address
It is digitally signed;
Data generating unit, for based on shifting numerical value, being transferred to address, digital signature and producing public key, obtaining numeral money
Produce transfer data;
Data broadcasting unit, for by digital asset shift data broadcasting to block chain in, with cause:
Certification end carries out one-level certification to digital asset transfer data, or
After the one-level certification, the service end and certification end be common digital asset transfer data are carried out it is many
Level certification.
A kind of fourth aspect, there is provided authentication device based on block chain.The device includes:
Data receipt unit, data are shifted for digital asset of the receiving terminal broadcast in block chain;
Data authentication unit, one-level certification is carried out for the digital asset transfer data to being received, or
It is common with the terminal that multi-stage authentication is carried out to digital asset transfer data after the one-level certification:
The digital asset transfer data include:Intend transfer digital asset transfer numerical value, be transferred to address, digital signature, for leading to
That crosses block chain tra nsfer digital asset produces public key.
In a first aspect, the present embodiment is when transfer digital asset is needed, by random number carried out series of processes generate it is close
Key and address is transferred to, loses, forget or the problems such as Brute Force so as to solve existing key and be transferred to address, can improved
The ability of assault.
Second aspect, the present embodiment improves the accuracy of certification by one-level or multi-stage authentication, can meet in area
The demand for security of data and transaction under block chain open environment.
The third aspect, the present embodiment by block chain tra nsfer digital asset can quickly processing data, cause data disclose,
It is transparent, cannot distort.
Specific embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
A part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
It should be noted that in the case where not conflicting, the feature in embodiment and embodiment in the application can phase
Mutually combination.Describe the application in detail below with reference to the accompanying drawings and in conjunction with the embodiments.
Fig. 1 (a) is the Verification System configuration diagram based on block chain of one embodiment of the invention.
As shown in Fig. 1 (a), the system architecture can include:Block chain 100, network 200, block chain node 110,120,
130th, 140,150 and 160.Block chain 100 is considered as distributed unified account book, by all participants (block chain node 110-
160) book keeping operation content is together decided on.Each participant preserves full dose data, and any individual participant cannot be carried out to data
Distort.According to different interaction scenarios, block chain node can be terminal node, certificate server node, merchant node, the 3rd
Fang Jiedian and bank node etc..Each node can be various electronic equipments.These electronic equipments include but is not limited to personal electricity
Brain, smart mobile phone, panel computer, personal digital assistant, server etc..These electronic equipments can be provided with various communication clients
End application, such as JICQ, mailbox client, social platform software, audio frequency and video software etc..Wherein, these electronics
Equipment has memory and logical operation process device, control element etc..These electronic equipments can send request of data, Huo Zheke
To receive request of data, data can also be analyzed, verified and stored etc. with treatment.
Network 200 is used to be provided between block chain node 110-160 the medium of communication link.Specifically, network can be with
Including various connection types, such as wired, wireless communication link or fiber optic cables etc..
The quantity of the block chain 100, network 200 and block chain node 110-160 that are appreciated that in Fig. 1 (a) is schematic
, can according to actual needs carry out flexible configuration.
Fig. 1 (b) is the block chain node structural representation of one embodiment of the invention.
If Fig. 1 (b) block chains node 110 can be terminal, such as smart mobile phone of Android system.The terminal can be wrapped
Include:Digital cash client, clock clock, safety chip SE, Javacard api interface, Javacard running environment,
Javacard virtual machines, bottom OS.It is appreciated that block chain node 120-160 can also be above-mentioned smart mobile phone, can be with
It is the server for authentication data.Clock clock can provide current time parameter.Safety chip SE can be stored with journey
Sequence, the operation of each step for performing certification.
In the present embodiment, terminal can be encrypted to digital asset to be transferred, to ensure that digital asset can pacify
Entirely, reliably it is transferred to another block chain node from a block chain node, or from outside block chain produces end
Gone to by block chain and be transferred to end outside block chain.Wherein, encryption technology can rely on ripe Javacard frameworks, by adding
Close class of algorithms JAVACard API constitute AES structural framing.The framework can include various keys, various signature algorithms,
Various AESs etc..Digital cash authentication Applet based on hardware SE can using these AES classes set up with
Applet relevant security logic, improves level of security when Applet runs.These AES classes can also be used simultaneously
For SE applications provide encryption and decryption service, to embody SE in the entire system as this feature of safety guarantee.
Javacard technologies have the international standard of maturation, and obtain qualification by world detection certification.Javacard specifications (including
JCVM, JCRE, JCAPI specification) and GlobalPlatform specifications in security domain management, logical channel and firewall system peace
Full mechanism, can effectively resist forbidden code attack, it is ensured that the sensitive data in Applet is not exposed.
Embodiments below can carry out data authentication with system architecture shown in application drawing 1 (a), Fig. 1 (b).In order to retouch
State succinct, each embodiment can mutual reference.
Fig. 2 is the authentication method schematic flow sheet based on block chain of one embodiment of the invention.
As shown in Fig. 2 the method is comprised the following steps:S210, is used to pass through block chain tra nsfer number according to generating random number
Word assets produce private key and corresponding produce public key;S220, coded treatment is carried out to producing public key, and generation is transferred to address;
S230, based on producing private key, the transfer numerical value of the digital asset to intending transfer, is transferred to address and other necessary datas and carries out numeral
Signature;S240, based on shifting numerical value, being transferred to address, digital signature and producing public key, obtains digital asset transfer data;S250,
By digital asset shift data broadcasting to block chain in, with cause:Certification end carries out one-level to digital asset transfer data
Certification, or after the one-level certification, the service end and certification end are carried out to digital asset transfer data jointly
Multi-stage authentication.
The present embodiment can apply to end side, and terminal can be specific to perform as the action executing main body of the present embodiment
Each step operation.The safety chip SE of terminal can be stored with digital cash authentication Applet application programs, the program
Can implement function such as:Initialization public key, generation are transferred to the functions such as address, signature, checking.
In step S210, safety chip SE can generate private key Sk using randomizer.By private key Sk by non-
Symmetric encipherment algorithm treatment can obtain public key Pk.
The corresponding public key that produces of generation can include:Produce private key based on described, by elliptic curve encryption algorithm ECC,
At least one of RSA cryptographic algorithms, Elgamal AESs, D-H AESs, the close SM2 algorithms of state rivest, shamir, adelman is given birth to
Corresponding public key is produced into described.
In step S220, coded treatment can carry out coded treatment using above-mentioned AES.Being transferred to address can be with
It is wallet address to be transferred to.
In step S230, digital signature can be that initial data is signed using private key Sk.Transaction (or turn
Move) initial data can include:Transfer accounts and number and be transferred to wallet address.
In step S240, digital asset transfer data can include:Numerical value is shifted, address, digital signature is transferred to and is turned
Go out public key.The present embodiment can will produce signature and produce public key and be added in initial data the transaction data for generating optimization.It is excellent
The transaction data of change can include:Transfer accounts number, be transferred to wallet address, produce signature and produce public key.
In step s 250, digital asset can be shifted data is activation to for authentication data by terminal by block chain
Certification end (authentication authorization and accounting server).
In a first aspect, the present embodiment is when transfer digital asset is needed, by random number carried out series of processes generate it is close
Key and address is transferred to, loses, forget or the problems such as Brute Force so as to solve existing key and be transferred to address, can improved
The ability of assault.
Second aspect, the present embodiment improves the accuracy of certification by one-level or multi-stage authentication, can meet in area
The demand for security of data and transaction under block chain open environment.
The third aspect, the present embodiment by block chain tra nsfer digital asset can quickly processing data, cause data disclose,
It is transparent, cannot distort.
As the first variant embodiment of embodiment illustrated in fig. 1, walked below increase on the basis of embodiment illustrated in fig. 2
Suddenly:S260, receives the encryption data from certification end, and encryption data is that certification end is carried out using public key is produced to random number seed
What encryption was generated;S270, is decrypted using encryption data of the private key to being received is produced, and obtains random number seed.This reality
Example is applied to can apply to transfer accounts the scene of number smaller (upper limit of for example transferring accounts is 999 yuan).Certification end is only needed in the present embodiment
Server carry out one-level certification.
In the present embodiment, public key Pk is sent to certificate server, certificate server through digital cash APP by block chain
Generation random number seed Seed simultaneously encrypts E (seed, PK), and return to digital cash APP, safe core by block chain using Pk
Piece SE digital cash applet private key Sk decrypt E (seed, PK) and preserve random number seed seed.
As the second variant embodiment of embodiment illustrated in fig. 1, can increase on the basis of the first variant embodiment with
Lower step:S280, receives current time parameter and an OTP (One-time Password, dynamic password) from certification end
Value, an OTP values carry out Hash operation and obtain to random number seed and current time parameter.
As the 3rd variant embodiment of embodiment illustrated in fig. 1, can increase on the basis of the second variant embodiment with
Lower step:S2100, the 2nd OTP values that Hash operation is obtained are carried out to random number seed and current time parameter;S2110, checking
Whether the first OTP values and the 2nd OTP values are equal;S2120, when the result indicates equal, digital asset transfer data pass through
Multi-stage authentication.The present embodiment can be 2 grades of certifications, and authentication authorization and accounting end carries out first time certification, and then client is recognized for the second time
Card.The present embodiment can apply to, when number of transferring accounts larger (for example, more than 1000 yuan), introduce and provide premium status certification
Means.In this case, block trade certification application, certification clothes are initiated to certificate server from recipient's digital cash APP
Business device carries out Hash calculating to initial random number seed seed and current time time, generates OTP values, returns to digital cash
APP.The OTP values and current time that digital cash APP will be received return to safety chip SE authentication Applet together,
Applet is calculated OTP ' together using the initial random number seed seed and current time for oneself preserving, when obtaining OTP=
During OTP ' consistent results, by checking, transaction data is digitally signed, and transaction initiator is returned to by block chain, from
And complete transaction.
By holding generation OTP numerical value, the wholesale payment scheme being authenticated by client (SE) enhances visitor to the present embodiment
The certification right at family end, OTP numerical value is generated than client, more scientific and reasonable by server authentication.
In certain embodiments, carry out coded treatment to producing public key, generation be transferred to address (that is, S220) can include with
Lower step:S221, public key cryptographic Hash is obtained to producing public key by Hash operation;S222, is that public key cryptographic Hash sets stem version
Notebook data;S223, is that public key cryptographic Hash sets afterbody verification data;S224, pair be provided with stem edition data and afterbody verification
The public key cryptographic Hash of data carries out coded treatment, and generation is transferred to address.
In certain embodiments, it is that public key cryptographic Hash can include the step of setting afterbody verification data (that is, S223):
S2231, the public key cryptographic Hash for pair being provided with stem edition data carries out the Hash operation of preset times;S2232, extracts computing
Specified portions data in result, generate afterbody verification data.
In certain embodiments, preset times are 2 times, and multistage is 2 grades.
For example, first by randomizer generation " private key ", " private key " is processed into " public key " by ECC algorithm.It is logical
Crossing known " private key " can calculate " public key ", and cannot reversely be released " private key " when known to " public key ".Public key is calculated by Hash
Method is obtained " public key Hash ", but can not obtain " public key " by " public key Hash ", and the address version number of a byte is linked to
" public key Hash " head, Hash operation twice is carried out to it, and 4 bytes before result as the check value of public key Hash are connected
In its afterbody.This result is encoded using AES, has just been obtained " wallet address ".
Above-described embodiment can carry out block chain (numeral by the digital cash authentication Applet loaded in hardware SE
Moneytary operations) on trading signature, improve the safety and reliability of transaction.
Fig. 3 is the schematic flow sheet that digital asset shifts data that obtains of one embodiment of the invention.
As shown in figure 3, obtain digital asset transfer data can include:S310, private is produced according to random number RA DOM generations
Key Sk;S320, algorithm process is encrypted to producing private key Sk;Public key Pk is produced in S330, generation;S340, sets initial data:
Transfer accounts and number and be transferred to address;S350, is digitally signed to producing private key Sk with initial data;Signature is produced in S360, generation;
S370, will produce signature and produces public key Pk and be added in initial data the transaction data for generating optimization, the number of deals of optimization
According to including:Transfer accounts number, be transferred to address, produce signature and produce public key Pk.
Fig. 4 is the authentication method schematic flow sheet based on block chain of another embodiment of the present invention.
As shown in figure 4, the method is comprised the following steps:S410, the digital asset that receiving terminal is broadcasted in block chain turns
Move data;S420, it is common with terminal that multi-stage authentication is carried out to digital assets transfer data after one-level certification;Digital asset
Transfer data include:Intend transfer digital asset transfer numerical value, be transferred to address, digital signature, for by block chain tra nsfer
Digital asset produces public key.
In certain embodiments, carrying out one-level certification to the digital asset transfer data for being received includes:To what is received
Digital asset transfer data carry out legitimate verification.For example, recipient's digital cash authentication Applet receives transaction data
Transaction data is decrypted by turning algorithm afterwards and obtains original transaction data, (i.e. the upper limit is less than 1000 yuan when number of transferring accounts
999 yuan) when, data are tested, whether it is more than the inspection for carrying out such as zero including to digital signature, transaction data, such as
Fruit verifies correctly, and digital cash is just successfully transferred to " being transferred to wallet " from " producing wallet ", completes transaction.It is raw in transaction file
Into unique sequence numbers, by block chain the whole network synchronization.
The present embodiment can apply to certification side, and server can be as the action executing main body of the present embodiment, specifically
Perform each step operation.The present embodiment is identical with embodiment illustrated in fig. 2 design, but (the angle of certification end from different angles
With the angle of terminal) authentication method based on block chain described.
In certain embodiments, carrying out multi-stage authentication to digital assets transfer data jointly with terminal includes:Generation is random
Several sons;Based on public key is produced, encryption data is encrypted and generated to random number seed;Encryption data is sent to terminal
Side, so that terminal-pair encryption data is decrypted, and obtains random number seed.
Hash operation is carried out to random number seed and current time parameter and obtains an OTP values;First OTP values are sent to
Terminal, for terminal:The 2nd OTP values that Hash operation is obtained, checking first are carried out to random number seed and current time parameter
Whether OTP values and the 2nd OTP values are equal, when the result indicates equal, by multi-stage authentication.
Fig. 5 is the authentication method schematic flow sheet based on block chain of further embodiment of this invention.The present embodiment is from end
End and server both sides carry out the angle of data interaction to describe the implementation of authentication method.
As shown in figure 5, the method is comprised the following steps:
S501, terminal is used to produce private key Sk by block chain tra nsfer digital asset according to generating random number;
S502, terminal carries out a series of calculation process using rivest, shamir, adelman to producing private key, and public key is produced in generation
Pk, server is sent to by public key Pk;
S503, server generation random number seed Seed, based on public key Pk is produced, is encrypted and gives birth to random number seed
Into encryption data E (Seed, Pk), encryption data is sent to terminal;
S504, terminal private key Sk is decrypted to encryption data, and obtains and preserve random number seed Seed.Terminal to
Server sends the transaction data of optimization;
Whether S505, the server number that judges to transfer accounts reaches threshold value (such as threshold value is 1000 yuan);
S506, when threshold value is not reaching to, server carries out one-level certification to the transaction data for optimizing;
S507, when a threshold is reached, server carries out Hash operation and obtains OTP to random number seed Seed and current time
Value, terminal is sent to by current time and OTP values;
S508, terminal-pair random number seed Seed and current time parameter carry out the OTP ' values that Hash operation is obtained;
Whether S509, terminal authentication OTP values and OTP ' values are equal;
S510, when the result indicates equal, by secondary authentication.
In the present embodiment, private key Sk can be generated using randomizer with the safety chip of terminal, private key is by ECC
Algorithm process is into public key Pk.Public key Pk is sent to certificate server, certificate server generation through digital cash APP by block chain
Random number seed Seed simultaneously encrypts E (seed, Pk), and return to digital cash APP, safety chip SE by block chain using Pk
Digital cash applet private key Sk decrypt E (seed, Pk) and preserve random number seed seed.
When initiating transaction, transaction data is generated by producing wallet private key Sk '.The initial data of transaction includes " number of transferring accounts "
" being transferred to wallet address ", then uses private key Sk ' to sign initial data.Private key is produced by after ECC algorithm treatment, being turned
Go out public key Pk '.Produce signature and produce public key and be added in initial data the transaction data for generating optimization, sent out by block chain
It is sent to recipient's node digital cash APP.
Recipient's digital cash authentication Applet is solved by turning algorithm after receiving transaction data to transaction data
It is close to obtain original transaction data, when number of transferring accounts is less than 1000 yuan (i.e. the upper limit is 999 yuan), data are tested, wherein
Including the inspection to digital signature, if verification is correct, digital cash is just successfully transferred to from " producing wallet " and " is transferred to money
Bag ", completes transaction.Unique sequence numbers are generated in transaction file, by block chain the whole network synchronization.
When number of transferring accounts is more than 1000 yuan, the means that premium status certification is provided are introduced.In this case, by receiving
Square digital cash APP initiates block trade certification application to certificate server, and certificate server is to initial random number seed seed
Hash calculating is carried out with current time time, generation OTP values (i.e. an OTP values) returns to digital cash APP.Digital cash
The OTP values and current time that APP will be received are returned to safety chip SE authentications Applet, Applet and are protected using oneself together
The initial random number seed seed and current time for depositing are calculated OTP ' (i.e. the 2nd OTP values) together, when obtaining OTP=OTP '
During consistent results, by checking, transaction is completed.
It should be noted that in the case where not conflicting, those skilled in the art can according to actual needs will be above-mentioned
The order of operating procedure is adjusted flexibly, or above-mentioned steps are carried out into the operation such as flexible combination.For simplicity, repeating no more
Various implementations.In addition, the content of each embodiment can mutual reference.
Fig. 6 is the structural representation of the authentication device based on block chain of one embodiment of the invention.The present embodiment can be answered
For end side.
As shown in fig. 6, the authentication device 600 based on block chain can include:The generation of Key generating unit 610, address is single
Unit 620, digital signature unit 630, data generating unit 640 and data radio unit 650.Wherein, Key generating unit 610 can
For being used for producing private key and corresponding produce public key by block chain tra nsfer digital asset according to generating random number;Address
Generation unit 620 can be used for carrying out coded treatment to producing public key, and generation is transferred to address;Digital signature unit 630 can be used
In based on private key is produced, it is digitally signed to intending the transfer numerical value of the digital asset of transfer and being transferred to address;Data genaration list
Unit 640 can be used for based on transfer numerical value, be transferred to address, digital signature and produce public key, obtain digital asset transfer data;Number
According to radio unit 650 can be used for by digital asset shift data broadcasting to block chain in, with cause:Certification end is to digital asset
Transfer data carry out one-level certification, or after one-level certification, service end and certification end are common to digital assets transfer data
Carry out multi-stage authentication.It is appreciated that digital signature unit 630 can also be digitally signed to other necessary datas.
It should be noted that the implementation of the functional unit or functional module shown in the present embodiment can be hard
Part, software, firmware or combinations thereof.When realizing in hardware, it may, for example, be electronic circuit, special integrated electricity
Road (ASIC), appropriate firmware, plug-in unit, function card etc..When being realized with software mode, element of the invention is used to hold
The program or code segment of task needed for row.Program or code segment can be stored in machine readable media, or by carrying
The data-signal carried in ripple send in transmission medium or communication links." machine readable media " can include storing
Or any medium of transmission information.The example of machine readable media includes electronic circuit, semiconductor memory devices, ROM, sudden strain of a muscle
Deposit, erasable ROM (EROM), floppy disk, CD-ROM, CD, hard disk, fiber medium, radio frequency (RF) link, etc..Code segment can
It is downloaded with the computer network via internet, Intranet etc..
As the first variant embodiment of embodiment illustrated in fig. 6, can increase on the basis of Fig. 6 embodiments:Data connect
Receive unit and data decryption unit.Wherein, data receipt unit can be used for receiving the encryption data from certification end, encrypt number
Generated using producing public key random number seed is encrypted according to being certification end;Data decryption unit can be used for using turn
Go out encryption data of the private key to being received to be decrypted, obtain random number seed.
As the second variant embodiment of embodiment illustrated in fig. 6, can increase on the basis of the first variant embodiment:Number
According to receiving unit.Wherein, data receipt unit can be additionally operable to receive current time parameter and an OTP from certification end
Value, an OTP values carry out Hash operation and obtain to random number seed and current time parameter.
As the 3rd variant embodiment of embodiment illustrated in fig. 6, can increase on the basis of the 3rd variant embodiment:Breathe out
Uncommon arithmetic element and data verification units.Wherein, Hash operation unit can be used for random number seed and current time parameter
Carry out the 2nd OTP values that Hash operation is obtained;Data verification units can be used for checking the first OTP values and the 2nd OTP values whether
Equal, when the result indicates equal, digital asset transfer data pass through multi-stage authentication.
In certain embodiments, scalar/vector can include:Hash operation module, stem setup module, afterbody set
Put module and data coding module.Wherein, Hash operation module can be used for obtaining public key by Hash operation to producing public key
Cryptographic Hash;Stem setup module can be used for setting stem edition data for public key cryptographic Hash;Afterbody setup module can be used for
For public key cryptographic Hash sets afterbody verification data;Data coding module can be used for pair being provided with stem edition data and afterbody school
Testing the public key cryptographic Hash of data carries out coded treatment, and generation is transferred to address.
In certain embodiments, afterbody setup module can include:Hash operation element and data extract element.Wherein,
Hash operation element can be used for the Hash operation that pair public key cryptographic Hash for being provided with stem edition data carries out preset times;Number
According to the specified portions data that element can be used for extracting in the result of computing are extracted, afterbody verification data is generated.
In certain embodiments, preset times are 2 times, and multistage is 2 grades.It is appreciated that preset times can also be 3 times, 4
Secondary, multistage can also be 3 grades, 4 grades, because quantity more macrooperation is more complicated, when preset times are 2 times, and multistage is 2 grades,
Under conditions of meeting arithmetic speed, certification best results.
In certain embodiments, Key generating unit is additionally operable to:Private key is produced based on described, is calculated by elliptic curve cryptography
At least one of method ECC, RSA cryptographic algorithms, Elgamal AESs, D-H AESs, the close SM2 algorithms of state asymmetric encryption
Algorithm generation is described corresponding to produce public key.
In each embodiment shown in Fig. 6, the authentication device 600 based on block chain can be mobile terminal.
Fig. 7 is the structural representation of the authentication device based on block chain of another embodiment of the present invention.The present embodiment can be with
It is applied to certification side.
As shown in fig. 7, the authentication device 700 based on block chain can include:Data receipt unit 710 and data authentication list
Unit 720.Wherein, data receipt unit 710 can be used for digital asset transfer data of the receiving terminal broadcast in block chain;Number
Can be used for carrying out one-level certification to the digital asset transfer data for being received according to authentication unit 720, or one-level certification it
Afterwards, it is common with terminal that multi-stage authentication is carried out to digital assets transfer data:Digital asset transfer data include:Intend the numeral of transfer
The transfer numerical value of assets, be transferred to address, digital signature, for producing public key by block chain tra nsfer digital asset.
In certain embodiments, data authentication unit can include:One-level authentication module.One-level authentication module can be used
In:Digital asset transfer data to being received carry out legitimate verification.
Multi-stage authentication module can include:Seed production element, data encryption element, data transmitting component, Hash operation
Element and numerical value transmitting element.Wherein:Seed production element can be used for generating random number seed;Data encryption element can be used
In based on public key is produced, encryption data is encrypted and generated to random number seed;Data transmitting component can be used for encrypting
Data is activation so that terminal-pair encryption data is decrypted, and obtains random number seed to end side;Hash operation element can be with
An OTP values are obtained for carrying out Hash operation to random number seed and current time parameter;Numerical value transmitting element can be used for
First OTP values are sent to terminal, for terminal:Hash operation is obtained is carried out to random number seed and current time parameter
Whether two OTP values, the first OTP values of checking and the 2nd OTP values are equal, when the result indicates equal, by multi-stage authentication.
In each embodiment shown in Fig. 7, the authentication device 600 based on block chain can be certificate server.
It should be noted that the device of the various embodiments described above can be used as the method for each embodiment of the various embodiments described above
In executive agent, it is possible to achieve the corresponding flow in each method, for sake of simplicity, content is repeated no more in this respect.
Through the above description of the embodiments, those skilled in the art can be understood that each implementation method can
Realized by the mode of software plus required general hardware platform, naturally it is also possible to by hardware.Based on such understanding, on
Stating the part that technical scheme substantially contributes to prior art in other words can be embodied in the form of software product, should
Computer software product can be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disc, CD, including some fingers
Order is used to so that a computer equipment (can be personal computer, server, or network equipment etc.) performs each implementation
Method described in some parts of example or embodiment.
Finally it should be noted that:The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
The present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those within the art that:It still may be used
Modified with to the technical scheme described in foregoing embodiments, or equivalent is carried out to which part technical characteristic;
And these modification or replace, do not make appropriate technical solution essence depart from various embodiments of the present invention technical scheme spirit and
Scope.