CN110233850B - Registration method, application server, user side and system based on alliance chain - Google Patents

Registration method, application server, user side and system based on alliance chain Download PDF

Info

Publication number
CN110233850B
CN110233850B CN201910537226.8A CN201910537226A CN110233850B CN 110233850 B CN110233850 B CN 110233850B CN 201910537226 A CN201910537226 A CN 201910537226A CN 110233850 B CN110233850 B CN 110233850B
Authority
CN
China
Prior art keywords
public
registration
private key
request
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910537226.8A
Other languages
Chinese (zh)
Other versions
CN110233850A (en
Inventor
张岚
庞松涛
商广勇
王伟兵
马岩堂
赵树林
姜鑫
陶鑫
刘伟巍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chaozhou Zhuoshu Big Data Industry Development Co Ltd
Original Assignee
Chaozhou Zhuoshu Big Data Industry Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chaozhou Zhuoshu Big Data Industry Development Co Ltd filed Critical Chaozhou Zhuoshu Big Data Industry Development Co Ltd
Priority to CN201910537226.8A priority Critical patent/CN110233850B/en
Publication of CN110233850A publication Critical patent/CN110233850A/en
Application granted granted Critical
Publication of CN110233850B publication Critical patent/CN110233850B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention provides a registration method, an application server, a user side and a system based on a alliance chain, wherein the method comprises the following steps: receiving a registration request sent by a user side, wherein the registration request comprises a first public key in a first public-private key pair generated by the user side, a user login account and a login password with a first private key signature in the first public-private key pair; checking the registration request; when the signature checking result indicates that the signature checking is successful, generating a corresponding alliance chain registration identifier for the user side, and broadcasting the identifier to an alliance chain network; acquiring a registration result from a alliance chain network; and analyzing a second public-private key pair distributed by the certification authority in the alliance chain for the user terminal from the registration result, and storing the registration message and the second public-private key pair so that the first public-private key pair and the second public-private key pair jointly encrypt network interaction data related to the user terminal. The scheme provided by the invention can effectively improve the safety of the transaction information or the written data of the user.

Description

Registration method, application server, user side and system based on alliance chain
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a federation chain-based registration method, an application server, a user side, and a system.
Background
A federation chain is a type of blockchain that internally designates a plurality of preselected nodes as billers, the generation of each block being determined collectively by all of the preselected nodes. I.e. the federation chain, is provided with an admission mechanism whose Certificate Authority (CA) consists of a number of pre-selected nodes. In addition, the nodes of the federation chain are held in a few organizations or individuals, most of the common users do not have their own nodes, and the common users need to go through one node as an intermediary to obtain permission of all the preselected nodes in the certificate authority when registering, participating in transactions or writing data into the federation chain.
At present, when a common user initiates registration to a federation chain, the federation chain generates a public-private key pair for the user, the federation chain sends the private key to the user, and encryption or signature and the like are performed based on the public-private key pair in a subsequent transaction process. On one hand, since the public-private key pair is generated by the federation chain, and on the other hand, the private key of the public-private key pair is transmitted to the user by taking a node in the federation chain as an intermediary, the private key of the public-private key pair is at risk of being revealed. Then only the public-private key pair is encrypted or signed and the user's transaction information or written data remains a security risk.
Disclosure of Invention
The embodiment of the invention provides a registration method, an application server, a user side and a system based on a alliance chain.
A registration method based on a federation chain is applied to an application server and comprises the following steps:
receiving a registration request sent by a user side, wherein the registration request comprises a first public key in a first public-private key pair generated by the user side, a user login account and a login password with a first private key signature in the first public-private key pair;
verifying and signing the first public key, the user login account and the login password with the first private key signature;
when the signature checking result indicates that the signature checking is successful, generating a corresponding alliance chain registration identifier for the user side, and broadcasting the alliance chain registration identifier to an alliance chain network;
acquiring a registration result corresponding to the alliance chain registration identifier from the alliance chain network;
when the registration result indicates that the registration is successful, a second public-private key pair distributed by a certificate authority in the alliance chain for the user side is analyzed from the registration result, and the registration message and the second public-private key pair are stored, so that the first public-private key pair and the second public-private key pair jointly encrypt network interaction data related to the user side.
Preferably, the generating a corresponding federation chain registration identifier for the user side includes:
calculating a hash value corresponding to the first public key by using a hash algorithm, wherein the hash value corresponding to the first public key indicates the alliance chain registration identifier;
preferably, the generating a corresponding federation chain registration identifier for the user side includes:
calculating an identification code corresponding to the user login account by using the following calculation formula;
calculating the formula:
Figure BDA0002101551420000021
the K represents an identification code corresponding to the user login account; i represents the ith character in the user login account; n represents the total number of characters contained in the user login account; ASCII (Z)i) Representing a decimal ASCII code corresponding to an ith character in a user login account;
splicing the first public key with an identification code corresponding to the user login account to obtain an initial registration code;
and calculating a hash value corresponding to the initial registration code by using a hash algorithm, wherein the hash value corresponding to the initial registration code indicates the alliance chain registration identifier.
Preferably, the federation chain-based registration method further includes:
when an event trigger request aiming at registered information is received, randomly generating a corresponding character string for the event trigger request;
sending the event trigger challenge carrying the character string to the user side to indicate the user side to respond to the event trigger challenge and generate a response message corresponding to the event trigger challenge;
receiving the response message sent by the user side, and checking the signature of the response message, wherein the response message comprises the update information included in the event trigger request, the splicing result of the update information and the character string, and the first public key;
and when the signature verification result indicates that signature verification is successful, executing the operation corresponding to the event trigger request.
Preferably, the first and second electrodes are formed of a metal,
when the event-triggered request comprises a request to modify a login password,
the updated information is a new login password;
and the operation corresponding to the event trigger request is to replace the original login password with the new login password.
Preferably, the first and second electrodes are formed of a metal,
when the event-triggered request comprises a modify login account request,
the updated information is a new login account;
and the operation corresponding to the event trigger request is to replace the original login account with the new login account.
Preferably, the first and second electrodes are formed of a metal,
when the event-triggered request comprises a retrieve login account request,
the update information is an empty set;
and the operation corresponding to the event trigger request is to send a login account to the user side.
Preferably, the first and second electrodes are formed of a metal,
when the event-triggered request comprises a retrieve login password request,
the updating information is an empty set or a new login password;
when the updating information is an empty set, the operation corresponding to the event triggering request is to send a login password to a user side;
and when the updated information is a new login password, replacing the original login password with the new login password by the operation corresponding to the event trigger request.
Preferably, the concatenation result includes a signature of the first private key.
A registration method based on a alliance chain is applied to a user side and comprises the following steps:
generating a first public-private key pair upon receiving a registration trigger;
sending a registration request to an application server, wherein the registration request comprises a first public key in the first public-private key pair, a user login account number and a login password with a first private key signature in the first public-private key pair;
receiving a second public-private key pair sent by the application server to jointly encrypt network interaction data related to the user terminal using the first public-private key pair and the second public-private key pair.
Preferably, the federation chain-based registration method further includes:
sending an event trigger request for registered information;
receiving an event trigger challenge which is sent by the application server and carries the character string;
and responding to the event trigger challenge, generating a response message corresponding to the event trigger challenge, and sending the response message to the application server, wherein the response message comprises the update information included in the event trigger request, the splicing result of the update information and the character string, and the first public key.
A federation chain-based application server, comprising: an interaction unit and a signature verification and registration unit, wherein,
the interactive unit is used for receiving a registration request sent by a user side, wherein the registration request comprises a first public key in a first public-private key pair generated by the user side, a user login account and a login password with a first private key signature in the first public-private key pair;
the signature verification and registration unit is used for verifying the first public key, the user login account and the login password with the first private key signature received by the interaction unit, when the signature checking result indicates that the signature checking is successful, generating a corresponding alliance chain registration identifier for the user terminal, broadcasting the alliance chain registration identification to an alliance chain network, acquiring a registration result corresponding to the alliance chain registration identification from the alliance chain network, when the registration result indicates that the registration is successful, a second public-private key pair distributed by a certificate authority in the alliance chain for the user terminal is analyzed from the registration result, and the registration message and the second public-private key pair are stored, so that the first public-private key pair and the second public-private key pair jointly encrypt network interaction data associated with the user side.
A federation chain-based user-side, comprising: a public-private key pair generating unit and an interaction unit, wherein,
the public-private key pair generation unit is used for generating a first public-private key pair when a registration trigger is received;
the interaction unit is used for sending a registration request to an application server, wherein the registration request comprises a first public key of a first public-private key pair generated by the public-private key pair generation unit, a user login account number and a login password with a first private key signature of the first public-private key pair, and receiving a second public-private key pair sent by the application server so as to jointly encrypt network interaction data related to the user terminal by using the first public-private key pair and the second public-private key pair.
A federation chain-based registration system, comprising: the application server and the user terminal.
The embodiment of the invention provides a registration method, an application server, a user side and a system based on a alliance chain, wherein when the registration method based on the alliance chain is applied to the application server, the registration method comprises the following steps: receiving a registration request sent by a user side, wherein the registration request comprises a first public key in a first public-private key pair generated by the user side, a user login account and a login password with a first private key signature in the first public-private key pair; verifying and signing the first public key, the user login account and the login password with the first private key signature; when the signature checking result indicates that the signature checking is successful, generating a corresponding alliance chain registration identifier for the user side, and broadcasting the alliance chain registration identifier to an alliance chain network; acquiring a registration result corresponding to a alliance chain registration identifier from an alliance chain network; when the registration result indicates that the registration is successful, a second public-private key pair distributed by the authentication and authorization mechanism in the alliance chain for the user side is analyzed from the registration result, and the registration message and the second public-private key pair are stored, so that the first public-private key pair and the second public-private key pair jointly encrypt network interaction data related to the user side, two public-private key pairs are obtained through the registration method, and the network interaction data related to the user side are jointly encrypted through the two public-private key pairs, and therefore the security of transaction information of the user or write-in data can be effectively improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flowchart of a federation chain-based registration method provided by one embodiment of the present invention;
FIG. 2 is a flowchart of a federation chain-based registration method provided by another embodiment of the present invention;
FIG. 3 is a flowchart of a federation chain-based registration method provided by another embodiment of the present invention;
fig. 4 is a schematic structural diagram of an application server according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a user side according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a federation chain-based registration system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
As shown in fig. 1, an embodiment of the present invention provides a federation chain-based registration method applied to an application server, where the method may include the following steps:
step 101: receiving a registration request sent by a user side, wherein the registration request comprises a first public key in a first public-private key pair generated by the user side, a user login account and a login password with a first private key signature in the first public-private key pair;
step 102: verifying and signing the first public key, the user login account and the login password with the first private key signature;
step 103: when the signature checking result indicates that the signature checking is successful, generating a corresponding alliance chain registration identifier for the user side, and broadcasting the alliance chain registration identifier to an alliance chain network;
step 104: acquiring a registration result corresponding to a alliance chain registration identifier from an alliance chain network;
step 105: and when the registration result indicates that the registration is successful, analyzing a second public-private key pair distributed by the certification authority in the alliance chain for the user terminal from the registration result, and storing the registration message and the second public-private key pair, so that the first public-private key pair and the second public-private key pair jointly encrypt network interaction data related to the user terminal.
The application server may be a participating node in the federation chain or may exist independently of the federation chain.
The user terminal may be a browser application terminal, or may be a user client terminal, such as an app application installed on a mobile terminal, or a client terminal installed on a personal computer.
In addition, the first public-private key pair and the second public-private key pair are each generated by an asymmetric encryption technique. The first public-private key pair is generated at the user end, and the second public-private key pair is generated by a certificate authority in the federation chain, in principle, only the user end knows the private key of the first public-private key pair, and since the second public-private key pair is sent to the application server through the federation chain network, the second public-private key pair in the federation chain network can be known to both the propagation participating node and the application server, so that the first public-private key pair has better security than the second public-private key pair. In the subsequent data interaction process, the data is jointly encrypted through the first public-private key pair and the second public-private key pair or signed through the first public-private key pair and the second public-private key pair, so that the data security can be effectively improved.
It can be understood that, the specific process of jointly encrypting the network interaction data related to the user side through the first public-private key pair and the second public-private key pair is that the network interaction data related to the user side broadcasted by the alliance-link network is obtained by jointly encrypting or signing the data through the public key of the first public-private key pair and the private key of the second public-private key pair; the data sent by the user side is encrypted or signed by the combination of the private key of the first public-private key pair and the public key of the second public-private key pair.
In the embodiment shown in fig. 1, by receiving a registration request sent by a user side, the registration request includes a first public key of a first public-private key pair generated by the user side, a user login account number, and a login password signed by a first private key of the first public-private key pair; verifying and signing the first public key, the user login account and the login password with the first private key signature; when the signature checking result indicates that the signature checking is successful, generating a corresponding alliance chain registration identifier for the user side, and broadcasting the alliance chain registration identifier to an alliance chain network; acquiring a registration result corresponding to a alliance chain registration identifier from an alliance chain network; when the registration result indicates that the registration is successful, a second public-private key pair distributed by the authentication and authorization mechanism in the alliance chain for the user side is analyzed from the registration result, and the registration message and the second public-private key pair are stored, so that the first public-private key pair and the second public-private key pair jointly encrypt network interaction data related to the user side, two public-private key pairs are obtained through the registration method, and the network interaction data related to the user side are jointly encrypted through the two public-private key pairs, and therefore the security of transaction information of the user or write-in data can be effectively improved.
The label is obtained by using ECDSA (Elliptic Curve DSA), and the full name of the ECDSA is Elliptic Curve DSA. It is a variant of Digital Signature Algorithm (DSA) that applies elliptic curve cryptography. The principle of the elliptic curve algorithm is complex, but the elliptic curve algorithm has good public key algorithm characteristics, and a private key cannot be reversely obtained through a public key. The specific implementation mode of the method can be that the first private key signs the login password to obtain a signature s, and f is calculated through a signature function by using the signature s, the first public key and the login password. And f is obtained by the application server in the verification process, and r is calculated through a signature function by utilizing the login password analyzed by the public key, the signature s and the first public key. If the calculated r and the received f are the same, verification is successful. Otherwise, the verification fails.
The specific implementation of step 103 may include two types:
the first method is to calculate a hash value corresponding to the first public key by using a hash algorithm, wherein the hash value corresponding to the first public key indicates a federation chain registration identifier; the hash value corresponding to the first public key indicates that the hash value corresponding to the first public key can be understood as the federation chain registration identifier, or can be understood as the hash value corresponding to the first public key and a random number are spliced to serve as the federation chain registration identifier.
The second method is that the identification code corresponding to the user login account is calculated by using the following calculation formula;
calculating the formula:
Figure BDA0002101551420000091
the K represents an identification code corresponding to the user login account; i represents the ith character in the user login account; n represents the total number of characters contained in the user login account; ASCII (Z)i) Representing a decimal ASCII code corresponding to an ith character in a user login account;
splicing the first public key with an identification code corresponding to a user login account to obtain an initial registration code;
and calculating a hash value corresponding to the initial registration code by using a hash algorithm, wherein the hash value corresponding to the initial registration code indicates the alliance chain registration identifier. The hash value corresponding to the initial registration code indicates a alliance chain registration identifier, the hash value corresponding to the initial registration code can be understood as the alliance chain registration identifier, and the hash value corresponding to the initial registration code can also be understood as the alliance chain registration identifier formed by splicing the hash value corresponding to the initial registration code and a random number, so that the one-to-one correspondence relationship between the alliance chain registration identifier and the user side is further ensured, and meanwhile, the uniqueness of the alliance chain registration identifier is further ensured.
The hash algorithm is SHA 256.
In another embodiment of the present invention, the method further includes: when an event trigger request aiming at registered information is received, randomly generating a corresponding character string for the event trigger request; sending the event trigger challenge carrying the character string to a user side to indicate the user side to respond to the event trigger challenge and generate a response message corresponding to the event trigger challenge; receiving a response message sent by a user side, and checking the response message, wherein the response message comprises update information, a splicing result of the update information and the character string and a first public key, wherein the update information, the splicing result of the character string and the first public key are included in the event trigger request; and when the signature verification result indicates that signature verification is successful, executing the operation corresponding to the event trigger request.
The event trigger request may be any one of a request for modifying a login password, a request for modifying a login account, a request for retrieving a login account, and a request for retrieving a login password.
Wherein,
randomly generating a first string when the event trigger request comprises a request for modifying a login password; sending the event trigger challenge carrying the first character string to the user side to indicate the user side to respond to the password modification challenge and generate a first response message; receiving a first response message sent by a user side, and checking the first response message, wherein the first response message comprises a splicing result of a new login password and a first character string, a first public key and the new login password; and when the signature verification result indicates that signature verification is successful, replacing the original login password with the new login password. And the splicing result of the new login password and the first character string is that the new login password and the second character string are spliced into a new password character string, and the new password character string is signed by using the first private key to obtain the splicing result.
When the event trigger request comprises a request for modifying the login account, randomly generating a second character string; sending the event trigger challenge carrying the second character string to the user side to indicate the user side to respond to the account number modification challenge and generate a second response message; receiving a second response message sent by the user side, and checking the second response message, wherein the second response message comprises a splicing result of the new user login account and the second character string, a first public key and the new user login account; and when the signature checking result indicates that the signature checking is successful, replacing the original user login account with the new user login account. And the splicing result of the new user login account and the second character string is that the new user login account and the second character string are spliced into a new character string, and the new character string is signed by using the first private key to obtain the splicing result.
When the event trigger request comprises a request for retrieving the login account, randomly generating a third character string; sending the event trigger challenge carrying the third character string to the user side to indicate the user side to respond to the challenge and generate a third response message; receiving a third response message sent by the user side, and checking the third response message, wherein the third response message comprises a new signature obtained by the first private key signing the third character string and the first public key; and when the signature checking result indicates that the signature checking is successful, the login account is sent to the user side.
When the event trigger request includes a request to retrieve the login password, there may be two embodiments to retrieve the login password:
the first embodiment of retrieving the login password is as follows:
randomly generating a fourth character string for retrieving the login password request; sending the event trigger challenge carrying the fourth character string to the user side to indicate the user side to respond to the challenge and generate a fourth response message; receiving a fourth response message sent by the user side, and checking the signature of the fourth response message, wherein the fourth response message comprises a new signature obtained by the first private key signing the fourth character string and the first public key; and when the signature checking result indicates that the signature checking is successful, the login password is sent to the user side.
Embodiment two of retrieving the login password:
randomly generating a fifth character string for retrieving the login password request; sending the event trigger challenge carrying the fifth character string to the user side to indicate the user side to respond to the account number modification challenge and generate a fifth response message; receiving a fifth response message sent by the user side, and checking the signature of the fifth response message, wherein the fifth response message comprises a splicing result of the new login password and the fifth character string, the first public key and the new login password; and when the signature checking result indicates that the signature checking is successful, replacing the original user login account with the new login password. And the splicing result of the new user login account and the second character string is that the new login password and the fifth character string are spliced into a new character string, and the new character string is signed by using the first private key to obtain the splicing result.
As shown in fig. 2, an embodiment of the present invention provides a federation chain-based registration method, applied to a user side, where the registration method includes:
step 201: generating a first public-private key pair upon receiving a registration trigger;
step 202: sending a registration request to an application server, wherein the registration request comprises a first public key in a first public-private key pair, a user login account and a login password with a first private key signature in the first public-private key pair;
step 203: and receiving a second public-private key pair sent by the application server so as to jointly encrypt network interaction data related to the user terminal by using the first public-private key pair and the second public-private key pair.
In another embodiment of the present invention, the registration method may further include: sending an event trigger request for registered information; receiving an event trigger challenge which is sent by an application server and carries a character string; and responding to the event trigger challenge, generating a response message corresponding to the event trigger challenge, and sending the response message to the application server, wherein the response message comprises the update information included in the event trigger request, the splicing result of the update information and the character string, and the first public key.
When the event trigger request comprises a request for modifying the login password, updating the information into a new login password;
when the event trigger request comprises a request for modifying a login account, updating the information into a new login account;
when the event trigger request comprises a request for retrieving a login account, updating the information into an empty set;
when the event trigger request includes a request to retrieve the login password, the update information is an empty set or a new login password.
The federation chain-based registration method is described in detail below with an interaction process among a user terminal, an application server, and a federation chain network, and as shown in fig. 3, the federation chain-based registration method may include the following steps:
step 301: when a user side receives a registration trigger, a first public-private key pair and a registration request are generated;
in this step, the user side stores the first private key of the first public-private key pair.
The user side can be a browser or a client side, and the registration trigger can be sent by clicking a registration button by the user. The first public-private key pair is generated by an asymmetric encryption technique.
Step 302: the application server receives a registration request sent by a user side;
the registration request comprises a first public key of a first public-private key pair generated by the user side, a user login account number and a login password signed by the first private key of the first public-private key pair.
Step 303: the application server checks the first public key, the user login account and the login password with the first private key signature, and if the result of checking the signature indicates failure, the step 304 is executed; when the signature verification result indicates that the signature verification is successful, executing step 305;
the signature verification in the step is to adopt ECDSA (all name is Elliptic Current DSA) to sign the login password by the first private key to obtain a signature s, a first public key and the login password for signature verification.
Step 304: the application server returns registration failure information to the user side and ends the current process;
step 305: generating a corresponding alliance chain registration identifier for the user side, and broadcasting the alliance chain registration identifier to an alliance chain network;
the generating of the corresponding alliance chain registration identifier for the user side can utilize a hash algorithm to calculate a hash value corresponding to the first public key, wherein the hash value corresponding to the first public key indicates the alliance chain registration identifier; the identification code corresponding to the user login account can be calculated by using the following calculation formula;
calculating the formula:
Figure BDA0002101551420000121
the K represents an identification code corresponding to the user login account; i represents the ith character in the user login account; n characterisationThe total number of characters contained in the user login account; ASCII (Z)i) Representing a decimal ASCII code corresponding to an ith character in a user login account;
splicing the first public key with an identification code corresponding to a user login account to obtain an initial registration code;
and calculating a hash value corresponding to the initial registration code by using a hash algorithm, wherein the hash value corresponding to the initial registration code indicates the alliance chain registration identifier.
And specifically, which mode is selected to obtain the alliance chain registration identifier can be set by a user when the application server is constructed.
Step 306: a certification authority in the alliance chain acquires an alliance chain registration identifier, registers the alliance chain registration identifier and broadcasts a registration result corresponding to the alliance chain registration identifier;
step 307: the application server obtains a registration result corresponding to the alliance chain registration identifier from the alliance chain network, and if the registration result is failure, step 308 is executed; when the registration result is successful, go to step 309;
step 308: the application server sends registration failure information to the user side and ends the current process;
step 309: the application server analyzes a second public-private key pair distributed by a certification authority in the alliance chain for the user side from the registration result, and stores the registration message and the second public-private key pair;
the application server stores a alliance chain registration identifier, a user login account, a login password, a first public key, a second public key and a second private key in a user table mode, wherein the alliance chain registration identifier is also a user ID or an account address of the user side in an alliance chain network.
Step 310: the application server returns a successful registration message to the user side;
step 311: the user side sends data encrypted by a first private key in the first public-private key pair to the application server;
step 312: the application server further encrypts the data encrypted by the first private key by using a second private key and broadcasts the data to the alliance chain network;
step 313: the alliance chain network obtains the data encrypted by the first private key and the second private key, and decrypts the data through the first public key and the second public key;
the above steps 311 to 313 are the process of data transmission between the user end and the federation network, and it can be understood that the data transmitted by the federation network to the user end is encrypted by the first public key and the second public key.
Step 314: an application end sends an event trigger request aiming at registered information;
the event trigger request may be any one of a request to modify a login password, a request to modify a login account, a request to retrieve a login account, and a request to retrieve a login password.
Step 315: the application server receives an event trigger request aiming at the registered information and randomly generates a corresponding character string for the event trigger request;
step 316: the application server sends the event trigger challenge carrying the character string to the user side;
step 317: the user side responds to the event trigger challenge, generates a response message corresponding to the event trigger challenge and sends the response message to the application server;
the response message in this step includes the update information included in the event trigger request, the splicing result of the update information and the character string, and the first public key.
When the event trigger request comprises a request for modifying the login password, updating the information into a new login password;
when the event trigger request comprises a request for modifying a login account, updating the information into a new login account;
when the event trigger request comprises a request for retrieving a login account, updating the information into an empty set;
and when the event trigger request comprises a request for retrieving the login password, updating the information to be an empty set or a new login password.
Step 318: the application server receives a response message sent by the user side and checks the label of the response message;
step 319: and when the signature verification result indicates that the signature verification is successful, the application server executes the operation corresponding to the event trigger request.
When the event trigger request comprises a request for modifying the login password, the operation corresponding to the event trigger request is to replace the original login password with the new login password;
when the event trigger request comprises a request for modifying the login account, replacing the original login account with a new login account by the operation corresponding to the event trigger request;
when the event trigger request comprises a request for retrieving the login account, the operation corresponding to the event trigger request is to send the login account to the user side;
when the event trigger request comprises a request for retrieving the login password, the updating information is an empty set, and the operation corresponding to the event trigger request is to send the login password to the user side;
when the event trigger request comprises a request for retrieving the login password and the updated information is a new login password, the operation corresponding to the event trigger request is to replace the original login password with the new login password.
The above steps 314 to 319 can also be completed before the above step 311.
As shown in fig. 4, an embodiment of the present invention provides an application server based on a federation chain, where the application server includes: an interaction unit 401 and a signature verification and registration unit 402, wherein,
the interactive unit 401 is configured to receive a registration request sent by a user side, where the registration request includes a first public key in a first public-private key pair generated by the user side, a user login account, and a login password signed by a first private key in the first public-private key pair;
the verification and registration unit 402 is configured to verify and sign the first public key, the user login account and the login password with the first private key signature received by the interaction unit 401, generate a corresponding federation chain registration identifier for the user terminal when the verification result indicates that verification is successful, broadcast the federation chain registration identifier to the federation chain network, obtain a registration result corresponding to the federation chain registration identifier from the federation chain network, parse a second public-private key pair allocated to the user terminal by the certificate authority in the federation chain from the registration result when the registration result indicates that registration is successful, and store the registration message and the second public-private key pair, so that the first public-private key pair and the second public-private key pair jointly encrypt network interaction data related to the user terminal.
In another embodiment of the present invention, the verification and registration unit 402 is configured to calculate, by using a hash algorithm, a hash value corresponding to the first public key, where the hash value corresponding to the first public key indicates the federation chain registration identifier.
In another embodiment of the present invention, the signature verification and registration unit 402 is configured to calculate an identification code corresponding to the user login account by using the following calculation formula;
calculating the formula:
Figure BDA0002101551420000151
the K represents an identification code corresponding to the user login account; i represents the ith character in the user login account; n represents the total number of characters contained in the user login account; ASCII (Z)i) Representing a decimal ASCII code corresponding to an ith character in a user login account;
splicing the first public key with an identification code corresponding to a user login account to obtain an initial registration code; and calculating a hash value corresponding to the initial registration code by using a hash algorithm, wherein the hash value corresponding to the initial registration code indicates the alliance chain registration identifier.
In another embodiment of the present invention, the application server further includes: an event challenge unit (not shown in the figure) for, upon receiving an event trigger request for registered information, randomly generating a corresponding character string for the event trigger request; sending the event trigger challenge carrying the character string to a user side to indicate the user side to respond to the event trigger challenge and generate a response message corresponding to the event trigger challenge; receiving a response message sent by a user side, and checking the response message, wherein the response message comprises update information, a splicing result of the update information and the character string and a first public key, wherein the update information, the splicing result of the character string and the first public key are included in the event trigger request; and when the signature verification result indicates that signature verification is successful, executing the operation corresponding to the event trigger request. When the event trigger request comprises a request for modifying the login password, updating the information into a new login password, and replacing the original login password with the new login password by the operation corresponding to the event trigger request; when the event trigger request comprises a request for modifying the login account, updating the information into a new login account, and replacing the new login account with the original login account by the operation corresponding to the event trigger request; when the event trigger request comprises a request for retrieving the login account, updating the information to be an empty set, and transmitting the login account to the user side in the operation corresponding to the event trigger request; when the event trigger request comprises a request for retrieving the login password, the update information is an empty set or a new login password, when the update information is the empty set, the operation corresponding to the event trigger request is to send the login password to the user side, and when the update information is the new login password, the operation corresponding to the event trigger request is to replace the original login password with the new login password.
As shown in fig. 5, an embodiment of the present invention provides a federation chain-based user end, including: a public-private key pair generating unit 501 and an interaction unit 502, wherein,
a public-private key pair generating unit 501, configured to generate a first public-private key pair when a registration trigger is received;
an interaction unit 502, configured to send a registration request to an application server, where the registration request includes a first public key of a first public-private key pair generated by the public-private key pair generation unit 501, a user login account, and a login password signed by a first private key of the first public-private key pair, and receive a second public-private key pair sent by the application server, so as to jointly encrypt network interaction data related to the user side using the first public-private key pair and the second public-private key pair.
The above federation chain-based ue further includes: a response event unit (not shown in the figure), configured to send an event trigger request for registered information, receive an event trigger challenge that is sent by the application server and carries a character string, generate a response message corresponding to the event trigger challenge in response to the event trigger challenge, and send the response message to the application server, where the response message includes update information included in the event trigger request, a splicing result of the update information and the character string, and the first public key.
Because the information interaction, execution process, and other contents between the units in the device are based on the same concept as the method embodiment of the present invention, specific contents may refer to the description in the method embodiment of the present invention, and are not described herein again.
As shown in fig. 6, an embodiment of the present invention provides a federation chain-based registration system, including: the application server 601 and the user terminal 602.
Embodiments of the present invention provide a readable medium, which includes an execution instruction, and when a processor of a storage controller executes the execution instruction, the storage controller executes a method provided in any one of the above embodiments of the present invention.
An embodiment of the present invention provides a storage controller, including: a processor, a memory, and a bus; the memory is used for storing execution instructions, the processor is connected with the memory through the bus, and when the storage controller runs, the processor executes the execution instructions stored in the memory, so that the storage controller executes the method provided by any one of the above embodiments of the invention.
In summary, the above embodiments of the present invention have at least the following advantages:
1. in the embodiment of the invention, by receiving a registration request sent by a user side, the registration request comprises a first public key in a first public-private key pair generated by the user side, a user login account and a login password with a first private key signature in the first public-private key pair; verifying and signing the first public key, the user login account and the login password with the first private key signature; when the signature checking result indicates that the signature checking is successful, generating a corresponding alliance chain registration identifier for the user side, and broadcasting the alliance chain registration identifier to an alliance chain network; acquiring a registration result corresponding to a alliance chain registration identifier from an alliance chain network; when the registration result indicates that the registration is successful, a second public-private key pair distributed by the authentication and authorization mechanism in the alliance chain for the user side is analyzed from the registration result, and the registration message and the second public-private key pair are stored, so that the first public-private key pair and the second public-private key pair jointly encrypt network interaction data related to the user side, two public-private key pairs are obtained through the registration method, and the network interaction data related to the user side are jointly encrypted through the two public-private key pairs, and therefore the security of transaction information of the user or write-in data can be effectively improved.
2. In the embodiment of the invention, a hash value corresponding to the first public key is calculated by using a hash algorithm, and the hash value corresponding to the first public key indicates the alliance chain registration identifier; because the first public key corresponding to each user side is generally unique, the federation chain registration identification is indicated in this way, so that the one-to-one correspondence relationship between the federation chain registration identification and the user side is ensured, and meanwhile, the uniqueness of the federation chain registration identification is ensured.
3. In the embodiment of the invention, the identification code corresponding to the user login account is calculated through a calculation formula and the decimal ASCII code corresponding to each character in the user login account, and the first public key is spliced with the identification code corresponding to the user login account to obtain the initial registration code; and calculating a hash value corresponding to the initial registration code by using a hash algorithm, wherein the hash value corresponding to the initial registration code indicates the alliance chain registration identifier. The hash value corresponding to the initial registration code indicates the alliance chain registration identification, so that the one-to-one correspondence relationship between the alliance chain registration identification and the user side is further ensured, and meanwhile, the uniqueness of the alliance chain registration identification is further ensured.
4. In the embodiment of the invention, a corresponding character string is randomly generated for an event trigger request by receiving the event trigger request aiming at the registered information; sending the event trigger challenge carrying the character string to a user side to indicate the user side to respond to the event trigger challenge and generate a response message corresponding to the event trigger challenge; receiving a response message sent by a user side, and checking the response message, wherein the response message comprises update information, a splicing result of the update information and the character string and a first public key, wherein the update information, the splicing result of the character string and the first public key are included in the event trigger request; when the signature checking result indicates that the signature checking is successful, executing operation corresponding to the event trigger request, wherein the event trigger request can be any one of a login password modification request, a login account recovery request and a login password recovery request, and further operation on the registration message is realized, so that the registration message can be modified.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a" does not exclude the presence of other similar elements in a process, method, article, or apparatus that comprises the element.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it is to be noted that: the above description is only a preferred embodiment of the present invention, and is only used to illustrate the technical solutions of the present invention, and not to limit the protection scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims (5)

1. The registration method based on the alliance chain is applied to an application server and comprises the following steps:
receiving a registration request sent by a user side, wherein the registration request comprises a first public key in a first public-private key pair generated by the user side, a user login account and a login password with a first private key signature in the first public-private key pair;
verifying and signing the first public key, the user login account and the login password with the first private key signature;
when the signature checking result indicates that the signature checking is successful, generating a corresponding alliance chain registration identifier for the user side, and broadcasting the alliance chain registration identifier to an alliance chain network;
acquiring a registration result corresponding to the alliance chain registration identifier from the alliance chain network;
when the registration result indicates that the registration is successful, a second public-private key pair distributed by a certificate authority in the alliance chain for the user side is analyzed from the registration result, and the registration message and the second public-private key pair are stored, so that the first public-private key pair and the second public-private key pair jointly encrypt network interaction data related to the user side;
the generating a corresponding alliance chain registration identifier for the user side includes:
calculating a hash value corresponding to the first public key by using a hash algorithm, wherein the hash value corresponding to the first public key indicates the alliance chain registration identifier;
or,
calculating an identification code corresponding to the user login account by using the following calculation formula;
calculating the formula:
Figure FDA0003068532140000011
the K represents an identification code corresponding to the user login account; i represents the ith character in the user login account; n represents the total number of characters contained in the user login account; ASCII (Z)i) Representing a decimal ASCII code corresponding to an ith character in a user login account;
splicing the first public key with an identification code corresponding to the user login account to obtain an initial registration code;
and calculating a hash value corresponding to the initial registration code by using a hash algorithm, wherein the hash value corresponding to the initial registration code indicates the alliance chain registration identifier.
2. The federation chain-based registration method of claim 1, further comprising:
when an event trigger request aiming at registered information is received, randomly generating a corresponding character string for the event trigger request;
sending the event trigger challenge carrying the character string to the user side to indicate the user side to respond to the event trigger challenge and generate a response message corresponding to the event trigger challenge;
receiving the response message sent by the user side, and checking the signature of the response message, wherein the response message comprises the update information included in the event trigger request, the splicing result of the update information and the character string, and the first public key;
and when the signature verification result indicates that signature verification is successful, executing the operation corresponding to the event trigger request.
3. A federation chain-based registration method as recited in claim 2,
when the event-triggered request comprises a request to modify a login password,
the updated information is a new login password;
the operation corresponding to the event trigger request is to replace the original login password with the new login password;
and/or the presence of a gas in the gas,
when the event-triggered request comprises a modify login account request,
the updated information is a new login account;
the operation corresponding to the event trigger request is to replace the original login account with the new login account;
and/or the presence of a gas in the gas,
when the event-triggered request comprises a retrieve login account request,
the update information is an empty set;
the operation corresponding to the event trigger request is to send a login account to a user side;
and/or the presence of a gas in the gas,
when the event-triggered request comprises a retrieve login password request,
the updating information is an empty set or a new login password;
when the updating information is an empty set, the operation corresponding to the event triggering request is to send a login password to a user side;
and when the updated information is a new login password, replacing the original login password with the new login password by the operation corresponding to the event trigger request.
4. A federation chain-based registration method as claimed in claim 2 or 3,
the splicing result comprises a signature of the first private key.
5. The registration method based on the alliance chain is applied to a user side and comprises the following steps:
generating a first public-private key pair upon receiving a registration trigger;
sending a registration request to an application server, wherein the registration request comprises a first public key in the first public-private key pair, a user login account number and a login password with a first private key signature in the first public-private key pair;
receiving a second public-private key pair sent by the application server to jointly encrypt network interaction data related to the user terminal by using the first public-private key pair and the second public-private key pair;
further comprising:
sending an event trigger request for registered information;
receiving an event trigger challenge which is sent by the application server and carries a character string;
and responding to the event trigger challenge, generating a response message corresponding to the event trigger challenge, and sending the response message to the application server, wherein the response message comprises the update information included in the event trigger request, the splicing result of the update information and the character string, and the first public key.
CN201910537226.8A 2019-06-20 2019-06-20 Registration method, application server, user side and system based on alliance chain Active CN110233850B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910537226.8A CN110233850B (en) 2019-06-20 2019-06-20 Registration method, application server, user side and system based on alliance chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910537226.8A CN110233850B (en) 2019-06-20 2019-06-20 Registration method, application server, user side and system based on alliance chain

Publications (2)

Publication Number Publication Date
CN110233850A CN110233850A (en) 2019-09-13
CN110233850B true CN110233850B (en) 2021-08-31

Family

ID=67856974

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910537226.8A Active CN110233850B (en) 2019-06-20 2019-06-20 Registration method, application server, user side and system based on alliance chain

Country Status (1)

Country Link
CN (1) CN110233850B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112039848B (en) * 2020-08-05 2022-11-04 北京链飞未来科技有限公司 Web authentication method, system and device based on block chain public key digital signature
CN112636977B (en) * 2020-12-23 2022-09-27 四川虹微技术有限公司 Internet of things equipment management method, registration method, device and system and electronic equipment
CN113347208B (en) * 2021-07-20 2022-11-08 北京沃东天骏信息技术有限公司 Method and apparatus for determining network node
CN113709115B (en) * 2021-08-10 2023-06-06 亚信科技(成都)有限公司 Authentication method and device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104506534A (en) * 2014-12-25 2015-04-08 青岛微智慧信息有限公司 Safety communication secret key negotiation interaction scheme
CN108667618A (en) * 2018-05-10 2018-10-16 阿里巴巴集团控股有限公司 Data processing method, device, server and the system of block chain member management
CN109120609A (en) * 2018-08-02 2019-01-01 佛山鑫达智汇科技有限公司 Social information based on block chain reports method and apparatus
CN109150546A (en) * 2018-09-07 2019-01-04 全链通有限公司 The method for realizing the registration of block chain system of real name based on phone number
CN109862041A (en) * 2019-03-27 2019-06-07 深圳市网心科技有限公司 A kind of digital identification authentication method, unit, system and storage medium
CN109902480A (en) * 2019-03-01 2019-06-18 重庆邮电大学 A kind of efficient authentication method for alliance's chain

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101841566B1 (en) * 2016-10-11 2018-05-04 주식회사 코인플러그 Method for issuing, using, refunding, settling and revocating electric voucher using updated status of balance database by respective blocks in blockchain, and server using the same

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104506534A (en) * 2014-12-25 2015-04-08 青岛微智慧信息有限公司 Safety communication secret key negotiation interaction scheme
CN108667618A (en) * 2018-05-10 2018-10-16 阿里巴巴集团控股有限公司 Data processing method, device, server and the system of block chain member management
CN109120609A (en) * 2018-08-02 2019-01-01 佛山鑫达智汇科技有限公司 Social information based on block chain reports method and apparatus
CN109150546A (en) * 2018-09-07 2019-01-04 全链通有限公司 The method for realizing the registration of block chain system of real name based on phone number
CN109902480A (en) * 2019-03-01 2019-06-18 重庆邮电大学 A kind of efficient authentication method for alliance's chain
CN109862041A (en) * 2019-03-27 2019-06-07 深圳市网心科技有限公司 A kind of digital identification authentication method, unit, system and storage medium

Also Published As

Publication number Publication date
CN110233850A (en) 2019-09-13

Similar Documents

Publication Publication Date Title
CN110233850B (en) Registration method, application server, user side and system based on alliance chain
CN110691087B (en) Access control method, device, server and storage medium
US11336641B2 (en) Security enhanced technique of authentication protocol based on trusted execution environment
CN100432889C (en) System and method providing disconnected authentication
US8365988B1 (en) Dynamic credit card security code via mobile device
US20100122082A1 (en) User identity validation system and method
CN111130798B (en) Request authentication method and related equipment
CN104412273A (en) Method and system for activation
CN111884811B (en) Block chain-based data evidence storing method and data evidence storing platform
CN111080299B (en) Anti-repudiation method for transaction information, client and server
CN110708162B (en) Resource acquisition method and device, computer readable medium and electronic equipment
EP3796613B1 (en) Techniques for repeat authentication
CN112633884B (en) Local private key recovery method and device for transaction main body identity certificate
US20220216999A1 (en) Blockchain system for supporting change of plain text data included in transaction
CN112765626A (en) Authorization signature method, device and system based on escrow key and storage medium
CN101924734A (en) Identity authentication method and authentication device based on Web form
CN109818965B (en) Personal identity verification device and method
CN115276978A (en) Data processing method and related device
CN110868415A (en) Remote identity verification method and device
CN114297678A (en) Operation method, device, equipment and storage medium of union chain system
CN111445250B (en) Block chain key testing method and device
CN109302286B (en) Fido equipment key index generation method
CN108141367A (en) Code signing service
KR20120039133A (en) Apparatus and method that generates originality verification and certifies originality verification
KR101256114B1 (en) Message authentication code test method and system of many mac testserver

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant