[go: up one dir, main page]

WO2019205389A1 - Electronic device, authentication method based on block chain, and program and computer storage medium - Google Patents

Electronic device, authentication method based on block chain, and program and computer storage medium Download PDF

Info

Publication number
WO2019205389A1
WO2019205389A1 PCT/CN2018/102407 CN2018102407W WO2019205389A1 WO 2019205389 A1 WO2019205389 A1 WO 2019205389A1 CN 2018102407 W CN2018102407 W CN 2018102407W WO 2019205389 A1 WO2019205389 A1 WO 2019205389A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
verification
user
user identity
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2018/102407
Other languages
French (fr)
Chinese (zh)
Inventor
陈文博
刘�英
周鹏华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Publication of WO2019205389A1 publication Critical patent/WO2019205389A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Definitions

  • the present application relates to the field of blockchain technology, and in particular, to an electronic device, a blockchain-based identity verification method, a program, and a computer storage medium.
  • the blockchain is essentially a distributed database based on smart contracts.
  • the information on the blockchain is shared by all P2P (Peer-to-peer) networks to all nodes. Due to the advantages of tamper resistance, high transparency and decentralization, blockchain has been widely used in various fields in recent years.
  • Authentication also becomes "authentication” or “identification”, which refers to the process of confirming the identity of an operator in a computer and computer network system to determine whether the user has access to and use of a certain resource, thereby enabling the computer and
  • the access policy of the network system can be executed reliably and effectively, preventing the attacker from impersonating legitimate users to obtain access rights to resources, ensuring the security of the system and data, and authorizing the legitimate interests of the visitors.
  • the identity verification method of the blockchain is: when the user logs in through the application end of a blockchain, the application end authenticates the user identity by verifying the user name and the user password of the user.
  • the problem with this verification method is that the same verification method is adopted for different users, and the verification method is too singular to meet the diverse needs of multiple application scenarios.
  • the main purpose of the present application is to provide an electronic device, a blockchain-based identity verification method, a program, and a computer storage medium, which are intended to solve the problem that the existing identity verification method is too single to meet the diverse needs of multiple application scenarios. .
  • the present application provides an electronic device including a memory and a processor, and the memory stores a first identity verification program based on a blockchain, the first identity based on the blockchain
  • the verification procedure is implemented by the processor to implement the following steps:
  • a verification step when receiving the first identity verification request carrying the first user identity information, verifying the first user identity information according to a predetermined identity verification rule to obtain a first verification result;
  • a determining step determining whether to perform multiple identity verification according to the obtained first verification result, the first user identity information, and a predetermined determination rule;
  • a first outputting step when it is determined that the multiple authentication is not performed, outputting the first verification result as a user identity verification result; or, when determining to perform the multiple identity verification, acquiring the second user identity information;
  • the searching step searching for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identification information in the first user identity information and the predetermined user identification information and the verification node identification information;
  • a publishing step publishing a second identity verification request carrying the second user identity information to the blockchain network, and receiving, by the blockchain network, the carrying node identification information that is generated and broadcasted by the second user identity information Feedback information;
  • the analyzing step analyzing and processing the verification result in the feedback information based on the predetermined first result analysis rule, and outputting the first analysis result as the second verification result;
  • the second output step is: performing analysis processing on the second verification result according to the predetermined second result analysis rule, and outputting the second analysis result as the identity verification result of the user.
  • the present application further provides an electronic device, where the electronic device includes a memory and a processor, and the memory stores a second identity verification program based on a blockchain, and the blockchain-based When the second authentication program is executed by the processor, the following steps are implemented:
  • Receiving step receiving an identity verification request carrying user identity information
  • the verification step verifying the user identity information to obtain a verification result, and generating feedback information carrying the node identification information according to the verification result, and broadcasting the feedback information to the blockchain network.
  • the present application further provides a blockchain-based identity verification method, the method comprising the steps of:
  • a first verification step when receiving the first identity verification request carrying the first user identity information, verifying the first user identity information according to a predetermined identity verification rule to obtain a first verification result;
  • a determining step determining whether to perform multiple identity verification according to the obtained first verification result, the first user identity information, and a predetermined determination rule;
  • a first outputting step when it is determined that the multiple authentication is not performed, outputting the first verification result as a user identity verification result; or, when determining to perform the multiple identity verification, acquiring the second user identity information;
  • the searching step searching for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identification information in the first user identity information and the predetermined user identification information and the verification node identification information;
  • a publishing step publishing a second identity verification request carrying the second user identity information to the blockchain network, and receiving, by the blockchain network, the carrying node identification information that is generated and broadcasted by the second user identity information Feedback information;
  • the analyzing step analyzing and processing the verification result in the feedback information based on the predetermined first result analysis rule, and outputting the first analysis result as the second verification result;
  • the second output step is: performing analysis processing on the second verification result according to the predetermined second result analysis rule, and outputting the second analysis result as the identity verification result of the user.
  • the present application further provides a blockchain-based identity verification program, where the blockchain-based identity verification program includes:
  • a verification module configured to: when receiving the first identity verification request carrying the first user identity information, verify the first user identity information according to a predetermined identity verification rule, to obtain a first verification result;
  • a determining module configured to determine whether to perform multiple identity verification according to the obtained first verification result, the first user identity information, and a predetermined determination rule
  • a first output module configured to output the first verification result as a user identity verification result when determining that multiple authentication is not performed; or acquire second user identity information when determining to perform multiple identity verification;
  • a searching module configured to search for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identifier information in the first user identity information and the predetermined user identifier information and the verification node identifier information;
  • a publishing module configured to send a second identity verification request that carries the second user identity information to a blockchain network, and receive a carrying node that is configured to verify and broadcast the second user identity information of the blockchain network Feedback information of the identification information;
  • An analysis module configured to analyze and process the verification result in the feedback information based on a predetermined first result analysis rule, and output the first analysis result as a second verification result;
  • a second output module configured to perform an analysis process on the second verification result according to the predetermined second result analysis rule, and output a second analysis result as the identity verification result of the user.
  • the present application further provides a computer readable storage medium storing a first identity program based on a blockchain, the first identity verification program based on a blockchain
  • the at least one processor can be executed by the at least one processor to perform the following steps:
  • a verification step when receiving the first identity verification request carrying the first user identity information, verifying the first user identity information according to a predetermined identity verification rule to obtain a first verification result;
  • a determining step determining whether to perform multiple identity verification according to the obtained first verification result, the first user identity information, and a predetermined determination rule;
  • a first outputting step when it is determined that the multiple authentication is not performed, outputting the first verification result as a user identity verification result; or, when determining to perform the multiple identity verification, acquiring the second user identity information;
  • the searching step searching for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identification information in the first user identity information and the predetermined user identification information and the verification node identification information;
  • a publishing step publishing a second identity verification request carrying the second user identity information to the blockchain network, and receiving, by the blockchain network, the carrying node identification information that is generated and broadcasted by the second user identity information Feedback information;
  • the analyzing step analyzing and processing the verification result in the feedback information based on the predetermined first result analysis rule, and outputting the first analysis result as the second verification result;
  • the second output step is: performing analysis processing on the second verification result according to the predetermined second result analysis rule, and outputting the second analysis result as the identity verification result of the user.
  • the present application further provides a blockchain-based identity verification method, where the blockchain-based identity verification method includes:
  • Receiving step receiving an identity verification request carrying user identity information
  • the verification step verifying the user identity information to obtain a verification result, and generating feedback information carrying the node identification information according to the verification result, and broadcasting the feedback information to the blockchain network.
  • the present application further provides a blockchain-based identity verification program, where the blockchain-based identity verification program includes:
  • a receiving module configured to receive an identity verification request that carries user identity information
  • a verification module configured to verify the user identity information to obtain a verification result, and generate feedback information carrying the node identification information according to the verification result, and broadcast the feedback information to the blockchain network.
  • the present application further provides a computer readable storage medium storing a blockchain based second identity verification program, the blockchain based second identity verification
  • the program can be executed by at least one processor to cause the at least one processor to perform the following steps:
  • Receiving step receiving an identity verification request carrying user identity information
  • the verification step verifying the user identity information to obtain a verification result, and generating feedback information carrying the node identification information according to the verification result, and broadcasting the feedback information to the blockchain network.
  • the application After verifying the first user identity information according to the predetermined identity verification rule, the application determines whether to perform the multiple identity verification according to the predetermined determination rule, and after determining to perform the multiple identity verification, releasing the second user identity information to the zone.
  • the blockchain network is verified to obtain the verification result of multiple authentication.
  • FIG. 1 is a schematic diagram of an operating environment of a first electronic device and a second electronic device according to the present application;
  • FIG. 2 is a schematic diagram of an operating environment of a first embodiment of a first identity verification procedure based on a blockchain according to the present application;
  • FIG. 3 is a program module diagram of a first embodiment of a first identity verification procedure based on a blockchain according to the present application
  • FIG. 4 is a schematic flowchart of a blockchain-based identity verification method according to a first embodiment of the present application
  • FIG. 5 is a schematic diagram of an operating environment of a first embodiment of a second identity verification procedure based on a blockchain according to the present application;
  • FIG. 6 is a program module diagram of a first embodiment of a second identity verification procedure based on a blockchain according to the present application
  • FIG. 7 is a schematic flowchart diagram of a second embodiment of a blockchain-based identity verification method according to the present application.
  • the electronic device of the present application, the blockchain-based identity verification method, and the computer storage medium are applicable to a blockchain-based public welfare system, and the system includes a plurality of application terminals, and node devices corresponding to the application terminals, and the application end
  • the utility model includes a public welfare platform and a public welfare target platform
  • the node equipment comprises a public welfare platform node device corresponding to the public welfare platform, a public welfare object platform node device corresponding to the public welfare object platform, a plurality of public welfare platform employee management subsystems, and a corresponding public welfare platform employee management subsystem.
  • the non-profit platform employee management node device in some embodiments, the blockchain-based public interest system further includes: a plurality of fair institution platforms and fair institution node devices corresponding to the fair institution platforms.
  • the application also proposes a first identity verification procedure based on a blockchain.
  • FIG. 1 is a schematic diagram of an operating environment of a first electronic device 1 and a second electronic device 2 according to the present application.
  • FIG. 2 is a schematic diagram of the operating environment of the first embodiment of the first identity verification program 10 based on the blockchain of the present application.
  • the first identity verification program 10 based on the blockchain is installed and operates in the first electronic device 1.
  • the first electronic device 1 may be a publishing node device, or may be an application server corresponding to the publishing node device, and may be an electronic device other than the publishing node device and the application server. .
  • the first electronic device 1 may be a computing device such as a desktop computer, a notebook, a palmtop computer, and a server.
  • the first electronic device 1 may include, but is not limited to, a memory 11, a processor 12, and a display 13.
  • Figure 2 shows only the first electronic device 1 with components 11-13, but it should be understood that not all illustrated components may be implemented, and more or fewer components may be implemented instead.
  • the memory 11 may be an internal storage unit of the first electronic device 1, such as a hard disk or memory of the first electronic device 1, in some embodiments.
  • the memory 11 may also be an external storage device of the first electronic device 1 in other embodiments, such as a plug-in hard disk equipped on the first electronic device 1, a smart memory card (SMC), and a secure digital (Secure) Digital, SD) cards, flash cards, etc.
  • the memory 11 may also include both an internal storage unit of the first electronic device 1 and an external storage device.
  • the memory 11 is used to store application software and various types of data installed in the first electronic device 1, such as program code of the first identity verification program 10 based on the blockchain.
  • the memory 11 can also be used to temporarily store data that has been output or is about to be output.
  • the processor 12 in some embodiments, may be a Central Processing Unit (CPU), microprocessor or other data processing chip for running program code or processing data stored in the memory 11, for example, performing a first identity Verification procedure 10, etc.
  • the processor 12 may be a smart contract.
  • the display 13 may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch sensor, or the like in some embodiments.
  • the display 13 is for displaying information processed in the first electronic device 1 and a user interface for displaying visualization.
  • the components 11-13 of the first electronic device 1 communicate with one another via a system bus.
  • FIG. 3 is a program module diagram of the first embodiment of the first identity verification program 10 based on the blockchain of the present application.
  • the blockchain-based first identity verification program 10 can be divided into one or more modules, one or more modules are stored in the memory 11, and by one or more processors (this implementation) The example is executed by the processor 12) to complete the application.
  • the first identity verification program 10 based on the blockchain may be divided into a verification module 101, a determination module 102, a first output module 103, a lookup module 104, a distribution module 105, an analysis module 106, and a second. Output module 107.
  • a module as referred to in the present application refers to a series of computer program instruction segments capable of performing a specific function, and is more suitable than the program to describe the execution process of the first identity verification program 10 based on the blockchain in the first electronic device 1, wherein:
  • the verification module 101 is configured to, when receiving the first identity verification request carrying the first user identity information, verify the first user identity information according to the predetermined identity verification rule to obtain a first verification result.
  • the determining module 102 is configured to determine whether to perform the multiple identity verification according to the obtained first verification result, the first user identity information, and the predetermined determination rule.
  • the first output module 103 is configured to: when the multi-identity verification is not performed, output the first verification result as a user identity verification result; or, when it is determined to perform the multiple identity verification, acquire the second user identity information.
  • the searching module 104 is configured to search for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identifier information in the first user identity information and the predetermined user identifier information and the verification node identifier information.
  • a publishing module 105 configured to issue a second identity verification request that carries the second user identity information to the blockchain network, and receive, by the blockchain network, the second user identity information to be verified and generated and broadcasted. Feedback information of node identification information.
  • the analyzing module 106 is configured to perform analysis processing on the verification result in the feedback information based on the predetermined first result analysis rule, and output the first analysis result as the second verification result.
  • the second output module 107 is configured to perform analysis processing on the second verification result according to a predetermined second result analysis rule, and output a second analysis result as the identity verification result of the user.
  • the first user identity information is identity information that does not involve user privacy. Even if the first user identity information is obtained by another person, the winner of the first user identity information cannot learn the true identity of the user by using the first user identity information.
  • the first user identity information includes user identification information and first user identity information, where the user identity association information includes user name information and user password information (the user password information may be U shield, electronic certificate, etc. as a storage medium). ), dynamic code, etc.
  • the above predetermined authentication rules include:
  • the above predetermined judgment rules are:
  • the application scenario of the foregoing solution 1 is: when the user logs in through the public welfare platform, the public interest platform first authenticates by using the user name and user password provided by the user. If the verification result is that the verification fails, the user may be an illegal login user or the user forgets the user. Username and/or user password, in order to prevent misjudgment, the public welfare platform performs multiple authentication to ensure the accuracy of authentication.
  • the above predetermined judgment rules are:
  • the first verification result is that the verification is successful
  • determining whether to perform the multiple identity verification according to the user identification information in the first user identity information and based on the predetermined determination sub-rule determining whether to perform the multiple identity verification according to the user identification information in the first user identity information and based on the predetermined determination sub-rule.
  • the outputting of the judgment result is to perform the multi-intelligence verification.
  • the outputting of the judgment result is that the multi-factor authentication is not performed.
  • the output judgment result is that the multiple authentication is not performed.
  • the above predetermined judging rule is:
  • the output judgment result is to perform multi-factor authentication.
  • the output judgment result is that multi-factor authentication is not performed.
  • the multiple identity identifier may also be set in advance in the user identification information. If the multiple identity identifier exists in the user identifier information of a user, it is determined to perform multiple identity verification, if the user of the user If the multiple authentication identifier does not exist in the identification information, it is determined that multiple authentication is not performed.
  • the application scenario of the foregoing solution 2 is: when the user logs in through the public welfare platform, the public welfare platform first performs verification by using the first user identity information provided by the user. If the verification is passed, it is further determined whether the user is a user with a high system operation level (for example, a public interest platform employee), and since these users can often have processing authority for confidential data or non-public data in the system, to ensure system data security. Sex, the user's real identity needs to be verified to confirm that the login is actually performed by the user himself.
  • a high system operation level for example, a public interest platform employee
  • the user is a user with a high system operation level, it is determined that the user needs to perform multiple authentication; if it is determined that the user is not a user with a high system operation level, it is determined that the user does not need only multiple authentication, but only The first user identity information needs to be verified. Since the first user identity information is identity information that does not involve user privacy, the first user identity information may be stored in each node of the blockchain, and even if the first user identity information is stolen, the user is not caused. The disclosure of privacy.
  • the second user identity information includes user identity information and second user identity feature information.
  • the second user identity feature information includes at least one of user biometric information and identity document information.
  • the user biometric information includes fingerprint information, face information, iris information, voiceprint information, and the like for biometric information for uniquely identifying a user identity.
  • the above identification information includes the ID number, passport number, employee number, and the like.
  • mapping relationship between the foregoing user identification information and the verification node identification information may be stored in a mapping table, wherein the identity verification of a user may be completed by one or more verification nodes, and the number of verification nodes enabled to perform one user identity verification may be Determined according to needs, not limited here.
  • the publishing module 105 is specifically used to:
  • the blockchain network decrypts the encrypted second user identity information according to the predetermined first decryption rule to obtain the first And the second user identity information is verified, and the verification result is obtained, and the feedback information carrying the node identification information is generated according to the verification result, and the feedback information is broadcasted to the blockchain network.
  • the step of performing the encryption processing on the second user identity information according to the predetermined first encryption rule, and issuing the second identity verification request carrying the encrypted second user identity information to the blockchain network specifically:
  • the public key corresponding to the verification node is obtained.
  • the second user identity information is encrypted by using the obtained public key corresponding to the verification node to obtain the encrypted second user identity information.
  • the second user identity information is separately encrypted by using the obtained public key corresponding to each of the verification nodes to obtain a plurality of the encrypted second user identity information.
  • the second authentication request is then issued to the blockchain network by the publishing node.
  • the above one verification node (for example, the public interest platform employee management node device) generally corresponds to a blockchain-based first identity verification program, and the blockchain-based first identity verification program is stored in the memory, and the blockchain is based on the blockchain.
  • the first authentication program can be executed by one or more processors, and the processor executing the blockchain-based first identity verification program can be set in the verification node or can be set on the application end (for example, the nonprofit platform employee)
  • the management subsystem may also be independently disposed in an electronic device. For example, if the processor is disposed in the verification node, the processor may be a smart contract corresponding to the verification node.
  • the verification node decrypts the encrypted second user identity information by using the private key corresponding to the verification node after receiving the second identity verification request to obtain the Second user identity information. And searching for the second pre-encrypted storage corresponding to the user identifier information, according to the user identifier information in the second user identity information, and based on a mapping relationship between the predetermined user identifier information and the second standard user identity feature information. Standard user identity information, and decrypting the encrypted second standard user identity feature information by using a symmetric encryption key corresponding to the verification node to obtain second standard user identity feature information, according to the second criterion of the search The user identity information is used to verify the second user identity feature information to be verified in the second identity information.
  • the verification result is verified to be successful. If the second user identity feature information to be verified is different from the second standard user identity feature information, the verification result is a verification failure. And generating, according to the verification result, feedback information carrying the node identification information, where the verification node issues the generated feedback information to the blockchain network.
  • each of the verification nodes can receive the plurality of encrypted second user identity information, and the verification node can only receive the encrypted second user identity information.
  • Decrypting the second user identity information encrypted with the public key corresponding to the verification node. a method for verifying, by the verification node, the received second user identity information by using a private key corresponding to each verification node, verifying the second user identity information, and generating and distributing feedback information. The method is the same and will not be described here.
  • the above predetermined first result analysis rule is:
  • the verification node is one, when the verification result is successful, the first analysis result is determined as successful verification; when the verification result is verification failure, determining that the first analysis result is verification failure;
  • the verification node is multiple, when all the verification results are successful, it is determined that the first analysis result is the verification success; otherwise, the first analysis result is determined to be the verification failure.
  • the above predetermined second result analysis rule is:
  • the second analysis result is that the verification is successful
  • the second analysis result is a verification failure.
  • this embodiment after verifying the first user identity information according to the predetermined identity verification rule, determining whether to perform the multiple identity verification according to the predetermined determination rule, and after determining to perform the multiple identity verification, publishing the second user identity information to the The blockchain network is verified to obtain verification results for multiple authentications.
  • this embodiment can meet the diversified requirements of multiple application scenarios, improve the accuracy of user identity verification, and prevent user identity information from being leaked.
  • the application also provides a blockchain-based authentication method, which is applicable to a publishing end of an identity verification request in a blockchain network, for example, a publishing node.
  • the first identity verification program based on the blockchain is stored in the memory, and the blockchain-based first identity verification program may be executed by one or more processors to implement the block based in the embodiment.
  • the chain authentication method, the processor executing the blockchain-based first identity verification program may be set in the verification node, or may be set in the application end (for example, a public welfare platform), or may be independently set in an electronic In the device, for example, if the processor is disposed in the publishing node, the processor may be a smart contract corresponding to the publishing node.
  • FIG. 4 is a schematic flowchart of a first embodiment of a blockchain-based identity verification method according to the present application.
  • the method includes:
  • Step S110 When receiving the first identity verification request that carries the first user identity information, verify the first user identity information according to a predetermined identity verification rule to obtain a first verification result.
  • the first user identity information is identity information that does not involve user privacy. Even if the first user identity information is obtained by another person, the winner of the first user identity information cannot learn the true identity of the user by using the first user identity information.
  • the first user identity information includes user identification information and first user identity information, where the user identity association information includes user name information and user password information (the user password information may be U shield, electronic certificate, etc. as a storage medium). ), dynamic code, etc.
  • the above predetermined authentication rules include:
  • Step S120 Determine whether to perform multiple identity verification according to the obtained first verification result, the first user identity information, and a predetermined determination rule.
  • the predetermined judgment rules are explained by the following two schemes:
  • the above predetermined judgment rules are:
  • the application scenario of the foregoing solution 1 is: when the user logs in through the public welfare platform, the public interest platform first authenticates by using the user name and user password provided by the user. If the verification result is that the verification fails, the user may be an illegal login user or the user forgets the user. Username and/or user password, in order to prevent misjudgment, the public welfare platform performs multiple authentication to ensure the accuracy of authentication.
  • the above predetermined judgment rules are:
  • the first verification result is that the verification is successful
  • determining whether to perform the multiple identity verification according to the user identification information in the first user identity information and based on the predetermined determination sub-rule determining whether to perform the multiple identity verification according to the user identification information in the first user identity information and based on the predetermined determination sub-rule.
  • the outputting of the judgment result is to perform the multi-intelligence verification.
  • the outputting of the judgment result is that the multi-factor authentication is not performed.
  • the output judgment result is that the multiple authentication is not performed.
  • the above predetermined judging rule is:
  • the output judgment result is to perform multi-factor authentication.
  • the output judgment result is that multi-factor authentication is not performed.
  • the multiple identity identifier may also be set in advance in the user identification information. If the multiple identity identifier exists in the user identifier information of a user, it is determined to perform multiple identity verification, if the user of the user If the multiple authentication identifier does not exist in the identification information, it is determined that multiple authentication is not performed.
  • the application scenario of the foregoing solution 2 is: when the user logs in through the public welfare platform, the public welfare platform first performs verification by using the first user identity information provided by the user. If the verification is passed, it is further determined whether the user is a user with a high system operation level (for example, a public interest platform employee), and since these users can often have processing authority for confidential data or non-public data in the system, to ensure system data security. Sex, the user's real identity needs to be verified to confirm that the login is actually performed by the user himself.
  • a high system operation level for example, a public interest platform employee
  • the user is a user with a high system operation level, it is determined that the user needs to perform multiple authentication; if it is determined that the user is not a user with a high system operation level, it is determined that the user does not need only multiple authentication, but only The first user identity information needs to be verified. Since the first user identity information is identity information that does not involve user privacy, the first user identity information may be stored in each node of the blockchain, and even if the first user identity information is stolen, the user is not caused. The disclosure of privacy.
  • Step S130 when it is determined that the multiple authentication is not performed, outputting the first verification result as a user identity verification result.
  • Step S140 when it is determined that the multiple identity verification is performed, acquiring the second user identity information.
  • the second user identity information includes user identity information and second user identity feature information.
  • the second user identity feature information includes at least one of user biometric information and identity document information.
  • the user biometric information includes fingerprint information, face information, iris information, voiceprint information, and the like for biometric information for uniquely identifying a user identity.
  • the above identification information includes the ID number, passport number, employee number, and the like.
  • Step S150 Search for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identifier information in the first user identity information and the predetermined user identifier information and the verification node identifier information.
  • mapping relationship between the foregoing user identification information and the verification node identification information may be stored in a mapping table, wherein the identity verification of a user may be completed by one or more verification nodes, and the number of verification nodes enabled to perform one user identity verification may be Determined according to needs, not limited here.
  • Step S160 the second identity verification request carrying the second user identity information is sent to the blockchain network, and the carrying node identification information that is verified by the blockchain network and generated and broadcasted by the second user identity information is received. Feedback information.
  • Step S160 specifically includes:
  • the blockchain network decrypts the encrypted second user identity information according to the predetermined first decryption rule to obtain the first And the second user identity information is verified, and the verification result is obtained, and the feedback information carrying the node identification information is generated according to the verification result, and the feedback information is broadcasted to the blockchain network.
  • the step of performing the encryption processing on the second user identity information according to the predetermined first encryption rule, and issuing the second identity verification request carrying the encrypted second user identity information to the blockchain network specifically:
  • the public key corresponding to the verification node is obtained.
  • the second user identity information is encrypted by using the obtained public key corresponding to the verification node to obtain the encrypted second user identity information.
  • the second user identity information is separately encrypted by using the obtained public key corresponding to each of the verification nodes to obtain a plurality of the encrypted second user identity information.
  • the second authentication request is then issued to the blockchain network by the publishing node.
  • the above one verification node (for example, the public interest platform employee management node device) generally corresponds to a blockchain-based first identity verification program, and the blockchain-based first identity verification program is stored in the memory, and the blockchain is based on the blockchain.
  • the first authentication program can be executed by one or more processors, and the processor executing the blockchain-based first identity verification program can be set in the verification node or can be set on the application end (for example, the nonprofit platform employee)
  • the management subsystem may also be independently disposed in an electronic device. For example, if the processor is disposed in the verification node, the processor may be a smart contract corresponding to the verification node.
  • the verification node decrypts the encrypted second user identity information by using the private key corresponding to the verification node after receiving the second identity verification request to obtain the
  • the second user identity information is obtained according to the user identity information in the second user identity information, and based on the mapping relationship between the predetermined user identity information and the second standard user identity feature information, searching for the corresponding information of the user identity information Pre-encrypting the stored second standard user identity feature information, and decrypting the encrypted second standard user identity feature information by using a symmetric encryption key corresponding to the verification node, to obtain a second standard user identity feature information, according to the search
  • the second standard user identity feature information is used to verify the second user identity feature information to be verified in the second identity information; if the second user identity feature information and the second standard user identity feature information are to be verified If the same, the output verification result is verified successfully; if the second user identity characteristic letter is to be verified Different from the second standard user identity information, the output verification result is a verification failure; according to the verification result, feedback information carrying the node
  • each of the verification nodes can receive the plurality of encrypted second user identity information, and the verification node can only receive the encrypted second user identity information.
  • the method for verifying the second user identity information and generating and distributing the feedback information is the same as the foregoing method, and details are not described herein.
  • Step S170 Perform analysis processing on the verification result in the feedback information based on the predetermined first result analysis rule, and output the first analysis result as the second verification result.
  • the above predetermined first result analysis rule is:
  • the verification node is one, when the verification result is successful, the first analysis result is determined as the verification success; when the verification result is the verification failure, determining that the first analysis result is a verification failure;
  • the verification node is multiple, when all the verification results are successful, it is determined that the first analysis result is the verification success; otherwise, the first analysis result is determined to be the verification failure.
  • Step S180 Perform analysis processing on the second verification result according to the predetermined second result analysis rule, and output a second analysis result as the identity verification result of the user.
  • the above predetermined second result analysis rule is:
  • the second analysis result is that the verification is successful
  • the second analysis result is a verification failure.
  • the identity verification method provided in this embodiment can meet the diversified requirements of multiple application scenarios, improve the accuracy of user identity verification, and prevent user identity information from being leaked.
  • the present application further provides a computer readable storage medium storing a first identity verification program based on a blockchain, wherein the blockchain-based first identity verification program can be at least A processor executes to cause the at least one processor to perform the blockchain based authentication method of any of the above embodiments.
  • the application also proposes a second identity verification procedure based on a blockchain.
  • FIG. 5 is a schematic diagram of the operating environment of the first embodiment of the second identity verification program 20 based on the blockchain of the present application.
  • the block chain-based second identity verification program 20 is installed and operates in the second electronic device 2.
  • the second electronic device 2 may be a verification node device, or an application server corresponding to the verification node device, and may be an electronic device other than the verification node device and the application server. .
  • the second electronic device 2 can be a computing device such as a desktop computer, a notebook, a palmtop computer, and a server.
  • the second electronic device 2 can include, but is not limited to, a memory 21, a processor 22, and a display 23.
  • Figure 5 shows only the second electronic device 2 with components 21-23, but it should be understood that not all illustrated components may be implemented and that more or fewer components may be implemented instead.
  • the memory 21 may be an internal storage unit of the second electronic device 2, such as a hard disk or memory of the second electronic device 2, in some embodiments.
  • the memory 21 may also be an external storage device of the second electronic device 2 in other embodiments, such as a plug-in hard disk equipped on the second electronic device 2, a smart memory card (SMC), and a secure digital (Secure) Digital, SD) cards, flash cards, etc.
  • the memory 21 may also include both an internal storage unit of the second electronic device 2 and an external storage device.
  • the memory 21 is used to store application software and various types of data installed in the second electronic device 2, such as program code of the second identity verification program 20 based on the blockchain.
  • the memory 21 can also be used to temporarily store data that has been output or is about to be output.
  • the processor 22 in some embodiments, may be a Central Processing Unit (CPU), microprocessor or other data processing chip for running program code or processing data stored in the memory 21, such as executing a second identity. Verification program 20, etc.
  • the processor 22 may be a smart contract.
  • the display 23 may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch sensor, or the like in some embodiments.
  • the display 23 is used to display information processed in the second electronic device 2 and a user interface for displaying visualizations.
  • the components 21-23 of the second electronic device 2 communicate with one another via a system bus.
  • FIG. 6 is a program module diagram of the first embodiment of the block chain-based second identity verification program 20 of the present application.
  • the blockchain-based second identity verification program 20 can be divided into one or more modules, one or more modules are stored in the memory 21, and by one or more processors (this implementation) The example is executed by the processor 22) to complete the application.
  • the blockchain based second identity verification program 20 can be partitioned into a receiving module 201 and a verification module 202.
  • a module as referred to in the present application refers to a series of computer program instruction segments capable of performing a specific function, and is more suitable than a program to describe the execution process of the blockchain-based second identity verification program 20 in the second electronic device 2, wherein:
  • the receiving module 201 is configured to receive an identity verification request that carries user identity information.
  • the verification module 202 is configured to check the user identity information to obtain a verification result, and generate feedback information carrying the node identification information according to the verification result, and broadcast the feedback information to the blockchain network.
  • the user identity information includes user identification information and user identity feature information.
  • the user identity feature information includes at least one of user biometric information and identity document information.
  • the user biometric information includes fingerprint information, face information, iris information, voiceprint information, and the like for biometric information for uniquely identifying a user identity.
  • the above identification information includes the ID number, passport number, employee number, and the like.
  • the user identity information is encrypted user identity information obtained by encrypting user identity information by using a predetermined first encryption rule.
  • the first encryption rule includes: encrypting the user identity information by using the public key of the verification node.
  • the verification module 202 is specifically configured to:
  • the user identity information includes user identification information and identity information of the user to be verified;
  • the output verification result is successful verification
  • the verification result is a verification failure.
  • this embodiment satisfies the diversified requirements of multiple application scenarios, improves the accuracy of user identity verification, and prevents user identity information from being leaked.
  • the application also provides a blockchain-based authentication method, which is applicable to a receiving end of an identity verification request in a blockchain network, for example, a verification node.
  • the blockchain-based second identity verification program is stored in the memory, and the blockchain-based second identity verification program can be executed by one or more processors to implement the block based in the embodiment.
  • the chain authentication method, the processor executing the blockchain-based second identity verification program may be set in the verification node, or may be set in the application end (for example, the public welfare platform employee management subsystem), or may be independent
  • the processor is disposed in an electronic device. For example, if the processor is disposed in the verification node, the processor may be a smart contract corresponding to the verification node.
  • FIG. 7 is a schematic flowchart of a second embodiment of a blockchain-based identity verification method according to the present application.
  • the method includes:
  • Step S210 Receive an identity verification request that carries user identity information.
  • the user identity information includes user identification information and user identity feature information.
  • the user identity feature information includes at least one of user biometric information and identity document information.
  • the user biometric information includes fingerprint information, face information, iris information, voiceprint information, and the like for biometric information that uniquely identifies the user.
  • the above identification information includes the ID number, passport number, employee number, and the like.
  • the user identity information is encrypted user identity information obtained by encrypting user identity information by using a predetermined first encryption rule.
  • the first encryption rule includes: encrypting the user identity information by using the public key of the verification node.
  • Step S220 Perform verification on the user identity information to obtain a verification result, and generate feedback information carrying the node identification information according to the verification result, and broadcast the feedback information to the blockchain network.
  • the step S220 includes:
  • the user identity information includes user identification information and identity information of the user to be verified;
  • the output verification result is successful verification
  • the verification result is a verification failure.
  • this embodiment satisfies the diversified requirements of multiple application scenarios, improves the accuracy of user identity verification, and prevents user identity information from being leaked.
  • the present application further provides a computer readable storage medium storing a blockchain-based second identity verification program, the blockchain-based second identity verification program being at least A processor executes to cause the at least one processor to perform the blockchain based authentication method of any of the above embodiments.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

An electronic device, an authentication method based on a block chain, and a program and a computer storage medium. The method involves: after first user identity information is verified according to a pre-determined authentication rule, determining whether to execute multi-factor authentication according to a pre-determined determination rule; and when it is determined to execute multi-factor authentication, releasing second user identity information to a block chain network for verification, so as to obtain a verification result of the multi-factor authentication. Diversified requirements of multiple application scenarios can be met, the accuracy of user authentication can be improved, and user identity information leakage can be also prevented.

Description

电子装置、基于区块链的身份验证方法、程序和计算机存储介质Electronic device, blockchain-based authentication method, program, and computer storage medium

优先权申明Priority claim

本申请基于巴黎公约申明享有2018年04月26日递交的申请号为CN201810386011.6、名称为“电子装置、基于区块链的身份验证方法和计算机存储介质”中国专利申请的优先权,该中国专利申请的整体内容以参考的方式结合在本申请中。This application is based on the priority of the Paris Convention for the Chinese patent application entitled "Electronic Device, Blockchain-Based Authentication Method and Computer Storage Media", filed on April 26, 2018, CN201810386011.6, China The entire content of the patent application is incorporated herein by reference.

技术领域Technical field

本申请涉及区块链技术领域,特别涉及一种电子装置、基于区块链的身份验证方法、程序和计算机存储介质。The present application relates to the field of blockchain technology, and in particular, to an electronic device, a blockchain-based identity verification method, a program, and a computer storage medium.

背景技术Background technique

区块链本质上是一个基于智能合约的分布式的数据库,区块链上面的信息就会被P2P(Peer-to-peer,对等)网络分享到所有节点上去。由于区块链具有防篡改、高透明及去中心化等优势,近年来被广泛应用于各个领域。The blockchain is essentially a distributed database based on smart contracts. The information on the blockchain is shared by all P2P (Peer-to-peer) networks to all nodes. Due to the advantages of tamper resistance, high transparency and decentralization, blockchain has been widely used in various fields in recent years.

身份验证也成为“身份验证”或“身份鉴别”,是指在计算机及计算机网络系统中确认操作者身份的过程,从而确定该用户是否具有对某种资源的访问和使用权限,进而使计算机及网络系统的访问策略能够可靠、有效地执行,防止攻击者假冒合法用户获得资源的访问权限,保证系统和数据的安全,以及授权访问者的合法利益。Authentication also becomes "authentication" or "identification", which refers to the process of confirming the identity of an operator in a computer and computer network system to determine whether the user has access to and use of a certain resource, thereby enabling the computer and The access policy of the network system can be executed reliably and effectively, preventing the attacker from impersonating legitimate users to obtain access rights to resources, ensuring the security of the system and data, and authorizing the legitimate interests of the visitors.

通常,区块链的身份验证方法为:当用户通过一区块链的应用端登陆时,该应用端通过核验该用户的用户名及用户密码的方式对用户身份进行验证。该验证方法的问题在于,针对不同的用户,均采取同一验证方法,该验证方法过于单一,无法满足多种应用场景的多样化需求。Generally, the identity verification method of the blockchain is: when the user logs in through the application end of a blockchain, the application end authenticates the user identity by verifying the user name and the user password of the user. The problem with this verification method is that the same verification method is adopted for different users, and the verification method is too singular to meet the diverse needs of multiple application scenarios.

发明内容Summary of the invention

本申请的主要目的是提供一种电子装置、基于区块链的身份验证方法、程序和计算机存储介质,旨在解决现有身份验证方法过于单一,无法满足多种应用场景的多样化需求的问题。The main purpose of the present application is to provide an electronic device, a blockchain-based identity verification method, a program, and a computer storage medium, which are intended to solve the problem that the existing identity verification method is too single to meet the diverse needs of multiple application scenarios. .

为实现上述目的,本申请提供一种电子装置,所述电子装置包括存储器和处理器,所述存储器上存储有基于区块链的第一身份验证程序,所述基于区块链的第一身份验证程序被所述处理器执行时实现如下步骤:To achieve the above object, the present application provides an electronic device including a memory and a processor, and the memory stores a first identity verification program based on a blockchain, the first identity based on the blockchain The verification procedure is implemented by the processor to implement the following steps:

验证步骤:当接收到携带第一用户身份信息的第一身份验证请求时,根据预先确定的身份验证规则对所述第一用户身份信息进行核验,以获得第一验证结果;a verification step: when receiving the first identity verification request carrying the first user identity information, verifying the first user identity information according to a predetermined identity verification rule to obtain a first verification result;

判断步骤:根据获得的所述第一验证结果、第一用户身份信息及预先确定的判断规则确定是否执行多重身份验证;a determining step: determining whether to perform multiple identity verification according to the obtained first verification result, the first user identity information, and a predetermined determination rule;

第一输出步骤:当确定不执行多重身份验证时,输出所述第一验证结果作为用户身份验证结果;或,当确定执行多重身份验证时,获取第二用户身份信息;a first outputting step: when it is determined that the multiple authentication is not performed, outputting the first verification result as a user identity verification result; or, when determining to perform the multiple identity verification, acquiring the second user identity information;

查找步骤:根据所述第一用户身份信息中的用户标识信息及预先确定的用户标识信息与验证节点标识信息之间的映射关系,查找所述用户标识信息 对应的至少一个验证节点;The searching step: searching for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identification information in the first user identity information and the predetermined user identification information and the verification node identification information;

发布步骤:发布携带所述第二用户身份信息的第二身份验证请求至区块链网络,接收所述区块链网络的对所述第二用户身份信息进行核验生成并广播的携带节点标识信息的回馈信息;a publishing step: publishing a second identity verification request carrying the second user identity information to the blockchain network, and receiving, by the blockchain network, the carrying node identification information that is generated and broadcasted by the second user identity information Feedback information;

分析步骤:基于预先确定的第一结果分析规则,对所述回馈信息中的核验结果进行分析处理,并输出第一分析结果作为第二验证结果;The analyzing step: analyzing and processing the verification result in the feedback information based on the predetermined first result analysis rule, and outputting the first analysis result as the second verification result;

第二输出步骤:根据预先确定的第二结果分析规则,对所述第二验证结果进行分析处理,并输出第二分析结果作为所述用户的身份验证结果。The second output step is: performing analysis processing on the second verification result according to the predetermined second result analysis rule, and outputting the second analysis result as the identity verification result of the user.

此外,为实现上述目的,本申请还提供一种电子装置,所述电子装置包括存储器和处理器,所述存储器上存储有基于区块链的第二身份验证程序,所述基于区块链的第二身份验证程序被所述处理器执行时实现如下步骤:In addition, in order to achieve the above object, the present application further provides an electronic device, where the electronic device includes a memory and a processor, and the memory stores a second identity verification program based on a blockchain, and the blockchain-based When the second authentication program is executed by the processor, the following steps are implemented:

接收步骤:接收携带用户身份信息的身份验证请求;Receiving step: receiving an identity verification request carrying user identity information;

核验步骤:对所述用户身份信息进行核验以获得核验结果,且根据所述核验结果,生成携带节点标识信息的回馈信息,并向所述区块链网络广播所述回馈信息。The verification step: verifying the user identity information to obtain a verification result, and generating feedback information carrying the node identification information according to the verification result, and broadcasting the feedback information to the blockchain network.

此外,为实现上述目的,本申请还提供一种基于区块链的身份验证方法,该方法包括步骤:In addition, to achieve the above object, the present application further provides a blockchain-based identity verification method, the method comprising the steps of:

第一验证步骤:当接收到携带第一用户身份信息的第一身份验证请求时,根据预先确定的身份验证规则对所述第一用户身份信息进行核验,以获得第一验证结果;a first verification step: when receiving the first identity verification request carrying the first user identity information, verifying the first user identity information according to a predetermined identity verification rule to obtain a first verification result;

判断步骤:根据获得的所述第一验证结果、第一用户身份信息及预先确定的判断规则确定是否执行多重身份验证;a determining step: determining whether to perform multiple identity verification according to the obtained first verification result, the first user identity information, and a predetermined determination rule;

第一输出步骤:当确定不执行多重身份验证时,输出所述第一验证结果作为用户身份验证结果;或,当确定执行多重身份验证时,获取第二用户身份信息;a first outputting step: when it is determined that the multiple authentication is not performed, outputting the first verification result as a user identity verification result; or, when determining to perform the multiple identity verification, acquiring the second user identity information;

查找步骤:根据所述第一用户身份信息中的用户标识信息及预先确定的用户标识信息与验证节点标识信息之间的映射关系,查找所述用户标识信息对应的至少一个验证节点;The searching step: searching for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identification information in the first user identity information and the predetermined user identification information and the verification node identification information;

发布步骤:发布携带所述第二用户身份信息的第二身份验证请求至区块链网络,接收所述区块链网络的对所述第二用户身份信息进行核验生成并广播的携带节点标识信息的回馈信息;a publishing step: publishing a second identity verification request carrying the second user identity information to the blockchain network, and receiving, by the blockchain network, the carrying node identification information that is generated and broadcasted by the second user identity information Feedback information;

分析步骤:基于预先确定的第一结果分析规则,对所述回馈信息中的核验结果进行分析处理,并输出第一分析结果作为第二验证结果;The analyzing step: analyzing and processing the verification result in the feedback information based on the predetermined first result analysis rule, and outputting the first analysis result as the second verification result;

第二输出步骤:根据预先确定的第二结果分析规则,对所述第二验证结果进行分析处理,并输出第二分析结果作为所述用户的身份验证结果。The second output step is: performing analysis processing on the second verification result according to the predetermined second result analysis rule, and outputting the second analysis result as the identity verification result of the user.

此外,为实现上述目的,本申请还提供一种基于区块链的身份验证程序,所述基于区块链的身份验证程序包括:In addition, to achieve the above object, the present application further provides a blockchain-based identity verification program, where the blockchain-based identity verification program includes:

验证模块,用于当接收到携带第一用户身份信息的第一身份验证请求时,根据预先确定的身份验证规则对所述第一用户身份信息进行核验,以获得第一验证结果;a verification module, configured to: when receiving the first identity verification request carrying the first user identity information, verify the first user identity information according to a predetermined identity verification rule, to obtain a first verification result;

判断模块,用于根据获得的所述第一验证结果、第一用户身份信息及预先确定的判断规则确定是否执行多重身份验证;a determining module, configured to determine whether to perform multiple identity verification according to the obtained first verification result, the first user identity information, and a predetermined determination rule;

第一输出模块,用于当确定不执行多重身份验证时,输出所述第一验证 结果作为用户身份验证结果;或,当确定执行多重身份验证时,获取第二用户身份信息;a first output module, configured to output the first verification result as a user identity verification result when determining that multiple authentication is not performed; or acquire second user identity information when determining to perform multiple identity verification;

查找模块,用于根据所述第一用户身份信息中的用户标识信息及预先确定的用户标识信息与验证节点标识信息之间的映射关系,查找所述用户标识信息对应的至少一个验证节点;a searching module, configured to search for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identifier information in the first user identity information and the predetermined user identifier information and the verification node identifier information;

发布模块,用于发布携带所述第二用户身份信息的第二身份验证请求至区块链网络,接收所述区块链网络的对所述第二用户身份信息进行核验生成并广播的携带节点标识信息的回馈信息;a publishing module, configured to send a second identity verification request that carries the second user identity information to a blockchain network, and receive a carrying node that is configured to verify and broadcast the second user identity information of the blockchain network Feedback information of the identification information;

分析模块,用于基于预先确定的第一结果分析规则,对所述回馈信息中的核验结果进行分析处理,并输出第一分析结果作为第二验证结果;An analysis module, configured to analyze and process the verification result in the feedback information based on a predetermined first result analysis rule, and output the first analysis result as a second verification result;

第二输出模块,用于根据预先确定的第二结果分析规则,对所述第二验证结果进行分析处理,并输出第二分析结果作为所述用户的身份验证结果。And a second output module, configured to perform an analysis process on the second verification result according to the predetermined second result analysis rule, and output a second analysis result as the identity verification result of the user.

此外,为实现上述目的,本申请还提供一种计算机可读存储介质,所述计算机可读存储介质存储有基于区块链的第一身份程序,所述基于区块链的第一身份验证程序可被至少一个处理器执行,以使所述至少一个处理器执行如下步骤:In addition, in order to achieve the above object, the present application further provides a computer readable storage medium storing a first identity program based on a blockchain, the first identity verification program based on a blockchain The at least one processor can be executed by the at least one processor to perform the following steps:

验证步骤:当接收到携带第一用户身份信息的第一身份验证请求时,根据预先确定的身份验证规则对所述第一用户身份信息进行核验,以获得第一验证结果;a verification step: when receiving the first identity verification request carrying the first user identity information, verifying the first user identity information according to a predetermined identity verification rule to obtain a first verification result;

判断步骤:根据获得的所述第一验证结果、第一用户身份信息及预先确定的判断规则确定是否执行多重身份验证;a determining step: determining whether to perform multiple identity verification according to the obtained first verification result, the first user identity information, and a predetermined determination rule;

第一输出步骤:当确定不执行多重身份验证时,输出所述第一验证结果作为用户身份验证结果;或,当确定执行多重身份验证时,获取第二用户身份信息;a first outputting step: when it is determined that the multiple authentication is not performed, outputting the first verification result as a user identity verification result; or, when determining to perform the multiple identity verification, acquiring the second user identity information;

查找步骤:根据所述第一用户身份信息中的用户标识信息及预先确定的用户标识信息与验证节点标识信息之间的映射关系,查找所述用户标识信息对应的至少一个验证节点;The searching step: searching for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identification information in the first user identity information and the predetermined user identification information and the verification node identification information;

发布步骤:发布携带所述第二用户身份信息的第二身份验证请求至区块链网络,接收所述区块链网络的对所述第二用户身份信息进行核验生成并广播的携带节点标识信息的回馈信息;a publishing step: publishing a second identity verification request carrying the second user identity information to the blockchain network, and receiving, by the blockchain network, the carrying node identification information that is generated and broadcasted by the second user identity information Feedback information;

分析步骤:基于预先确定的第一结果分析规则,对所述回馈信息中的核验结果进行分析处理,并输出第一分析结果作为第二验证结果;The analyzing step: analyzing and processing the verification result in the feedback information based on the predetermined first result analysis rule, and outputting the first analysis result as the second verification result;

第二输出步骤:根据预先确定的第二结果分析规则,对所述第二验证结果进行分析处理,并输出第二分析结果作为所述用户的身份验证结果。The second output step is: performing analysis processing on the second verification result according to the predetermined second result analysis rule, and outputting the second analysis result as the identity verification result of the user.

此外,为实现上述目的,本申请还提供一种基于区块链的身份验证方法,所述基于区块链的身份验证方法包括:In addition, to achieve the above object, the present application further provides a blockchain-based identity verification method, where the blockchain-based identity verification method includes:

接收步骤:接收携带用户身份信息的身份验证请求;Receiving step: receiving an identity verification request carrying user identity information;

核验步骤:对所述用户身份信息进行核验以获得核验结果,且根据所述核验结果,生成携带节点标识信息的回馈信息,并向所述区块链网络广播所述回馈信息。The verification step: verifying the user identity information to obtain a verification result, and generating feedback information carrying the node identification information according to the verification result, and broadcasting the feedback information to the blockchain network.

此外,为实现上述目的,本申请还提供一种基于区块链的身份验证程序,所述基于区块链的身份验证程序包括:In addition, to achieve the above object, the present application further provides a blockchain-based identity verification program, where the blockchain-based identity verification program includes:

接收模块,用于接收携带用户身份信息的身份验证请求;a receiving module, configured to receive an identity verification request that carries user identity information;

核验模块,用于对所述用户身份信息进行核验以获得核验结果,且根据所述核验结果,生成携带节点标识信息的回馈信息,并向所述区块链网络广播所述回馈信息。And a verification module, configured to verify the user identity information to obtain a verification result, and generate feedback information carrying the node identification information according to the verification result, and broadcast the feedback information to the blockchain network.

此外,为实现上述目的,本申请还提供一种计算机可读存储介质,所述计算机可读存储介质存储有基于区块链的第二身份验证程序,所述基于区块链的第二身份验证程序可被至少一个处理器执行,以使所述至少一个处理器执行如下步骤:In addition, in order to achieve the above object, the present application further provides a computer readable storage medium storing a blockchain based second identity verification program, the blockchain based second identity verification The program can be executed by at least one processor to cause the at least one processor to perform the following steps:

接收步骤:接收携带用户身份信息的身份验证请求;Receiving step: receiving an identity verification request carrying user identity information;

核验步骤:对所述用户身份信息进行核验以获得核验结果,且根据所述核验结果,生成携带节点标识信息的回馈信息,并向所述区块链网络广播所述回馈信息。The verification step: verifying the user identity information to obtain a verification result, and generating feedback information carrying the node identification information according to the verification result, and broadcasting the feedback information to the blockchain network.

本申请在按照预先确定的身份验证规则对第一用户身份信息进行核验后,根据预先确定的判断规则确定是否执行多重身份验证,当确定执行多重身份验证后,将第二用户身份信息发布至区块链网络进行核验,以获得多重身份验证的验证结果。相较于现有技术,本申请可满足多种应用场景的多样化需求,提高用户身份验证的准确度,同时防止用户身份信息泄露。After verifying the first user identity information according to the predetermined identity verification rule, the application determines whether to perform the multiple identity verification according to the predetermined determination rule, and after determining to perform the multiple identity verification, releasing the second user identity information to the zone. The blockchain network is verified to obtain the verification result of multiple authentication. Compared with the prior art, the present application can meet the diverse needs of multiple application scenarios, improve the accuracy of user identity verification, and prevent user identity information from being leaked.

附图说明DRAWINGS

为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图示出的结构获得其他的附图。In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings to be used in the embodiments or the prior art description will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present application, and other drawings can be obtained according to the structures shown in the drawings without any creative work for those skilled in the art.

图1为本申请第一电子装置及第二电子装置的运行环境示意图;1 is a schematic diagram of an operating environment of a first electronic device and a second electronic device according to the present application;

图2为本申请基于区块链的第一身份验证程序第一实施例的运行环境示意图;2 is a schematic diagram of an operating environment of a first embodiment of a first identity verification procedure based on a blockchain according to the present application;

图3为本申请基于区块链的第一身份验证程序第一实施例的程序模块图;3 is a program module diagram of a first embodiment of a first identity verification procedure based on a blockchain according to the present application;

图4为本申请基于区块链的身份验证方法第一实施例的流程示意图;4 is a schematic flowchart of a blockchain-based identity verification method according to a first embodiment of the present application;

图5为本申请基于区块链的第二身份验证程序第一实施例的运行环境示意图;5 is a schematic diagram of an operating environment of a first embodiment of a second identity verification procedure based on a blockchain according to the present application;

图6为本申请基于区块链的第二身份验证程序第一实施例的程序模块图;6 is a program module diagram of a first embodiment of a second identity verification procedure based on a blockchain according to the present application;

图7为本申请基于区块链的身份验证方法第二实施例的流程示意图。FIG. 7 is a schematic flowchart diagram of a second embodiment of a blockchain-based identity verification method according to the present application.

本申请目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The implementation, functional features and advantages of the present application will be further described with reference to the accompanying drawings.

具体实施方式detailed description

以下结合附图对本申请的原理和特征进行描述,所举实例只用于解释本申请,并非用于限定本申请的范围。The principles and features of the present application are described in the following with reference to the accompanying drawings, which are only used to explain the present application and are not intended to limit the scope of the application.

本申请电子装置、基于区块链的身份验证方法及计算机存储介质适用于基于区块链的公益系统,该系统包括若干个应用端,及各所述应用端对应的节点设备,所述应用端包括公益平台、公益对象平台,所述节点设备包括公益平台对应的公益平台节点设备、公益对象平台对应的公益对象平台节点设备、若干个公益平台员工管理子系统及各公益平台员工管理子系统对应的公 益平台员工管理节点设备;在一些实施例中,该基于区块链的公益系统还包括:若干个公正机构平台及各公正机构平台对应的公正机构节点设备。The electronic device of the present application, the blockchain-based identity verification method, and the computer storage medium are applicable to a blockchain-based public welfare system, and the system includes a plurality of application terminals, and node devices corresponding to the application terminals, and the application end The utility model includes a public welfare platform and a public welfare target platform, and the node equipment comprises a public welfare platform node device corresponding to the public welfare platform, a public welfare object platform node device corresponding to the public welfare object platform, a plurality of public welfare platform employee management subsystems, and a corresponding public welfare platform employee management subsystem. The non-profit platform employee management node device; in some embodiments, the blockchain-based public interest system further includes: a plurality of fair institution platforms and fair institution node devices corresponding to the fair institution platforms.

本申请还提出一种基于区块链的第一身份验证程序。The application also proposes a first identity verification procedure based on a blockchain.

请参照图1,图1为本申请第一电子装置1及第二电子装置2的运行环境示意图。Please refer to FIG. 1 . FIG. 1 is a schematic diagram of an operating environment of a first electronic device 1 and a second electronic device 2 according to the present application.

请参阅图2,是本申请基于区块链的第一身份验证程序10第一实施例的运行环境示意图。Please refer to FIG. 2 , which is a schematic diagram of the operating environment of the first embodiment of the first identity verification program 10 based on the blockchain of the present application.

在本实施例中,基于区块链的第一身份验证程序10安装并运行于第一电子装置1中。该第一电子装置1可以是发布节点设备、也可以是所述发布节点设备对应的应用端服务器,还可以是除发布节点设备、应用端服务器之外的其他电子装置,本申请对此不作限定。In the present embodiment, the first identity verification program 10 based on the blockchain is installed and operates in the first electronic device 1. The first electronic device 1 may be a publishing node device, or may be an application server corresponding to the publishing node device, and may be an electronic device other than the publishing node device and the application server. .

第一电子装置1可以是桌上型计算机、笔记本、掌上电脑及服务器等计算设备。该第一电子装置1可包括,但不仅限于,存储器11、处理器12及显示器13。图2仅示出了具有组件11-13的第一电子装置1,但是应理解的是,并不要求实施所有示出的组件,可以替代的实施更多或者更少的组件。The first electronic device 1 may be a computing device such as a desktop computer, a notebook, a palmtop computer, and a server. The first electronic device 1 may include, but is not limited to, a memory 11, a processor 12, and a display 13. Figure 2 shows only the first electronic device 1 with components 11-13, but it should be understood that not all illustrated components may be implemented, and more or fewer components may be implemented instead.

存储器11在一些实施例中可以是第一电子装置1的内部存储单元,例如该第一电子装置1的硬盘或内存。存储器11在另一些实施例中也可以是第一电子装置1的外部存储设备,例如第一电子装置1上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,存储器11还可以既包括第一电子装置1的内部存储单元也包括外部存储设备。存储器11用于存储安装于第一电子装置1的应用软件及各类数据,例如基于区块链的第一身份验证程序10的程序代码等。存储器11还可以用于暂时地存储已经输出或者将要输出的数据。The memory 11 may be an internal storage unit of the first electronic device 1, such as a hard disk or memory of the first electronic device 1, in some embodiments. The memory 11 may also be an external storage device of the first electronic device 1 in other embodiments, such as a plug-in hard disk equipped on the first electronic device 1, a smart memory card (SMC), and a secure digital (Secure) Digital, SD) cards, flash cards, etc. Further, the memory 11 may also include both an internal storage unit of the first electronic device 1 and an external storage device. The memory 11 is used to store application software and various types of data installed in the first electronic device 1, such as program code of the first identity verification program 10 based on the blockchain. The memory 11 can also be used to temporarily store data that has been output or is about to be output.

处理器12在一些实施例中可以是一中央处理器(Central Processing Unit,CPU),微处理器或其他数据处理芯片,用于运行存储器11中存储的程序代码或处理数据,例如执行第一身份验证程序10等。在本实施例中,若第一电子装置1为发布节点,则该处理器12可以是智能合约。The processor 12, in some embodiments, may be a Central Processing Unit (CPU), microprocessor or other data processing chip for running program code or processing data stored in the memory 11, for example, performing a first identity Verification procedure 10, etc. In this embodiment, if the first electronic device 1 is a publishing node, the processor 12 may be a smart contract.

显示器13在一些实施例中可以是LED显示器、液晶显示器、触控式液晶显示器以及OLED(Organic Light-Emitting Diode,有机发光二极管)触摸器等。显示器13用于显示在第一电子装置1中处理的信息以及用于显示可视化的用户界面。第一电子装置1的部件11-13通过系统总线相互通信。The display 13 may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch sensor, or the like in some embodiments. The display 13 is for displaying information processed in the first electronic device 1 and a user interface for displaying visualization. The components 11-13 of the first electronic device 1 communicate with one another via a system bus.

请参阅图3,是本申请基于区块链的第一身份验证程序10第一实施例的程序模块图。在本实施例中,基于区块链的第一身份验证程序10可以被分割成一个或多个模块,一个或者多个模块被存储于存储器11中,并由一个或多个处理器(本实施例为处理器12)所执行,以完成本申请。例如,在图3中,基于区块链的第一身份验证程序10可以被分割成验证模块101、判断模块102、第一输出模块103、查找模块104、发布模块105、分析模块106及第二输出模块107。本申请所称的模块是指能够完成特定功能的一系列计算机程序指令段,比程序更适合于描述基于区块链的第一身份验证程序10在第一电子装置1中的执行过程,其中:Please refer to FIG. 3, which is a program module diagram of the first embodiment of the first identity verification program 10 based on the blockchain of the present application. In this embodiment, the blockchain-based first identity verification program 10 can be divided into one or more modules, one or more modules are stored in the memory 11, and by one or more processors (this implementation) The example is executed by the processor 12) to complete the application. For example, in FIG. 3, the first identity verification program 10 based on the blockchain may be divided into a verification module 101, a determination module 102, a first output module 103, a lookup module 104, a distribution module 105, an analysis module 106, and a second. Output module 107. A module as referred to in the present application refers to a series of computer program instruction segments capable of performing a specific function, and is more suitable than the program to describe the execution process of the first identity verification program 10 based on the blockchain in the first electronic device 1, wherein:

验证模块101,用于当接收到携带第一用户身份信息的第一身份验证请求时,根据预先确定的身份验证规则对所述第一用户身份信息进行核验,以获得第一验证结果。The verification module 101 is configured to, when receiving the first identity verification request carrying the first user identity information, verify the first user identity information according to the predetermined identity verification rule to obtain a first verification result.

判断模块102,用于根据获得的所述第一验证结果、第一用户身份信息及预先确定的判断规则确定是否执行多重身份验证。The determining module 102 is configured to determine whether to perform the multiple identity verification according to the obtained first verification result, the first user identity information, and the predetermined determination rule.

第一输出模块103,用于当确定不执行多重身份验证时,输出所述第一验证结果作为用户身份验证结果;或,当确定执行多重身份验证时,获取第二用户身份信息。The first output module 103 is configured to: when the multi-identity verification is not performed, output the first verification result as a user identity verification result; or, when it is determined to perform the multiple identity verification, acquire the second user identity information.

查找模块104,用于根据所述第一用户身份信息中的用户标识信息及预先确定的用户标识信息与验证节点标识信息之间的映射关系,查找所述用户标识信息对应的至少一个验证节点。The searching module 104 is configured to search for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identifier information in the first user identity information and the predetermined user identifier information and the verification node identifier information.

发布模块105,用于发布携带所述第二用户身份信息的第二身份验证请求至区块链网络,接收所述区块链网络的对所述第二用户身份信息进行核验生成并广播的携带节点标识信息的回馈信息。a publishing module 105, configured to issue a second identity verification request that carries the second user identity information to the blockchain network, and receive, by the blockchain network, the second user identity information to be verified and generated and broadcasted. Feedback information of node identification information.

分析模块106,用于基于预先确定的第一结果分析规则,对所述回馈信息中的核验结果进行分析处理,并输出第一分析结果作为第二验证结果。The analyzing module 106 is configured to perform analysis processing on the verification result in the feedback information based on the predetermined first result analysis rule, and output the first analysis result as the second verification result.

第二输出模块107,用于根据预先确定的第二结果分析规则,对所述第二验证结果进行分析处理,并输出第二分析结果作为所述用户的身份验证结果。The second output module 107 is configured to perform analysis processing on the second verification result according to a predetermined second result analysis rule, and output a second analysis result as the identity verification result of the user.

上述第一用户身份信息为不涉及用户隐私的身份信息,即使该第一用户身份信息被他人获取,此第一用户身份信息的获得者也无法通过该第一用户身份信息获知用户的真实身份。例如,第一用户身份信息包括用户标识信息及第一用户身份特征信息,其中,所述用户身份关联信息包括用户名信息、用户密码信息(该用户密码信息可以U盾、电子证书等作为存储介质)、动态码等。The first user identity information is identity information that does not involve user privacy. Even if the first user identity information is obtained by another person, the winner of the first user identity information cannot learn the true identity of the user by using the first user identity information. For example, the first user identity information includes user identification information and first user identity information, where the user identity association information includes user name information and user password information (the user password information may be U shield, electronic certificate, etc. as a storage medium). ), dynamic code, etc.

上述预先确定的身份验证规则包括:The above predetermined authentication rules include:

根据所述第一身份信息中的用户标识信息,且基于预先确定的用户标识信息与第一标准用户身份特征信息之间的映射关系,查找所述用户标识信息对应的第一标准用户身份特征信息。And searching for the first standard user identity feature information corresponding to the user identifier information, according to the user identifier information in the first identity information, and based on a mapping relationship between the predetermined user identifier information and the first standard user identity feature information .

根据查找得到的所述第一标准用户身份特征信息,对所述第一身份信息中的待验证第一用户身份特征信息进行核验;若核验结果为相同,则输出第一验证结果为验证成功;若核验结果为不同,则输出第一验证结果为验证失败。And verifying the first user identity feature information to be verified in the first identity information according to the first standard user identity feature information obtained by the search; if the verification result is the same, outputting the first verification result is successful verification; If the verification result is different, the first verification result is output as the verification failure.

下面通过以下两种方案对预先确定的判断规则进行说明:The following two rules are used to explain the predetermined judgment rules:

方案一:Option One:

上述预先确定的判断规则为:The above predetermined judgment rules are:

当所述第一验证结果为验证失败时,确定执行多重身份验证;或者,当所述第一验证结果为验证失败且接收到用户发送的确认继续执行身份验证的请求时,确定执行多重身份验证。Determining to perform multiple authentication when the first verification result is a verification failure; or determining to perform multiple authentication when the first verification result is a verification failure and receiving a request sent by the user to continue performing the authentication. .

当所述第一验证结果为验证成功时,确定不执行多重身份验证;或者,当所述第一验证结果为验证成功时,或当所述第一验证结果为验证失败且接收到用户发送的终止执行多重身份验证的请求时,确定不执行多重身份验证。When the first verification result is that the verification is successful, determining that the multiple authentication is not performed; or, when the first verification result is the verification success, or when the first verification result is the verification failure and receiving the user sending When terminating a request to perform multi-factor authentication, it is determined that multi-authentication is not performed.

上述方案一的应用场景为:用户通过公益平台登录时,公益平台首先通过用户提供的用户名及用户密码进行验证,若验证结果为验证失败,则该用户可能为非法登录用户或者该用户忘记其用户名和/或用户密码,为了防止错判,公益平台执行多重身份验证以保证身份验证的准确性。The application scenario of the foregoing solution 1 is: when the user logs in through the public welfare platform, the public interest platform first authenticates by using the user name and user password provided by the user. If the verification result is that the verification fails, the user may be an illegal login user or the user forgets the user. Username and/or user password, in order to prevent misjudgment, the public welfare platform performs multiple authentication to ensure the accuracy of authentication.

方案二:Option II:

上述预先确定的判断规则为:The above predetermined judgment rules are:

当所述第一验证结果为验证成功时,根据所述第一用户身份信息中的用户标识信息,且基于预先确定的判断子规则确定是否执行多重身份验证。当基于所述预先确定的判断子规则确定执行多重身份验证,则输出判断结果为执行多重身份验证。当基于所述预先确定的判断子规则确定不执行多重身份验证,则输出判断结果为不执行多重身份验证。When the first verification result is that the verification is successful, determining whether to perform the multiple identity verification according to the user identification information in the first user identity information and based on the predetermined determination sub-rule. When it is determined that the multi-factor authentication is performed based on the predetermined judging sub-rule, the outputting of the judgment result is to perform the multi-intelligence verification. When it is determined that the multi-factor authentication is not performed based on the predetermined judging sub-rule, the outputting of the judgment result is that the multi-factor authentication is not performed.

当所述第一验证结果为验证失败时,则输出判断结果为不执行多重身份验证。When the first verification result is a verification failure, the output judgment result is that the multiple authentication is not performed.

其中,上述预先确定的判断子规则为:Wherein, the above predetermined judging rule is:

提取所述用户标识信息中的用户身份等级作为待确认的用户身份等级,且基于预先确定的用户身份等级与多重身份验证之间的映射关系,判断所述待确认的用户身份等级是否与多重身份验证存在映射关系。Extracting a user identity level in the user identification information as a user identity level to be confirmed, and determining whether the user identity level to be confirmed and the multiple identity are based on a mapping relationship between the predetermined user identity level and the multiple identity verification. Verify that there is a mapping relationship.

若是,则输出判断结果为执行多重身份验证。If so, the output judgment result is to perform multi-factor authentication.

若否,则输出判断结果为不执行多重身份验证。If not, the output judgment result is that multi-factor authentication is not performed.

在一些实施例中,也可预先在用户标识信息中设置多重身份验证标识符,若一用户的用户标识信息中存在所述多重身份验证标识符,则确定执行多重身份验证,若该用户的用户标识信息中不存在所述多重身份验证标识符,则确定不执行多重身份验证。In some embodiments, the multiple identity identifier may also be set in advance in the user identification information. If the multiple identity identifier exists in the user identifier information of a user, it is determined to perform multiple identity verification, if the user of the user If the multiple authentication identifier does not exist in the identification information, it is determined that multiple authentication is not performed.

上述方案二的应用场景为:用户通过公益平台登录时,公益平台首先通过用户提供的第一用户身份信息进行验证。若验证通过,则进一步确定该用户是否是系统操作等级高(例如,公益平台员工)的用户,由于这些用户往往可以对系统中的保密数据或者是非公开数据有处理权限,为保证系统数据的安全性,需要对该用户的真实身份进行验证以确认此次登陆确实由该用户本人操作。若确定该用户是系统操作等级高的用户,则判定需要对该用户执行多重身份验证;若确定该用户不是系统操作等级高的用户,则判定不需要对该用户只需多重身份验证,而仅需要对第一用户身份信息进行验证即可。由于第一用户身份信息为不涉及用户隐私的身份信息,因此,可将该第一用户身份信息存储至区块链上各个节点中,即使该第一用户身份信息被窃取,也不会造成用户隐私的泄露。The application scenario of the foregoing solution 2 is: when the user logs in through the public welfare platform, the public welfare platform first performs verification by using the first user identity information provided by the user. If the verification is passed, it is further determined whether the user is a user with a high system operation level (for example, a public interest platform employee), and since these users can often have processing authority for confidential data or non-public data in the system, to ensure system data security. Sex, the user's real identity needs to be verified to confirm that the login is actually performed by the user himself. If it is determined that the user is a user with a high system operation level, it is determined that the user needs to perform multiple authentication; if it is determined that the user is not a user with a high system operation level, it is determined that the user does not need only multiple authentication, but only The first user identity information needs to be verified. Since the first user identity information is identity information that does not involve user privacy, the first user identity information may be stored in each node of the blockchain, and even if the first user identity information is stolen, the user is not caused. The disclosure of privacy.

上述第二用户身份信息包括用户标识信息及第二用户身份特征信息。The second user identity information includes user identity information and second user identity feature information.

所述第二用户身份特征信息包括用户生物信息、身份证件信息中至少一种。The second user identity feature information includes at least one of user biometric information and identity document information.

上述用户生物信息包括指纹信息、人脸信息、虹膜信息、声纹信息等用于唯一识别用户身份的生物特征信息。The user biometric information includes fingerprint information, face information, iris information, voiceprint information, and the like for biometric information for uniquely identifying a user identity.

上述身份证件信息包括身份证号、护照号、员工编号等。The above identification information includes the ID number, passport number, employee number, and the like.

上述用户标识信息与验证节点标识信息之间的映射关系可存储在映射表中,其中,一用户的身份验证可由一个或者多个验证节点完成,且完成一次用户身份验证启用的验证节点的数量可根据需要确定,在此不做限定。The mapping relationship between the foregoing user identification information and the verification node identification information may be stored in a mapping table, wherein the identity verification of a user may be completed by one or more verification nodes, and the number of verification nodes enabled to perform one user identity verification may be Determined according to needs, not limited here.

发布模块105具体用于:The publishing module 105 is specifically used to:

根据预先确定的第一加密规则对所述第二用户身份信息进行加密处理,且发布携带加密后的第二用户身份信息的第二身份验证请求至区块链网络。区块链网络(例如,区块链网络中的验证节点)接收所述第二身份验证请求后,根据预先确定的第一解密规则对加密后的第二用户身份信息进行解密以 获得所述第二用户身份信息,并对所述第二用户身份信息进行核验以获得核验结果,且根据所述核验结果,生成携带节点标识信息的回馈信息,并向所述区块链网络广播所述回馈信息。And encrypting the second user identity information according to the predetermined first encryption rule, and issuing a second identity verification request carrying the encrypted second user identity information to the blockchain network. After receiving the second identity verification request, the blockchain network (eg, the verification node in the blockchain network) decrypts the encrypted second user identity information according to the predetermined first decryption rule to obtain the first And the second user identity information is verified, and the verification result is obtained, and the feedback information carrying the node identification information is generated according to the verification result, and the feedback information is broadcasted to the blockchain network. .

上述根据预先确定的第一加密规则对所述第二用户身份信息进行加密处理,且发布携带加密后的第二用户身份信息的第二身份验证请求至区块链网络的步骤,具体为:The step of performing the encryption processing on the second user identity information according to the predetermined first encryption rule, and issuing the second identity verification request carrying the encrypted second user identity information to the blockchain network, specifically:

首先,获取所述验证节点对应的公钥。First, the public key corresponding to the verification node is obtained.

若所述验证节点为一个,则利用获取的所述验证节点对应的公钥对所述第二用户身份信息进行加密处理,以获得所述加密后的第二用户身份信息。If the verification node is one, the second user identity information is encrypted by using the obtained public key corresponding to the verification node to obtain the encrypted second user identity information.

若所述验证节点为多个,则利用获取的各所述验证节点对应的公钥分别对所述第二用户身份信息进行加密处理,以获得多个所述加密后的第二用户身份信息。If the number of the verification nodes is multiple, the second user identity information is separately encrypted by using the obtained public key corresponding to each of the verification nodes to obtain a plurality of the encrypted second user identity information.

然后,通过发布节点向区块链网络中发布第二身份验证请求。The second authentication request is then issued to the blockchain network by the publishing node.

上述一个验证节点(例如,公益平台员工管理节点设备)通常对应一个基于区块链的第一身份验证程序,该基于区块链的第一身份验证程序存储在存储器中,且该基于区块链的第一身份验证程序可被一个或者多个处理器执行,执行该基于区块链的第一身份验证程序的处理器可设置于验证节点中,也可设置于应用端(例如,公益平台员工管理子系统)中,还也可独立设置于一电子装置中,例如,若该处理器设置于验证节点中,则该处理器可以是该验证节点对应的智能合约。The above one verification node (for example, the public interest platform employee management node device) generally corresponds to a blockchain-based first identity verification program, and the blockchain-based first identity verification program is stored in the memory, and the blockchain is based on the blockchain. The first authentication program can be executed by one or more processors, and the processor executing the blockchain-based first identity verification program can be set in the verification node or can be set on the application end (for example, the nonprofit platform employee) The management subsystem may also be independently disposed in an electronic device. For example, if the processor is disposed in the verification node, the processor may be a smart contract corresponding to the verification node.

下面以该处理器设置于验证节点中为例对基于区块链的身份验证程序如何接收和处理所述第二身份验证请求进行说明:The following describes how the blockchain-based authentication program receives and processes the second identity verification request by taking the processor in the verification node as an example:

若所述验证节点为一个,则该验证节点接收到所述第二身份验证请求后,利用该验证节点对应的私钥对所述加密后的第二用户身份信息进行解密处理,以获得所述第二用户身份信息。根据所述第二用户身份信息中的用户标识信息,且基于预先确定的用户标识信息与第二标准用户身份特征信息之间的映射关系,查找所述用户标识信息对应的预先加密存储的第二标准用户身份特征信息,并用该验证节点对应的对称加密秘钥对所述加密的第二标准用户身份特征信息进行解密处理,以得到第二标准用户身份特征信息,根据查找的所述第二标准用户身份特征信息,对所述第二身份信息中的待验证第二用户身份特征信息进行核验。若待验证第二用户身份特征信息与所述第二标准用户身份特征信息相同,则输出核验结果为核验成功。若待验证第二用户身份特征信息与所述第二标准用户身份特征信息不同,则输出核验结果为核验失败。根据所述核验结果,生成携带节点标识信息的回馈信息,该验证节点将生成的所述回馈信息发布至区块链网络中。If the verification node is one, the verification node decrypts the encrypted second user identity information by using the private key corresponding to the verification node after receiving the second identity verification request to obtain the Second user identity information. And searching for the second pre-encrypted storage corresponding to the user identifier information, according to the user identifier information in the second user identity information, and based on a mapping relationship between the predetermined user identifier information and the second standard user identity feature information. Standard user identity information, and decrypting the encrypted second standard user identity feature information by using a symmetric encryption key corresponding to the verification node to obtain second standard user identity feature information, according to the second criterion of the search The user identity information is used to verify the second user identity feature information to be verified in the second identity information. If the second user identity feature information to be verified is the same as the second standard user identity feature information, the verification result is verified to be successful. If the second user identity feature information to be verified is different from the second standard user identity feature information, the verification result is a verification failure. And generating, according to the verification result, feedback information carrying the node identification information, where the verification node issues the generated feedback information to the blockchain network.

若所述验证节点为多个,则每个验证节点都可接收到多个加密后的第二用户身份信息,不论一验证节点接收多少个加密后的第二用户身份信息,该验证节点只能解密用该验证节点对应的公钥加密的第二用户身份信息。各验证节点在利用各验证节点对应的私钥对接收的所述加密后的第二用户身份信息进行解密后,其对所述第二用户身份信息进行核验并生成和发布回馈信息的方法与上述方法相同,在此不做赘述。If the number of the verification nodes is multiple, each of the verification nodes can receive the plurality of encrypted second user identity information, and the verification node can only receive the encrypted second user identity information. Decrypting the second user identity information encrypted with the public key corresponding to the verification node. a method for verifying, by the verification node, the received second user identity information by using a private key corresponding to each verification node, verifying the second user identity information, and generating and distributing feedback information. The method is the same and will not be described here.

上述预先确定的第一结果分析规则为:The above predetermined first result analysis rule is:

若验证节点为一个,则当核验结果为核验成功时,确定第一分析结果为 验证成功;当所述核验结果为核验失败时,确定所述第一分析结果为验证失败;If the verification node is one, when the verification result is successful, the first analysis result is determined as successful verification; when the verification result is verification failure, determining that the first analysis result is verification failure;

若验证节点为多个,则当所有核验结果均为成功时,确定第一分析结果为验证成功;否则,确定所述第一分析结果为验证失败。If the verification node is multiple, when all the verification results are successful, it is determined that the first analysis result is the verification success; otherwise, the first analysis result is determined to be the verification failure.

上述预先确定的第二结果分析规则为:The above predetermined second result analysis rule is:

若第二验证结果为验证成功,则第二分析结果为验证成功;If the second verification result is that the verification is successful, the second analysis result is that the verification is successful;

若第二验证结果为验证失败或者所述第二验证结果为空值,则第二分析结果为验证失败。If the second verification result is a verification failure or the second verification result is a null value, the second analysis result is a verification failure.

造成上述第二验证结果为空值的情况为多重身份验证被用户中止。The case where the second verification result described above is null is that the multiple authentication is suspended by the user.

本实施例在按照预先确定的身份验证规则对第一用户身份信息进行核验后,根据预先确定的判断规则确定是否执行多重身份验证,当确定执行多重身份验证后,将第二用户身份信息发布至区块链网络进行核验,以获得多重身份验证的验证结果。相较于现有技术,本实施例可满足多种应用场景的多样化需求,提高用户身份验证的准确度,同时防止用户身份信息泄露。In this embodiment, after verifying the first user identity information according to the predetermined identity verification rule, determining whether to perform the multiple identity verification according to the predetermined determination rule, and after determining to perform the multiple identity verification, publishing the second user identity information to the The blockchain network is verified to obtain verification results for multiple authentications. Compared with the prior art, this embodiment can meet the diversified requirements of multiple application scenarios, improve the accuracy of user identity verification, and prevent user identity information from being leaked.

本申请还提供一种基于区块链的身份验证方法,该方法适用于区块链网络中身份验证请求的发布端,例如,发布节点。The application also provides a blockchain-based authentication method, which is applicable to a publishing end of an identity verification request in a blockchain network, for example, a publishing node.

本实施例中,基于区块链的第一身份验证程序存储在存储器中,且该基于区块链的第一身份验证程序可被一个或者多个处理器执行以实现本实施例中基于区块链的身份验证方法,执行该基于区块链的第一身份验证程序的处理器可设置于验证节点中,也可设置于应用端(例如,公益平台)中,还也可独立设置于一电子装置中,例如,若该处理器设置于发布节点中,则该处理器可以是该发布节点对应的智能合约。In this embodiment, the first identity verification program based on the blockchain is stored in the memory, and the blockchain-based first identity verification program may be executed by one or more processors to implement the block based in the embodiment. The chain authentication method, the processor executing the blockchain-based first identity verification program may be set in the verification node, or may be set in the application end (for example, a public welfare platform), or may be independently set in an electronic In the device, for example, if the processor is disposed in the publishing node, the processor may be a smart contract corresponding to the publishing node.

如图4所示,图4为本申请基于区块链的身份验证方法第一实施例的流程示意图。As shown in FIG. 4, FIG. 4 is a schematic flowchart of a first embodiment of a blockchain-based identity verification method according to the present application.

本实施例中,该方法包括:In this embodiment, the method includes:

步骤S110,当接收到携带第一用户身份信息的第一身份验证请求时,根据预先确定的身份验证规则对所述第一用户身份信息进行核验,以获得第一验证结果。Step S110: When receiving the first identity verification request that carries the first user identity information, verify the first user identity information according to a predetermined identity verification rule to obtain a first verification result.

上述第一用户身份信息为不涉及用户隐私的身份信息,即使该第一用户身份信息被他人获取,此第一用户身份信息的获得者也无法通过该第一用户身份信息获知用户的真实身份。例如,第一用户身份信息包括用户标识信息及第一用户身份特征信息,其中,所述用户身份关联信息包括用户名信息、用户密码信息(该用户密码信息可以U盾、电子证书等作为存储介质)、动态码等。The first user identity information is identity information that does not involve user privacy. Even if the first user identity information is obtained by another person, the winner of the first user identity information cannot learn the true identity of the user by using the first user identity information. For example, the first user identity information includes user identification information and first user identity information, where the user identity association information includes user name information and user password information (the user password information may be U shield, electronic certificate, etc. as a storage medium). ), dynamic code, etc.

上述预先确定的身份验证规则包括:The above predetermined authentication rules include:

根据所述第一身份信息中的用户标识信息,且基于预先确定的用户标识信息与第一标准用户身份特征信息之间的映射关系,查找所述用户标识信息对应的第一标准用户身份特征信息。And searching for the first standard user identity feature information corresponding to the user identifier information, according to the user identifier information in the first identity information, and based on a mapping relationship between the predetermined user identifier information and the first standard user identity feature information .

根据查找得到的所述第一标准用户身份特征信息,对所述第一身份信息中的待验证第一用户身份特征信息进行核验;若核验结果为相同,则输出第一验证结果为验证成功;若核验结果为不同,则输出第一验证结果为验证失败。And verifying the first user identity feature information to be verified in the first identity information according to the first standard user identity feature information obtained by the search; if the verification result is the same, outputting the first verification result is successful verification; If the verification result is different, the first verification result is output as the verification failure.

步骤S120,根据获得的所述第一验证结果、第一用户身份信息及预先确 定的判断规则确定是否执行多重身份验证。Step S120: Determine whether to perform multiple identity verification according to the obtained first verification result, the first user identity information, and a predetermined determination rule.

通过以下两种方案对预先确定的判断规则进行说明:The predetermined judgment rules are explained by the following two schemes:

方案一:Option One:

上述预先确定的判断规则为:The above predetermined judgment rules are:

当所述第一验证结果为验证失败时,确定执行多重身份验证;或者,当所述第一验证结果为验证失败且接收到用户发送的确认继续执行身份验证的请求时,确定执行多重身份验证。Determining to perform multiple authentication when the first verification result is a verification failure; or determining to perform multiple authentication when the first verification result is a verification failure and receiving a request sent by the user to continue performing the authentication. .

当所述第一验证结果为验证成功时,确定不执行多重身份验证;或者,当所述第一验证结果为验证成功时,或当所述第一验证结果为验证失败且接收到用户发送的终止执行多重身份验证的请求时,确定不执行多重身份验证。When the first verification result is that the verification is successful, determining that the multiple authentication is not performed; or, when the first verification result is the verification success, or when the first verification result is the verification failure and receiving the user sending When terminating a request to perform multi-factor authentication, it is determined that multi-authentication is not performed.

上述方案一的应用场景为:用户通过公益平台登录时,公益平台首先通过用户提供的用户名及用户密码进行验证,若验证结果为验证失败,则该用户可能为非法登录用户或者该用户忘记其用户名和/或用户密码,为了防止错判,公益平台执行多重身份验证以保证身份验证的准确性。The application scenario of the foregoing solution 1 is: when the user logs in through the public welfare platform, the public interest platform first authenticates by using the user name and user password provided by the user. If the verification result is that the verification fails, the user may be an illegal login user or the user forgets the user. Username and/or user password, in order to prevent misjudgment, the public welfare platform performs multiple authentication to ensure the accuracy of authentication.

方案二:Option II:

上述预先确定的判断规则为:The above predetermined judgment rules are:

当所述第一验证结果为验证成功时,根据所述第一用户身份信息中的用户标识信息,且基于预先确定的判断子规则确定是否执行多重身份验证。当基于所述预先确定的判断子规则确定执行多重身份验证,则输出判断结果为执行多重身份验证。当基于所述预先确定的判断子规则确定不执行多重身份验证,则输出判断结果为不执行多重身份验证。When the first verification result is that the verification is successful, determining whether to perform the multiple identity verification according to the user identification information in the first user identity information and based on the predetermined determination sub-rule. When it is determined that the multi-factor authentication is performed based on the predetermined judging sub-rule, the outputting of the judgment result is to perform the multi-intelligence verification. When it is determined that the multi-factor authentication is not performed based on the predetermined judging sub-rule, the outputting of the judgment result is that the multi-factor authentication is not performed.

当所述第一验证结果为验证失败时,则输出判断结果为不执行多重身份验证。When the first verification result is a verification failure, the output judgment result is that the multiple authentication is not performed.

其中,上述预先确定的判断子规则为:Wherein, the above predetermined judging rule is:

提取所述用户标识信息中的用户身份等级作为待确认的用户身份等级,且基于预先确定的用户身份等级与多重身份验证之间的映射关系,判断所述待确认的用户身份等级是否与多重身份验证存在映射关系。Extracting a user identity level in the user identification information as a user identity level to be confirmed, and determining whether the user identity level to be confirmed and the multiple identity are based on a mapping relationship between the predetermined user identity level and the multiple identity verification. Verify that there is a mapping relationship.

若是,则输出判断结果为执行多重身份验证。If so, the output judgment result is to perform multi-factor authentication.

若否,则输出判断结果为不执行多重身份验证。If not, the output judgment result is that multi-factor authentication is not performed.

在一些实施例中,也可预先在用户标识信息中设置多重身份验证标识符,若一用户的用户标识信息中存在所述多重身份验证标识符,则确定执行多重身份验证,若该用户的用户标识信息中不存在所述多重身份验证标识符,则确定不执行多重身份验证。In some embodiments, the multiple identity identifier may also be set in advance in the user identification information. If the multiple identity identifier exists in the user identifier information of a user, it is determined to perform multiple identity verification, if the user of the user If the multiple authentication identifier does not exist in the identification information, it is determined that multiple authentication is not performed.

上述方案二的应用场景为:用户通过公益平台登录时,公益平台首先通过用户提供的第一用户身份信息进行验证。若验证通过,则进一步确定该用户是否是系统操作等级高(例如,公益平台员工)的用户,由于这些用户往往可以对系统中的保密数据或者是非公开数据有处理权限,为保证系统数据的安全性,需要对该用户的真实身份进行验证以确认此次登陆确实由该用户本人操作。若确定该用户是系统操作等级高的用户,则判定需要对该用户执行多重身份验证;若确定该用户不是系统操作等级高的用户,则判定不需要对该用户只需多重身份验证,而仅需要对第一用户身份信息进行验证即可。由于第一用户身份信息为不涉及用户隐私的身份信息,因此,可将该第一用户身份信息存储至区块链上各个节点中,即使该第一用户身份信息被窃取, 也不会造成用户隐私的泄露。The application scenario of the foregoing solution 2 is: when the user logs in through the public welfare platform, the public welfare platform first performs verification by using the first user identity information provided by the user. If the verification is passed, it is further determined whether the user is a user with a high system operation level (for example, a public interest platform employee), and since these users can often have processing authority for confidential data or non-public data in the system, to ensure system data security. Sex, the user's real identity needs to be verified to confirm that the login is actually performed by the user himself. If it is determined that the user is a user with a high system operation level, it is determined that the user needs to perform multiple authentication; if it is determined that the user is not a user with a high system operation level, it is determined that the user does not need only multiple authentication, but only The first user identity information needs to be verified. Since the first user identity information is identity information that does not involve user privacy, the first user identity information may be stored in each node of the blockchain, and even if the first user identity information is stolen, the user is not caused. The disclosure of privacy.

步骤S130,当确定不执行多重身份验证时,输出所述第一验证结果作为用户身份验证结果。Step S130, when it is determined that the multiple authentication is not performed, outputting the first verification result as a user identity verification result.

步骤S140,当确定执行多重身份验证时,获取第二用户身份信息。Step S140, when it is determined that the multiple identity verification is performed, acquiring the second user identity information.

上述第二用户身份信息包括用户标识信息及第二用户身份特征信息。The second user identity information includes user identity information and second user identity feature information.

所述第二用户身份特征信息包括用户生物信息、身份证件信息中至少一种。The second user identity feature information includes at least one of user biometric information and identity document information.

上述用户生物信息包括指纹信息、人脸信息、虹膜信息、声纹信息等用于唯一识别用户身份的生物特征信息。The user biometric information includes fingerprint information, face information, iris information, voiceprint information, and the like for biometric information for uniquely identifying a user identity.

上述身份证件信息包括身份证号、护照号、员工编号等。The above identification information includes the ID number, passport number, employee number, and the like.

步骤S150,根据所述第一用户身份信息中的用户标识信息及预先确定的用户标识信息与验证节点标识信息之间的映射关系,查找所述用户标识信息对应的至少一个验证节点。Step S150: Search for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identifier information in the first user identity information and the predetermined user identifier information and the verification node identifier information.

上述用户标识信息与验证节点标识信息之间的映射关系可存储在映射表中,其中,一用户的身份验证可由一个或者多个验证节点完成,且完成一次用户身份验证启用的验证节点的数量可根据需要确定,在此不做限定。The mapping relationship between the foregoing user identification information and the verification node identification information may be stored in a mapping table, wherein the identity verification of a user may be completed by one or more verification nodes, and the number of verification nodes enabled to perform one user identity verification may be Determined according to needs, not limited here.

步骤S160,发布携带所述第二用户身份信息的第二身份验证请求至区块链网络,接收所述区块链网络的对所述第二用户身份信息进行核验生成并广播的携带节点标识信息的回馈信息。Step S160, the second identity verification request carrying the second user identity information is sent to the blockchain network, and the carrying node identification information that is verified by the blockchain network and generated and broadcasted by the second user identity information is received. Feedback information.

步骤S160具体包括:Step S160 specifically includes:

根据预先确定的第一加密规则对所述第二用户身份信息进行加密处理,且发布携带加密后的第二用户身份信息的第二身份验证请求至区块链网络。区块链网络(例如,区块链网络中的验证节点)接收所述第二身份验证请求后,根据预先确定的第一解密规则对加密后的第二用户身份信息进行解密以获得所述第二用户身份信息,并对所述第二用户身份信息进行核验以获得核验结果,且根据所述核验结果,生成携带节点标识信息的回馈信息,并向所述区块链网络广播所述回馈信息。And encrypting the second user identity information according to the predetermined first encryption rule, and issuing a second identity verification request carrying the encrypted second user identity information to the blockchain network. After receiving the second identity verification request, the blockchain network (eg, the verification node in the blockchain network) decrypts the encrypted second user identity information according to the predetermined first decryption rule to obtain the first And the second user identity information is verified, and the verification result is obtained, and the feedback information carrying the node identification information is generated according to the verification result, and the feedback information is broadcasted to the blockchain network. .

上述根据预先确定的第一加密规则对所述第二用户身份信息进行加密处理,且发布携带加密后的第二用户身份信息的第二身份验证请求至区块链网络的步骤,具体为:The step of performing the encryption processing on the second user identity information according to the predetermined first encryption rule, and issuing the second identity verification request carrying the encrypted second user identity information to the blockchain network, specifically:

首先,获取所述验证节点对应的公钥。First, the public key corresponding to the verification node is obtained.

若所述验证节点为一个,则利用获取的所述验证节点对应的公钥对所述第二用户身份信息进行加密处理,以获得所述加密后的第二用户身份信息。If the verification node is one, the second user identity information is encrypted by using the obtained public key corresponding to the verification node to obtain the encrypted second user identity information.

若所述验证节点为多个,则利用获取的各所述验证节点对应的公钥分别对所述第二用户身份信息进行加密处理,以获得多个所述加密后的第二用户身份信息。If the number of the verification nodes is multiple, the second user identity information is separately encrypted by using the obtained public key corresponding to each of the verification nodes to obtain a plurality of the encrypted second user identity information.

然后,通过发布节点向区块链网络中发布第二身份验证请求。The second authentication request is then issued to the blockchain network by the publishing node.

上述一个验证节点(例如,公益平台员工管理节点设备)通常对应一个基于区块链的第一身份验证程序,该基于区块链的第一身份验证程序存储在存储器中,且该基于区块链的第一身份验证程序可被一个或者多个处理器执行,执行该基于区块链的第一身份验证程序的处理器可设置于验证节点中,也可设置于应用端(例如,公益平台员工管理子系统)中,还也可独立设置于一电子装置中,例如,若该处理器设置于验证节点中,则该处理器可以是 该验证节点对应的智能合约。The above one verification node (for example, the public interest platform employee management node device) generally corresponds to a blockchain-based first identity verification program, and the blockchain-based first identity verification program is stored in the memory, and the blockchain is based on the blockchain. The first authentication program can be executed by one or more processors, and the processor executing the blockchain-based first identity verification program can be set in the verification node or can be set on the application end (for example, the nonprofit platform employee) The management subsystem may also be independently disposed in an electronic device. For example, if the processor is disposed in the verification node, the processor may be a smart contract corresponding to the verification node.

下面以该处理器设置于验证节点中为例对基于区块链的身份验证程序如何接收和处理所述第二身份验证请求进行说明:The following describes how the blockchain-based authentication program receives and processes the second identity verification request by taking the processor in the verification node as an example:

若所述验证节点为一个,则该验证节点接收到所述第二身份验证请求后,利用该验证节点对应的私钥对所述加密后的第二用户身份信息进行解密处理,以获得所述第二用户身份信息;根据所述第二用户身份信息中的用户标识信息,且基于预先确定的用户标识信息与第二标准用户身份特征信息之间的映射关系,查找所述用户标识信息对应的预先加密存储的第二标准用户身份特征信息,并用该验证节点对应的对称加密秘钥对所述加密的第二标准用户身份特征信息进行解密处理,以得到第二标准用户身份特征信息,根据查找的所述第二标准用户身份特征信息,对所述第二身份信息中的待验证第二用户身份特征信息进行核验;若待验证第二用户身份特征信息与所述第二标准用户身份特征信息相同,则输出核验结果为核验成功;若待验证第二用户身份特征信息与所述第二标准用户身份特征信息不同,则输出核验结果为核验失败;根据所述核验结果,生成携带节点标识信息的回馈信息,该验证节点将生成的所述回馈信息发布至区块链网络中。If the verification node is one, the verification node decrypts the encrypted second user identity information by using the private key corresponding to the verification node after receiving the second identity verification request to obtain the The second user identity information is obtained according to the user identity information in the second user identity information, and based on the mapping relationship between the predetermined user identity information and the second standard user identity feature information, searching for the corresponding information of the user identity information Pre-encrypting the stored second standard user identity feature information, and decrypting the encrypted second standard user identity feature information by using a symmetric encryption key corresponding to the verification node, to obtain a second standard user identity feature information, according to the search The second standard user identity feature information is used to verify the second user identity feature information to be verified in the second identity information; if the second user identity feature information and the second standard user identity feature information are to be verified If the same, the output verification result is verified successfully; if the second user identity characteristic letter is to be verified Different from the second standard user identity information, the output verification result is a verification failure; according to the verification result, feedback information carrying the node identification information is generated, and the verification node issues the generated feedback information to the blockchain. In the network.

若所述验证节点为多个,则每个验证节点都可接收到多个加密后的第二用户身份信息,不论一验证节点接收多少个加密后的第二用户身份信息,该验证节点只能解密用该验证节点对应的公钥加密的第二用户身份信息;各验证节点在利用各验证节点对应的私钥对接收的所述加密后的第二用户身份信息进行解密后,其对所述第二用户身份信息进行核验并生成和发布回馈信息的方法与上述方法相同,在此不做赘述。If the number of the verification nodes is multiple, each of the verification nodes can receive the plurality of encrypted second user identity information, and the verification node can only receive the encrypted second user identity information. Decrypting the second user identity information encrypted by the public key corresponding to the verification node; each verification node decrypts the received encrypted second user identity information by using a private key corresponding to each verification node, The method for verifying the second user identity information and generating and distributing the feedback information is the same as the foregoing method, and details are not described herein.

步骤S170,基于预先确定的第一结果分析规则,对所述回馈信息中的核验结果进行分析处理,并输出第一分析结果作为第二验证结果。Step S170: Perform analysis processing on the verification result in the feedback information based on the predetermined first result analysis rule, and output the first analysis result as the second verification result.

上述预先确定的第一结果分析规则为:The above predetermined first result analysis rule is:

若验证节点为一个,则当核验结果为核验成功时,确定第一分析结果为验证成功;当所述核验结果为核验失败时,确定所述第一分析结果为验证失败;If the verification node is one, when the verification result is successful, the first analysis result is determined as the verification success; when the verification result is the verification failure, determining that the first analysis result is a verification failure;

若验证节点为多个,则当所有核验结果均为成功时,确定第一分析结果为验证成功;否则,确定所述第一分析结果为验证失败。If the verification node is multiple, when all the verification results are successful, it is determined that the first analysis result is the verification success; otherwise, the first analysis result is determined to be the verification failure.

步骤S180,根据预先确定的第二结果分析规则,对所述第二验证结果进行分析处理,并输出第二分析结果作为所述用户的身份验证结果。Step S180: Perform analysis processing on the second verification result according to the predetermined second result analysis rule, and output a second analysis result as the identity verification result of the user.

上述预先确定的第二结果分析规则为:The above predetermined second result analysis rule is:

若第二验证结果为验证成功,则第二分析结果为验证成功;If the second verification result is that the verification is successful, the second analysis result is that the verification is successful;

若第二验证结果为验证失败或者所述第二验证结果为空值,则第二分析结果为验证失败。If the second verification result is a verification failure or the second verification result is a null value, the second analysis result is a verification failure.

造成上述第二验证结果为空值的情况为多重身份验证被用户中止。The case where the second verification result described above is null is that the multiple authentication is suspended by the user.

本实施例在按照预先确定的身份验证规则对第一用户身份信息进行核验后,根据预先确定的判断规则确定是否执行多重身份验证,当确定执行多重身份验证后,将第二用户身份信息发布至区块链网络进行核验,以获得多重身份验证的验证结果。相较于现有技术,本实施例提供的身份验证方法可满足多种应用场景的多样化需求,提高用户身份验证的准确度,同时防止用户身份信息泄露。In this embodiment, after verifying the first user identity information according to the predetermined identity verification rule, determining whether to perform the multiple identity verification according to the predetermined determination rule, and after determining to perform the multiple identity verification, publishing the second user identity information to the The blockchain network is verified to obtain verification results for multiple authentications. Compared with the prior art, the identity verification method provided in this embodiment can meet the diversified requirements of multiple application scenarios, improve the accuracy of user identity verification, and prevent user identity information from being leaked.

进一步地,本申请还提出一种计算机可读存储介质,所述计算机可读存储介质存储有基于区块链的第一身份验证程序,所述基于区块链的第一身份验证程序可被至少一个处理器执行,以使所述至少一个处理器执行上述任一实施例中的基于区块链的身份验证方法。Further, the present application further provides a computer readable storage medium storing a first identity verification program based on a blockchain, wherein the blockchain-based first identity verification program can be at least A processor executes to cause the at least one processor to perform the blockchain based authentication method of any of the above embodiments.

本申请还提出一种基于区块链的第二身份验证程序。The application also proposes a second identity verification procedure based on a blockchain.

请参阅图5,是本申请基于区块链的第二身份验证程序20第一实施例的运行环境示意图。Please refer to FIG. 5 , which is a schematic diagram of the operating environment of the first embodiment of the second identity verification program 20 based on the blockchain of the present application.

在本实施例中,基于区块链的第二身份验证程序20安装并运行于第二电子装置2中。该第二电子装置2可以是验证节点设备、也可以是所述验证节点设备对应的应用端服务器,还可以是除验证节点设备、应用端服务器之外的其他电子装置,本申请对此不作限定。In the present embodiment, the block chain-based second identity verification program 20 is installed and operates in the second electronic device 2. The second electronic device 2 may be a verification node device, or an application server corresponding to the verification node device, and may be an electronic device other than the verification node device and the application server. .

第二电子装置2可以是桌上型计算机、笔记本、掌上电脑及服务器等计算设备。该第二电子装置2可包括,但不仅限于,存储器21、处理器22及显示器23。图5仅示出了具有组件21-23的第二电子装置2,但是应理解的是,并不要求实施所有示出的组件,可以替代的实施更多或者更少的组件。The second electronic device 2 can be a computing device such as a desktop computer, a notebook, a palmtop computer, and a server. The second electronic device 2 can include, but is not limited to, a memory 21, a processor 22, and a display 23. Figure 5 shows only the second electronic device 2 with components 21-23, but it should be understood that not all illustrated components may be implemented and that more or fewer components may be implemented instead.

存储器21在一些实施例中可以是第二电子装置2的内部存储单元,例如该第二电子装置2的硬盘或内存。存储器21在另一些实施例中也可以是第二电子装置2的外部存储设备,例如第二电子装置2上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,存储器21还可以既包括第二电子装置2的内部存储单元也包括外部存储设备。存储器21用于存储安装于第二电子装置2的应用软件及各类数据,例如基于区块链的第二身份验证程序20的程序代码等。存储器21还可以用于暂时地存储已经输出或者将要输出的数据。The memory 21 may be an internal storage unit of the second electronic device 2, such as a hard disk or memory of the second electronic device 2, in some embodiments. The memory 21 may also be an external storage device of the second electronic device 2 in other embodiments, such as a plug-in hard disk equipped on the second electronic device 2, a smart memory card (SMC), and a secure digital (Secure) Digital, SD) cards, flash cards, etc. Further, the memory 21 may also include both an internal storage unit of the second electronic device 2 and an external storage device. The memory 21 is used to store application software and various types of data installed in the second electronic device 2, such as program code of the second identity verification program 20 based on the blockchain. The memory 21 can also be used to temporarily store data that has been output or is about to be output.

处理器22在一些实施例中可以是一中央处理器(Central Processing Unit,CPU),微处理器或其他数据处理芯片,用于运行存储器21中存储的程序代码或处理数据,例如执行第二身份验证程序20等。在本实施例中,若第二电子装置2为验证节点,则该处理器22可以是智能合约。The processor 22, in some embodiments, may be a Central Processing Unit (CPU), microprocessor or other data processing chip for running program code or processing data stored in the memory 21, such as executing a second identity. Verification program 20, etc. In this embodiment, if the second electronic device 2 is a verification node, the processor 22 may be a smart contract.

显示器23在一些实施例中可以是LED显示器、液晶显示器、触控式液晶显示器以及OLED(Organic Light-Emitting Diode,有机发光二极管)触摸器等。显示器23用于显示在第二电子装置2中处理的信息以及用于显示可视化的用户界面。第二电子装置2的部件21-23通过系统总线相互通信。The display 23 may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch sensor, or the like in some embodiments. The display 23 is used to display information processed in the second electronic device 2 and a user interface for displaying visualizations. The components 21-23 of the second electronic device 2 communicate with one another via a system bus.

请参阅图6,是本申请基于区块链的第二身份验证程序20第一实施例的程序模块图。在本实施例中,基于区块链的第二身份验证程序20可以被分割成一个或多个模块,一个或者多个模块被存储于存储器21中,并由一个或多个处理器(本实施例为处理器22)所执行,以完成本申请。例如,在图6中,基于区块链的第二身份验证程序20可以被分割成接收模块201及核验模块202。本申请所称的模块是指能够完成特定功能的一系列计算机程序指令段,比程序更适合于描述基于区块链的第二身份验证程序20在第二电子装置2中的执行过程,其中:Please refer to FIG. 6, which is a program module diagram of the first embodiment of the block chain-based second identity verification program 20 of the present application. In this embodiment, the blockchain-based second identity verification program 20 can be divided into one or more modules, one or more modules are stored in the memory 21, and by one or more processors (this implementation) The example is executed by the processor 22) to complete the application. For example, in FIG. 6, the blockchain based second identity verification program 20 can be partitioned into a receiving module 201 and a verification module 202. A module as referred to in the present application refers to a series of computer program instruction segments capable of performing a specific function, and is more suitable than a program to describe the execution process of the blockchain-based second identity verification program 20 in the second electronic device 2, wherein:

接收模块201,用于接收携带用户身份信息的身份验证请求。The receiving module 201 is configured to receive an identity verification request that carries user identity information.

核验模块202,用于对所述用户身份信息进行核验以获得核验结果,且根据所述核验结果,生成携带节点标识信息的回馈信息,并向所述区块链网络广播所述回馈信息。The verification module 202 is configured to check the user identity information to obtain a verification result, and generate feedback information carrying the node identification information according to the verification result, and broadcast the feedback information to the blockchain network.

上述用户身份信息包括用户标识信息及用户身份特征信息。The user identity information includes user identification information and user identity feature information.

所述用户身份特征信息包括用户生物信息、身份证件信息中至少一种。The user identity feature information includes at least one of user biometric information and identity document information.

上述用户生物信息包括指纹信息、人脸信息、虹膜信息、声纹信息等用于唯一识别用户身份的生物特征信息。The user biometric information includes fingerprint information, face information, iris information, voiceprint information, and the like for biometric information for uniquely identifying a user identity.

上述身份证件信息包括身份证号、护照号、员工编号等。The above identification information includes the ID number, passport number, employee number, and the like.

优选地,上述用户身份信息为利用预先确定的第一加密规则对用户身份信息进行加密处理后得到的加密用户身份信息。Preferably, the user identity information is encrypted user identity information obtained by encrypting user identity information by using a predetermined first encryption rule.

其中,第一加密规则包括:利用验证节点的公钥对用户身份信息进行加密处理。The first encryption rule includes: encrypting the user identity information by using the public key of the verification node.

所述核验模块202具体用于:The verification module 202 is specifically configured to:

根据预先确定的第一解密规则(例如,用验证节点的非对称加密私钥)对所述加密用户信息进行解密处理,以获得所述用户身份信息明文作为待验证用户身份信息,所述待验证用户身份信息包括用户标识信息及待验证用户身份特征信息;Decrypting the encrypted user information according to a predetermined first decryption rule (for example, using an asymmetric encryption private key of the verification node) to obtain the user identity information plaintext as the identity information to be verified, the to-be-verified The user identity information includes user identification information and identity information of the user to be verified;

根据所述待验证用户身份信息中的用户标识信息及预先确定的用户标识信息与标准用户身份特征信息之间的映射关系,查找所述用户标识信息对应的加密标准用户身份特征信息;And searching for the encryption standard user identity feature information corresponding to the user identifier information, according to the mapping relationship between the user identifier information in the user identity information to be verified and the predetermined user identifier information and the standard user identity feature information;

根据预先确定的第二解密规则(例如,利用验证节点的对称加密密钥)对所述加密标准用户身份特征信息进行解密处理,以获得标准用户身份特征信息;Decrypting the encrypted standard user identity feature information according to a predetermined second decryption rule (for example, using a symmetric encryption key of the verification node) to obtain standard user identity feature information;

根据所述标准用户身份特征信息,对所述待验证用户身份特征信息进行核验;And verifying the identity information of the user to be verified according to the standard user identity characteristic information;

当确定所述待验证用户身份特征信息与所述标准用户身份特征信息相同时,输出核验结果为核验成功;When it is determined that the to-be-verified user identity feature information is the same as the standard user identity feature information, the output verification result is successful verification;

当确定所述待验证用户身份特征信息与所述标准用户身份特征信息不同时,输出核验结果为核验失败。When it is determined that the to-be-verified user identity feature information is different from the standard user identity feature information, the verification result is a verification failure.

相较于现有技术,本实施例满足多种应用场景的多样化需求,提高用户身份验证的准确度,同时防止用户身份信息泄露。Compared with the prior art, this embodiment satisfies the diversified requirements of multiple application scenarios, improves the accuracy of user identity verification, and prevents user identity information from being leaked.

本申请还提供一种基于区块链的身份验证方法,该方法适用于区块链网络中身份验证请求的接收端,例如,验证节点。The application also provides a blockchain-based authentication method, which is applicable to a receiving end of an identity verification request in a blockchain network, for example, a verification node.

本实施例中,基于区块链的第二身份验证程序存储在存储器中,且该基于区块链的第二身份验证程序可被一个或者多个处理器执行以实现本实施例中基于区块链的身份验证方法,执行该基于区块链的第二身份验证程序的处理器可设置于验证节点中,也可设置于应用端(例如,公益平台员工管理子系统)中,还也可独立设置于一电子装置中,例如,若该处理器设置于验证节点中,则该处理器可以是该验证节点对应的智能合约。In this embodiment, the blockchain-based second identity verification program is stored in the memory, and the blockchain-based second identity verification program can be executed by one or more processors to implement the block based in the embodiment. The chain authentication method, the processor executing the blockchain-based second identity verification program may be set in the verification node, or may be set in the application end (for example, the public welfare platform employee management subsystem), or may be independent The processor is disposed in an electronic device. For example, if the processor is disposed in the verification node, the processor may be a smart contract corresponding to the verification node.

如图7所示,图7为本申请基于区块链的身份验证方法第二实施例的流程示意图。As shown in FIG. 7, FIG. 7 is a schematic flowchart of a second embodiment of a blockchain-based identity verification method according to the present application.

本实施例中,该方法包括:In this embodiment, the method includes:

步骤S210,接收携带用户身份信息的身份验证请求。Step S210: Receive an identity verification request that carries user identity information.

上述用户身份信息包括用户标识信息及用户身份特征信息。The user identity information includes user identification information and user identity feature information.

所述用户身份特征信息包括用户生物信息、身份证件信息中至少一种。The user identity feature information includes at least one of user biometric information and identity document information.

上述用户生物信息包括指纹信息、人脸信息、虹膜信息、声纹信息等用 于唯一识别用户身份的生物特征信息。The user biometric information includes fingerprint information, face information, iris information, voiceprint information, and the like for biometric information that uniquely identifies the user.

上述身份证件信息包括身份证号、护照号、员工编号等。The above identification information includes the ID number, passport number, employee number, and the like.

优选地,上述用户身份信息为利用预先确定的第一加密规则对用户身份信息进行加密处理后得到的加密用户身份信息。Preferably, the user identity information is encrypted user identity information obtained by encrypting user identity information by using a predetermined first encryption rule.

其中,第一加密规则包括:利用验证节点的公钥对用户身份信息进行加密处理。The first encryption rule includes: encrypting the user identity information by using the public key of the verification node.

步骤S220,对所述用户身份信息进行核验以获得核验结果,且根据所述核验结果,生成携带节点标识信息的回馈信息,并向所述区块链网络广播所述回馈信息。Step S220: Perform verification on the user identity information to obtain a verification result, and generate feedback information carrying the node identification information according to the verification result, and broadcast the feedback information to the blockchain network.

优选地,所述步骤S220包括:Preferably, the step S220 includes:

根据预先确定的第一解密规则(例如,用验证节点的非对称加密私钥)对所述加密用户信息进行解密处理,以获得所述用户身份信息明文作为待验证用户身份信息,所述待验证用户身份信息包括用户标识信息及待验证用户身份特征信息;Decrypting the encrypted user information according to a predetermined first decryption rule (for example, using an asymmetric encryption private key of the verification node) to obtain the user identity information plaintext as the identity information to be verified, the to-be-verified The user identity information includes user identification information and identity information of the user to be verified;

根据所述待验证用户身份信息中的用户标识信息及预先确定的用户标识信息与标准用户身份特征信息之间的映射关系,查找所述用户标识信息对应的加密标准用户身份特征信息;And searching for the encryption standard user identity feature information corresponding to the user identifier information, according to the mapping relationship between the user identifier information in the user identity information to be verified and the predetermined user identifier information and the standard user identity feature information;

根据预先确定的第二解密规则(例如,利用验证节点的对称加密密钥)对所述加密标准用户身份特征信息进行解密处理,以获得标准用户身份特征信息;Decrypting the encrypted standard user identity feature information according to a predetermined second decryption rule (for example, using a symmetric encryption key of the verification node) to obtain standard user identity feature information;

根据所述标准用户身份特征信息,对所述待验证用户身份特征信息进行核验;And verifying the identity information of the user to be verified according to the standard user identity characteristic information;

当确定所述待验证用户身份特征信息与所述标准用户身份特征信息相同时,输出核验结果为核验成功;When it is determined that the to-be-verified user identity feature information is the same as the standard user identity feature information, the output verification result is successful verification;

当确定所述待验证用户身份特征信息与所述标准用户身份特征信息不同时,输出核验结果为核验失败。When it is determined that the to-be-verified user identity feature information is different from the standard user identity feature information, the verification result is a verification failure.

相较于现有技术,本实施例满足多种应用场景的多样化需求,提高用户身份验证的准确度,同时防止用户身份信息泄露。Compared with the prior art, this embodiment satisfies the diversified requirements of multiple application scenarios, improves the accuracy of user identity verification, and prevents user identity information from being leaked.

进一步地,本申请还提出一种计算机可读存储介质,所述计算机可读存储介质存储有基于区块链的第二身份验证程序,所述基于区块链的第二身份验证程序可被至少一个处理器执行,以使所述至少一个处理器执行上述任一实施例中的基于区块链的身份验证方法。Further, the present application further provides a computer readable storage medium storing a blockchain-based second identity verification program, the blockchain-based second identity verification program being at least A processor executes to cause the at least one processor to perform the blockchain based authentication method of any of the above embodiments.

以上所述仅为本申请的优选实施例,并非因此限制本申请的专利范围,凡是在本申请的发明构思下,利用本申请说明书及附图内容所作的等效结构变换,或直接/间接运用在其他相关的技术领域均包括在本申请的专利保护范围内。The above description is only a preferred embodiment of the present application, and is not intended to limit the scope of the patents of the present application, and the equivalent structural transformation, or direct/indirect use, of the present application and the contents of the drawings is used in the present invention. All other related technical fields are included in the patent protection scope of the present application.

Claims (20)

一种电子装置,其特征在于,所述电子装置包括存储器和处理器,所述存储器上存储有基于区块链的第一身份验证程序,所述基于区块链的第一身份验证程序被所述处理器执行时实现如下步骤:An electronic device, comprising: a memory and a processor, wherein the memory stores a first identity verification program based on a blockchain, and the first identity verification program based on the blockchain is The following steps are implemented when the processor is executed: 验证步骤:当接收到携带第一用户身份信息的第一身份验证请求时,根据预先确定的身份验证规则对所述第一用户身份信息进行核验,以获得第一验证结果;a verification step: when receiving the first identity verification request carrying the first user identity information, verifying the first user identity information according to a predetermined identity verification rule to obtain a first verification result; 判断步骤:根据获得的所述第一验证结果、第一用户身份信息及预先确定的判断规则确定是否执行多重身份验证;a determining step: determining whether to perform multiple identity verification according to the obtained first verification result, the first user identity information, and a predetermined determination rule; 第一输出步骤:当确定不执行多重身份验证时,输出所述第一验证结果作为用户身份验证结果;或,当确定执行多重身份验证时,获取第二用户身份信息;a first outputting step: when it is determined that the multiple authentication is not performed, outputting the first verification result as a user identity verification result; or, when determining to perform the multiple identity verification, acquiring the second user identity information; 查找步骤:根据所述第一用户身份信息中的用户标识信息及预先确定的用户标识信息与验证节点标识信息之间的映射关系,查找所述用户标识信息对应的至少一个验证节点;The searching step: searching for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identification information in the first user identity information and the predetermined user identification information and the verification node identification information; 发布步骤:发布携带所述第二用户身份信息的第二身份验证请求至区块链网络,接收所述区块链网络的对所述第二用户身份信息进行核验生成并广播的携带节点标识信息的回馈信息;a publishing step: publishing a second identity verification request carrying the second user identity information to the blockchain network, and receiving, by the blockchain network, the carrying node identification information that is generated and broadcasted by the second user identity information Feedback information; 分析步骤:基于预先确定的第一结果分析规则,对所述回馈信息中的核验结果进行分析处理,并输出第一分析结果作为第二验证结果;The analyzing step: analyzing and processing the verification result in the feedback information based on the predetermined first result analysis rule, and outputting the first analysis result as the second verification result; 第二输出步骤:根据预先确定的第二结果分析规则,对所述第二验证结果进行分析处理,并输出第二分析结果作为所述用户的身份验证结果。The second output step is: performing analysis processing on the second verification result according to the predetermined second result analysis rule, and outputting the second analysis result as the identity verification result of the user. 如权利要求1所述的电子装置,其特征在于,所述预先确定的判断规则包括:The electronic device of claim 1, wherein the predetermined determination rule comprises: 当所述第一验证结果为验证成功时,根据所述第一用户身份信息中的用户标识信息及预先确定的判断子规则确定是否执行多重身份验证;When the first verification result is that the verification is successful, determining whether to perform the multiple identity verification according to the user identification information in the first user identity information and the predetermined determination sub-rule; 当基于所述预先确定的判断子规则确定执行多重身份验证时,输出判断结果为执行多重身份验证;When it is determined that the multi-identity verification is performed based on the predetermined judging sub-rule, the outputting of the judgment result is to perform the multi-factor authentication; 当基于所述预先确定的判断子规则确定不执行多重身份验证时,输出判断结果为不执行多重身份验证;When it is determined that the multi-factor authentication is not performed based on the predetermined judging sub-rule, the output judgment result is that the multi-factor authentication is not performed; 当所述第一验证结果为验证失败时,输出判断结果为不执行多重身份验证。When the first verification result is a verification failure, the output judgment result is that the multiple authentication is not performed. 一种电子装置,其特征在于,所述电子装置包括存储器和处理器,所述存储器上存储有基于区块链的第二身份验证程序,所述基于区块链的第二身份验证程序被所述处理器执行时实现如下步骤:An electronic device, comprising: a memory and a processor, wherein the memory stores a second identity verification program based on a blockchain, and the second identity verification program based on the blockchain is The following steps are implemented when the processor is executed: 接收步骤:接收携带用户身份信息的身份验证请求;Receiving step: receiving an identity verification request carrying user identity information; 核验步骤:对所述用户身份信息进行核验以获得核验结果,且根据所述核验结果,生成携带节点标识信息的回馈信息,并向所述区块链网络广播所述回馈信息。The verification step: verifying the user identity information to obtain a verification result, and generating feedback information carrying the node identification information according to the verification result, and broadcasting the feedback information to the blockchain network. 如权利要求3所述的电子装置,其特征在于,所述用户身份信息为利用预先确定的第一加密规则对用户身份数据进行加密处理后得到的加密用户身份信息。The electronic device according to claim 3, wherein the user identity information is encrypted user identity information obtained by encrypting user identity data by using a predetermined first encryption rule. 如权利要求3所述的电子装置,其特征在于,所述核验步骤包括:The electronic device of claim 3, wherein the verifying step comprises: 根据预先确定的第一解密规则对所述加密用户信息进行解密处理,以获得所述用户身份信息明文作为待验证用户身份信息,所述待验证用户身份信息包括用户标识信息及待验证用户身份特征信息;Decrypting the encrypted user information according to the predetermined first decryption rule to obtain the user identity information plaintext as the user identity information to be verified, the user identity information to be verified includes the user identifier information and the identity of the user to be verified information; 根据所述待验证用户身份信息中的用户标识信息及预先确定的用户标识信息与标准用户身份特征信息之间的映射关系,查找所述用户标识信息对应的加密标准用户身份特征信息;And searching for the encryption standard user identity feature information corresponding to the user identifier information, according to the mapping relationship between the user identifier information in the user identity information to be verified and the predetermined user identifier information and the standard user identity feature information; 根据预先确定的第二解密规则对所述加密标准用户身份特征信息进行解密处理,以获得标准用户身份特征信息;Decrypting the encrypted standard user identity feature information according to a predetermined second decryption rule to obtain standard user identity feature information; 根据所述标准用户身份特征信息,对所述待验证用户身份特征信息进行核验;And verifying the identity information of the user to be verified according to the standard user identity characteristic information; 当确定所述待验证用户身份特征信息与所述标准用户身份特征信息相同时,输出核验结果为核验成功;When it is determined that the to-be-verified user identity feature information is the same as the standard user identity feature information, the output verification result is successful verification; 当确定所述待验证用户身份特征信息与所述标准用户身份特征信息不同时,输出核验结果为核验失败。When it is determined that the to-be-verified user identity feature information is different from the standard user identity feature information, the verification result is a verification failure. 一种基于区块链的身份验证方法,其特征在于,该方法包括:A blockchain-based authentication method, the method comprising: 验证步骤:当接收到携带第一用户身份信息的第一身份验证请求时,根据预先确定的身份验证规则对所述第一用户身份信息进行核验,以获得第一验证结果;a verification step: when receiving the first identity verification request carrying the first user identity information, verifying the first user identity information according to a predetermined identity verification rule to obtain a first verification result; 判断步骤:根据获得的所述第一验证结果、第一用户身份信息及预先确定的判断规则确定是否执行多重身份验证;a determining step: determining whether to perform multiple identity verification according to the obtained first verification result, the first user identity information, and a predetermined determination rule; 第一输出步骤:当确定不执行多重身份验证时,输出所述第一验证结果作为用户身份验证结果;或,当确定执行多重身份验证时,获取第二用户身份信息;a first outputting step: when it is determined that the multiple authentication is not performed, outputting the first verification result as a user identity verification result; or, when determining to perform the multiple identity verification, acquiring the second user identity information; 查找步骤:根据所述第一用户身份信息中的用户标识信息及预先确定的用户标识信息与验证节点标识信息之间的映射关系,查找所述用户标识信息对应的至少一个验证节点;The searching step: searching for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identification information in the first user identity information and the predetermined user identification information and the verification node identification information; 发布步骤:发布携带所述第二用户身份信息的第二身份验证请求至区块链网络,接收所述区块链网络的对所述第二用户身份信息进行核验生成并广播的携带节点标识信息的回馈信息;a publishing step: publishing a second identity verification request carrying the second user identity information to the blockchain network, and receiving, by the blockchain network, the carrying node identification information that is generated and broadcasted by the second user identity information Feedback information; 分析步骤:基于预先确定的第一结果分析规则,对所述回馈信息中的核验结果进行分析处理,并输出第一分析结果作为第二验证结果;The analyzing step: analyzing and processing the verification result in the feedback information based on the predetermined first result analysis rule, and outputting the first analysis result as the second verification result; 第二输出步骤:根据预先确定的第二结果分析规则,对所述第二验证结果进行分析处理,并输出第二分析结果作为所述用户的身份验证结果。The second output step is: performing analysis processing on the second verification result according to the predetermined second result analysis rule, and outputting the second analysis result as the identity verification result of the user. 如权利要求6所述的基于区块链的身份验证方法,其特征在于,所述预先确定的判断规则包括:The blockchain-based identity verification method according to claim 6, wherein the predetermined determination rule comprises: 当所述第一验证结果为验证成功时,根据所述第一用户身份信息中的用户标识信息及预先确定的判断子规则确定是否执行多重身份验证;When the first verification result is that the verification is successful, determining whether to perform the multiple identity verification according to the user identification information in the first user identity information and the predetermined determination sub-rule; 当基于所述预先确定的判断子规则确定执行多重身份验证时,输出判断结果为执行多重身份验证;When it is determined that the multi-identity verification is performed based on the predetermined judging sub-rule, the outputting of the judgment result is to perform the multi-factor authentication; 当基于所述预先确定的判断子规则确定不执行多重身份验证时,输出判断结果为不执行多重身份验证;When it is determined that the multi-factor authentication is not performed based on the predetermined judging sub-rule, the output judgment result is that the multi-factor authentication is not performed; 当所述第一验证结果为验证失败时,输出判断结果为不执行多重身份验证。When the first verification result is a verification failure, the output judgment result is that the multiple authentication is not performed. 一种基于区块链的身份验证方法,其特征在于,所述基于区块链的身份验证方法包括:A blockchain-based authentication method, characterized in that the blockchain-based identity verification method comprises: 接收步骤:接收携带用户身份信息的身份验证请求;Receiving step: receiving an identity verification request carrying user identity information; 核验步骤:对所述用户身份信息进行核验以获得核验结果,且根据所述核验结果,生成携带节点标识信息的回馈信息,并向所述区块链网络广播所述回馈信息。The verification step: verifying the user identity information to obtain a verification result, and generating feedback information carrying the node identification information according to the verification result, and broadcasting the feedback information to the blockchain network. 如权利要求8所述的基于区块链的身份验证方法,其特征在于,所述用户身份信息为利用预先确定的第一加密规则对用户身份数据进行加密处理后得到的加密用户身份信息。The blockchain-based identity verification method according to claim 8, wherein the user identity information is encrypted user identity information obtained by encrypting user identity data by using a predetermined first encryption rule. 如权利要求8所述的基于区块链的身份验证方法,其特征在于,所述核验步骤包括:The blockchain-based authentication method according to claim 8, wherein the verifying step comprises: 根据预先确定的第一解密规则对所述加密用户信息进行解密处理,以获得所述用户身份信息明文作为待验证用户身份信息,所述待验证用户身份信息包括用户标识信息及待验证用户身份特征信息;Decrypting the encrypted user information according to the predetermined first decryption rule to obtain the user identity information plaintext as the user identity information to be verified, the user identity information to be verified includes the user identifier information and the identity of the user to be verified information; 根据所述待验证用户身份信息中的用户标识信息及预先确定的用户标识信息与标准用户身份特征信息之间的映射关系,查找所述用户标识信息对应的加密标准用户身份特征信息;And searching for the encryption standard user identity feature information corresponding to the user identifier information, according to the mapping relationship between the user identifier information in the user identity information to be verified and the predetermined user identifier information and the standard user identity feature information; 根据预先确定的第二解密规则对所述加密标准用户身份特征信息进行解密处理,以获得标准用户身份特征信息;Decrypting the encrypted standard user identity feature information according to a predetermined second decryption rule to obtain standard user identity feature information; 根据所述标准用户身份特征信息,对所述待验证用户身份特征信息进行核验;And verifying the identity information of the user to be verified according to the standard user identity characteristic information; 当确定所述待验证用户身份特征信息与所述标准用户身份特征信息相同时,输出核验结果为核验成功;When it is determined that the to-be-verified user identity feature information is the same as the standard user identity feature information, the output verification result is successful verification; 当确定所述待验证用户身份特征信息与所述标准用户身份特征信息不同时,输出核验结果为核验失败。When it is determined that the to-be-verified user identity feature information is different from the standard user identity feature information, the verification result is a verification failure. 一种基于区块链的身份验证程序,其特征在于,所述基于区块链的身份验证程序包括:A blockchain-based authentication program, characterized in that the blockchain-based identity verification program comprises: 验证模块,用于当接收到携带第一用户身份信息的第一身份验证请求时,根据预先确定的身份验证规则对所述第一用户身份信息进行核验,以获得第一验证结果;a verification module, configured to: when receiving the first identity verification request carrying the first user identity information, verify the first user identity information according to a predetermined identity verification rule, to obtain a first verification result; 判断模块,用于根据获得的所述第一验证结果、第一用户身份信息及预 先确定的判断规则确定是否执行多重身份验证;a determining module, configured to determine, according to the obtained first verification result, the first user identity information, and the predetermined determination rule, whether to perform multiple identity verification; 第一输出模块,用于当确定不执行多重身份验证时,输出所述第一验证结果作为用户身份验证结果;或,当确定执行多重身份验证时,获取第二用户身份信息;a first output module, configured to output the first verification result as a user identity verification result when determining that multiple authentication is not performed; or acquire second user identity information when determining to perform multiple identity verification; 查找模块,用于根据所述第一用户身份信息中的用户标识信息及预先确定的用户标识信息与验证节点标识信息之间的映射关系,查找所述用户标识信息对应的至少一个验证节点;a searching module, configured to search for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identifier information in the first user identity information and the predetermined user identifier information and the verification node identifier information; 发布模块,用于发布携带所述第二用户身份信息的第二身份验证请求至区块链网络,接收所述区块链网络的对所述第二用户身份信息进行核验生成并广播的携带节点标识信息的回馈信息;a publishing module, configured to send a second identity verification request that carries the second user identity information to a blockchain network, and receive a carrying node that is configured to verify and broadcast the second user identity information of the blockchain network Feedback information of the identification information; 分析模块,用于基于预先确定的第一结果分析规则,对所述回馈信息中的核验结果进行分析处理,并输出第一分析结果作为第二验证结果;An analysis module, configured to analyze and process the verification result in the feedback information based on a predetermined first result analysis rule, and output the first analysis result as a second verification result; 第二输出模块,用于根据预先确定的第二结果分析规则,对所述第二验证结果进行分析处理,并输出第二分析结果作为所述用户的身份验证结果。And a second output module, configured to perform an analysis process on the second verification result according to the predetermined second result analysis rule, and output a second analysis result as the identity verification result of the user. 如权利要求11所述的基于区块链的身份验证程序,其特征在于,所述预先确定的判断规则包括:The blockchain-based identity verification program according to claim 11, wherein said predetermined determination rule comprises: 当所述第一验证结果为验证成功时,根据所述第一用户身份信息中的用户标识信息及预先确定的判断子规则确定是否执行多重身份验证;When the first verification result is that the verification is successful, determining whether to perform the multiple identity verification according to the user identification information in the first user identity information and the predetermined determination sub-rule; 当基于所述预先确定的判断子规则确定执行多重身份验证时,输出判断结果为执行多重身份验证;When it is determined that the multi-identity verification is performed based on the predetermined judging sub-rule, the outputting of the judgment result is to perform the multi-factor authentication; 当基于所述预先确定的判断子规则确定不执行多重身份验证时,输出判断结果为不执行多重身份验证;When it is determined that the multi-factor authentication is not performed based on the predetermined judging sub-rule, the output judgment result is that the multi-factor authentication is not performed; 当所述第一验证结果为验证失败时,输出判断结果为不执行多重身份验证。When the first verification result is a verification failure, the output judgment result is that the multiple authentication is not performed. 一种基于区块链的身份验证程序,其特征在于,所述基于区块链的身份验证程序包括:A blockchain-based authentication program, characterized in that the blockchain-based identity verification program comprises: 接收模块,用于接收携带用户身份信息的身份验证请求;a receiving module, configured to receive an identity verification request that carries user identity information; 核验模块,用于对所述用户身份信息进行核验以获得核验结果,且根据所述核验结果,生成携带节点标识信息的回馈信息,并向所述区块链网络广播所述回馈信息。And a verification module, configured to verify the user identity information to obtain a verification result, and generate feedback information carrying the node identification information according to the verification result, and broadcast the feedback information to the blockchain network. 如权利要求13所述的基于区块链的身份验证程序,其特征在于,所述用户身份信息为利用预先确定的第一加密规则对用户身份数据进行加密处理后得到的加密用户身份信息。The blockchain-based identity verification program according to claim 13, wherein the user identity information is encrypted user identity information obtained by encrypting user identity data by using a predetermined first encryption rule. 如权利要求13所述的基于区块链的身份验证程序,其特征在于,所述核验模块具体用于:The blockchain-based identity verification program according to claim 13, wherein the verification module is specifically configured to: 根据预先确定的第一解密规则对所述加密用户信息进行解密处理,以获得所述用户身份信息明文作为待验证用户身份信息,所述待验证用户身份信息包括用户标识信息及待验证用户身份特征信息;Decrypting the encrypted user information according to the predetermined first decryption rule to obtain the user identity information plaintext as the user identity information to be verified, the user identity information to be verified includes the user identifier information and the identity of the user to be verified information; 根据所述待验证用户身份信息中的用户标识信息及预先确定的用户标识 信息与标准用户身份特征信息之间的映射关系,查找所述用户标识信息对应的加密标准用户身份特征信息;And searching for the encryption standard user identity feature information corresponding to the user identifier information, according to the mapping relationship between the user identifier information in the user identity information to be verified and the predetermined user identifier information and the standard user identity information; 根据预先确定的第二解密规则对所述加密标准用户身份特征信息进行解密处理,以获得标准用户身份特征信息;Decrypting the encrypted standard user identity feature information according to a predetermined second decryption rule to obtain standard user identity feature information; 根据所述标准用户身份特征信息,对所述待验证用户身份特征信息进行核验;And verifying the identity information of the user to be verified according to the standard user identity characteristic information; 当确定所述待验证用户身份特征信息与所述标准用户身份特征信息相同时,输出核验结果为核验成功;When it is determined that the to-be-verified user identity feature information is the same as the standard user identity feature information, the output verification result is successful verification; 当确定所述待验证用户身份特征信息与所述标准用户身份特征信息不同时,输出核验结果为核验失败。When it is determined that the to-be-verified user identity feature information is different from the standard user identity feature information, the verification result is a verification failure. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有基于区块链的第一身份验证程序,所述基于区块链的第一身份验证程序可被至少一个处理器执行,以使所述至少一个处理器执行如下步骤:A computer readable storage medium, characterized in that the computer readable storage medium stores a first identity verification program based on a blockchain, the first identity verification program based on the blockchain can be at least one processor Executing to cause the at least one processor to perform the following steps: 验证步骤:当接收到携带第一用户身份信息的第一身份验证请求时,根据预先确定的身份验证规则对所述第一用户身份信息进行核验,以获得第一验证结果;a verification step: when receiving the first identity verification request carrying the first user identity information, verifying the first user identity information according to a predetermined identity verification rule to obtain a first verification result; 判断步骤:根据获得的所述第一验证结果、第一用户身份信息及预先确定的判断规则确定是否执行多重身份验证;a determining step: determining whether to perform multiple identity verification according to the obtained first verification result, the first user identity information, and a predetermined determination rule; 第一输出步骤:当确定不执行多重身份验证时,输出所述第一验证结果作为用户身份验证结果;或,当确定执行多重身份验证时,获取第二用户身份信息;a first outputting step: when it is determined that the multiple authentication is not performed, outputting the first verification result as a user identity verification result; or, when determining to perform the multiple identity verification, acquiring the second user identity information; 查找步骤:根据所述第一用户身份信息中的用户标识信息及预先确定的用户标识信息与验证节点标识信息之间的映射关系,查找所述用户标识信息对应的至少一个验证节点;The searching step: searching for at least one verification node corresponding to the user identification information according to the mapping relationship between the user identification information in the first user identity information and the predetermined user identification information and the verification node identification information; 发布步骤:发布携带所述第二用户身份信息的第二身份验证请求至区块链网络,接收所述区块链网络的对所述第二用户身份信息进行核验生成并广播的携带节点标识信息的回馈信息;a publishing step: publishing a second identity verification request carrying the second user identity information to the blockchain network, and receiving, by the blockchain network, the carrying node identification information that is generated and broadcasted by the second user identity information Feedback information; 分析步骤:基于预先确定的第一结果分析规则,对所述回馈信息中的核验结果进行分析处理,并输出第一分析结果作为第二验证结果;The analyzing step: analyzing and processing the verification result in the feedback information based on the predetermined first result analysis rule, and outputting the first analysis result as the second verification result; 第二输出步骤:根据预先确定的第二结果分析规则,对所述第二验证结果进行分析处理,并输出第二分析结果作为所述用户的身份验证结果。The second output step is: performing analysis processing on the second verification result according to the predetermined second result analysis rule, and outputting the second analysis result as the identity verification result of the user. 如权利要求16所述的计算机可读存储介质,其特征在于,所述预先确定的判断规则包括:The computer readable storage medium of claim 16, wherein the predetermined determination rule comprises: 当所述第一验证结果为验证成功时,根据所述第一用户身份信息中的用户标识信息及预先确定的判断子规则确定是否执行多重身份验证;When the first verification result is that the verification is successful, determining whether to perform the multiple identity verification according to the user identification information in the first user identity information and the predetermined determination sub-rule; 当基于所述预先确定的判断子规则确定执行多重身份验证时,输出判断结果为执行多重身份验证;When it is determined that the multi-identity verification is performed based on the predetermined judging sub-rule, the outputting of the judgment result is to perform the multi-factor authentication; 当基于所述预先确定的判断子规则确定不执行多重身份验证时,输出判断结果为不执行多重身份验证;When it is determined that the multi-factor authentication is not performed based on the predetermined judging sub-rule, the output judgment result is that the multi-factor authentication is not performed; 当所述第一验证结果为验证失败时,输出判断结果为不执行多重身份验证。When the first verification result is a verification failure, the output judgment result is that the multiple authentication is not performed. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有基于区块链的第二身份验证程序,所述基于区块链的第二身份验证程序可被至少一个处理器执行,以使所述至少一个处理器执行如下步骤:A computer readable storage medium, characterized in that the computer readable storage medium stores a blockchain based second identity verification program, and the blockchain based second identity verification program can be at least one processor Executing to cause the at least one processor to perform the following steps: 接收步骤:接收携带用户身份信息的身份验证请求;Receiving step: receiving an identity verification request carrying user identity information; 核验步骤:对所述用户身份信息进行核验以获得核验结果,且根据所述核验结果,生成携带节点标识信息的回馈信息,并向所述区块链网络广播所述回馈信息。The verification step: verifying the user identity information to obtain a verification result, and generating feedback information carrying the node identification information according to the verification result, and broadcasting the feedback information to the blockchain network. 如权利要求18所述的计算机可读存储介质,其特征在于,所述用户身份信息为利用预先确定的第一加密规则对用户身份数据进行加密处理后得到的加密用户身份信息。The computer readable storage medium according to claim 18, wherein the user identity information is encrypted user identity information obtained by encrypting user identity data using a predetermined first encryption rule. 如权利要求18所述的计算机可读存储介质,其特征在于,所述核验步骤包括:The computer readable storage medium of claim 18, wherein the verifying step comprises: 根据预先确定的第一解密规则对所述加密用户信息进行解密处理,以获得所述用户身份信息明文作为待验证用户身份信息,所述待验证用户身份信息包括用户标识信息及待验证用户身份特征信息;Decrypting the encrypted user information according to the predetermined first decryption rule to obtain the user identity information plaintext as the user identity information to be verified, the user identity information to be verified includes the user identifier information and the identity of the user to be verified information; 根据所述待验证用户身份信息中的用户标识信息及预先确定的用户标识信息与标准用户身份特征信息之间的映射关系,查找所述用户标识信息对应的加密标准用户身份特征信息;And searching for the encryption standard user identity feature information corresponding to the user identifier information, according to the mapping relationship between the user identifier information in the user identity information to be verified and the predetermined user identifier information and the standard user identity feature information; 根据预先确定的第二解密规则对所述加密标准用户身份特征信息进行解密处理,以获得标准用户身份特征信息;Decrypting the encrypted standard user identity feature information according to a predetermined second decryption rule to obtain standard user identity feature information; 根据所述标准用户身份特征信息,对所述待验证用户身份特征信息进行核验;And verifying the identity information of the user to be verified according to the standard user identity characteristic information; 当确定所述待验证用户身份特征信息与所述标准用户身份特征信息相同时,输出核验结果为核验成功;When it is determined that the to-be-verified user identity feature information is the same as the standard user identity feature information, the output verification result is successful verification; 当确定所述待验证用户身份特征信息与所述标准用户身份特征信息不同时,输出核验结果为核验失败。When it is determined that the to-be-verified user identity feature information is different from the standard user identity feature information, the verification result is a verification failure.
PCT/CN2018/102407 2018-04-26 2018-08-27 Electronic device, authentication method based on block chain, and program and computer storage medium Ceased WO2019205389A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810386011.6 2018-04-26
CN201810386011.6A CN108777675B (en) 2018-04-26 2018-04-26 Electronic device, block chain-based identity authentication method, and computer storage medium

Publications (1)

Publication Number Publication Date
WO2019205389A1 true WO2019205389A1 (en) 2019-10-31

Family

ID=64026779

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/102407 Ceased WO2019205389A1 (en) 2018-04-26 2018-08-27 Electronic device, authentication method based on block chain, and program and computer storage medium

Country Status (2)

Country Link
CN (1) CN108777675B (en)
WO (1) WO2019205389A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11348104B2 (en) * 2019-03-14 2022-05-31 Advanced New Technologies Co., Ltd. Methods and devices for acquiring and recording tracking information on blockchain
US12056731B1 (en) 2023-01-11 2024-08-06 Wells Fargo Bank, N.A. Self-disclosed identity on a network

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109767534B (en) * 2019-01-17 2022-03-04 平安科技(深圳)有限公司 Access control access method, system, management terminal and access control terminal based on block chain
CN111859347B (en) * 2019-08-01 2024-07-05 创新先进技术有限公司 Blockchain-based identity verification method, device and equipment
CN110727933A (en) * 2019-09-10 2020-01-24 阿里巴巴集团控股有限公司 Identity authentication method and device, electronic equipment and storage medium
CN110602114B (en) * 2019-09-19 2022-07-19 腾讯科技(深圳)有限公司 Block chain-based identity authentication method and device, storage medium and electronic equipment
CN111010367B (en) * 2019-11-07 2022-11-29 深圳市电子商务安全证书管理有限公司 Data storage method, device, computer equipment and storage medium
CN111931137A (en) * 2020-06-03 2020-11-13 浪潮云信息技术股份公司 Block chain-based electronic identity information management method, equipment and medium
CN114880645A (en) * 2022-06-07 2022-08-09 中关村科学城城市大脑股份有限公司 Identity verification method and device based on block chain

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106533696A (en) * 2016-11-18 2017-03-22 江苏通付盾科技有限公司 Block chain-based identity authentication methods, authentication server and user terminal
CN107257340A (en) * 2017-06-19 2017-10-17 阿里巴巴集团控股有限公司 A kind of authentication method, authentication data processing method and equipment based on block chain
CN107276973A (en) * 2016-12-10 2017-10-20 江苏恒为信息科技有限公司 A kind of internet article identity mark is built and verification method
CN107480555A (en) * 2017-08-01 2017-12-15 中国联合网络通信集团有限公司 Database-access rights control method and equipment based on block chain

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6914517B2 (en) * 2001-04-17 2005-07-05 Dalton Patrick Enterprises, Inc. Fingerprint sensor with feature authentication
CN101557406B (en) * 2009-06-01 2012-04-18 杭州华三通信技术有限公司 Authentication method, device and system of user terminal
CN102202040B (en) * 2010-03-26 2014-06-04 联想(北京)有限公司 Client authentication method and device
US8949951B2 (en) * 2011-03-04 2015-02-03 Red Hat, Inc. Generating modular security delegates for applications
CN102236766B (en) * 2011-05-10 2014-04-09 桂林电子科技大学 Security data item level database encryption system
CN105005720B (en) * 2015-06-24 2018-01-19 青岛大学 Computer security control system
WO2018039312A1 (en) * 2016-08-23 2018-03-01 BBM Health LLC Blockchain-based mechanisms for secure health information resource exchange
WO2018049656A1 (en) * 2016-09-18 2018-03-22 深圳前海达闼云端智能科技有限公司 Blockchain-based identity authentication method, device, node and system
CN106453407B (en) * 2016-11-23 2019-10-15 江苏通付盾科技有限公司 Identity authentication method based on block chain, authentication server and user terminal
CN107241329B (en) * 2017-06-07 2020-04-21 北京奇艺世纪科技有限公司 Account login processing method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106533696A (en) * 2016-11-18 2017-03-22 江苏通付盾科技有限公司 Block chain-based identity authentication methods, authentication server and user terminal
CN107276973A (en) * 2016-12-10 2017-10-20 江苏恒为信息科技有限公司 A kind of internet article identity mark is built and verification method
CN107257340A (en) * 2017-06-19 2017-10-17 阿里巴巴集团控股有限公司 A kind of authentication method, authentication data processing method and equipment based on block chain
CN107480555A (en) * 2017-08-01 2017-12-15 中国联合网络通信集团有限公司 Database-access rights control method and equipment based on block chain

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11348104B2 (en) * 2019-03-14 2022-05-31 Advanced New Technologies Co., Ltd. Methods and devices for acquiring and recording tracking information on blockchain
US12056731B1 (en) 2023-01-11 2024-08-06 Wells Fargo Bank, N.A. Self-disclosed identity on a network

Also Published As

Publication number Publication date
CN108777675A (en) 2018-11-09
CN108777675B (en) 2020-04-14

Similar Documents

Publication Publication Date Title
WO2019205389A1 (en) Electronic device, authentication method based on block chain, and program and computer storage medium
KR102493744B1 (en) Security Verification Method Based on Biometric Characteristics, Client Terminal, and Server
US20200287901A1 (en) Out-of-band authentication based on secure channel to trusted execution environment on client device
US11563724B1 (en) System and method for allowing access to an application or features thereof on each of one or more user devices
US11562052B2 (en) Computing system and method for verification of access permissions
US11418499B2 (en) Password security
WO2019205380A1 (en) Electronic device, blockchain-based data processing method and program, and computer storage medium
US20120030475A1 (en) Machine-machine authentication method and human-machine authentication method for cloud computing
CN116980230B (en) Information security protection method and device
CN106789059B (en) A remote two-way access control system and method based on trusted computing
EP3206329B1 (en) Security check method, device, terminal and server
JP5013931B2 (en) Apparatus and method for controlling computer login
CN118118227A (en) Unified identity authentication method and device
CN112862484A (en) Secure payment method and device based on multi-terminal interaction
CN106295384A (en) A kind of big data platform access control method, device and certificate server
US11177958B2 (en) Protection of authentication tokens
CN114139131A (en) Operating system login method and device and electronic equipment
CN114444060B (en) A permission verification method, device, system and storage medium
KR102648908B1 (en) User authentication system and method
US20250373622A1 (en) system and method for avoiding cyber attacks
US20250373637A1 (en) system and method for detecting cyber-attacks
US20250385792A1 (en) User authentication for a resource using context based encryption of authentication tokens
KR20230089559A (en) Blockchain-based fido authentication system
RU2565529C2 (en) Method of providing access to objects in operating system
CN116756717A (en) Information protection methods, devices, equipment and media

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18916938

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 05/02/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 18916938

Country of ref document: EP

Kind code of ref document: A1