CN111600716B

CN111600716B - Authentication method and device and electronic equipment

Info

Publication number: CN111600716B
Application number: CN202010393386.2A
Authority: CN
Inventors: 林立; 闫莺; 宋旭阳
Original assignee: Advanced New Technologies Co Ltd
Current assignee: Advanced New Technologies Co Ltd; Advantageous New Technologies Co Ltd
Priority date: 2018-10-26
Filing date: 2018-10-26
Publication date: 2023-09-29
Anticipated expiration: 2038-10-26
Also published as: CN109327312A; CN109327312B; WO2020082886A1; TW202016833A; CN111600716A

Abstract

One or more embodiments of the present disclosure provide an authentication method and apparatus, and an electronic device, where the method may include: the method comprises the steps that a server receives an authentication request, wherein the authentication request is initiated by a client for an event to be authenticated, and the event to be authenticated is declared to be related to a specified object; the server acquires a transaction event related to the event to be authenticated from a blockchain, and the transaction event is signed by a transaction association object through a pre-registered digital identity; and the server determines the entity identity of the transaction association object according to the signature of the transaction event, the pre-recorded mapping relation between the entity identity and the digital identity of each object, and is used for authenticating whether the appointed object is the transaction association object.

Description

Authentication method and device and electronic equipment

Technical Field

One or more embodiments of the present disclosure relate to the field of identity authentication technologies, and in particular, to an authentication method and apparatus, and an electronic device.

Background

In the related art, when an event is declared to be associated with a certain person or organization, it is often difficult to judge its authenticity, and even loss may be incurred as a result. Meanwhile, for a person or organization declared to be associated with the event, even if not actually associated, it may be regarded as a post-mortem right-maintaining object, causing unnecessary trouble and dispute.

Disclosure of Invention

In view of this, one or more embodiments of the present disclosure provide an authentication method and apparatus, and an electronic device.

In order to achieve the above object, one or more embodiments of the present disclosure provide the following technical solutions:

according to a first aspect of one or more embodiments of the present specification, there is provided an authentication method, comprising:

the method comprises the steps that a server receives an authentication request, wherein the authentication request is initiated by a client for an event to be authenticated, and the event to be authenticated is declared to be related to a specified object;

the server acquires a transaction event related to the event to be authenticated from a blockchain, and the transaction event is signed by a transaction association object through a pre-registered digital identity;

and the server determines the entity identity of the transaction association object according to the signature of the transaction event, the pre-recorded mapping relation between the entity identity and the digital identity of each object, and is used for authenticating whether the appointed object is the transaction association object.

According to a second aspect of one or more embodiments of the present specification, there is provided an authentication method comprising:

the method comprises the steps that a client initiates an authentication request to a server for an event to be authenticated so as to instruct the server to acquire a transaction event related to the event to be authenticated from a blockchain, wherein the transaction event is signed by a transaction association object through a pre-registered digital identity;

The client receives the entity identity of the transaction-related object for authenticating whether a specified object is the transaction-related object, wherein the specified object is declared to be related to the event to be authenticated, and the entity identity of the transaction-related object is determined by the server according to the signature of the transaction event, the pre-recorded mapping relationship between the entity identity and the digital identity of each object; or the client receives an identity authentication result returned by the server, wherein the identity authentication result is used for indicating whether the appointed object is the transaction association object.

According to a third aspect of one or more embodiments of the present specification, there is provided an authentication apparatus comprising:

a request receiving unit for enabling the server to receive an authentication request, wherein the authentication request is initiated by the client for an event to be authenticated, and the event to be authenticated is declared to be related to a specified object;

the event acquisition unit is used for enabling the server to acquire a transaction event related to the event to be authenticated from a blockchain, wherein the transaction event is signed by a transaction related object through a pre-registered digital identity;

and the identity determining unit is used for enabling the server to determine the entity identity of the transaction association object according to the signature of the transaction event, the pre-recorded mapping relation between the entity identity and the digital identity of each object, so as to be used for authenticating whether the appointed object is the transaction association object.

According to a fourth aspect of one or more embodiments of the present specification, there is provided an authentication apparatus comprising:

the request unit enables the client to initiate an authentication request to the server for an event to be authenticated so as to instruct the server to acquire a transaction event related to the event to be authenticated from a blockchain, wherein the transaction event is signed by a transaction association object through a pre-registered digital identity;

an identity receiving unit, configured to enable the client to receive an entity identity of the transaction-related object, for authenticating whether a specified object is the transaction-related object, where the specified object is declared to be related to the event to be authenticated, and the entity identity of the transaction-related object is determined by the server according to a signature of the transaction event, a pre-recorded mapping relationship between entity identities and digital identities of respective objects; or the client receives an identity authentication result returned by the server, wherein the identity authentication result is used for indicating whether the appointed object is the transaction association object.

According to a fifth aspect of one or more embodiments of the present specification, there is provided an electronic device, comprising:

A processor;

a memory for storing processor-executable instructions;

wherein the processor implements the method of the first aspect by executing the executable instructions.

According to a sixth aspect of one or more embodiments of the present specification, there is provided an electronic device comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor implements the method of the second aspect by executing the executable instructions.

Drawings

Fig. 1 is a flow chart of an authentication method provided by an exemplary embodiment.

Fig. 2 is a flow chart of another authentication method provided by an exemplary embodiment.

Fig. 3 is a schematic diagram of a registered digital identity provided by an exemplary embodiment.

Fig. 4 is a schematic diagram of an information certificate provided in an exemplary embodiment.

Fig. 5 is a schematic diagram of an authentication authorization scenario provided in an exemplary embodiment.

Fig. 6 is a schematic diagram of an apparatus according to an exemplary embodiment.

Fig. 7 is a block diagram of an authentication apparatus provided by an exemplary embodiment.

Fig. 8 is a schematic diagram of another apparatus according to an exemplary embodiment.

Fig. 9 is a block diagram of another authentication apparatus provided by an exemplary embodiment.

Detailed Description

Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with one or more embodiments of the present specification. Rather, they are merely examples of apparatus and methods consistent with aspects of one or more embodiments of the present description as detailed in the accompanying claims.

It should be noted that: in other embodiments, the steps of the corresponding method are not necessarily performed in the order shown and described in this specification. In some other embodiments, the method may include more or fewer steps than described in this specification. Furthermore, individual steps described in this specification, in other embodiments, may be described as being split into multiple steps; while various steps described in this specification may be combined into a single step in other embodiments.

Fig. 1 is a flow chart of an authentication method provided by an exemplary embodiment. As shown in fig. 1, the method applied to the server may include the following steps:

step 102, the server receives an authentication request, the authentication request is initiated by the client for an event to be authenticated, and the event to be authenticated is declared to be related to a specified object.

In one embodiment, the specified object is the object specified by the claim. The specified object may be a person, an organization (e.g., business, etc.), or both. The number of the specified objects may be one or more, which is not limited in this specification.

In an embodiment, the association relationship between the "event to be authenticated" and the "specified object" may be declared in any form, which is not limited in this specification. For example, the content of the "event to be authenticated" and the information of the "specified object" may be presented in the same image, for example, the image may be a propaganda poster, the content of the "event to be authenticated" is propaganda content in the poster, the information of the "specified object" is a celebrity photo in the poster, which is equivalent to declaring endorsement of the propaganda content in the celebrity poster; for another example, the content of the "event to be authenticated" and the information of the "specified object" may be printed on the same paper, for example, the paper may be a business card, the content of the "event to be authenticated" is job information in the business card, and the information of the "specified object" is a name in the business card, which is equivalent to declaring that the issuer of the business card (i.e. the user corresponding to the name) is in a corresponding job position.

Step 104, the server acquires a transaction event related to the event to be authenticated from the blockchain, wherein the transaction event is signed by a transaction related object through a pre-registered digital identity.

In an embodiment, the transaction related object may be registered in advance at the server to obtain a corresponding digital identity; or, the transaction association object may register at other service providers to obtain corresponding digital identities, and the other service providers may provide an identity authentication service to the service end, or open access rights to the obtained mapping relationship between entity identities and digital identities to the service end, so that the service end may implement identity authentication by itself.

In one embodiment, the transaction-related object may be an organization, and the organization may use its entity identity to register at the service end or other service provider to obtain a corresponding digital identity. The transaction association object may be an individual, and the individual may register at the server or other service provider with its own entity identity to obtain a corresponding digital identity; or when the person is an employee of a certain structure or has a certain association, the person can first obtain the authentication of a certain organization, obtain the signature implemented by the registered digital identity of the organization, which is equivalent to the organization endorsing the identity of the person, and then the person can register the corresponding digital identity at the service end or other service provider through the signature. Of course, the transaction-related object may also obtain the digital identity in other ways, which the present specification is not limited to.

In one embodiment, when there is a single transaction-associated object, the signature of the transaction event is a single signature; when there are multiple transaction-related objects, the signature of the transaction event is a multiple signature.

In an embodiment, the transaction-related object may be a publisher of the transaction event, that is, after the transaction-related object signs the transaction event, the transaction event is published to the blockchain (directly published to the blockchain through the blockchain node corresponding to the transaction-related object itself, or submitted to the server, and published to the blockchain through the blockchain node corresponding to the transaction-related object itself by the server).

In one embodiment, the transaction-related object is not the publisher of the transaction event, and the transaction-related object may sign the transaction event and then submit the transaction event to the publisher to be published into the blockchain; the transaction association object can respectively authenticate the issuer and the transaction event, such as confirming that the issuer is true and reliable in identity, confirming that the transaction event is true and reliable in content, and signing the transaction event after the issuer is confirmed to pass authentication, otherwise, not signing. When the identity of the issuing party is authenticated, the issuing party and the transaction association object can be limited to have a preset association relationship, for example, the transaction association object is an enterprise, the issuing party is an internal employee of the enterprise, for example, the transaction association object is a person, the issuing party is an address book friend of the transaction association object, and the like.

In one embodiment, the publisher may publish transaction events into the blockchain through its own corresponding blockchain node.

In one embodiment, the issuer may submit the transaction event to the server, and the server issues the transaction event to the blockchain through its corresponding blockchain node. The server side can verify the identity of the publisher and the content of the transaction event: if the signature contained in the transaction event is the signature of the publisher and the identity of the publisher is registered to the server or other service providers, the server can consider that the identity of the publisher and the content of the transaction event are both true and reliable and can be published to the blockchain; if the signature included in the transaction event is the signature of the transaction association object outside the issuer, the server can verify whether the preset association relationship exists between the issuer and the transaction association object, for example, the transaction association object is an enterprise, the issuer is an internal employee of the enterprise, for example, the transaction association object is a person, the issuer is a contact list friend of the transaction association object, and the like, when the preset association relationship exists, the identity of the issuer and the content of the transaction event can be considered to be true and reliable, and the issuer can be issued to the blockchain, otherwise, the identity of the issuer is considered to be not authenticated and the issuer is refused to be issued to the blockchain.

The server can inquire the digital identity registered in advance by the publisher; when the digital identity of the issuer is registered based on the signature provided by the transaction association object to the issuer, the server determines that the preset association relationship exists. For example, the issuer may request that the transaction association object authenticate its entity identity in advance, and the transaction association object may provide a digital signature (signed by the private key of the transaction association object) to the issuer after recognizing the entity identity of the issuer, and the issuer may register its own digital identity based on the digital signature, so that the issuer's digital identity has established an association with the digital identity of the transaction association object at the time of registration. Then, after receiving the transaction event submitted by the publisher, the server may verify the identity of the publisher and the content of the transaction event based on the association relationship.

In one embodiment, the transaction (transfer) described in this specification refers to a piece of data that a user creates through a client of the blockchain and needs to be eventually published into the blockchain's distributed database. The transaction in the blockchain can refer to a transaction data with a business intention, which is issued to the blockchain by a user; for example, an operator may build a federation chain based on actual business requirements, rely on the federation chain to deploy some online business (e.g., authentication business, rental business, vehicle dispatch business, insurance claim business, credit service, medical service, etc.), and in such a federation chain, the transaction may be a business message or business request with business intent issued by the user in the federation chain.

In one embodiment, by storing the transaction event in the blockchain, the content of the transaction event can be ensured to be safe and reliable and not tampered, and can be verified from the blockchain account book at any time, so that the method has extremely high reliability and credibility.

In an embodiment, the server may obtain transaction anchoring information, which is declared to be related to the event to be authenticated; and then, the server acquires a transaction event corresponding to the transaction anchoring information from the blockchain to serve as a transaction event related to the event to be authenticated. For example, when a transaction event is issued to the blockchain based on a transaction, the transaction anchoring information may be a transaction serial number or the like; for another example, when the transaction event is generated as a smart contract in a blockchain, the transaction anchoring information may be information such as a name of the smart contract, a transaction serial number corresponding to the smart contract, and the like.

In an embodiment, the server may obtain the event content of the transaction event, so as to authenticate the consistency between the transaction event and the event to be authenticated, so as to ensure that the transaction event can be used to implement identity authentication related to the event to be authenticated. In particular, when the server side obtains the transaction event through the transaction anchoring information, the error guiding to the server side after the lawbreaker changes the transaction anchoring information can be avoided. For example, for a propaganda poster containing a celebrity photo, transaction anchoring information can be presented in the propaganda poster in a form such as a two-dimensional code, and if an illegal person anchors the two-dimensional code as a transaction event obtained by signing other events by the celebrity, illegal actions of the illegal person can be accurately identified by checking event content of the transaction event, so that erroneous judgment is avoided.

In an embodiment, the server may invoke an intelligent contract for authenticating the agreement between the transaction event and the event to be authenticated; similar to the above embodiment, the present embodiment can also ensure that the transaction event can be used to implement identity authentication related to the event to be authenticated, but the operation of judging the consistency can be automatically completed by the smart contract instead of being completed by the server, so as to reduce the processing pressure of the server, and can also ensure the objectivity and fairness of the authentication result based on the automatic execution characteristic of the smart contract.

In one embodiment, the server may return the event content of the transaction event to the client for the client (or its user) to learn details or for it to verify the consistency between the transaction event and the event to be authenticated.

And 106, the server determines the entity identity of the transaction association object according to the signature of the transaction event, the pre-recorded mapping relationship between the entity identity and the digital identity of each object, so as to be used for authenticating whether the appointed object is the transaction association object.

In an embodiment, by acquiring a transaction event related to an event to be authenticated and verifying a signature for the transaction event, whether the declared relationship between the event to be authenticated and the specified object is authentic or not can be accurately determined, for example, when a poster contains a celebrity photo, whether the celebrity is truly endorsed by the promotional content on the poster can be determined, for example, whether the job position contained on the business card is authentic or not can be determined.

In an embodiment, the server may send the determined entity identity of the transaction-related object to the client, so that the client or its user compares the entity identity of the transaction-related object with the entity identity of the specified object to determine whether the two are consistent.

In an embodiment, the server may actively compare the entity identity of the transaction-related object with the entity identity of the specified object, thereby authenticating whether the specified object is the transaction-related object, and further returning an authentication result to the client. The authentication result may only include a "match" determination result, or may further include an entity identity of the transaction association object, so that the client (or a user thereof) may learn details, or verify the determination result.

Fig. 2 is a flow chart of another authentication method provided by an exemplary embodiment. As shown in fig. 2, the method applied to the client may include the following steps:

step 202, a client initiates an authentication request to a server for an event to be authenticated, so as to instruct the server to acquire a transaction event related to the event to be authenticated from a blockchain, wherein the transaction event is signed by a transaction association object through a pre-registered digital identity.

In one embodiment, the transaction (transfer) described in this specification refers to a piece of data that a user creates through a client of the blockchain and needs to be eventually published into the blockchain's distributed database. Wherein, the transaction in the blockchain can refer to a business data with business intention issued by a user to the blockchain; for example, an operator may build a federation chain based on actual business requirements, rely on the federation chain to deploy some online business (e.g., authentication business, rental business, vehicle dispatch business, insurance claim business, credit service, medical service, etc.), and in such a federation chain, the transaction may be a business message or business request with business intent issued by the user in the federation chain.

In an embodiment, the client may identify a barcode pattern (e.g., a barcode, a two-dimensional code, etc.) associated with the event to be authenticated, to obtain transaction anchoring information; the client may then upload the transaction anchoring information to the server to obtain the transaction event from the blockchain by the server. For example, when a transaction event is issued to the blockchain based on a transaction, the transaction anchoring information may be a transaction serial number or the like; for another example, when the transaction event is generated as a smart contract in a blockchain, the transaction anchoring information may be information such as a name of the smart contract, a transaction serial number corresponding to the smart contract, and the like.

Step 204, the client receives the entity identity of the transaction-related object, for authenticating whether a specified object is the transaction-related object, wherein the specified object is declared to be related to the event to be authenticated, and the entity identity of the transaction-related object is determined by the server according to the signature of the transaction event, the pre-recorded mapping relationship between the entity identity and the digital identity of each object; or the client receives an identity authentication result returned by the server, wherein the identity authentication result is used for indicating whether the appointed object is the transaction association object.

In an embodiment, the client may receive the event content of the transaction event returned by the server, so as to be used for authenticating consistency between the transaction event and the event to be authenticated, so as to ensure that the transaction event can be used for implementing identity authentication related to the event to be authenticated. In particular, when the server side obtains the transaction event through the transaction anchoring information, the error guiding to the server side after the lawbreaker changes the transaction anchoring information can be avoided. For example, for a propaganda poster containing a celebrity photo, transaction anchoring information can be presented in the propaganda poster in a form such as a two-dimensional code, and if an illegal person anchors the two-dimensional code as a transaction event obtained by signing other events by the celebrity, illegal actions of the illegal person can be accurately identified by checking event content of the transaction event, so that erroneous judgment is avoided. For example, when the transaction event is inconsistent with the event to be authenticated, it is indicated that the transaction event is not a transaction event related to the event to be authenticated, and thus the client may determine that the specified object is not a transaction-related object of the transaction event related to the event to be authenticated.

In an embodiment, the client may receive a content authentication result returned by the server, where the content authentication result is used to indicate consistency between the transaction event and the event to be authenticated. In other words, the server may authenticate the consistency between the transaction event and the event to be authenticated, and obtain the content authentication result, so as to inform the client. Further, the client may also receive the event content of the transaction event returned by the server, so that the client (or the user thereof) may learn about the details, or verify the consistency between the transaction event and the event to be authenticated.

Fig. 3 is a schematic diagram of a registered digital identity provided by an exemplary embodiment. As shown in fig. 3, the authentication mechanism (specifically, may be a server side application program running on an electronic device corresponding to the authentication mechanism) may provide a registration function of a digital identity through means of entity authentication, data analysis, indirect authentication, and so on.

Taking enterprise AA as an example, materials and information required for registration can be provided to a certification authority, and the certification authority can assign a corresponding digital identity, such as enterprise digital identity 1, to the enterprise AA after verification is passed; meanwhile, the certification authority can record the mapping relationship between the enterprise entity identity 1 of the enterprise AA and the enterprise digital identity 1, so as to facilitate the subsequent implementation of identity certification. The certification authority also issues a public-private key pair to the enterprise AA for the enterprise AA to generate a digital signature (or electronic signature) that characterizes its enterprise digital identity 1.

Similarly, enterprise BB may register with the certificate authority and obtain a corresponding digital identity, such as enterprise digital identity 2. Meanwhile, the certification authority may record the mapping relationship between the entity identity 2 of the enterprise BB and the digital identity 2 of the enterprise, and issue a public-private key pair for generating a digital signature to the enterprise BB.

Similar to the process of registering digital identities for enterprise AA, enterprise BB, individuals may also register corresponding digital identities with a certification authority in a similar manner. For example, user A may provide the required materials and information for registration to a certification authority, which upon verification may assign a corresponding digital identity, such as user digital identity 1, to user A. Meanwhile, the authentication mechanism can record the mapping relation between the user entity identity 1 of the user A and the user digital identity 1 so as to facilitate the subsequent implementation of identity authentication. The certification authority also issues a public-private key pair to user a for user a to generate a digital signature that characterizes its user's digital identity 1.

In addition to registering with the certification authority to obtain the digital identity in a similar manner to the user a, if there is some association between the user B and the enterprise BB, for example, the user B is an employee of the enterprise BB, the user B may complete the registration by the enterprise BB. For example, user B may present authentication to enterprise BB, which tends to be simplified compared to direct registration with the authentication structure, where enterprise BB confirms that user B can provide a digital signature to user B after authentication, such as enterprise digital signature 2 generated by a private key; and user B may register with the certification authority based on the enterprise digital signature 2 to obtain a digital identity assigned by the certification authority, such as user digital identity 2. Meanwhile, the certification authority may record a mapping relationship between the user entity identity 2 of the user B and the user digital identity 2, and issue a public-private key pair for generating a digital signature to the user B.

Based on the above description, any enterprise, person, etc. may register with the certification authority, so that the certification authority may record the mapping relationship between the entity identity of each enterprise or person and the assigned digital identity, respectively, and issue a public-private key pair for generating a digital signature.

The authentication scheme of the present specification will be described in detail below with reference to fig. 4 to 5, taking celebrity endorsement information on a promotional poster as an example.

Fig. 4 is a schematic diagram of an information certificate provided in an exemplary embodiment. As shown in fig. 4, assuming that the user a is a celebrity, when the user a agrees to the xxx to authorize the production of a promotional poster, that is, the user a agrees to the xxx endorse, the user a can store the related information in the blockchain.

In an embodiment, the user device 1 used by the user a may be any type of mobile phone, tablet, personal computer, etc., which is not limited in this specification. Through the client side application program running on the user equipment 1, the user A can finish the operation of storing the related information to the blockchain. For example, the user a may generate certification information such as "i'm grant xxx" on the user device 1 and sign the certification information by calling a private key issued by the certification authority, for example, to obtain a corresponding digital signature of sig_u1. Before invoking the private key to generate the signature, authentication, such as password authentication, input habit authentication or physiological feature authentication based on fingerprint, voiceprint, face, iris and the like, can be performed on the user A, and the signature is allowed to be generated after the authentication is passed, otherwise, the signature is not allowed to be generated.

Of course, for the generation of the attestation information "i'm grant xxx" and the digital signature sig_u1, this may in fact be done by the certification authority, whereas the user device 1 may be used only for providing an interactive interface to the user a, for authentication of the user a (in particular authentication based on physiological characteristics; of course, for password authentication, input habit authentication, etc., this may also be done by the certification authority), and for data transmission with the certification authority, so that the user a may instruct the certification authority to generate attestation information and digital signatures.

In one embodiment, user device 1 may be configured as a blockchain node in the blockchain, then the user device 1 may submit a blockchain transaction to the blockchain [ i delegate xxx; sig_u1], such that the blockchain transaction [ i delegates xxx; SIG_U1 is recorded in a blockchain ledger maintained uniformly for each blockchain link point.

In an embodiment, the user equipment 1 is not configured as a blockchain node, and then the user equipment 1 may submit the blockchain transaction [ i'm grant xxx ] to the blockchain by sending the certification information "i'm grant xxx" and the digital signature sig_u1 to the blockchain node; sig_u1], can also cause the blockchain transaction [ i delegate xxx ]; SIG_U1 is recorded in a blockchain ledger maintained uniformly for each blockchain link point. For example, the certification authority may be configured as a blockchain node, and through a client-side application running on the user device 1, a server-side application running at the certification authority, the user device 1 may send the certification information "i'm grant xxx" and the digital signature sig_u1 to the certification authority, and submit the blockchain transaction [ i'm grant xxx ] described above to the blockchain by the certification authority; SIG_U1].

In one embodiment, xxx is authorized for published blockchain transactions; sig_u1], a corresponding access interface may be formed to facilitate access during subsequent authentication. For example, the access interface may be presented in the form of a two-dimensional code, and the blockchain node may send the two-dimensional code to a production organization (e.g., enterprise AA) of the promotional poster, so that the enterprise AA may add the two-dimensional code to the promotional poster.

When the user B views the propaganda poster as shown in fig. 4, according to the xxx product advertised by the propaganda poster and the photo of the user a, it will naturally be assumed that the user a may endorse the xxx product, but may also be an illegal person randomly uses the photo of the user a, and the user B may authenticate through the two-dimensional code on the propaganda poster to determine whether the user a really authorizes endorsing the xxx product.

Fig. 5 is a schematic diagram of an authentication authorization scenario provided in an exemplary embodiment. As shown in fig. 5, assuming that an application program on the client side is running on the electronic device 2 used by the user B, the camera module on the electronic device 2 may be called to scan the two-dimensional code on the propaganda poster as shown in fig. 4, and the identified scanned two-dimensional code content is uploaded to the authentication mechanism for authentication processing by the authentication mechanism.

In an embodiment, the two-dimensional code scanning content includes the access interface information generated in the embodiment shown in fig. 4, and the certification authority may query the blockchain ledger based on the two-dimensional code scanning content:

in the first case, the certification authority may not be able to query any blockchain transaction, indicating that the two-dimensional code on the propaganda poster is a useless information randomly set by an lawbreaker, and the user a does not issue certification information to the blockchain for authorizing the xxx product, so that the certification authority may determine that the certification is failed, i.e. the user a is not authorized.

In the second case, the certification authority may access to a corresponding blockchain transaction, where the blockchain transaction does not include a digital signature or includes a digital signature that is not sig_u1 corresponding to the user a, which indicates that the two-dimensional code on the propaganda poster is impersonation information randomly set by an lawbreaker, and the user a does not issue proof information to the blockchain for authorizing the xxx product, so the certification authority may determine that the certification is failed, that is, the user a is not authorized.

In a third instance, the certification authority may access a corresponding blockchain transaction having a digital signature sig_u1 contained therein, and the certification authority may determine that the digital signature sig_u1 corresponds to user a based on the mapping relationship recorded in fig. 3 and the issuing records of the public-private key pair. Then the blockchain transaction has a certain probability of containing proof information that user a authorizes the xxx product; however, with some probability, the blockchain transaction may contain proof information that user a authorizes other products, rather than authorization information for xxx products, so that the certification authority may further certify the content contained in the blockchain transaction to ensure that the proof information contained therein is "i'm authorized xxx" or a similar description, rather than unrelated content such as "i'm authorized yyy".

In an embodiment, the certification authority may return certification information to the user equipment 2 so that the user equipment 2 may present the relevant content to the user B. For example, when the blockchain transaction accessed by the authentication structure does include the certification information "i'm grant xxx" and the digital signature sig_u1, the authentication information may include the certification information "i'm grant xxx" and the entity identity "user a" corresponding to the digital signature sig_u1 (the digital signature may reflect the digital identity, and further, in combination with the mapping relationship between the digital identity and the entity identity, the entity identity may be determined) as shown in fig. 5.

In an embodiment, the authentication information may further include authentication conclusion, such as "authenticated" or "authorized", "not authenticated" or "unauthorized", etc. Of course, the authentication conclusion is not necessary; even if the authentication information only includes content included in the blockchain transaction, entity information corresponding to the included digital signature, and the like, the user B can determine whether the user a is authorized by checking the authentication information and combining the content in the promotional poster. For example, when the authentication information contains "no authorization information is queried", "my authorization yyy", "signature: user C, "unsigned," etc., user B may determine that user a does not authorize the xxx product.

Similar to the embodiment of the "propaganda poster" described above, the technical solution of the present disclosure may obviously also be applied in many other scenarios, and may be used to implement a fast and accurate authentication operation.

For example, user B wishes to document a job on his business card to indicate the authenticity of that job. Assuming that user B belongs to the board of enterprise AA, the chairman of enterprise BB, and the CEO of enterprise CC at the same time, user B may record job information "user B" on the business card: the enterprise AA-board, the enterprise BB-chairman and the enterprise CC-CEO' are respectively handed over by each enterprise for authentication, and each enterprise can sign by a private key held by the enterprise after passing the authentication, so that the user B can obtain a multiple digital signature SIG_M of the job information. Then, the user B may submit a blockchain transaction including the job information and the multiple digital signature sig_m to the blockchain ledger through the user device 2, and the user B may obtain an access interface for the blockchain transaction and print a two-dimensional code corresponding to the access interface on the business card of the user B.

Then, when the user B distributes the business card to the user X, the user X may request the authentication mechanism to authenticate by scanning the two-dimensional code on the business card. While the certification authority may query the blockchain for a corresponding blockchain transaction that contains job information "user B" by way of an embodiment such as that shown in fig. 5: enterprise AA-board, enterprise BB-chairman, enterprise CC-CEO ", and multiple digital signatures sig_m corresponding to enterprise AA, enterprise BB, and enterprise CC, the certification authority may store this job information" user B: and the information of the enterprise AA, the enterprise BB and the enterprise CC corresponding to the multiple digital signatures SIG_M, namely the enterprise AA-board, the enterprise BB-chairman and the enterprise CC-CEO, is returned to the user X, so that the user X determines the authenticity of the position information actually marked on the business card.

For example, when the business card is marked with a board where user B is the board of enterprise AA, a chairman of enterprise BB, and a CEO of enterprise CC, the business card content is declared to be related to enterprise AA, enterprise BB, enterprise CC, and enterprise DD; then, if the blockchain transaction includes signatures of enterprise AA, enterprise BB and enterprise CC, and the job position marked on the business card is consistent with the job position information included in the blockchain transaction, the job position information marked on the business card may be considered to be authentic. However, if the signature information is inconsistent or the job information is inconsistent, then the job information marked on the business card may be unrealistic.

Fig. 6 is a schematic block diagram of an apparatus provided in an exemplary embodiment. Referring to fig. 6, at the hardware level, the device includes a processor 602, an internal bus 604, a network interface 606, a memory 608, and a non-volatile storage 610, although other hardware required by other services is possible. The processor 602 reads a corresponding computer program from the nonvolatile memory 610 into the memory 608 and then runs to form an authentication device at a logic level. Of course, in addition to software implementation, one or more embodiments of the present disclosure do not exclude other implementation manners, such as a logic device or a combination of software and hardware, etc., that is, the execution subject of the following processing flow is not limited to each logic unit, but may also be hardware or a logic device.

Referring to fig. 7, in a software implementation, the authentication device may include:

a request receiving unit 701, configured to cause a server to receive an authentication request, the authentication request being initiated by a client for an event to be authenticated, the event to be authenticated being declared to be related to a specified object;

an event obtaining unit 702, configured to enable the server to obtain a transaction event related to the event to be authenticated from a blockchain, where the transaction event is signed by a transaction association object through a pre-registered digital identity;

the identity determining unit 703 determines the entity identity of the transaction-related object according to the signature of the transaction event, the mapping relationship between the entity identity and the digital identity of each pre-recorded object, so as to be used for authenticating whether the specified object is the transaction-related object.

Optionally, the event obtaining unit 702 is specifically configured to:

the server acquires transaction anchoring information which is declared to be related to the event to be authenticated;

and the server acquires the transaction event corresponding to the transaction anchoring information from the blockchain to serve as the transaction event related to the event to be authenticated.

Optionally, the content acquisition unit 704 or the contract invoking unit 705 is further included; wherein:

the content acquiring unit 704 is configured to enable the server to acquire event content of the transaction event, so as to be used for authenticating consistency between the transaction event and the event to be authenticated;

the contract calling unit 705 is configured to cause the server to call an intelligent contract, where the intelligent contract is used to authenticate consistency between the transaction event and the event to be authenticated.

Optionally, the method further comprises:

and an authentication unit 706, configured to cause the server to authenticate whether the specified object is the transaction-related object, so as to return an authentication result to the client.

Optionally, the method further comprises:

and a return unit 707 for making the server return the entity identity of the transaction association object and/or the event content of the transaction event to the client.

Alternatively to this, the method may comprise,

the transaction event is published to a blockchain by the transaction-related object;

alternatively, after the transaction-related object signs the transaction event, the transaction event is published to the blockchain by a publisher distinct from the transaction-related object.

Alternatively to this, the method may comprise,

the transaction event is issued to a blockchain by the issuer through a corresponding blockchain node of the issuer;

Alternatively, the apparatus further comprises: the issuing unit 708 enables the server to receive the transaction event submitted by the issuer and issue the transaction event to a blockchain through a blockchain link point corresponding to the server.

Optionally, the method further comprises:

a verification unit 709, configured to enable the server to verify whether a preset association relationship exists between the issuer and a transaction association object corresponding to a signature included in the transaction event;

when the preset association relationship exists, the issuing unit 708 causes the server to issue the transaction event to a blockchain.

Optionally, the verification unit 709 is specifically configured to:

the server side inquires the digital identity pre-registered by the publisher;

when the digital identity of the issuer is registered based on the signature provided by the transaction association object to the issuer, the server judges that the preset association relationship exists.

Fig. 8 is a schematic block diagram of an apparatus according to an exemplary embodiment. Referring to fig. 8, at the hardware level, the device includes a processor 802, an internal bus 804, a network interface 806, a memory 808, and a non-volatile storage 810, although other hardware required by the service is also possible. The processor 802 reads a corresponding computer program from the nonvolatile memory 810 into the memory 808 and then runs, forming an authentication device at a logic level. Of course, in addition to software implementation, one or more embodiments of the present disclosure do not exclude other implementation manners, such as a logic device or a combination of software and hardware, etc., that is, the execution subject of the following processing flow is not limited to each logic unit, but may also be hardware or a logic device.

Referring to fig. 9, in a software implementation, the authentication device may include:

a request unit 901, configured to enable a client to initiate an authentication request to a server for an event to be authenticated, so as to instruct the server to acquire a transaction event related to the event to be authenticated from a blockchain, where the transaction event is signed by a transaction association object through a pre-registered digital identity;

an identity receiving unit 902, configured to enable the client to receive an entity identity of the transaction-related object, for authenticating whether a specified object is the transaction-related object, where the specified object is declared to be related to the event to be authenticated, and the entity identity of the transaction-related object is determined by the server according to a signature of the transaction event, a pre-recorded mapping relationship between entity identities and digital identities of respective objects; or the client receives an identity authentication result returned by the server, wherein the identity authentication result is used for indicating whether the appointed object is the transaction association object.

Optionally, the method further comprises:

the identification unit 903 is configured to enable the client to identify a barcode pattern associated with the event to be authenticated, so as to obtain transaction anchoring information;

An uploading unit 904, configured to cause the client to upload the transaction anchoring information to the server, so that the server obtains the transaction event from a blockchain.

Optionally, a content receiving unit 905 or a result receiving unit 906 is further included; wherein:

the content receiving unit 905 is configured to enable the client to receive the event content of the transaction event returned by the server, so as to be used for authenticating consistency between the transaction event and the event to be authenticated;

the result receiving unit 906 is configured to enable the client to receive a content authentication result returned by the server, where the content authentication result is used to indicate consistency between the transaction event and the event to be authenticated.

The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. A typical implementation device is a computer, which may be in the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email device, game console, tablet computer, wearable device, or a combination of any of these devices.

In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.

Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, read only compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic disk storage, quantum memory, graphene-based storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by the computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.

The foregoing describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.

The terminology used in the one or more embodiments of the specification is for the purpose of describing particular embodiments only and is not intended to be limiting of the one or more embodiments of the specification. As used in this specification, one or more embodiments and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.

It should be understood that although the terms first, second, third, etc. may be used in one or more embodiments of the present description to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of one or more embodiments of the present description. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "responsive to a determination", depending on the context.

The foregoing description of the preferred embodiment(s) is (are) merely intended to illustrate the embodiment(s) of the present invention, and it is not intended to limit the embodiment(s) of the present invention to the particular embodiment(s) described.

Claims

1. An authentication method, comprising:

the server acquires a blockchain transaction which is related to the event to be authenticated and meets consistency from a blockchain, and the blockchain transaction is signed by a transaction association object through a pre-registered digital identity;

and the server determines the entity identity of the transaction association object submitting the blockchain transaction according to the signature and the mapping relation between the entity identity and the digital identity of each pre-recorded object, and authenticates whether the appointed object is the transaction association object based on the entity identity.

2. The method of claim 1, the server obtaining, from a blockchain, blockchain transactions related to the event to be authenticated, comprising:

and the server acquires the blockchain transaction corresponding to the transaction anchoring information from the blockchain to serve as the blockchain transaction related to the event to be authenticated.

3. The method of claim 1, the server determining a correspondence between the blockchain transaction and the event to be authenticated by:

the server side obtains transaction content of the blockchain transaction and authenticates consistency between the blockchain transaction and the event to be authenticated through the transaction content;

or the server side invokes an intelligent contract and authenticates the consistency between the blockchain transaction and the event to be authenticated through the intelligent contract;

or the service end returns the transaction content of the blockchain transaction to the client end and receives an authentication result of the client end based on the consistency between the blockchain transaction and the event to be authenticated.

4. The method of claim 1, further comprising:

and the server side authenticates whether the appointed object is the transaction association object or not so as to return an authentication result to the client side.

5. The method of claim 1, further comprising:

and the server returns the entity identity of the transaction association object and/or the transaction content of the blockchain transaction to the client.

6. The method according to claim 1,

the blockchain transaction is issued to the blockchain by the transaction-related object;

alternatively, after the transaction-related object signs the blockchain transaction, the blockchain transaction is published to the blockchain by a publisher distinct from the transaction-related object.

7. The method according to claim 6, wherein the method comprises,

the blockchain transaction is issued to the blockchain by the issuer through the corresponding blockchain node of the issuer;

alternatively, the method further comprises: the server receives the blockchain transaction submitted by the publisher and publishes the blockchain transaction to a blockchain through a corresponding blockchain link point.

8. The method of claim 6, the blockchain transaction being signed by a transaction-associated object by a pre-registered digital identity; the method further comprises the steps of:

the server verifies whether a preset association relationship exists between the issuer and a transaction association object corresponding to a signature contained in the blockchain transaction;

When the preset association relation exists, the server issues the blockchain transaction to a blockchain.

9. The method of claim 8, wherein the server verifying whether a preset association relationship exists between the issuer and a transaction association object corresponding to a signature included in the blockchain transaction includes:

the server side inquires the digital identity pre-registered by the publisher;

when the digital identity of the issuer is registered based on the signature provided by the transaction association object to the issuer, the server determines that the preset association relationship exists.

10. The method according to any one of claim 1 to 9,

the transaction association object is an organization or a person, and the digital identity is obtained by registering the organization or the person at the service end or other service providers by using the entity identity of the organization or the person;

or the transaction association object is an employee of any institution or a person having a preset association relationship with any institution, the digital identity is obtained by registering the employee or the person at the service end or other service provider through an endorsement signature, and the endorsement signature is generated by any institution after confirming that the employee or the person passes authentication based on the digital identity registered by the any institution.

11. An authentication method, comprising:

the client initiates an authentication request to the server for an event to be authenticated so as to instruct the server to acquire a blockchain transaction which is related to the event to be authenticated and meets consistency from a blockchain, wherein the blockchain transaction is signed by a transaction association object through a pre-registered digital identity;

the client determines the entity identity of the transaction association object according to the signature and the mapping relation between the entity identity and the digital identity of each object, and authenticates whether a specified object is the transaction association object or not based on the entity identity, wherein the specified object is declared to be related to the event to be authenticated; or the client receives an identity authentication result obtained by the server based on the entity identity authentication of the transaction association object submitting the blockchain transaction, wherein the entity identity is determined based on the signature and the mapping relationship between the entity identity and the digital identity of each object, and the identity authentication result is used for indicating whether the appointed object is the transaction association object.

12. The method of claim 11, further comprising:

The client identifies a bar code pattern associated with the event to be authenticated to obtain transaction anchoring information;

the client uploads the transaction anchoring information to the server to obtain the blockchain transaction from the blockchain by the server.

13. The method of claim 11, the client determining a correspondence between the blockchain transaction and the event to be authenticated by:

the client determines the consistency between the blockchain transaction and the event to be authenticated according to the received event information returned by the server;

the event information comprises transaction content or content authentication results of the blockchain transaction, wherein the content authentication results are used for indicating consistency between the blockchain transaction and the event to be authenticated.

14. The method according to claim 11,

15. An authentication apparatus comprising:

the event acquisition unit is used for enabling the server to acquire a blockchain transaction which is related to the event to be authenticated and meets consistency from a blockchain, and the blockchain transaction is signed by a transaction association object through a pre-registered digital identity;

and the identity determining unit is used for enabling the server to determine the entity identity of the transaction association object submitting the blockchain transaction according to the signature and the mapping relation between the entity identity and the digital identity of each pre-recorded object, and authenticating whether the appointed object is the transaction association object based on the entity identity.

16. The apparatus of claim 15, the event acquisition unit is specifically configured to:

17. The apparatus of claim 15, the apparatus further comprising: a content determination unit, a contract determination unit, or a consistency reception unit; wherein:

the content determining unit is used for enabling the server to acquire transaction content of the blockchain transaction and authenticating consistency between the blockchain transaction and the event to be authenticated through the transaction content;

the contract determining unit is used for enabling the server to call an intelligent contract and authenticating consistency between the blockchain transaction and the event to be authenticated through the intelligent contract;

the consistency receiving unit is used for enabling the server side to return transaction content of the blockchain transaction to the client side and receiving an authentication result of the client side on consistency between the blockchain transaction and the event to be authenticated based on the transaction content.

18. The apparatus of claim 15, further comprising:

and the authentication unit enables the server to authenticate whether the appointed object is the transaction association object or not so as to return an authentication result to the client.

19. The apparatus of claim 15, further comprising:

and the return unit is used for enabling the server side to return the entity identity of the transaction association object and/or the transaction content of the blockchain transaction to the client side.

20. An apparatus according to claim 15,

21. An apparatus according to claim 20,

alternatively, the apparatus further comprises: and the issuing unit enables the server to receive the blockchain transaction submitted by the issuing party and issues the blockchain transaction to a blockchain through the corresponding blockchain link point.

22. The apparatus of claim 21, the blockchain transaction being signed by a transaction-associated object by a pre-registered digital identity; the apparatus further comprises:

the verification unit is used for enabling the server to verify whether a preset association relationship exists between the issuing party and a transaction association object corresponding to a signature contained in the blockchain transaction;

when the preset association relation exists, the issuing unit enables the server to issue the blockchain transaction to the blockchain.

23. The apparatus according to claim 22, the verification unit being specifically configured to:

the server side inquires the digital identity pre-registered by the publisher;

24. The apparatus of any one of claim 15 to 23,

25. An authentication apparatus comprising:

the request unit enables the client to initiate an authentication request to the server for an event to be authenticated so as to instruct the server to acquire the blockchain transaction which is related to the event to be authenticated and meets consistency from the blockchain, wherein the blockchain transaction is signed by a transaction association object through a pre-registered digital identity;

An identity receiving unit, configured to enable the client to determine an entity identity of the transaction-related object according to the signature and a mapping relationship between the entity identity and a digital identity of each object, and authenticate whether a specified object is the transaction-related object based on the entity identity, where the specified object is declared to be related to the event to be authenticated; or the client receives an identity authentication result obtained by the server based on the entity identity authentication of the transaction association object submitting the blockchain transaction, wherein the entity identity is determined based on the signature and the mapping relationship between the entity identity and the digital identity of each object, and the identity authentication result is used for indicating whether the appointed object is the transaction association object.

26. The apparatus of claim 25, further comprising:

the identification unit enables the client to identify the bar code pattern associated with the event to be authenticated, and transaction anchoring information is obtained;

and the uploading unit is used for enabling the client to upload the transaction anchoring information to the server so that the server can acquire the blockchain transaction from the blockchain.

27. The apparatus of claim 25, the apparatus further comprising:

the consistency determining unit is used for enabling the client to determine consistency between the blockchain transaction and the event to be authenticated according to the received event information returned by the server;

28. An apparatus according to claim 25,

29. An electronic device, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to implement the method of any of claims 1-10 by executing the executable instructions.

30. An electronic device, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to implement the method of any of claims 11-14 by executing the executable instructions.

31. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the method of any of claims 1-10.

32. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the method of any of claims 11-14.