CN108683646B - Authentication method and computing device - Google Patents

Authentication method and computing device Download PDF

Info

Publication number
CN108683646B
CN108683646B CN201810402434.2A CN201810402434A CN108683646B CN 108683646 B CN108683646 B CN 108683646B CN 201810402434 A CN201810402434 A CN 201810402434A CN 108683646 B CN108683646 B CN 108683646B
Authority
CN
China
Prior art keywords
authentication
user
user terminal
face
acquiring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810402434.2A
Other languages
Chinese (zh)
Other versions
CN108683646A (en
Inventor
林添毅
黄霖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen Meitu Technology Co Ltd
Original Assignee
Xiamen Meitu Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen Meitu Technology Co Ltd filed Critical Xiamen Meitu Technology Co Ltd
Priority to CN201810402434.2A priority Critical patent/CN108683646B/en
Publication of CN108683646A publication Critical patent/CN108683646A/en
Application granted granted Critical
Publication of CN108683646B publication Critical patent/CN108683646B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention discloses an authentication method and a computing device thereof, wherein the computing device is used as a node and is arranged in a block chain network and is connected with at least one user terminal, and the method comprises the following steps: responding to a request of registering a block chain account from a user terminal, acquiring a face image and a social relationship of a user to generate an intelligent contract of the user, and sending the intelligent contract to a block chain network; responding to an authentication request from a user terminal, and determining a preset authentication mode of the authentication request; when the preset authentication mode of the authentication request is a first authentication mode, acquiring a face image of a user from a user terminal; matching the acquired face images according to the face images in the intelligent contract; if the matching is consistent, performing first signature authentication; if the first signature passes the authentication, performing second signature authentication according to the social relationship in the intelligent contract; and if the second signature passes the authentication, confirming that the authentication is successful.

Description

Authentication method and computing device
Technical Field
The invention relates to the technical field of identity authentication, in particular to an authentication method and computing equipment.
Background
Identity authentication refers to a process of confirming the identity of an operator in a computer network system to determine whether the operator has access and use authority to a certain resource, so that access policies of the computer and the network system can be reliably and effectively executed, an attacker is prevented from impersonating a legal user to obtain the access authority of the resource, the security of the system and data is ensured, and the legal benefit of an authorized visitor is ensured.
A common way of authenticating identity is to complete authentication through an authentication server of a third party. A simple authentication scenario is as follows: assuming that the user A needs to access the application server B, the user A sends an authentication request to the authentication server C of the third party, the authentication server C of the third party verifies the received authentication request, and the authentication server C of the third party transmits the access request of the user A to the application server B if the verification is passed, so that the user A can access the data on the application server B. The authentication method has the following disadvantages: (1) the identity authentication information (such as a secret key) of the user A is stored in an authentication server C of a third party, so that the security cannot be ensured, and once the data of the authentication server of the third party is leaked, a great risk is caused to the user A and the application server B; (2) the user data is not completely attributed to the user, and some user data is attributed to the application and a third party, so that the privacy of the user data cannot be guaranteed; (3) user data cannot be connected among the service providers, and data value cannot be maximized in user experience.
In view of the above, an effective authentication scheme is needed to solve the above drawbacks.
Disclosure of Invention
To this end, the present invention provides an authentication method and computing device in an attempt to solve or at least alleviate at least one of the problems identified above.
According to one aspect of the present invention, there is provided an authentication method, adapted to be performed in a computing device arranged as a node in a blockchain network and connected to at least one user terminal, comprising the steps of: responding to a request of registering a block chain account from a user terminal, acquiring a face image and a social relationship of a user to generate an intelligent contract of the user, and sending the intelligent contract to a block chain network; responding to an authentication request from a user terminal, and determining a preset authentication mode of the authentication request; when the preset authentication mode of the authentication request is a first authentication mode, acquiring a face image of a user from a user terminal; matching the acquired face images according to the face images in the intelligent contract; if the matching is consistent, performing first signature authentication; if the first signature passes the authentication, performing second signature authentication according to the social relationship in the intelligent contract; and if the second signature passes the authentication, confirming that the authentication is successful.
Optionally, in the authentication method according to the present invention, further comprising the steps of: when the preset authentication mode of the authentication request is a second authentication mode, acquiring a face image of the user from the user terminal; matching the acquired face images according to the face images in the intelligent contract; if the matching is consistent, performing first signature authentication; and if the first signature passes the authentication, confirming that the authentication is successful.
Optionally, in the authentication method according to the present invention, further comprising the steps of: when the preset authentication mode of the authentication request is a third authentication mode, acquiring a face image of the user from the user terminal; matching the acquired face images according to the face images in the intelligent contract; and if the matching is consistent, the authentication is confirmed to be successful.
Optionally, in the authentication method according to the present invention, the step of acquiring a face image and a social relationship of a user to generate an intelligent contract of the user in response to a request from a registered blockchain user of the user terminal includes: responding to a request of a registration block chain user from a user terminal, and acquiring a first secret key of the user, wherein a second secret key corresponding to the first secret key is stored in the user terminal; acquiring a face image of a user and generating face features; acquiring a social relationship of a user, wherein the social relationship comprises at least one trusted friend; acquiring a first key of at least one trusted friend according to the social relationship of a user, wherein a second key corresponding to the first key is stored in a user terminal of the trusted friend; and generating an intelligent contract of the user according to the first secret key of the user, the face characteristics and the first secret key of at least one trusted friend.
Optionally, in the authentication method according to the present invention, the step of determining, in response to an authentication request from a user terminal, a preset authentication manner of the authentication request includes: responding to an authentication request from a user terminal, and acquiring a security level corresponding to the authentication request; and determining a corresponding preset authentication mode according to the security level, wherein the preset authentication mode comprises a first authentication mode associated with a high security level, a second authentication mode associated with a medium security level and a third authentication mode associated with a low security level.
Optionally, in the authentication method according to the present invention, the step of acquiring a face image of a user and matching the acquired face image according to the face image in the smart contract includes: acquiring a face image of a user and generating face features; calculating the similarity between the generated face features and the face features in the intelligent contract; and if the similarity is not less than the first threshold value, the matching is confirmed to be consistent.
Optionally, in the authentication method according to the present invention, if the matching matches, the step of performing the first signature authentication includes: and when the face images are matched and consistent, performing signature verification on the first key and a second key stored on the user terminal.
Optionally, in the authentication method according to the present invention, if the first signature authentication passes, the step of performing the second signature authentication according to the social relationship in the smart contract includes: when the first signature passes the authentication, acquiring a first key of at least one trusted friend in the intelligent contract; and performing signature authentication on a first key of at least one trusted friend and a second key correspondingly stored on a user terminal of the trusted friend.
Optionally, in the authentication method according to the present invention, the first key and the second key of the user are generated on the user terminal by a random algorithm.
Optionally, in the authentication method according to the present invention, the step of obtaining a face image of a user and generating a face feature includes: acquiring a face image of a user and dividing the face image into a plurality of image blocks; calculating a direction histogram of the gradient or edge of each pixel point in each image block; and combining the direction histograms of all the image blocks to obtain the human face characteristics.
Optionally, in the authentication method according to the present invention, after the generating of the smart contract of the user, the method further includes the steps of: and when the triggering condition of the intelligent contract is met, the intelligent contract of the user is changed, and the changed intelligent contract is sent to the block chain network.
According to yet another aspect of the present invention, there is provided a computing device comprising: one or more processors; and a memory; one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs including instructions for performing any of the methods described above.
According to a further aspect of the invention there is provided a computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a computing device, cause the computing device to perform any of the methods described above.
According to the authentication scheme provided by the invention, the authentication mode is determined according to the authentication level, when the authentication scene relates to user data with high security level such as user privacy, a unique pass is generated by extracting a characteristic value from face information of a user by using a face recognition technology, and the face characteristic and the social relationship of the user on a block chain are used as strong supplement of a traditional key pair (namely, a first key and a second key) authentication mode to carry out triple cross authentication, so that the security of the user data at the high security level is further ensured. Meanwhile, considering that a common user terminal is provided with a camera, the face image is convenient to obtain, and compared with the traditional private key access mode, the authentication scheme provided by the invention can really achieve double guarantees of usability and safety.
Drawings
To the accomplishment of the foregoing and related ends, certain illustrative aspects are described herein in connection with the following description and the annexed drawings, which are indicative of various ways in which the principles disclosed herein may be practiced, and all aspects and equivalents thereof are intended to be within the scope of the claimed subject matter. The above and other objects, features and advantages of the present disclosure will become more apparent from the following detailed description read in conjunction with the accompanying drawings. Throughout this disclosure, like reference numerals generally refer to like parts or elements.
FIG. 1 shows a schematic diagram of a configuration of a computing device 100 according to one embodiment of the invention;
FIG. 2 illustrates a scene diagram of a blockchain network 200 according to one embodiment of the invention;
FIG. 3 shows a flow diagram of an authentication method 300 according to one embodiment of the invention;
FIG. 4 illustrates a schematic diagram of a chain of intelligent contract blocks, according to one embodiment of the invention;
FIG. 5 shows a flow diagram of an authentication method 300 according to another embodiment of the invention; and
fig. 6 shows a flow diagram of an authentication method 300 according to yet another embodiment of the invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Fig. 1 is a block diagram of an example computing device 100. In a basic configuration 102, computing device 100 typically includes system memory 106 and one or more processors 104. A memory bus 108 may be used for communication between the processor 104 and the system memory 106.
Depending on the desired configuration, the processor 104 may be any type of processor, including but not limited to: a microprocessor (μ P), a microcontroller (μ C), a Digital Signal Processor (DSP), or any combination thereof. The processor 104 may include one or more levels of cache, such as a level one cache 110 and a level two cache 112, a processor core 114, and registers 116. The example processor core 114 may include an Arithmetic Logic Unit (ALU), a Floating Point Unit (FPU), a digital signal processing core (DSP core), or any combination thereof. The example memory controller 118 may be used with the processor 104, or in some implementations the memory controller 118 may be an internal part of the processor 104.
Depending on the desired configuration, system memory 106 may be any type of memory, including but not limited to: volatile memory (such as RAM), non-volatile memory (such as ROM, flash memory, etc.), or any combination thereof. System memory 106 may include an operating system 120, one or more applications 122, and program data 124. In some embodiments, application 122 may be arranged to operate with program data 124 on an operating system. In some embodiments, computing device 100 is configured to perform authentication method 300, and program data 124 includes instructions for performing method 300.
Computing device 100 may also include an interface bus 140 that facilitates communication from various interface devices (e.g., output devices 142, peripheral interfaces 144, and communication devices 146) to the basic configuration 102 via the bus/interface controller 130. The example output device 142 includes a graphics processing unit 148 and an audio processing unit 150. They may be configured to facilitate communication with various external devices, such as a display or speakers, via one or more a/V ports 152. Example peripheral interfaces 144 may include a serial interface controller 154 and a parallel interface controller 156, which may be configured to facilitate communication with external devices such as input devices (e.g., keyboard, mouse, pen, voice input device, image input device) or other peripherals (e.g., printer, scanner, etc.) via one or more I/O ports 158. An example communication device 146 may include a network controller 160, which may be arranged to facilitate communications with one or more other computing devices 162 over a network communication link via one or more communication ports 164.
A network communication link may be one example of a communication medium. Communication media may typically be embodied by computer readable instructions, data structures, program modules, and may include any information delivery media, such as carrier waves or other transport mechanisms, in a modulated data signal. A "modulated data signal" may be a signal that has one or more of its data set or its changes made in such a manner as to encode information in the signal. By way of non-limiting example, communication media may include wired media such as a wired network or private-wired network, and various wireless media such as acoustic, Radio Frequency (RF), microwave, Infrared (IR), or other wireless media. The term computer readable media as used herein may include both storage media and communication media.
The computing device 100 may be implemented as a personal computer including a desktop computer and notebook computer configuration, or a server having the above-described configuration. Of course, computing device 100 may also be implemented as part of a small-form factor portable (or mobile) electronic device such as a cellular telephone, a digital camera, a Personal Digital Assistant (PDA), a personal media player device, a wireless web-browsing device, a personal headset, an application specific device, or a hybrid device that include any of the above functions. The embodiments of the present invention do not limit this.
In one embodiment according to the invention, the computing device 100 is implemented as a server disposed in a blockchain network 200 and connected to at least one user terminal through a network. Fig. 2 is a schematic diagram illustrating a block chain network 200 according to an embodiment of the present invention. A plurality of computing devices 100 are included in the blockchain network 200, and each computing device 100 serves as a node in the network 200 and stores information such as blockchain accounts. Meanwhile, the computing device 100 may be connected via a wireless or wired network (e.g., LTE, 3G, GSM network, GPRS network, EDGE network, Wi-Fi or WiMax network, and BluetoothTMNetworks) are connected to a plurality of user terminals 210 in order to provide social, financial, medical, etc. application services to the real world through the blockchain network 200.
It should be noted that, the numbers of the computing devices 100 and the user terminals 210 in fig. 2 are only examples, and the invention is not limited thereto.
In practical application, the account system of the block chain network is weak and lacks the identity corresponding to the real world. This is a key obstacle to the falling of the blockchain into real world applications because it is difficult to interface with real social service networks without verifying that the assets in their digital world belong to real-world individuals. Especially, in industries requiring strong identity authentication, such as finance, education, medical treatment, etc., identity authentication is particularly important. Therefore, to open up a real-world application scenario for the blockchain in the digital world, user identity verification (KYC) needs to be introduced to prove that "blockchain account a in the blockchain network belongs to user a". According to the implementation manner of the present invention, an authentication method 300 based on the blockchain network 200 is provided, which utilizes the non-falsification characteristic of the blockchain network to implement the user identity authentication in the blockchain network 200, and then provides various applications for the real world through the blockchain network 200.
The execution flow of the authentication method 300 according to an embodiment of the present invention will be described in detail below with reference to fig. 3.
The method 300 starts at step S310, and in response to a request from the user terminal 210 to register a blockchain account, obtains a facial image and a social relationship of a user to generate an intelligent contract for the user, and sends the intelligent contract to the blockchain network 200.
According to one embodiment of the present invention, when user a registers blockchain account a with user terminal 210, a first key and a second key of user a are generated by a random algorithm on user terminal 210, and a request for registering blockchain account is sent to computing device 100, where the request may include the first key of user a. It should be noted that the second key is stored only on the user terminal of the user as the private key of the user. Optionally, a pair of keys (i.e., a first key and a second key) for user a is generated using the RSA algorithm. The algorithm of RSA involves three parameters: n, e1, e 2. Where n is the product of two large prime numbers p and q, the number of bits occupied by n in binary representation is the so-called key length, e1 and e2 are a pair of related values, and e1 is first determined, and the value of e1 is only required to satisfy the condition that e1 and (p-1) × (q-1) are relatively prime; then, e2, requirement (e2 × e1) ≡ 1(mod (p-1) × (q-1)) was determined. Finally, (n, e1), (n, e2) is a pair of keys, and (n, e1) is a public key (i.e., a first key) and (n, e2) is a private key (i.e., a second key). It should be noted that the method for generating a pair of keys by using RSA algorithm is well known to those skilled in the art of the present invention, and will not be further developed herein. And the random algorithm for generating the first key and the second key is not limited by the embodiments of the present invention, in another embodiment, the first key and the second key (i.e., the public key and the private key) of the user a may be generated by an elliptic curve cipher. Any known or future-aware encryption algorithm may be used in conjunction with embodiments of the present invention to perform method 300.
After the computing device 100 in the block chain network 200 acquires the first key of the user a, an instruction is sent to the user terminal 210 to acquire a face image of the user a, and a face feature corresponding to the face image is generated on the computing device 100. According to one implementation mode of the invention, the face features are extracted from the face image in the following mode. First, a face image of a user is divided into a plurality of small connected regions, that is, the face image is divided into a plurality of image blocks. For example, a face image is divided laterally into several image blocks, each representing a feature. Then, calculating the direction histogram of the gradient or edge of each pixel point in each image block. The method for calculating the gradient or edge of the image may adopt a general difference mode, or may directly select Sobel, laplacian, or other operators, which is not limited in the embodiments of the present invention. And finally, combining the direction histograms of all the image blocks to obtain the face features capable of representing a plurality of dimension features of the face.
Of course, the features of the face image may also be extracted as the corresponding face features in other manners, for example, by a deep learning method, a face feature extraction model is trained to extract the features of different face images. The embodiments of the present invention do not limit this.
The computing device 100 in the blockchain network 200 also obtains the social relationship of user a. Optionally, the social relationship comprises at least one trusted friend or relative of user a. According to one implementation, at least one own trusted friend or relative may be entered (or selected) on the user terminal 210 by user a through an input interface arranged on the user terminal 210. According to still another implementation manner, the strong social relationship (such as relatives, friends, etc.) of the user a can be analyzed by collecting the behavior log of the user a. Embodiments of the present invention are not limited in this regard, depending on the desired implementation.
After obtaining the trusted buddy of user a, computing device 100 needs to obtain the first key of the trusted buddy. The user terminal of the trusted friend generates a first key and a second key according to the random algorithm, wherein the second key is used as a private key of the trusted friend and is only stored in the user terminal of the trusted friend. Optionally, the computing device 100 continues to send instructions to the user terminal 210 instructing the user terminal 210 to ask for the first key of the trusted buddy to the computing device 100. Alternatively, the computing device 100 may also directly send a request to the user terminal of the trusted friend to obtain the first key of the trusted friend. Still alternatively, the computing device 100 may also obtain the blockchain account of the trusted buddy and then query the blockchain network 200 for the first key of the blockchain account of the trusted buddy.
Finally, the computing device 100 writes the acquired first key of the user a, the facial features of the user a, and the first key of at least one trusted friend of the user a into the smart contract of the user a.
A schematic diagram of a chain of intelligent contract blocks according to one embodiment of the present invention is shown in fig. 4. The intelligent contracts for 2 blocks are shown in fig. 4, where "intelligent contract record 1" represents the intelligent contract that a user generated when registering a block chain account. As described above, the storage contents thereof are expressed as: "first key + facial features + first key of trusted buddy 1 + first key of trusted buddy 2 + first key of trusted buddy 3 … …".
At intervals of a consensus time period, the nodes of the blockchain network 200 (i.e., the computing devices 100) generate a contract set during the time period, and calculate HASH values (HASH values) of the contract set, assemble a blockchain structure as shown in fig. 4 according to the HASH values of the contract set, and transmit the blockchain structure to other nodes of the entire network. The intelligent contracts are spread across the blockchain network 200 in a point-to-point (P2P) manner.
In addition, according to another implementation of the present invention, when the trigger condition of the intelligent contract is satisfied, the computing device 100 may change the intelligent contract of the user and send the changed intelligent contract to the blockchain network 200 again. The triggering condition of the smart contract is generated by "transaction", for example, if the user wants to change or add a trusted friend, or if the user wants to re-capture a facial image or modify the first key, both of which can be used as the triggering condition to trigger the computing device 100 to change the smart contract of the user, and the changed smart contract is stored as a new transaction record in the smart contract record shown in fig. 4.
Subsequently, in step S320, in response to the authentication request from the user terminal, a preset authentication manner of the authentication request is determined.
When a user wants to use a service or application from the blockchain network 200, an authentication request is first sent to the computing device 100 through the user terminal 210, and according to an embodiment, the authentication request may include a security level corresponding to the authentication request in addition to a user name and a blockchain account name. After receiving the authentication request, the computing device 100 obtains a security level corresponding to the authentication request, and determines a corresponding preset authentication mode according to the security level. The preset authentication mode comprises a first authentication mode associated with a high security level, a second authentication mode associated with a medium security level and a third authentication mode associated with a low security level. Table 1 shows the corresponding authentication scenarios at several different security levels.
TABLE 1 authentication scenarios corresponding to different security levels
Level of security Authentication scenarios
High security level Large fund transaction, multiple people sharing property … …
Intermediate level of security General Payment Authentication, … …
Low security level Appointment registration, restaurant reservation, social sharing, … …
As can be seen from table 1, in embodiments according to the invention, a high security level typically involves authentication scenarios that are extremely sensitive to user privacy, such as operations related to large monetary payments; the medium security level (or referred to as a general security level) relates to an authentication scenario generally sensitive to user privacy, such as inputting a payment password during daily payment authentication; and the low security level only relates to general information of the user which is not sensitive to the privacy of the user, such as recommending recipes for the user by acquiring personal preference information when the user goes to a restaurant for eating.
In other embodiments according to the present invention, the high security level may relate to a scenario of a common account of multiple persons, for example, a bitcoin account common to several users, in such an authentication scenario, the several users may be written into an intelligent contract of the other party as a social relationship of the users, and then, when the common bitcoin account is operated, an authentication process corresponding to the high security level is performed.
When the preset authentication mode of the authentication request is determined to be the first authentication mode, then in step S332, the face image of the user is collected from the user terminal 210 in real time. According to the embodiment of the invention, the face image of the user is collected in real time through the camera on the user terminal 210 and transmitted to the computing device 100.
Subsequently, in step S342, the acquired face image is matched according to the face image in the smart contract. According to an embodiment of the present invention, firstly, the facial features of the user are generated according to the facial image obtained in step S332; then, the similarity between the generated face features and the face features stored in the smart contract is calculated, and when the similarity is not less than a first threshold (in one embodiment according to the present invention, the first threshold is set to 0.9), it is confirmed that the matches are consistent. Regarding the calculation method of the feature similarity, those skilled in the art can select an appropriate algorithm according to the actual scene, and the method is not limited herein. Of course, the similarity between the generated face features and the face features stored in the smart contract may also be measured by the similarity distance, and at this time, when the distance value is smaller than the second threshold value, it is determined that the matches are consistent.
Then, in step S352, first signature authentication is performed. Specifically, when the face features are matched and consistent, signature verification is performed on the first key and the second key stored on the user terminal 210, that is, the computing device 100 and the user terminal 210 respectively calculate signature information of the first key and the second key through a signature algorithm, then, the user terminal 210 sends the signature information of the second key to the computing device 100, the computing device 100 checks whether the signature information of the first key and the second key is legal, and if the signature verification is legal, the first signature authentication is passed.
A second signature authentication is then performed in accordance with the social relationship in the smart contract in step S362. Specifically, a first key of at least one trusted friend in the intelligent contract is obtained, and signature authentication is performed on the first key of the at least one trusted friend and a second key correspondingly stored on a user terminal of the trusted friend. The specific process of the second signature authentication is the same as the process of the first signature authentication in step S352, which is not described herein again.
When the second signature authentication passes, in step S372, the authentication is confirmed to be successful. The user may use the corresponding service or application through the blockchain network 200.
In current blockchain applications, authentication is performed primarily through the use of a form of private key. The safety of the digital assets of the users is ensured by a series of numbers which are proved to be difficult to crack by mathematics, and the digital assets of the users can not be found back basically once the digital assets are lost. According to the authentication scheme provided by the invention, the authentication mode is determined according to the authentication level, when the authentication scene relates to user data with high security level such as user privacy, a unique pass is generated by extracting a characteristic value from face information of a user by using a face recognition technology, and the face characteristic and the social relationship of the user on a block chain are used as strong supplement of a traditional key pair (namely, a first key and a second key) authentication mode to carry out triple cross authentication, so that the security of the user data at the high security level is further ensured. Meanwhile, considering that a common user terminal is provided with a camera, the face image is convenient to obtain, and compared with the traditional private key access mode, the authentication scheme provided by the invention can really achieve double guarantees of usability and safety.
According to another embodiment of the present invention, the authentication method 300 further includes an authentication process in the second authentication mode, as shown in fig. 5. After step S320, when the preset authentication mode of the authentication request is determined to be the second authentication mode, step S334 is executed to collect the face image of the user from the user terminal 210 in real time. According to the embodiment of the invention, the face image of the user is collected in real time through the camera on the user terminal 210 and transmitted to the computing device 100.
Subsequently, in step S344, the acquired face images are matched according to the face images in the smart contract. As described above, the face features of the user are generated according to the face image obtained in step S334; then, the similarity between the generated face features and the face features stored in the smart contract is calculated, and when the similarity is not less than a first threshold (in one embodiment according to the present invention, the first threshold is set to 0.9), it is confirmed that the matches are consistent. Regarding the calculation method of the feature similarity, those skilled in the art can select an appropriate algorithm according to the actual scene, and the method is not limited herein. Of course, the similarity between the generated face features and the face features stored in the smart contract may also be measured by the similarity distance, and at this time, when the distance value is smaller than the second threshold value, it is determined that the matches are consistent.
Subsequently, first signature authentication is performed in step S354. Specifically, when the face features are matched and consistent, signature verification is performed on the first key and the second key stored on the user terminal 210, that is, the computing device 100 and the user terminal 210 respectively calculate signature information of the first key and the second key through a signature algorithm, then, the user terminal 210 sends the signature information of the second key to the computing device 100, the computing device 100 checks whether the signature information of the first key and the second key is legal, and if the signature verification is legal, the first signature authentication is passed.
Subsequently, in step S364, the authentication is confirmed to be successful.
According to the authentication scheme provided by the invention, the authentication mode is determined according to the authentication level, when the authentication scene is generally sensitive to the privacy of the user, the user operation is considered to belong to the middle security level, and at the moment, the unique pass is generated by extracting the characteristic value from the face information of the user by using the face recognition technology and is used for identity authentication. And after the identity authentication is passed, the traditional key pair (the first key and the second key) of the user is authenticated, and compared with the traditional identity authentication mode, the scheme of the invention ensures the safety of the user data at the middle safety level. Meanwhile, because the authentication scene is not very sensitive to the privacy of the user, only double authentication is needed, and second signature authentication aiming at the social relationship of the user is not needed, so that the process cost is saved.
According to still another embodiment of the present invention, the authentication method 300 further includes an authentication flow in the third authentication mode, as shown in fig. 6. After step S320, when the preset authentication mode of the authentication request is determined to be the third authentication mode, step S336 is executed to collect the face image of the user from the user terminal 210 in real time. According to the embodiment of the invention, the face image of the user is collected in real time through the camera on the user terminal 210 and transmitted to the computing device 100.
Subsequently, in step S346, the acquired face image is matched according to the face image in the smart contract. As described above, the facial features of the user are generated according to the facial image obtained in step S336; then, the similarity between the generated face features and the face features stored in the smart contract is calculated, and when the similarity is not less than a first threshold (in one embodiment according to the present invention, the first threshold is set to 0.9), it is confirmed that the matches are consistent. Regarding the calculation method of the feature similarity, those skilled in the art can select an appropriate algorithm according to the actual scene, and the method is not limited herein. Of course, the similarity between the generated face features and the face features stored in the smart contract may also be measured by the similarity distance, and at this time, when the distance value is smaller than the second threshold value, it is determined that the matches are consistent.
The authentication success is then confirmed in step S356.
According to the authentication scheme of the invention, the authentication mode is determined according to the authentication level, when the authentication scene does not relate to user sensitive operation (such as payment) and user privacy, the user operation is considered to be low in low security level, and at the moment, a unique pass is generated by extracting a characteristic value from face information of a user by using a face recognition technology for identity authentication. Compared with the traditional identity authentication mode, the scheme of the invention realizes the verification effect covering different security levels.
It should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules or units or components of the devices in the examples disclosed herein may be arranged in a device as described in this embodiment or alternatively may be located in one or more devices different from the devices in this example. The modules in the foregoing examples may be combined into one module or may be further divided into multiple sub-modules.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various techniques described herein may be implemented in connection with hardware or software or, alternatively, with a combination of both. Thus, the methods and apparatus of the present invention, or certain aspects or portions thereof, may take the form of program code (i.e., instructions) embodied in tangible media, such as floppy diskettes, CD-ROMs, hard drives, or any other machine-readable storage medium, wherein, when the program is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the invention.
In the case of program code execution on programmable computers, the computing device will generally include a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device. Wherein the memory is configured to store program code; the processor is configured to perform the method of the present invention according to instructions in the program code stored in the memory.
By way of example, and not limitation, computer readable media may comprise computer storage media and communication media. Computer-readable media includes both computer storage media and communication media. Computer storage media store information such as computer readable instructions, data structures, program modules or other data. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. Combinations of any of the above are also included within the scope of computer readable media.
The invention also discloses:
a9, the method as in a4, wherein the first and second keys of the user are generated on the user terminal by a random algorithm.
A10, the method as in a4 or 6, wherein the step of obtaining facial images of the user and generating facial features comprises: acquiring a face image of a user and dividing the face image into a plurality of image blocks; calculating a direction histogram of the gradient or edge of each pixel point in each image block; and combining the direction histograms of all the image blocks to obtain the human face characteristics.
A11, the method of any one of A1-10, further comprising, after generating the smart contract for the user, the steps of: and when the triggering condition of the intelligent contract is met, the intelligent contract of the user is changed, and the changed intelligent contract is sent to the block chain network.
Furthermore, some of the described embodiments are described herein as a method or combination of method elements that can be performed by a processor of a computer system or by other means of performing the described functions. A processor having the necessary instructions for carrying out the method or method elements thus forms a means for carrying out the method or method elements. Further, the elements of the apparatus embodiments described herein are examples of the following apparatus: the apparatus is used to implement the functions performed by the elements for the purpose of carrying out the invention.
As used herein, unless otherwise specified the use of the ordinal adjectives "first", "second", "third", etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.
While the invention has been described with respect to a limited number of embodiments, those skilled in the art, having benefit of this description, will appreciate that other embodiments can be devised which do not depart from the scope of the invention as described herein. Furthermore, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter. Accordingly, many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the appended claims. The present invention has been disclosed in an illustrative rather than a restrictive sense, and the scope of the present invention is defined by the appended claims.

Claims (13)

1. A method of authentication, the method being adapted to be carried out in a computing device arranged as a node in a blockchain network and connected to at least one user terminal, the method comprising the steps of:
responding to a request of registering a block chain account from a user terminal, acquiring a face image and a social relationship of a user to generate an intelligent contract of the user, and sending the intelligent contract to a block chain network;
responding to an authentication request from a user terminal, and determining a preset authentication mode of the authentication request;
when the preset authentication mode of the authentication request is a first authentication mode, acquiring a face image of a user from a user terminal;
matching the acquired face images according to the face images in the intelligent contract;
if the matching is consistent, performing first signature authentication;
if the first signature passes the authentication, performing second signature authentication according to the social relationship in the intelligent contract; and
and if the second signature passes the authentication, the authentication is confirmed to be successful.
2. The method of claim 1, further comprising the steps of:
when the preset authentication mode of the authentication request is a second authentication mode, acquiring a face image of the user from the user terminal;
matching the acquired face images according to the face images in the intelligent contract;
if the matching is consistent, performing first signature authentication; and
and if the first signature passes the authentication, the authentication is confirmed to be successful.
3. The method of claim 2, further comprising the steps of:
when the preset authentication mode of the authentication request is a third authentication mode, acquiring a face image of the user from the user terminal;
matching the acquired face images according to the face images in the intelligent contract; and
and if the matching is consistent, the authentication is confirmed to be successful.
4. The method as claimed in claim 3, wherein the step of acquiring the face image and the social relationship of the user to generate the intelligent contract of the user in response to the request of the registered blockchain user from the user terminal comprises:
responding to a request of a registration block chain user from a user terminal, and acquiring a first secret key of the user, wherein a second secret key corresponding to the first secret key is stored in the user terminal;
acquiring a face image of a user and generating face features;
acquiring a social relationship of a user, wherein the social relationship comprises at least one trusted friend;
acquiring a first key of at least one trusted friend according to the social relationship of a user, wherein a second key corresponding to the first key is stored in a user terminal of the trusted friend; and
and generating an intelligent contract of the user according to the first secret key of the user, the face characteristics and the first secret key of at least one trusted friend.
5. The method of claim 4, wherein the step of determining the preset authentication mode of the authentication request in response to the authentication request from the user terminal comprises:
responding to an authentication request from a user terminal, and acquiring a security level corresponding to the authentication request;
and determining a corresponding preset authentication mode according to the security level, wherein the preset authentication mode comprises a first authentication mode associated with a high security level, a second authentication mode associated with a medium security level and a third authentication mode associated with a low security level.
6. The method of claim 4, wherein the step of collecting the face image of the user and matching the obtained face image according to the face image in the smart contract comprises:
acquiring a face image of a user and generating face features;
calculating the similarity between the generated face features and the face features in the intelligent contract;
and if the similarity is not less than the first threshold value, the matching is confirmed to be consistent.
7. The method of claim 4, wherein said performing a first signature authentication if the match is consistent comprises:
and when the face images are matched and consistent, performing signature verification on the first secret key and a second secret key stored on the user terminal.
8. The method of claim 4, wherein performing a second signature authentication based on social relationships in the smart contract if the first signature authentication passes comprises:
when the first signature passes the authentication, acquiring a first key of at least one trusted friend in the intelligent contract;
and performing signature authentication on a first key of at least one trusted friend and a second key correspondingly stored on a user terminal of the trusted friend.
9. The method of claim 4, wherein the first and second keys of the user are generated at the user terminal by a random algorithm.
10. The method of claim 4 or 6, wherein the step of acquiring a face image of a user and generating face features comprises:
acquiring a face image of a user and dividing the face image into a plurality of image blocks;
calculating a direction histogram of the gradient or edge of each pixel point in each image block; and
and combining the direction histograms of all the image blocks to obtain the human face characteristics.
11. The method of claim 10, further comprising, after said generating the smart contract for the user, the steps of:
and when the triggering condition of the intelligent contract is met, the intelligent contract of the user is changed, and the changed intelligent contract is sent to the block chain network.
12. A computing device, comprising:
one or more processors; and
a memory;
one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs comprising instructions for performing any of the methods of claims 1-11.
13. A computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a computing device, cause the computing device to perform any of the methods of claims 1-11.
CN201810402434.2A 2018-04-28 2018-04-28 Authentication method and computing device Active CN108683646B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810402434.2A CN108683646B (en) 2018-04-28 2018-04-28 Authentication method and computing device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810402434.2A CN108683646B (en) 2018-04-28 2018-04-28 Authentication method and computing device

Publications (2)

Publication Number Publication Date
CN108683646A CN108683646A (en) 2018-10-19
CN108683646B true CN108683646B (en) 2021-03-16

Family

ID=63802776

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810402434.2A Active CN108683646B (en) 2018-04-28 2018-04-28 Authentication method and computing device

Country Status (1)

Country Link
CN (1) CN108683646B (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110032846B (en) * 2018-11-30 2021-11-02 创新先进技术有限公司 Identity data anti-misuse method and device and electronic equipment
CN110520882B (en) * 2018-12-28 2023-07-14 创新先进技术有限公司 Parallel execution of transactions in a blockchain network
CN109801072B (en) * 2019-01-24 2021-08-27 易保互联医疗信息科技(北京)有限公司 Private key generation method and system of block chain electronic wallet based on facial features
AU2019203848B2 (en) 2019-03-01 2020-12-24 Advanced New Technologies Co., Ltd. Methods and devices for protecting sensitive data of transaction activity based on smart contract in blockchain
CN110612700B (en) * 2019-03-15 2021-06-22 创新先进技术有限公司 Authentication based on recovered public key
CN110457878A (en) * 2019-08-14 2019-11-15 北京中电普华信息技术有限公司 A kind of identity identifying method based on block chain, apparatus and system
CN110599190B (en) * 2019-09-27 2022-10-21 支付宝(杭州)信息技术有限公司 Identity authentication method and device based on block chain
CN111046372B (en) * 2019-12-04 2023-05-23 深圳模微半导体有限公司 Method for information security authentication between communication devices, chip and electronic device
CN112380509A (en) * 2020-11-16 2021-02-19 湖南中育至诚科技有限公司 Identity information generation and verification method, device and readable storage medium
CN113055886B (en) * 2021-03-15 2023-02-24 中国联合网络通信集团有限公司 Terminal authentication method, system, server and medium in edge computing network
CN115514502A (en) * 2021-06-03 2022-12-23 中移雄安信息通信科技有限公司 Block chain-based edge computing platform identity authentication method and device
CN114398606B (en) * 2021-10-09 2024-05-03 武汉烽火信息集成技术有限公司 Face verification method, equipment and computer readable storage medium based on block chain
GB2621504A (en) * 2021-11-03 2024-02-14 Dabco Ltd Authenticating a device
GB2612769B (en) * 2021-11-03 2023-12-27 Dabco Ltd Authenticating a device
CN115022016A (en) * 2022-05-31 2022-09-06 中国银行股份有限公司 Block chain-based user identity authentication method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106533696A (en) * 2016-11-18 2017-03-22 江苏通付盾科技有限公司 Block chain-based identity authentication methods, authentication server and user terminal
CN107579817A (en) * 2017-09-12 2018-01-12 广州广电运通金融电子股份有限公司 User ID authentication method, apparatus and system based on block chain
CN107833052A (en) * 2017-10-27 2018-03-23 南京物联传感技术有限公司 A kind of polymerization payment system and method for work based on block chain

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101780635B1 (en) * 2016-04-28 2017-09-21 주식회사 코인플러그 Method for creating, registering, revoking certificate information and server using the same
CA2975843C (en) * 2016-08-10 2023-06-13 Peer Ledger Inc. Apparatus, system, and methods for a blockchain identity translator

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106533696A (en) * 2016-11-18 2017-03-22 江苏通付盾科技有限公司 Block chain-based identity authentication methods, authentication server and user terminal
CN107579817A (en) * 2017-09-12 2018-01-12 广州广电运通金融电子股份有限公司 User ID authentication method, apparatus and system based on block chain
CN107833052A (en) * 2017-10-27 2018-03-23 南京物联传感技术有限公司 A kind of polymerization payment system and method for work based on block chain

Also Published As

Publication number Publication date
CN108683646A (en) 2018-10-19

Similar Documents

Publication Publication Date Title
CN108683646B (en) Authentication method and computing device
US20220191197A1 (en) Systems and methods for providing block chain-based multifactor personal identity verification
US10749681B2 (en) Systems and methods for providing a universal decentralized solution for verification of users with cross-verification features
US10484178B2 (en) Systems and methods for providing a universal decentralized solution for verification of users with cross-verification features
KR102370529B1 (en) Method and device for obtaining tracking information and recording it on the blockchain
US20180343120A1 (en) Systems and methods for providing a universal decentralized solution for verification of users with cross-verification features
US11120116B2 (en) Electronic signature authentication system
CN116561789B (en) Processing method and device of privacy data, electronic equipment and readable storage medium
EP3138265A1 (en) Enhanced security for registration of authentication devices
JP7139414B2 (en) Authentication terminal, authentication device, and authentication method and system using the same
AU2018100478A4 (en) Systems and methods for providing a universal decentralized solution for verification of users with cross-verification features
KR20200070124A (en) Method for generating pki keys based on bioinformation on blockchain network and device for using them
US20230050280A1 (en) Computer-implemented user identity verification method
CN113569263A (en) Secure processing method and device for cross-private-domain data and electronic equipment
WO2019209291A1 (en) Systems and methods for providing a universal decentralized solution for verification of users with cross-verification features
TW201525895A (en) Method of identification verification and terminal payment, terminal device and server thereof
CN104320261B (en) Identity authentication method, financial smart card and terminal are realized on financial smart card
US20160005051A1 (en) Mobile electronic verification of digital signatures
JP2020102741A (en) Authentication system, authentication method, and authentication program
US20240004975A1 (en) Interoperability of real-world and metaverse systems
CN114547665A (en) User information management method, device, computer equipment and storage medium
Bharath et al. Cross refferal validation for sim card validation using one time token and image split/merge
OA18670A (en) Systems and methods for providing block chain-based multifactor personal identity verification

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant