阅读说明：本技术 一种基于区块链的实名认证方法 (Real name authentication method based on block chain ) 是由 司志坚 董承伟 熊志敏 韩嵩峰 罗艳平 黄文涛 郭欣沅 杨婧一 孟翔宇 于 2018-07-23 设计创作，主要内容包括：本发明涉及一种基于区块链的实名认证方法。包括1.实名数据填报、实名数据确认、实名数据块写入实名数据区块链；2.实名数据认证服务：客户端发起实名认证请求、服务端实名认证处理、记录实名认证记录,提供包括登录认证、实名所有人身份信息认证、业务角色信息认证、业务授权信息认证多种类型的认证服务。本发明涉及两条私有区块链：实名数据区块链用于存储实名数据,实名认证记录区块链用于存储实名认证过程的记录数据。本发明作为一种新型基于网络的实名认证技术,可广泛应用于各大企业的信息化系统,可用于构建基于区块链技术的真实身份认证的可信协作平台,对各类需要身份验证、角色验证等要求的应用提供安全、可靠、高效的业务支撑。(The invention relates to a real-name authentication method based on a block chain. The method comprises the steps of 1, filling real-name data, confirming the real-name data, and writing real-name data blocks into a real-name data block chain; 2. real-name data authentication service: the client side initiates a real-name authentication request, the server side performs real-name authentication processing and records real-name authentication records, and various types of authentication services including login authentication, real-name owner identity information authentication, business role information authentication and business authorization information authentication are provided. The invention relates to two private block chains: the real-name data block chain is used for storing real-name data, and the real-name authentication recording block chain is used for storing recorded data in a real-name authentication process. The invention is a novel real-name authentication technology based on the network, can be widely applied to informatization systems of various large enterprises, can be used for constructing a credible cooperation platform of real identity authentication based on the block chain technology, and provides safe, reliable and efficient service support for various applications requiring identity authentication, role authentication and the like.)

1. A real-name authentication method based on a block chain is characterized by comprising the following steps:

the real name information data construction method comprises the following steps: acquiring real name information of a user; adopting an administrator confirmation mode or a user remote confirmation mode to carry out accuracy confirmation on the acquired real name information; constructing the confirmed real-name information into a real-name data block and writing the real-name data block into a real-name data block chain;

and (3) real name data authentication: the client side initiates a real-name authentication request, the server side receives and verifies the request information, then searches for corresponding real-name information from the real-name data block chain and returns the corresponding real-name information to the requester of the client side, and a record data block is constructed and added to the real-name authentication record block chain to complete authentication.

2. The real-name authentication method based on the blockchain according to claim 1, wherein: the collecting the real name information of the user comprises the following steps:

the method comprises the steps of sequentially collecting real name information of a user, sequentially connecting all the real name information input by the user, calculating a Hash value H of the real name information through an SHA-256 Hash algorithm, inquiring whether a real name data block with a main key ID of H exists, if yes, indicating that the real name information of the user exists, and if not, indicating that the real name data block is used for constructing a real name data block for a new user.

3. The real-name authentication method based on the block chain as claimed in claim 1 or 2, wherein: the real name information includes: identity information of the real-name owner, service role information and service authorization information;

the identity information of the real-name owner comprises a name, an identification card number, a login password, a mobile phone number, a unit, a department, a birth date and an address;

the service role information is function module list data which can be accessed by a user and service operation list data which can be made in the function module list;

the service authorization information is service agreement or legal document constraint list data which is confirmed and accepted by the user.

4. The real-name authentication method based on the blockchain according to claim 3, wherein: the sequentially collecting the real name information of the user comprises the following steps: and acquiring identity information of the real-name owner input by the user, service role information related to the process and selected and confirmed service authorization information in sequence.

5. The real-name authentication method based on the blockchain according to claim 1, wherein: the administrator confirmation mode is that the administrator confirms the face sign through the site, the auxiliary authentication of the reserved information and the synchronous verification of the existing account to finish the user identity confirmation;

the user remote confirmation mode is as follows: the server generates a plurality of digit and English letter mixed coding verification codes, sends the verification codes to a mobile phone number in real name information registered by a user in a short message mode, and completes identity confirmation if confirmation information of the user is received within effective time limit; the user needs to check the remote confirmation option while submitting the registration information.

6. The real-name authentication method based on the blockchain according to claim 1, wherein: the step of constructing the confirmed real-name data into real-name data blocks and writing the real-name data blocks into a real-name data block chain comprises:

constructing real-name data into real-name data blocks;

writing the constructed real-name data blocks into a real-name data block chain according to the ID sequence of a main key, wherein the block chain is an enterprise private chain;

if the enterprise has other federation chains, then a broadcast is made to all the other federation chain's certification authorities having a trust relationship, and the certification authority that received the message writes the data to the local blockchain.

7. The real-name authentication method based on the blockchain according to claim 6, wherein: the constructing of the real-name information into the real-name data block comprises:

1) connecting all real name information of the new user in sequence, calculating a hash value of the real name information through an SHA-256 hash algorithm, and using the hash value as a primary key ID of the real name data block;

2) combining the name, the identification number, the mobile phone number and the login password as identity authentication information to be stored in a real-name data block for user login and verification; the password is converted into an MD5 hash value to be stored, and the name, the identification card number and the mobile phone number are stored in a plaintext;

3) taking a unit, a department, a birth date and an address as basic identity information and storing the basic identity information in a plaintext to a real-name data block;

4) converting the service role information into an MD5 hash value format and storing the hash value format into a real-name data block;

5) the service authorization information is converted into an MD5 hash value format and stored in a real-name data block, so as to assist in confirming the operation authority of the user on the service.

8. The real-name authentication method based on the blockchain according to claim 1, wherein: the step of real name data authentication comprises:

1) the client sends a real-name authentication request containing an authentication type, valid identity information of a requester and valid identity information of an authentication real name to the server; the effective identity information of the applicant is the combination of one of a name, an identification card number and a mobile phone number and a login password; the effective identification information of the authentication real name is a name, an identification card number and a mobile phone number;

2) the server side checks whether the valid identity information of the requester and the valid identity information of the authentication real name are correct or not in sequence by inquiring the real name data block chain, and if the valid identity information of the requester and the valid identity information of the authentication real name are correct, data are returned according to the authentication type of the real name authentication request;

3) constructing a recording data block, adding the recording data block into a real-name authentication recording block chain, and recording a real-name authentication process;

the recording data block contains the following information:

a. recording a primary key ID of the real-name data block, wherein the primary key ID is a random hash field string;

b. the valid identity information of the applicant is represented by a Hash ID in the real-name data block chain;

c. authenticating the real-name valid identity information, and representing the information by using a Hash ID in a real-name data block chain;

d. recording data obtained according to the authentication type of the real-name authentication request;

e. and inquiring the time.

9. The real-name authentication method based on the blockchain according to claim 8, wherein: the authentication types include: login authentication, identity information authentication of the real name owner, service role information authentication and service authorization information authentication.

10. The real-name authentication method based on the blockchain according to claim 9, wherein: the authentication type return data according to the real-name authentication request comprises:

when the authentication type is login authentication, the server side inquires a real-name data block chain according to login information submitted by the client side, verifies the login information and returns result login information, wherein the result login information is as follows: a combination of one of a name, an identification number, a mobile phone number and a login password;

when the authentication type is the identity information authentication of the real-name owner, the server side inquires the real-name data block chain according to the inquiry condition and returns the identity related information; the query condition must include name, ID card number or mobile phone number;

when the authentication type is service role information authentication, the server side inquires the real-name data block chain according to the inquiry condition and returns service role related information; the query condition must include name, ID card number or mobile phone number;

when the authentication type is service authorization information authentication, the server side inquires the real-name data block chain according to the inquiry condition and returns service authorization related information; the query must contain a name, identification number or mobile phone number.

Technical Field

The invention belongs to the field of enterprise informatization application based on a block chain, and particularly relates to a real-name authentication method based on the block chain.

Background

With the continuous enhancement of enterprise informatization construction, various business processing of enterprises increasingly depend on related business systems, and access user identity authentication relates to system security and is always a key problem to be solved by various information systems. The traditional method comprises the following steps: the user identity is issued by a certification authority in the form of network data, generally needs to handle an electronic key, can only handle certification to a specific certification authority, is tedious in procedure, is limited to the interoperability and service agreement of a certificate of a CA center, is high in protection cost, poor in compatibility and usability, and also has the problems of compatibility and usability of a PC side browser.

At present, most of user data of the enterprise information system is stored by a single data center, and unified access and authentication are performed when the user data are used, so that higher requirements on the security and the stability of the center are provided, the operation and maintenance cost is correspondingly increased, and the risk caused by single-point storage cannot be fundamentally solved; on the other hand, the traditional single user authentication method is not completely applicable to large-scale interactive enterprise applications across regions, units, departments and networks, for example, the power enterprise supplies all participating units and departments related to material and settlement, such as suppliers, owner units, construction units, supervision units, material management units and the like; the fulfillment process relates to a delivery receipt, an acceptance receipt, a warehousing receipt, a delivery receipt, a quality insurance receipt and the like, a plurality of systems are required to be accessed, and meanwhile, the delivery is carried out by combining paper receipts, so that the efficiency is very low.

A blockchain provides a good solution, which is essentially a decentralized database, a series of data blocks associated using cryptography, each data block containing specific information for verifying the validity of the information (anti-counterfeiting) and generating the next block. Blockchains have many good characteristics, including decentralization, openness, autonomy, and information non-falsification, and once information is verified and added to the blockchain, it is permanently stored, so that the data stability and reliability of the blockchain are extremely high. Therefore, the block chain is used as an identity information record carrier and is used as the bottom layer technology of real-name authentication, and the method has good safety and reliability.

Disclosure of Invention

In view of the above-mentioned shortcomings in the prior art, the present patent provides a block chain-based real-name authentication method, which can overcome the above-mentioned problems or can partially solve the above-mentioned problems. According to the invention, the enterprise private chain is established, and the personnel identity information, the service role information and the service authorization information are uniformly stored on the block chain by virtue of the characteristics of decentralized block chain and information non-falsification, so that the uniformity and the safety of the real-name information are ensured. The system reads information on the block chain through a uniform access interface to complete various service requirements, including login authentication, identity information authentication of real-name owners, service role information authentication, service authorization information authentication and the like. All authentication processes are used as a real-name authentication record and recorded in a real-name authentication record block chain, so that the integrity, the safety and the traceability of all authentication operations are ensured.

The technical scheme adopted by the invention for realizing the purpose is as follows: a real-name authentication method based on a block chain comprises the following steps:

the real name information data construction method comprises the following steps: acquiring real name information of a user; adopting an administrator confirmation mode or a user remote confirmation mode to carry out accuracy confirmation on the acquired real name information; constructing the confirmed real-name information into a real-name data block and writing the real-name data block into a real-name data block chain;

and (3) real name data authentication: the client side initiates a real-name authentication request, the server side receives and verifies the request information, then searches for corresponding real-name information from the real-name data block chain and returns the corresponding real-name information to the requester of the client side, and a record data block is constructed and added to the real-name authentication record block chain to complete authentication.

The collecting the real name information of the user comprises the following steps:

the method comprises the steps of sequentially collecting real name information of a user, sequentially connecting all the real name information input by the user, calculating a Hash value H of the real name information through an SHA-256 Hash algorithm, inquiring whether a real name data block with a main key ID of H exists, if yes, indicating that the real name information of the user exists, and if not, indicating that the real name data block is used for constructing a real name data block for a new user.

The real name information includes: identity information of the real-name owner, service role information and service authorization information;

the identity information of the real-name owner comprises a name, an identification card number, a login password, a mobile phone number, a unit, a department, a birth date and an address;

the service role information is function module list data which can be accessed by a user and service operation list data which can be made in the function module list;

the service authorization information is service agreement or legal document constraint list data which is confirmed and accepted by the user.

The sequentially collecting the real name information of the user comprises the following steps: and acquiring identity information of the real-name owner input by the user, service role information related to the process and selected and confirmed service authorization information in sequence.

The administrator confirmation mode is that the administrator confirms the face sign through the site, the auxiliary authentication of the reserved information and the synchronous verification of the existing account to finish the user identity confirmation;

the user remote confirmation mode is as follows: the server generates a plurality of digit and English letter mixed coding verification codes, sends the verification codes to a mobile phone number in real name information registered by a user in a short message mode, and completes identity confirmation if confirmation information of the user is received within effective time limit; the user needs to check the remote confirmation option while submitting the registration information.

The step of constructing the confirmed real-name data into real-name data blocks and writing the real-name data blocks into a real-name data block chain comprises:

constructing real-name data into real-name data blocks;

writing the constructed real-name data blocks into a real-name data block chain according to the ID sequence of a main key, wherein the block chain is an enterprise private chain;

if the enterprise has other federation chains, then a broadcast is made to all the other federation chain's certification authorities having a trust relationship, and the certification authority that received the message writes the data to the local blockchain.

The constructing of the real-name information into the real-name data block comprises:

1) connecting all real name information of the new user in sequence, calculating a hash value of the real name information through an SHA-256 hash algorithm, and using the hash value as a primary key ID of the real name data block;

2) combining the name, the identification number, the mobile phone number and the login password as identity authentication information to be stored in a real-name data block for user login and verification; the password is converted into an MD5 hash value to be stored, and the name, the identification card number and the mobile phone number are stored in a plaintext;

3) taking a unit, a department, a birth date and an address as basic identity information and storing the basic identity information in a plaintext to a real-name data block;

4) converting the service role information into an MD5 hash value format and storing the hash value format into a real-name data block;

5) the service authorization information is converted into an MD5 hash value format and stored in a real-name data block, so as to assist in confirming the operation authority of the user on the service.

The step of real name data authentication comprises:

1) the client sends a real-name authentication request containing an authentication type, valid identity information of a requester and valid identity information of an authentication real name to the server; the effective identity information of the applicant is the combination of one of a name, an identification card number and a mobile phone number and a login password; the effective identification information of the authentication real name is a name, an identification card number and a mobile phone number;

2) the server side checks whether the valid identity information of the requester and the valid identity information of the authentication real name are correct or not in sequence by inquiring the real name data block chain, and if the valid identity information of the requester and the valid identity information of the authentication real name are correct, data are returned according to the authentication type of the real name authentication request;

3) constructing a recording data block, adding the recording data block into a real-name authentication recording block chain, and recording a real-name authentication process;

the recording data block contains the following information:

a. recording a primary key ID of the real-name data block, wherein the primary key ID is a random hash field string;

b. the valid identity information of the applicant is represented by a Hash ID in the real-name data block chain;

c. authenticating the real-name valid identity information, and representing the information by using a Hash ID in a real-name data block chain;

d. recording data obtained according to the authentication type of the real-name authentication request;

e. and inquiring the time.

The authentication types include: login authentication, identity information authentication of the real name owner, service role information authentication and service authorization information authentication.

The authentication type return data according to the real-name authentication request comprises:

when the authentication type is login authentication, the server side inquires a real-name data block chain according to login information submitted by the client side, verifies the login information and returns result login information, wherein the result login information is as follows: a combination of one of a name, an identification number, a mobile phone number and a login password;

when the authentication type is the identity information authentication of the real-name owner, the server side inquires the real-name data block chain according to the inquiry condition and returns the identity related information; the query condition must include name, ID card number or mobile phone number;

when the authentication type is service role information authentication, the server side inquires the real-name data block chain according to the inquiry condition and returns service role related information; the query condition must include name, ID card number or mobile phone number;

when the authentication type is service authorization information authentication, the server side inquires the real-name data block chain according to the inquiry condition and returns service authorization related information; the query must contain a name, identification number or mobile phone number.

The invention has the following advantages and beneficial effects:

the invention can be used as a novel network-based real-name authentication technology, can be widely applied to information systems of various large enterprises, is flexible in deployment mode, can be deployed as an independent real-name authentication platform, can also be integrated and deployed as a part of the information systems, can build a uniform and mutually-trusted real-name authentication system in the enterprises by virtue of good technical characteristics and safety characteristics of a block chain technology, integrates various identity, role and authority information of users together, and builds a mutually-trusted and cooperative platform among various service systems.

Drawings

FIG. 1 is a flow of real-name information data construction and a real-name data authentication;

Detailed Description

The present invention will be described in further detail with reference to the accompanying fig. 1 and the embodiments.

1. Building a blockchain foundation environment

The invention relates to two block chains:

1) real name data block chain

For recording all real name data information.

2) Real name authentication record block chain

For recording all real-name authentication operation records.

2. Building real name data block chains

1) Real name data filling

The real name information includes 3 parts of data, which are respectively:

(1) identity information of the real-name owner: the name, ID card number, login password and mobile phone number must be filled in, and other options include unit, department, date of birth, address, etc.

(2) Service role information: the role defines the functional module which can be accessed by the user and the operation which can be done in the module, and various kinds of role definition information are in text format. Examples of the functional modules and operations that can be performed in the modules are: the definition of the accessible function and the operation authority of a certain user is described as follows:

{"QueryInfo":{"query":"yes","edit":"no","delete":"no","add":"no","print":"yes"}}

in the above description, the QueryInfo is a specific function module name, add, delete, edit, query, and print are respectively corresponding to operations of adding, deleting, modifying, querying, and printing, yes represents that the operation authority is provided, and no represents that the operation authority is not provided.

(3) Service authorization information: namely, the service agreement or legal document constraint confirmed and accepted by the user, and certain services are qualified to operate only by accepting service authorization;

the filling step is divided into two steps:

(1) applicants' data filling: the real-name owner reports personal identity information at the client, the necessary items are name, identification card number, login password and mobile phone number, and the rest selectable items comprise unit, department, birth date, address and the like; and selecting the roles related to the business process, and selecting and confirming the business authorization.

(2) Application data submission: and (3) connecting all input data according to sequence by the system according to the real-name information submitted by the user, calculating a hash value H through an SHA-256 hash algorithm, inquiring whether a real-name data block with a primary key ID of H exists, if so, indicating that the user data already exists, and otherwise, indicating that the user is a new user.

2) Real name data validation

The accuracy of the real-name information of the user can be confirmed in two ways:

(1) the administrator confirms that: namely, the administrator completes the user identity confirmation through technical means such as field confirmation face labeling, storage information auxiliary authentication, existing account synchronous verification and the like. The field confirmation face label is a face-to-face confirmation of the user and the administrator. The persistence information assists in authentication and the existing account synchronization verification is confirmation by the administrator through the information archived by the system.

(2) Remote confirmation by the user: the remote confirmation is completed by means of the mobile phone verification code, namely, the user submits the registration information and simultaneously selects the remote confirmation option, the server generates the verification code mixed with 6 digits and English letters, the verification code is sent to the mobile phone number in the registration information in a short message, the input is valid within 120 seconds, and the identity confirmation is completed when the verification is correct.

3) Real name data block write block chain

The confirmed real-name data is constructed into a data block and written into a real-name data block chain, wherein the block chain type is an enterprise private chain.

Totally classifying 3 steps:

(1) the real name data is constructed as a data block.

The data block includes the following parts:

a. primary key ID: and connecting all real-name data information in sequence, and calculating the obtained hash value by using the SHA-256 hash algorithm.

b. Authentication data: the certificate comprises a name, an identity card number, a login password and a mobile phone number, wherein the name, the identity card number and the mobile phone number can be combined with the login password to be used as a certificate for user login and verification, the password is converted into an MD5 hash value to be stored, and the rest is a plaintext.

c. Identity basic information: including units, departments, dates of birth, addresses, etc.

d. Service role information: the list of function modules that the user can access, the operation list data that can be done in the module, are converted into MD5 hash value format for storage.

e. Service authorization information: the service agreement or legal document constraint list confirmed and accepted by the user is converted into MD5 hash value format for storage, which is used to assist in confirming the operation authority of the user to the service.

(2) The data block is written into a real-name data block chain, wherein the type of the block chain is an enterprise private chain.

(3) If the enterprise has other federation chains, then it broadcasts to all other certification authorities that have a trust relationship, and the certification authority that received the message writes the data to the local blockchain.

3. Real-name data authentication service

The client accesses the real-name authentication service by submitting an authentication type and authentication data, wherein the authentication type comprises the following steps:

1) login authentication

The client submits data, queries a real-name data block chain, verifies login data, and returns a result, wherein the data is divided into three conditions:

name + login password: the name may be repeated, and if repeated, a prompt is given.

Identity card number + login password.

Mobile phone number + login password.

2) Identity information of real-name owner

And inquiring the real-name data block chain, returning the identity related data, wherein the inquiry condition needs to contain a name, an identity card number or a mobile phone number, and the data of the identity information can be effectively identified.

3) Business role information

And inquiring the real-name data block chain, and returning the relevant data of the service role, wherein the inquiry condition needs to contain a name, an identity card number or a mobile phone number, namely the data of the identity information can be effectively identified.

4) Service authorization information

And inquiring the real-name data block chain, and returning service authorization related data, wherein the inquiry condition needs to contain a name, an identity card number or a mobile phone number, namely the data of the identity information can be effectively identified.

The authentication process includes:

1) the client side initiates a real-name authentication request, and the request content must include an authentication type, valid identity information of a requester and valid identity information of an authentication real name.

Valid identity information of the requestor: name + login password (name may be duplicated, if duplicated, prompt information is given), identification number + login password, mobile phone number + login password.

And (3) authenticating the real-name valid identity information: name, ID card number, mobile phone number, and name may be duplicated, and if duplicated, prompt information is given to suggest using ID card number or mobile phone number.

2) Server real name authentication processing

The method comprises the steps of checking the effective identity information of a requester by inquiring a real-name data block chain, inquiring the effective identity information of an authentication real name in the block chain, and returning data according to the authentication type.

3) Recording real-name authentication records

Constructing a recording data block, wherein the recording data block mainly comprises the following information:

a. the primary key ID of the real name data block is recorded, 64-bit random hash field string.

b. The valid identity information of the applicant is represented by a hash ID in the real-name data block chain.

c. And authenticating the real-name valid identity information, which is represented by the Hash ID in the real-name data block chain.

d. And returning a query result.

e. And inquiring the time.

Finally, the recording data block is added to the real-name authentication recording block chain.