Identity authentication method based on HyperLegger networkTechnical Field
The invention relates to the technical field of block chains, in particular to an identity authentication method based on a Hyperridge network.
background
when using some networking devices to perform more convenient and faster operations, the users need to go through the processes of registration, login, authentication, transmission and the like of various network identities. Now, the network identity of the people is basically in a real name system, and the important basic information of the people is contained in the network identity.
in recent years, illegal behaviors related to identity, such as phishing and infringement, urgently need to construct a set of complete and feasible identity authentication management system to protect information and property security of citizens. Similar to some network transaction application scenarios, there is an entity behind the back, and how to make the network identity correspond to the network identity is the category of the identity authentication management system, and a series of problems related to the network identity can occur without a good solution.
Identity authentication: identity authentication is also called as "identity verification" or "identity authentication", and refers to a process of confirming an identity of an operator in a computer and a computer network system, so as to determine whether the user has access and use rights to a certain resource, thereby enabling access policies of the computer and the network system to be reliably and effectively executed, preventing an attacker from impersonating a legitimate user to obtain the access rights of the resource, ensuring the security of the system and data, and authorizing the legitimate interests of the accessor.
For example, some large-scale enterprises or research and development institutions need to have perfect identity recognition to prevent the loss of confidential information, and existing identity authentication stores identity information into a network cloud disk and authenticates the identity information through the network cloud disk.
However, in the prior art, data is transmitted in an open channel, and the data transmission is guaranteed to be non-leakage. Once the data transmission speed is reduced or the data is lost, the use effect of the user is influenced; once the data is tampered or attacked by a malicious adversary in the transmission process, the whole process of processing the data is considered unsafe. Therefore, it is a problem to be solved at present to improve data transmission performance and data security under the IOT platform. The block chain is an invention application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm, a mathematical algorithm for establishing trust and obtaining rights and interests among different nodes is realized in a block chain system, the block chain is used for storing data, the safety is realized, the data cannot be tampered, and the application range of the block chain is wide.
Therefore, an identity authentication method based on the Hyperhedger network is provided, the identity authentication method based on the Hyperhedger network is researched and analyzed, and the following problems are mainly solved:
(1) Security issues for data. Because the body area network is in a public channel, a security problem that data is lost or stolen is caused by attacking, tampering or replaying and the like of data by a malicious adversary. In a body area network, a disaster may occur once data is tampered.
(2) the problem of data transmission. When data is transmitted in different networks, different communication protocols need to be used, so that formats of different protocols need to be converted mutually, a large amount of communication overhead is generated, and communication efficiency is reduced.
(3) the cost of the equipment. A large number of sensors and routers are needed in the body area network to ensure the collection and transmission of data. Invisibly, the cost and energy consumption of communication is increased.
disclosure of Invention
Aiming at the defects, the invention provides the identity authentication method based on the HyperLegger network, which is used for performing identity authentication on the terminal node in the block chain network and effectively ensuring the information security.
An identity authentication method based on a HyperLegger network specifically comprises the following steps:
the method comprises the following steps: signing identity registration information sent by a user terminal, and providing signed data for a terminal user;
Step two: the terminal receives the signed identity registration information and registers the identity information to contract equipment preset in the block chain;
step three: and returning the registered information to the original equipment, and calculating the authentication algorithm of the returned data and the originally requested registration information by the original equipment, and then confirming whether the identity authentication information passes or not according to the calculated result.
preferably, in the step one, the identity registration information sent by the user terminal is signed, and then the signed data is provided to the terminal user. The method mainly comprises the steps that a terminal user registers application to a server through an encryption channel and sends Au, K and Mix information to the server; the system comprises a server, Au, a register date and other description information, wherein the Au is a digital transaction address of a terminal user and an identifier of the terminal user, the K is a symmetric key encrypted by interactive information between the terminal user and the server, and the Mix is the register date and other description information added by the terminal user;
The server (generates a check code CV as MSEx (hash (Au | K | | | Mix)), wherein the MSEx () represents x bits before the check code is intercepted, "|" represents that two byte streams in front and back are connected in series, and the CV is sent to a terminal user through an encryption channel;
Preferably, in the second step, the terminal receives the signed identity registration information and registers the identity information to contract equipment preset in the block chain, the identity registration information is mainly packaged onto the block chain network, the terminal user uses UID, CV and Au to form ID-hash (Au | | | CV | | | UID), and uses private key su to sign the ID, wherein the UID is the terminal user registration name or other information; enabling the CV of the end user not to exist in a clear text form on the blockchain network, and proving that the CV is owned by the end user through a signature;
After the user is successfully registered, the user becomes a user node, the participating node applies the supervision public key of the application user to encrypt the hash value of the network identity document information and the user identity document information to generate first encryption information, signs the first encryption information by using a first private key of the participating node, and then sends an authentication broadcast message to the blockchain network.
preferably, in step three, the registered information is returned to the original device, and the original device performs authentication algorithm calculation on the returned data and the originally requested registration information, and then confirms whether the identity authentication information passes or not according to the calculated result. The terminal user sends the CV and Au of the terminal user to the server and keeps the verification time as TbFirstly, the server searches whether the ID signed by the terminal user exists in the block chain network, namely, the public key pu of the user is adopted to verify the correctness of the ID, if the ID exists, the next step is carried out, otherwise, the verification is quitted.
The server searches for information such as the corresponding heap keys K and Mix, calculates CV ═ MSEx (hash (Au | | K | | | Mix)), compares whether CV ═ CV' is true, and if yes, the user verification is successful.
Compared with the prior art, the invention has the following beneficial effects: the identity authentication method based on the Hyperridge network is invented, and the encryption method and the structural characteristics of the block chain are used. One block not only has the hash value of the block, but also has the characteristics of the hash value of the previous block, so that the block cannot be tampered. Once data in a block is tampered or a block is maliciously replaced, the data can be immediately known by the block network. Thus, it is safe and effective to authenticate the identity by means of the characteristics of the block.
Drawings
FIG. 1 is a flowchart of identity authentication method based on Hyperhedger network
FIG. 2 is a flowchart of user registration in the identity authentication method based on Hyperridge network
FIG. 3 is a flowchart of identity authentication of a user by an application system in an identity authentication method based on a Hyperhedger network
Detailed Description
the present invention is further illustrated by the following figures and examples, which include, but are not limited to, the following examples.
Example (b):
(1) And user registration:
(1.1) generating a public key and a private key when a user registers for the first time, and initiating a registration request to an application system;
(1.2) submitting real-name information, a public key, a private key and signature information of the real-name information, the public key and the private key to an application system by a user;
(1.3) the application system carries out real-name authentication on the user through an authoritative identity authentication source;
(1.4) the application system calculates real-name information, a public key and the signature of the application system on the real-name information and the public key to generate user attribute card information, wherein the user attribute card information comprises a user ID, the real-name information, a real-name authentication source, a public key, an attribute card issuing mechanism identifier, an attribute card issuing mechanism public key and the signature of the attribute card issuing mechanism on the user ID, the real-name information, the real-name authentication source, the public key, the attribute card issuing mechanism identifier and the attribute card issuing mechanism public key;
(1.5) the application system calculates the abstract of the user attribute card information;
(1.6) the application system uses the public key to encrypt the user attribute card information;
(1.7) the application system issues the encrypted ciphertext of the user attribute card information and the abstract of the plaintext of the user attribute card information to a block chain, so that the fact that data in the user attribute card information are real, complete and cannot be tampered is guaranteed, and meanwhile, the privacy of a user is protected through encryption;
(2) The application server authentication module performs signature verification
the application server authentication module executes the storage of the user attribute card information block chain, and can realize the following functions in the user registration process;
the application server authentication module executes the query and comparison of the user attribute card information block chain, and can realize the following functions in the identity authentication process: calculating hash of the user attribute card information according to the decrypted user attribute card information submitted by a plurality of users, inquiring and comparing hash values through a block chain, analyzing real-name information, and verifying the signature of an attribute card issuing organization.
(3) and identity authentication:
(3.1) the user initiates an authentication request to the application system, and the application system returns an authentication challenge to the user, wherein the authentication challenge is a random number;
(3.2) the user signs the authentication challenge using the private key;
(3.3) the application system uses a public key to verify the authentication challenge signature, and if the verification is successful, the user is indicated to have the private key;
(3.4) in the step (2.3), after the verification is successful, the user decrypts the information of each user attribute card and submits the information of the plurality of decrypted user attribute cards to the application system;
(3.5) the application system calculates the hash of the user attribute card information, and inquires and compares the hash value through a block chain;
And (3.6) the application system analyzes the real-name information and verifies the signature of the attribute card issuing organization.
The carriers of the private key include but are not limited to a U shield, a mobile phone shield, a password card and an encryption machine; the authoritative identity authentication source comprises but is not limited to public security, telecommunication and banks, and the real-name authentication is carried out on the user through the authoritative identity authentication source so as to realize the credible identity authentication of multiple parties; the real name information includes, but is not limited to, a user name, a user identification card, and a user phone number.
In the invention, a public key and a private key are generated when a user registers for the first time, each application system carries out real-name authentication on the user through an authoritative certification authority and generates corresponding user attribute card information, and the user attribute card information is encrypted through the public key and then stored in a block chain, so that the user has the private key, and the real-name information and the public key of the user are safely stored in the block chain after being certified by a multi-party certification authority; when an application system needs a user to complete the login of an identity authentication account, the application system verifies a private key of the user, meanwhile, the application system verifies the authenticity and integrity of a plurality of user attribute card information held by the user through a block chain, analyzes real name information of the user, and verifies the signature of an attribute card information issuing organization, so that the real name authentication of the user is realized.