CN109660330B

CN109660330B - Method and system for identity authentication on block chain

Info

Publication number: CN109660330B
Application number: CN201811622541.2A
Authority: CN
Inventors: 陆舟; 于华章
Original assignee: Feitian Technologies Co Ltd
Current assignee: Feitian Technologies Co Ltd
Priority date: 2018-12-28
Filing date: 2018-12-28
Publication date: 2022-04-01
Anticipated expiration: 2038-12-28
Also published as: CN109660330A

Abstract

The invention discloses a method and a system for performing identity authentication on a block chain, and relates to the field of block chain. The system includes: authentication equipment, an application program, a server and a block chain network; the block chain network includes multiple Each blockchain node corresponds to a member of an alliance organization; the method and system provided in this embodiment enable authentication equipment to participate in identity authentication, and at the same time combine blockchain-related technologies to record records on blockchain nodes The blockchain node ledger data of the alliance organizes the respective identity certifications of the members of the alliance into a unified alliance certification, which realizes the mutual trust between the identity certifications of the members of different alliances.

Description

Method and system for identity authentication on block chain

Technical Field

The present invention relates to the field of blockchains, and in particular, to a method and system for performing identity authentication on a blockchain.

Background

The block chain technology (BT for short) is an Internet database technology and is characterized in that centralization and open transparency are achieved, and everyone can participate in database recording; meanwhile, the block chain technology is also called as distributed account book technology, wherein the account book records data written into the block chain by each block chain node; when the information of one blockchain node is changed, the information of other blockchain nodes is changed.

The existing identity authentication is generally performed by combining a software certificate and an authorization mechanism, and the software certificate is displayed in a file certificate form and is not fixedly stored in a certain hardware medium, so that the situation that the software certificate is copied away by others and embezzled by others for identity authentication easily occurs, and the security level is low. In addition, in the prior art, the respective identity authentication modes of different enterprises cannot realize mutual authentication and trust, which is not beneficial to mutual benefit and benefit among the enterprises and also greatly influences user experience.

Disclosure of Invention

In order to solve the problems in the prior art, the invention provides a method and a system for identity authentication on a block chain.

The invention provides a method for carrying out identity authentication on a block chain, which is suitable for a system comprising authentication equipment, an application program, a server and a block chain network, wherein the block chain network comprises a plurality of block chain nodes, and each block chain node corresponds to one alliance organization member; the method comprises the following steps:

step s 1: the application program acquires the device identifier of the connected authentication device and the data to be authenticated;

step s 2: the application program sends the device identifier and the data to be authenticated to the server;

step s 3: the server sends a block chain node account book query request to any block chain link point in the block chain network; the query blockchain node book request comprises the device identifier;

step s 4: the block chain node acquires authentication associated data corresponding to the equipment identifier in the query block chain link point book request from a stored block chain link point book; returning the authentication association data corresponding to the device identifier to the server;

the block chain node account book comprises: a device identifier of an authentication device corresponding to each federation organization member; and authentication association data corresponding to the device identifier;

step s 5: the server authenticates the received data to be authenticated according to the authentication associated data, and if the authentication is successful, the server returns the authentication success to the application program; and if the authentication fails, returning authentication failure to the application program.

The invention provides a system for identity authentication on a block chain, which comprises: an authentication device, an application, a server, and a blockchain network;

the block chain network comprises a plurality of block chain nodes; each block link point corresponds to one alliance organization member;

the application program comprises: the device comprises a first acquisition module, a first sending module and a first receiving module;

the server includes: the system comprises a second receiving module, a second sending module, a third receiving module, a first authentication module and a third sending module;

the block link point includes: the fourth receiving module, the second acquiring module and the fourth sending module;

the first acquisition module is used for acquiring the device identifier of the connected authentication device and the data to be authenticated;

the first sending module is configured to send the device identifier and the data to be authenticated, which are obtained by the first obtaining module, to the server;

the first receiving module is used for receiving an authentication result from the server;

the second receiving module is used for receiving the device identifier and the data to be authenticated from the application program;

the second sending module is configured to send a block chain node book query request to any one block chain node in the block chain network; the query blockchain node book request comprises the device identifier;

the third receiving module is configured to receive authentication association data corresponding to the device identifier from the blockchain node;

the first authentication module is configured to authenticate the data to be authenticated, which is received by the second receiving module, according to the authentication association data received by the third receiving module;

the third sending module is used for returning the authentication result of the first authentication module to the application program;

the fourth receiving module is configured to receive an account book request for querying a blockchain node from the server;

the second obtaining module is configured to obtain, from the stored block link point book, authentication association data corresponding to the device identifier of the query block link point book request;

the fourth sending module is configured to return the authentication association data corresponding to the device identifier to the server.

The invention has the beneficial effects that: by adopting the method and the system provided by the invention, the authentication equipment participates in the identity authentication, and simultaneously, the respective identity authentications of the members of the alliance organization are combined into a unified alliance authentication by combining the block chain related technology and the book data recorded on the block chain node, so that the mutual trust between the identity authentications of the members of different alliances is realized.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.

Fig. 1 is a block chain identity authentication method according to a second embodiment of the present invention;

fig. 2 and fig. 3 are diagrams illustrating a method for performing identity authentication on a blockchain according to a third embodiment of the present invention;

fig. 4 is a block diagram illustrating a system for identity authentication on a blockchain according to a fourth embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Example one

The embodiment provides a method for performing identity authentication on a blockchain, which is applicable to a system comprising authentication equipment, an application program, a server and a blockchain network, wherein the blockchain network comprises a plurality of blockchain nodes, and each blockchain node corresponds to one alliance organization member; the method comprises the following steps:

step s 2: the application program sends the equipment identifier and the data to be authenticated to the server;

step s 3: the server sends a block chain node account book query request to any block chain link point in the block chain network; inquiring the block chain node account book request including the equipment identifier;

step s 4: the block chain node acquires authentication associated data corresponding to the equipment identifier in the query block chain link point book request from the stored block chain link point book; returning authentication association data corresponding to the device identifier to the server;

the block chain node account book comprises: device identifiers of authentication devices corresponding to all federation organization members; and authentication association data corresponding to the device identifier;

step s 5: the server authenticates the data to be authenticated according to the received authentication associated data, and if the authentication is successful, the server returns the authentication success to the application program; and if the authentication fails, returning the authentication failure to the application program.

Specifically, the server acquires authentication valid data according to the authentication associated data, authenticates the data to be authenticated by using the authentication valid data, and returns authentication success to the application program if the authentication is successful; and if the authentication fails, returning the authentication failure to the application program.

It should be noted that, in this embodiment, the authentication of the data to be authenticated by using the authentication valid data may adopt a plurality of authentication manners, for example, an authentication manner such as a digital certificate authentication manner, an FIDO authentication manner, and a public key signature verification manner.

For example: when the server uses a public key signature verification authentication mode, the authentication valid data can be as follows: a device public key; the data to be authenticated may specifically be: a device identifier signature result;

in this embodiment, the authentication associated data may include: authenticating valid data;

step s5 specifically includes: the server authenticates the data to be authenticated by using the authentication valid data, and if the authentication is successful, the server returns the authentication success to the application program; and if the authentication fails, returning the authentication failure to the application program.

In this embodiment, the server authenticates the data to be authenticated according to the authentication association data, and may further specifically be:

and the server acquires authentication valid data corresponding to the equipment identifier and stored in the server according to the authentication associated data, and authenticates the data to be authenticated by using the authentication valid data.

In this embodiment, the server may include: an application server and an authentication server;

step s2 specifically includes: the application program sends the device identifier and the data to be authenticated to an application server;

step s3 specifically includes: the application server sends a block chain node account book query request to any one block chain node; inquiring the block chain node account book request including the equipment identifier;

step s4 specifically includes: the block chain node acquires authentication associated data corresponding to the equipment identifier from the stored block chain link point book; returning authentication associated data to the application server;

step s5 specifically includes:

step a 1: the application server sends the data to be authenticated and the equipment identifier to the authentication server according to the authentication associated data;

step a 2: the authentication server acquires authentication valid data corresponding to the equipment identifier stored in the authentication server, authenticates the data to be authenticated by using the authentication valid data to obtain an authentication result, and sends the authentication result to the application server;

step a 3: the application server judges whether the authentication is successful according to the authentication result, and if so, the application server returns the authentication success to the application program; otherwise, the authentication failure is returned to the application program.

Further, step s4 specifically includes:

step b 1: the block chain link point inquires all the equipment identifier judgment rules stored in the block chain node book to judge whether a judgment rule corresponding to the equipment identifier exists; if so, perform step b 2; otherwise, reporting an error;

step b 2: the block chain node acquires a judgment rule corresponding to the equipment identifier; acquiring an authentication server address according to the acquired judgment rule;

step b 3: the blockchain node sends an authentication server address to the application server.

In this embodiment, the server may include: an application server and a sender blockchain transfer server;

step s2 specifically includes: the application program sends a first request comprising a device identifier and data to be authenticated to an application server;

step s3 specifically includes:

step s 3-1: the application server stores the data to be authenticated and sends a device identifier query request to the block chain transfer server of the sender; the device identifier query request comprises a device identifier;

step s 3-2: a sender block chain transfer server generates a first request for inquiring a block chain node account book, and sends the first request for inquiring the block chain node account book to any one block chain node; inquiring that the first request of the block chain node account book comprises a device identifier; block link points execute step s 4;

step s4 specifically includes: the block chain node acquires authentication associated data corresponding to the equipment identifier from the stored block chain link point book; returning authentication associated data to the block chain transfer server of the sender; the transfer server returns authentication associated data to the application server;

step s5 specifically includes: the application server acquires authentication valid data corresponding to the equipment identifier from the authentication associated data, authenticates the data to be authenticated by using the authentication valid data, and returns authentication success to the application program if the authentication is successful; and if the authentication fails, returning the authentication failure to the application program.

Further, step s4 is preceded by: judging whether the block chain has the equipment identifier or not by the block chain link point, and if so, executing the step s 4; otherwise, an error is reported.

In this embodiment, the server may include an application server, an initiator blockchain relay server, an authenticator blockchain relay server, and an authentication server;

step s2 specifically includes: the application program sends a second request comprising the equipment identifier and the data to be authenticated to the application server;

step s3 specifically includes:

step s 3-3: the application server stores the data to be authenticated and sends a request for inquiring the equipment identifier judgment rule to the block chain transfer server of the initiator; the inquiry equipment identifier judgment rule request comprises an equipment identifier;

step s 3-2: the initiator block chain transfer server generates a second request for inquiring the block chain node account book and sends the second request for inquiring the block chain node account book to any one block chain node; inquiring the block chain node account book second request including the equipment identifier; block link points execute step s 4;

step s4 specifically includes:

step s 4-1: the block chain link point inquires whether a judgment rule corresponding to the equipment identifier exists in all equipment identifier judgment rules stored in the block chain; if so, then step s4-2 is performed; otherwise, reporting an error;

step s 4-2: the block chain node acquires a judgment rule corresponding to the equipment identifier; acquiring an address of the block chain transfer server of the authenticator according to the acquired judgment rule;

step s 4-3: the block chain node sends an address of the block chain transfer server of the authenticator to the block chain transfer server of the initiator;

step s5 specifically includes:

step s 5-1: the initiator block chain server sends a request for acquiring the data to be authenticated to an application server; acquiring a data request to be authenticated, wherein the data request to be authenticated comprises a device identifier;

step s 5-2: the application server sends an identity authentication data packet to the initiator block chain server; the identity authentication data packet comprises: a device identifier and data to be authenticated;

step s 5-3: the initiator blockchain server sends an authentication request to the authenticator blockchain transfer server according to the authenticator blockchain transfer server address; the authentication request comprises an identity authentication data packet;

step s 5-4: the block chain transfer server of the authenticator sends an authentication request to the authentication server;

step s 5-5: the authentication server acquires the equipment identifier and the data to be authenticated from the authentication request, and acquires authentication valid data which is stored by the authentication server and corresponds to the equipment identifier; authenticating the data to be authenticated by using the authentication valid data to obtain an authentication result;

step s 5-6: the authentication server sends an authentication result to the block chain transfer server of the authenticator;

step s 5-7: the authentication party block chain transfer server sends an authentication result to the initiator block chain transfer server;

step s 5-8: the initiator block chain transfer server sends an authentication result to the application server;

step s 5-9: the application server judges whether the authentication is successful according to the authentication result, and if so, the application server returns the authentication success to the application program; otherwise, the authentication failure is returned to the application program.

In this embodiment, the step s1 and the step s2 further include:

the application program uses the equipment identifier to obtain an authentication state identifier matched with the equipment identifier, obtains the authentication state of the authentication equipment according to the authentication state identifier, and finishes the process if the authentication equipment is judged to be authenticated according to the authentication state identifier; if the authentication device is judged not to be authenticated according to the authentication state identifier, executing step s 2;

after step s5, the method further includes: and the application program sets an authentication state identifier according to the authentication result.

Further, if the application program determines, according to the authentication status identifier, that the authentication device does not complete authentication and does not perform any blockchain query, step s2 specifically includes: the application program sends a first request comprising a device identifier and data to be authenticated to a server; and if the application program judges that the authentication equipment does not finish authentication and has already inquired the equipment identifier according to the authentication state identifier, the application program sends a second request comprising the equipment identifier and the data to be authenticated to the server.

In this embodiment, before the block link point obtains the authentication associated data corresponding to the device identifier in the request for querying the block link point book from the stored block link point book, the method further includes: the process of writing the block chain account book into the authentication associated data specifically comprises the following steps:

step c 1: any one block chain node in the block chain network receives a write authentication associated data request of a corresponding alliance organization member; the writing authentication associated data request comprises an organization identifier, a device identifier and authentication associated data of a member of a federation organization;

step c 2: the block chain nodes send a request for writing authentication associated data to all block chain nodes except the block chain nodes in the block chain network;

step c 3: all block chain link points in the block chain network judge whether the organization identification written in the authentication associated data request is recorded in a block chain account book or not, and if a judgment result is obtained, the judgment result is sent to all block chain nodes except the block chain node in the block chain network according to a Byzantine consensus algorithm (PBFT); and all the blockchain nodes in the blockchain network obtain the judgment result.

Step c 4: if the judgment result is yes, the block link node corresponding to the member of the alliance organization performs hash operation on the equipment identifier and the authentication associated data to obtain a first hash value, the authentication associated data, the first hash value and a second hash value on a first preset block position are spliced to obtain a first spliced value, the first spliced value is subjected to hash operation to obtain a third hash value, and the second hash value, the equipment identifier, the authentication associated data, the first hash value and the third hash value are spliced to obtain a data block;

step c 5: after all the requests for writing authentication associated data are executed according to the operations of c1-c4, all the obtained data blocks are combined into a data chain without branches, namely a section of block chain data, the section of block chain data is stored in a block chain account book of the block chain node, and the section of block chain data is sent to all the block chain nodes except the block chain node in the block chain network;

step c 6: and after all other block chain nodes except the block chain node corresponding to the alliance organization member in the block chain network receive the block chain node, storing the block chain node into the block chain node account book of the block chain node.

The present embodiment provides a method for performing identity authentication on a blockchain, which enables an authentication device to participate in identity authentication, and combines with blockchain related technologies, and forms a unified federation authentication from respective identity authentications of members of a federation organization through blockchain link point-to-account data recorded on blockchain nodes, thereby implementing mutual trust between identity authentications of members of different federation organizations.

Example two

The second embodiment provides a method for performing identity authentication on a blockchain, as shown in fig. 1:

step 101, an application program acquires a device identifier and a device identifier signature result of an authentication device;

for example: the device identifier is 1000000000000000.

After step 101, the method may further include: the application program uses the equipment identifier to inquire whether an authentication state identifier matched with the equipment identifier exists in a program database or not, acquires the authentication state of the authentication equipment according to the authentication state identifier, and if the data on a first preset position of the authentication state identifier is a first preset value, judges that the authentication equipment has finished authentication and finishes; otherwise, the authentication device is judged not to complete the authentication, and step 102 is executed.

More specifically, the application program uses the device identifier to query whether an authentication state identifier matched with the device identifier exists in a program database, acquires the authentication state of the authentication device according to the authentication state identifier, and if the data on a first preset position of the authentication state identifier is a first preset value, judges that the authentication device has completed authentication and ends; if the data at the first preset position of the authentication state identifier is a second preset value and the data at the second preset position of the authentication state identifier is a second preset value, it is determined that the authentication device does not complete authentication and does not perform any block chain query, and step 102 is performed; if the data on the first preset position of the authentication state identifier is the second preset value and the data on the second preset position of the authentication state identifier is the first preset value, it is determined that the authentication device does not complete authentication and has already performed device identifier query, and the operation in the third embodiment is executed; and if the data on the first preset position of the authentication state identifier is a second preset value and the data on the second preset position of the authentication state identifier is a third preset value, judging that the equipment cannot perform identity authentication and reports an error.

In this embodiment, the first preset position of the authentication status identifier is a first byte of the authentication status identifier, and the second preset position of the authentication status identifier is a second byte of the authentication status identifier.

In this embodiment, the first preset value is 11; the second preset value is 00; the third preset value is 22.

102, the application program sends a first request comprising a device identifier and a device identifier signature result to an application server;

step 103, the application server stores the device identifier signature result and generates a device identifier query request containing the device identifier;

the device identifier query request may be: 0x 011000000000000000

Step 104, the application server sends the device identifier query request to the block chain transfer server of the initiator;

step 105, the initiator blockchain relay server acquires the device identifier from the device identifier query request, and generates a first request for querying a blockchain link point book including the device identifier;

in this embodiment, the generating of the query blockchain node account book request is: 0x 011000000000000000

Step 106, the block chain transfer server of the initiator sends a first request for inquiring the account book of the block chain links to the block chain links;

step 107, the blockchain node acquires the device identifier from the first request for inquiring the blockchain node account book, judges whether the device identifier exists in the blockchain, and if yes, executes step 110; otherwise, returning error information to the block chain transfer server of the initiator, and executing step 108;

in this embodiment, the step of returning the error information to the originator blockchain relay server may specifically be to return information without the device identifier to the originator blockchain relay server.

Step 108, the block chain transfer server of the initiator returns error information to the application server;

in this embodiment, the step of returning the error information to the application server by the initiator blockchain relay server may specifically be to return information without the device identifier to the initiator blockchain relay server.

Step 109, the application server returns error information to the application program;

in this embodiment, the step of returning the error information to the application program by the application server may specifically be to return information without the device identifier to the application program.

After step 109, further comprising: the application program updates the data on the second preset position of the authentication state identification matched with the equipment identifier to the first preset value

For example: the application updates the data on the second byte of the authentication status identifier matching the device identifier to the first preset value of 11.

Step 110, the block chain link points inquire a block chain link point book corresponding to the equipment identifier to generate an inquiry result;

in this embodiment, the query result includes: device public keys, for example: the device public key is FFFF EEEE DDDD CCCC BBBB AAAA 0000999988887777666655554444333322221111 FFFF EEEE DDDD CCCC BBBB AAAA 0000999988887777666655554444333322221111 FFFF EEEE DDDD CCCC BBBB AAAA 0000999988887777666655554444333322221111 FFFF EEEE DDDD CCCC BBBB AAAA 0000999988887777666655554444333322221111.

Step 111, the block chain link point sends a query result to the block chain transfer server of the initiator;

step 112, the block chain transfer server of the initiator sends a query result to the application server;

step 113, the application server obtains the device public key from the query result, uses the device public key to sign the device identifier signature result, if the sign is successfully checked, the authentication of the authentication device is judged to be successful, and step 114 is executed; if the signature verification fails, the authentication of the authentication device is judged to fail, and step 115 is executed;

in this embodiment, the authentication success of the authentication device is determined, that is, the authentication device is determined to be a legitimate device; and judging that the authentication equipment is illegal if the authentication failure of the authentication equipment is judged.

Step 114, the application server sends a response of successful authentication to the application program; and finishing the authentication.

In this embodiment, after receiving the response of successful authentication, the application program updates the data at the first preset position of the authentication status identifier matched with the device identifier to the first preset value.

After receiving the response of successful authentication, the application updates the data on the first byte of the authentication status identifier matching with the device identifier to the first preset value 11.

Step 115, the application server sends a response of authentication failure to the application program, and the authentication is finished.

EXAMPLE III

The third embodiment provides a method for performing identity authentication on a blockchain, as shown in fig. 2:

step 201, an application program acquires a device identifier and a device identifier signature result of an authentication device;

in this embodiment, the device identifier may be: 2000000000000000, respectively;

after step 201, the method may further include: the application program uses the equipment identifier to inquire whether an authentication state identifier matched with the equipment identifier exists in a program database or not, acquires the authentication state of the authentication equipment according to the authentication state identifier, and if the data on a first preset position of the authentication state identifier is a first preset value, judges that the authentication equipment has finished authentication and finishes; otherwise, it is determined that the authentication device does not complete authentication, and step 202 is performed.

More specifically, the application program uses the device identifier to query whether an authentication state identifier matched with the device identifier exists in a program database, acquires the authentication state of the authentication device according to the authentication state identifier, and if the data on a first preset position of the authentication state identifier is a first preset value, judges that the authentication device has completed authentication and ends; if the data at the first preset position of the authentication state identifier is the second preset value and the data at the second preset position of the authentication state identifier is the second preset value, it is determined that the authentication device does not complete the authentication and does not perform any block chain query, and step 102 in the second embodiment is executed; if the data at the first preset position of the authentication state identifier is the second preset value and the data at the second preset position of the authentication state identifier is the first preset value, it is determined that the authentication of the authentication device is not completed and the device identifier query has been performed, and step 202 is executed; and if the data on the first preset position of the authentication state identifier is a second preset value and the data on the second preset position of the authentication state identifier is a third preset value, judging that the equipment cannot perform identity authentication and reports an error.

Step 202, the application program sends a second request comprising the device identifier and the device identifier signature result to the application server;

step 203, the application server stores the device identifier signature result and generates a device identifier query judgment rule request containing the device identifier;

in this embodiment, the generated query device identifier determination rule request is: 0x 022000000000000000;

step 204, the application server sends the request for inquiring the equipment identifier judgment rule to the block chain transfer server of the initiator;

step 205, the initiator blockchain relay server obtains the device identifier from the request for querying the device identifier determination rule, and generates a second request for querying a blockchain node book including the device identifier;

in this embodiment, the second request for generating the query blockchain node account book is: 0x 022000000000000000;

step 206, the block chain transfer server of the initiator sends a second account book request for inquiring the block chain nodes to the block chain link points;

step 207, the blockchain node acquires the device identifier from the second request for inquiring the blockchain node account book, inquires whether a judgment rule meeting the coding mode of the device identifier exists in all the device identifier judgment rules stored in the blockchain, and if so, executes step 210; otherwise, returning error information to the block chain transfer server of the initiator, and executing step 208;

step 208, the block chain transfer server of the initiator returns error information to the application server;

step 209, the application server returns error information to the application program;

in this embodiment, after receiving the error message, the application program updates the data at the second preset position of the authentication status identifier matched with the device identifier to the third preset value.

For example, after receiving the error message, the application updates the data in the 2 nd byte of the authentication result data of the authentication state identifier 0011 corresponding to the device identifier in the application database to 22.

Step 210, the block link point obtains a judgment rule corresponding to the equipment identifier, and obtains an address of the block link relay server of the authenticator according to the judgment rule corresponding to the equipment identifier;

in this embodiment, the determination rule corresponding to the device identifier is specifically: an 8 byte length device identifier beginning with 0x 02.

Step 211, the block link point returns the address of the block chain transfer server of the authenticator to the block chain transfer server of the initiator;

step 212, the initiator blockchain relay server generates a device signature data request containing a device identifier;

step 213, the initiator blockchain relay server sends a device signature data request to the application server;

step 214, the application server obtains the device identifier from the device signature data request, and returns an identity authentication data packet containing the device identifier and the device identifier signature result to the initiator blockchain transfer server;

step 215, the initiator blockchain relay server sends an authentication request of an identity authentication data packet containing an equipment identifier and an equipment identifier signature result to the authenticator blockchain relay server according to the authenticator blockchain relay server address;

step 216, the block chain transfer server of the authenticator sends an authentication request containing an identity authentication data packet to the authentication server;

step 217, the authentication server acquires the device identifier and the device identifier signature result in the identity authentication data packet from the authentication request, acquires the public key corresponding to the device identifier from the authentication server database by using the device identifier, verifies the device identifier signature result by using the public key corresponding to the device identifier according to the RSA algorithm, generates an authentication result according to the verification result, and returns the authentication result to the block chain transit server of the authenticator;

in this embodiment, the authentication result includes: authentication succeeded 11, authentication failed 00.

Step 218, the authenticator blockchain transit server returns an authentication result to the initiator blockchain transit server;

step 219, the block chain transfer server of the initiator returns an authentication result to the application server;

step 220, the application server judges whether the authentication is successful according to the authentication result, if so, step 221 is executed; otherwise, go to step 222;

step 221, the application server sends a response of successful authentication to the application program; and finishing the authentication.

For example, after receiving the response of successful authentication, the application updates the data at the first preset position of the authentication state identifier 0011 matching the device identifier to the first preset value 11.

Step 222, the application server sends a response of authentication failure to the application program, and the authentication is finished.

Example four

The present embodiment provides a system for performing identity authentication on a blockchain, as shown in fig. 4, including: an authentication device, an application, a server, and a blockchain network;

the application program comprises: a first obtaining module 11, a first sending module 12 and a first receiving module 13;

the server includes: a second receiving module 21, a second sending module 22, a third receiving module 23, a first authentication module 24 and a third sending module 25;

the block link points include: a fourth receiving module 31, a second obtaining module 32 and a fourth sending module 33;

a first obtaining module 11, configured to obtain a device identifier of a connected authentication device and data to be authenticated;

a first sending module 12, configured to send the device identifier and the data to be authenticated, which are obtained by the first obtaining module 11, to a server;

a first receiving module 13, configured to receive an authentication result from the server;

a second receiving module 21, configured to receive the device identifier and the data to be authenticated from the application program;

a second sending module 22, configured to send an inquiry block chain node account book request to any one block chain node in the block chain network; inquiring the block chain node account book request including the equipment identifier;

a third receiving module 23, configured to receive authentication association data corresponding to the device identifier from the blockchain node;

the first authentication module 24 is configured to authenticate the data to be authenticated, which is received by the second receiving module 21, according to the authentication association data received by the third receiving module 23;

a third sending module 25, configured to return the authentication result of the first authentication module 24 to the application;

a fourth receiving module 31, configured to receive an account book request for querying a blockchain node from a server;

a second obtaining module 32, configured to obtain authentication association data corresponding to the device identifier from the stored block link point book;

a fourth sending module 33, configured to return the authentication association data corresponding to the device identifier to the server.

In this embodiment, the authentication associated data includes: authenticating valid data;

the first authentication module 24 is specifically configured to authenticate the data to be authenticated, which is received by the second receiving module 21, by using the authentication valid data.

In this embodiment, the first authentication module 24 may be further specifically configured to obtain authentication valid data corresponding to the device identifier and stored in the first authentication module according to the authentication related data received by the third receiving module 23, and authenticate the data to be authenticated by using the authentication valid data.

the application server comprises a second receiving module 21, a second sending module 22, a third receiving module 23, a third sending module 25, a fifth sending module and a fifth receiving module;

the authentication server includes: a sixth receiving module, a first authentication module 24 and a sixth sending module;

a fifth sending module, configured to send the data to be authenticated and the device identifier to the authentication server according to the authentication association data received by the third receiving module 23;

a fifth receiving module, configured to receive an authentication result of the first authentication module 24 from the authentication server;

a sixth receiving module, configured to receive data to be authenticated and a device identifier from the application server;

the first authentication module 24 is specifically configured to acquire authentication valid data corresponding to the device identifier stored in the first authentication module, and authenticate the data to be authenticated by using the authentication valid data;

and a sixth sending module, configured to return the authentication result of the first authentication module 24 to the application server.

Further, the second obtaining module 32 specifically includes: the device comprises a first storage unit, a first judgment unit, a first error reporting unit and a first acquisition unit;

a first saving unit configured to save the device identifier determination rule;

the first judgment unit is used for inquiring whether a judgment rule corresponding to the equipment identifier exists in all the equipment identifier judgment rules stored in the block chain link point book;

a first obtaining unit configured to obtain a determination rule corresponding to the device identifier when the first determining unit determines that the device identifier is valid; acquiring an authentication server address according to a judgment rule;

the first error reporting unit is used for reporting an error after the first judging unit judges that the error is not the first error.

In this embodiment, the server includes: an application server and a sender blockchain transfer server;

a first sending module 12, configured to send a first request including a device identifier and data to be authenticated to an application server;

the application server includes: a second receiving module 21, a first saving module, a first authentication module 24, a seventh sending module and a seventh receiving module;

the first storage module is used for storing the data to be authenticated;

a seventh sending module, configured to send a device identifier query request to the sender blockchain relay server;

the seventh receiving module of (2) is configured to receive the authentication association data sent by the sender-side blockchain relay server;

the first authentication module 24 is specifically configured to acquire authentication valid data corresponding to the device identifier from the authentication associated data received by the seventh receiving module, and authenticate the data to be authenticated by using the authentication valid data;

the sender blockchain relay server includes: an eighth receiving module, a second sending module 22, a third receiving module 23 and an eighth sending module;

an eighth receiving module, configured to receive a device identifier query request from an application server;

and the eighth sending module is used for sending the authentication associated data to the application server.

Further, the block link point further includes: the device comprises a first judgment module and a first error reporting module;

the first judgment module is used for judging whether the block chain has the equipment identifier or not;

a second obtaining module 32, configured to, after the first determining module determines that the block link point book is positive, obtain, according to the stored block link point book, authentication association data corresponding to the device identifier;

and the first error reporting module is used for reporting an error after the first judgment module judges that the error is not the first error.

In this embodiment, the server includes: the system comprises an application server, an initiator block chain transfer server, an authenticator block chain transfer server and an authentication server;

a first sending module 12, configured to send a second request including the device identifier and the data to be authenticated to the application server;

the application server includes: a second saving module, a ninth sending module, a ninth receiving module, a tenth sending module, a tenth receiving module and a third sending module 25;

the originator blockchain relay server includes: an eleventh receiving module, a second sending module 22, a third receiving module 23, an eleventh sending module, a twelfth receiving module, a twelfth sending module, a thirteenth receiving module and a thirteenth sending module;

the authenticator block chain transit server comprises: a fourteenth receiving module, a fourteenth transmitting module, a fifteenth receiving module and a fifteenth transmitting module;

the authentication server includes: a sixteenth receiving module, a first authentication module 24 and a sixteenth sending module;

the second storage module is used for storing the data to be authenticated;

a ninth sending module, configured to send a request for querying the device identifier determination rule to the initiator blockchain transfer server; the inquiry equipment identifier judgment rule request comprises an equipment identifier;

a ninth receiving module, configured to receive a data request to be authenticated from the initiator blockchain relay server;

a tenth sending module, configured to send an identity authentication packet to the initiator blockchain server; the identity authentication data packet comprises: a device identifier and data to be authenticated;

a tenth receiving module, configured to receive an authentication result from the initiator blockchain server;

an eleventh receiving module, configured to receive a query device identifier judgment rule request from an application server;

the second sending module 22 is specifically configured to generate a second request for querying the block chain node account book, and send the second request for querying the block chain node account book to the block chain node; inquiring the block chain node account book second request including the equipment identifier;

a third receiving module 23, configured to receive an authenticator blockchain transit server address from a blockchain node;

the eleventh sending module is used for sending a request for acquiring the data to be authenticated to the application server; acquiring a data request to be authenticated, wherein the data request to be authenticated comprises a device identifier;

a twelfth receiving module, configured to receive the identity authentication packet from the application server; the identity authentication data packet comprises: a device identifier and data to be authenticated;

a twelfth sending module, configured to send an authentication request to the authenticator block chain transfer server according to the authenticator block chain transfer server address;

a thirteenth receiving module, configured to receive an authentication result from the authenticator blockchain transit server;

a thirteenth sending module, configured to send the authentication result to the application server;

a fourteenth receiving module, configured to receive an authentication sending request from the initiator blockchain server;

a fourteenth sending module, configured to send an authentication request to the authentication server;

a fifteenth receiving module, configured to receive an authentication result from the authentication server;

a fifteenth sending module, configured to send an authentication result to the initiator blockchain server;

a sixteenth receiving module, configured to receive an authentication request from the authenticator block chain transit server;

the first authentication module 24 is specifically configured to acquire the device identifier and the data to be authenticated from the authentication request, and acquire authentication valid data corresponding to the device identifier stored in the first authentication module; authenticating the data to be authenticated by using the authentication valid data to obtain an authentication result;

a sixteenth sending module, configured to send an authentication result to the authenticator block chain transit server;

the second obtaining module 32 specifically includes: the second storage unit, the second judgment unit, the second acquisition unit and the second error reporting unit;

the second error reporting unit is used for storing the equipment identifier judgment rule;

the second judgment unit is used for inquiring whether a judgment rule corresponding to the equipment identifier exists in all the equipment identifier judgment rules stored in the block chain link point book;

a second obtaining unit configured to obtain a determination rule corresponding to the device identifier when the second determining unit determines that the device identifier is the device identifier; acquiring the address of the block chain transfer server of the authenticator according to a judgment rule;

and the second error reporting unit is used for reporting an error after the second judging unit judges that the error is not the first error reporting unit.

In this embodiment, the application program further includes: a second judgment module;

the second judging module is used for acquiring an authentication state identifier matched with the equipment identifier by using the equipment identifier, acquiring the authentication state of the authentication equipment according to the authentication state identifier, and finishing the authentication if the authentication equipment is judged to be authenticated according to the authentication state identifier;

the first sending module 12 is specifically configured to send the device identifier and the data to be authenticated, which are acquired by the first acquiring module 11, to the server when the second determining module determines that the authentication device does not complete authentication according to the authentication state identifier.

Further, the first sending module 12 is specifically configured to send a first request including the device identifier and the data to be authenticated to the server if the second determining module determines, according to the authentication status identifier, that the authentication device does not complete authentication and does not perform any blockchain query; and if the second judging module judges that the authentication equipment does not finish authentication and has already inquired the equipment identifier according to the authentication state identifier, sending a second request comprising the equipment identifier and the data to be authenticated to the server.

In this embodiment, the first authentication module is specifically configured to obtain the authentication valid data according to the authentication associated data, and authenticate the data to be authenticated by using the authentication valid data.

The embodiment provides a system for identity authentication on a blockchain, which includes: an authentication device, an application, a server, and a blockchain network; the block chain network comprises a plurality of block chain nodes; each block link point corresponds to one alliance organization member; the system provided in this embodiment enables authentication devices to participate in identity authentication, and combines with blockchain related technologies, and forms respective identity authentications of members of an alliance into a unified alliance authentication through the book data recorded on blockchain nodes, thereby implementing mutual trust between identity authentications of members of different alliances.

While the invention has been described with reference to specific embodiments, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims

1. A method for carrying out identity authentication on a block chain is suitable for a system comprising authentication equipment, an application program, a server and a block chain network, and is characterized in that the block chain network comprises a plurality of block chain nodes, and each block chain node corresponds to one alliance organization member; the method comprises the following steps:

step s 5: the server authenticates the received data to be authenticated according to the authentication associated data, and if the authentication is successful, the server returns the authentication success to the application program; if the authentication fails, returning authentication failure to the application program;

wherein, the server specifically comprises: an application server and an authentication server;

when the server specifically comprises an application server and an authentication server:

the step s2 specifically includes: the application program sends the device identifier and the data to be authenticated to the application server;

the step s3 specifically includes: the application server sends a block chain node account book query request to any one block chain node;

the step s4 specifically includes: the block chain node acquires authentication associated data corresponding to the equipment identifier in the query block chain link point book request from a stored block chain link point book; returning the authentication associated data to the application server;

the step s5 specifically includes:

step a 1: the application server sends the data to be authenticated and the equipment identifier to an authentication server according to authentication associated data;

step a 2: the authentication server acquires authentication valid data corresponding to the equipment identifier stored in the authentication server, authenticates the data to be authenticated by using the authentication valid data to obtain an authentication result, and sends the authentication result to an application server;

step a 3: the application server judges whether the authentication is successful according to the authentication result, and if so, the application server returns the authentication success to the application program; otherwise, returning authentication failure to the application program.

2. The method of claim 1, wherein the authentication association data comprises: authenticating valid data;

the step s5 is specifically as follows: the server authenticates the data to be authenticated by using the authentication valid data, and if the authentication is successful, the server returns the authentication success to the application program; and if the authentication fails, returning authentication failure to the application program.

3. The method according to claim 1, wherein the server authenticates the data to be authenticated according to the authentication-related data, specifically:

and the server acquires authentication valid data corresponding to the equipment identifier and stored by the server according to the authentication associated data, and authenticates the data to be authenticated by using the authentication valid data.

4. The method of claim 1, wherein the blockchain node obtains authentication association data corresponding to the device identifier in the query blockchain point book request from a saved blockchain point book; the step of returning the authentication associated data to the application server specifically includes:

step b 1: the block chain link point inquires whether a judgment rule corresponding to the equipment identifier exists in all equipment identifier judgment rules stored in a block chain node book; if so, perform step b 2; otherwise, reporting an error;

step b 2: the block chain node acquires a judgment rule corresponding to the equipment identifier; acquiring an authentication server address according to the judgment rule corresponding to the equipment identifier;

step b 3: and the block chain node sends an authentication server address to the application server.

5. The method according to claim 1, wherein the server specifically comprises instead: an application server and a sender blockchain transfer server;

when the server specifically comprises an application server and a sender block chain transfer server:

the step s2 specifically includes: the application program sends a first request comprising the device identifier and the data to be authenticated to the application server;

step s3 specifically includes:

step s 3-1: the application server stores the data to be authenticated and sends a device identifier query request to the sender block chain transfer server; the device identifier query request comprises the device identifier;

step s 3-2: the sender block chain transfer server generates a first request for inquiring a block chain node account book, and sends the first request for inquiring the block chain node account book to any one block chain node; the first request for querying the blockchain node book includes the device identifier; the block link point performs step s 4;

the step s4 specifically includes: the block chain node acquires authentication associated data corresponding to the equipment identifier from a stored block chain link point book; returning the authentication associated data to the sender block chain transfer server; the transit server returns the authentication associated data to the application server;

the step s5 specifically includes: the application server acquires authentication valid data corresponding to the equipment identifier from the authentication associated data, authenticates the data to be authenticated by using the authentication valid data, and returns authentication success to the application program if the authentication is successful; and if the authentication fails, returning authentication failure to the application program.

6. The method of claim 5, wherein the block chain node further comprises, prior to obtaining authentication association data corresponding to the device identifier from the saved block chain link point book: the block link point determines whether the device identifier exists in a block chain, and if so, performs step s 4; otherwise, an error is reported.

7. The method according to claim 1, wherein the server specifically comprises instead: the system comprises an application server, an initiator block chain transfer server, an authenticator block chain transfer server and an authentication server;

when the server specifically includes an application server, an initiator blockchain relay server, an authenticator blockchain relay server, and an authentication server:

the step s2 specifically includes: the application program sends a second request comprising the device identifier and the data to be authenticated to the application server;

step s3 specifically includes:

step s 3-3: the application server stores the data to be authenticated and sends a request for inquiring the equipment identifier judgment rule to the initiator block chain transfer server; the query device identifier judgment rule request comprises the device identifier;

step s 3-2: the initiator block chain transfer server generates a second request for inquiring the block chain node account book and sends the second request for inquiring the block chain node account book to any one block chain node; the second request for inquiring the blockchain node account book comprises the equipment identifier; the block link point performs step s 4;

the step s4 specifically includes:

step s 4-1: the block chain link point inquires whether a judgment rule corresponding to the equipment identifier exists in all equipment identifier judgment rules stored in a block chain; if so, then step s4-2 is performed; otherwise, reporting an error;

step s 4-2: the block chain node acquires a judgment rule corresponding to the equipment identifier; acquiring an authenticator block chain transfer server address according to the judgment rule corresponding to the equipment identifier;

step s 4-3: the blockchain node sends an authenticator blockchain transit server address to the initiator blockchain transit server;

the step s5 specifically includes:

step s 5-1: the initiator block chain server sends a request for acquiring data to be authenticated to the application server; the request for obtaining the data to be authenticated comprises the equipment identifier;

step s 5-2: the application server sends an identity authentication data packet to the initiator block chain server; the identity authentication data packet comprises: the device identifier and the data to be authenticated;

step s 5-3: the initiator block chain server sends an authentication request to the authenticator block chain transfer server according to the authenticator block chain transfer server address; the authentication request comprises the identity authentication data packet;

step s 5-4: the authenticator block chain transit server sends the authentication request to the authentication server;

step s 5-5: the authentication server acquires an equipment identifier and data to be authenticated from the authentication request, and acquires authentication valid data which is stored by the authentication server and corresponds to the equipment identifier; authenticating the data to be authenticated by using the authentication valid data to obtain an authentication result;

step s 5-6: the authentication server sends the authentication result to the authenticator block chain transfer server;

step s 5-7: the authenticator block chain transfer server sends an authentication result to the initiator block chain transfer server;

step s 5-8: the initiator blockchain transfer server sends an authentication result to the application server;

step s 5-9: the application server judges whether the authentication is successful according to the authentication result, and if so, the application server returns the authentication success to the application program; otherwise, returning authentication failure to the application program.

8. The method of claim 1, further comprising, between steps s1 and s 2:

the application program uses the equipment identifier to obtain an authentication state identifier matched with the equipment identifier, obtains the authentication state of the authentication equipment according to the authentication state identifier, and finishes the process if the authentication of the authentication equipment is judged to be finished according to the authentication state identifier; if the authentication device is judged not to be authenticated according to the authentication state identification, executing step s 2;

after the step s5, the method further includes: and the application program sets an authentication state identifier according to the authentication result.

9. The method according to claim 8, wherein if the application determines, according to the authentication status flag, that the authentication device does not complete the authentication and does not perform any blockchain query, the step s2 specifically includes: the application program sends a first request comprising the device identifier and the data to be authenticated to the server; if the application program determines, according to the authentication status identifier, that the authentication device has not been authenticated and has already been queried by the device identifier, step s2 specifically includes: the application sends a second request to the server including the device identifier and the data to be authenticated.

10. The method according to claim 1, wherein the authenticating the received data to be authenticated according to the authentication-related data specifically comprises:

and the server acquires authentication valid data according to the authentication associated data and authenticates the data to be authenticated by using the authentication valid data.

11. A system for identity authentication over a blockchain, comprising: an authentication device, an application, a server, and a blockchain network;

the fourth sending module is configured to return the authentication association data corresponding to the device identifier to the server;

the application server comprises the second receiving module, the second sending module, the third receiving module, the third sending module, a fifth sending module and a fifth receiving module;

the authentication server includes: a sixth receiving module, the first authentication module and a sixth sending module;

the fifth sending module is configured to send the data to be authenticated and the device identifier to the authentication server according to the authentication associated data received by the third receiving module;

the fifth receiving module is configured to receive an authentication result of the first authentication module from the authentication server;

the sixth receiving module is configured to receive the data to be authenticated and the device identifier from the application server;

the first authentication module is specifically configured to acquire authentication valid data corresponding to the device identifier stored in the first authentication module, and authenticate the data to be authenticated by using the authentication valid data;

and the sixth sending module is used for returning the authentication result of the first authentication module to the application server.

12. The system according to claim 11, wherein the authentication association data comprises: authenticating valid data;

the first authentication module is configured to authenticate the data to be authenticated, which is received by the second receiving module, by using the authentication valid data.

13. The system according to claim 11, wherein the first authentication module is configured to obtain authentication valid data corresponding to the device identifier stored in the first authentication module according to the authentication related data received by the third receiving module, and authenticate the data to be authenticated by using the authentication valid data.

14. The system of claim 11, wherein the second obtaining module specifically comprises: the device comprises a first storage unit, a first judgment unit, a first error reporting unit and a first acquisition unit;

the first storage unit is used for storing the equipment identifier judgment rule;

the first judging unit is used for inquiring whether a judging rule corresponding to the equipment identifier exists in all equipment identifier judging rules stored in the block chain link point book;

a first obtaining unit configured to obtain a determination rule corresponding to the device identifier when the first determining unit determines that the device identifier is valid; acquiring an authentication server address according to a judgment rule corresponding to the equipment identifier;

the first error reporting unit is configured to report an error after the first determining unit determines that the error is negative.

15. The system according to claim 11, wherein the server specifically comprises instead: an application server and a sender blockchain transfer server;

the first sending module is specifically configured to send, to the application server, a first request including the device identifier and the data to be authenticated;

the application server includes: the second receiving module, the first saving module, the first authentication module, the seventh sending module and the seventh receiving module;

the first storage module is used for storing data to be authenticated;

the seventh sending module is configured to send a device identifier query request to the sender block chain relay server;

the seventh receiving module is configured to receive the authentication association data sent by the sender block chain relay server;

the first authentication module is specifically configured to acquire authentication valid data corresponding to the device identifier from the authentication associated data received by the seventh receiving module, and authenticate the data to be authenticated by using the authentication valid data;

the sender blockchain relay server includes: an eighth receiving module, the second sending module, the third receiving module and an eighth sending module;

the eighth receiving module is configured to receive a device identifier query request from the application server;

the eighth sending module is configured to send the authentication association data to the application server.

16. The system of claim 15, wherein the blockchain node further comprises: the device comprises a first judgment module and a first error reporting module;

the first judging module is configured to judge whether the device identifier exists in a block chain;

the second obtaining module is configured to obtain, according to the stored block link point book, authentication association data corresponding to the device identifier after the first determining module determines that the block link point book is positive;

17. The system according to claim 11, wherein the server specifically comprises instead: the system comprises an application server, an initiator block chain transfer server, an authenticator block chain transfer server and an authentication server;

the first sending module is specifically configured to send, to the application server, a second request including the device identifier and the data to be authenticated;

the application server includes: the second storage module, the ninth sending module, the ninth receiving module, the tenth sending module, the tenth receiving module and the third sending module;

the originator blockchain relay server includes: an eleventh receiving module, the second sending module, the third receiving module, an eleventh sending module, a twelfth receiving module, a twelfth sending module, a thirteenth receiving module and a thirteenth sending module;

the authenticator blockchain transit server comprises: a fourteenth receiving module, a fourteenth transmitting module, a fifteenth receiving module and a fifteenth transmitting module;

the authentication server includes: a sixteenth receiving module, the first authentication module and a sixteenth sending module;

the second storage module is used for storing data to be authenticated;

the ninth sending module is configured to send a request for querying a device identifier determination rule to the initiator blockchain transfer server; the query device identifier judgment rule request comprises the device identifier;

the ninth receiving module is configured to receive a data request to be authenticated from the initiator blockchain relay server;

the tenth sending module is configured to send an identity authentication packet to the initiator blockchain server; the identity authentication data packet comprises: the device identifier and the data to be authenticated;

the tenth receiving module is configured to receive an authentication result from the initiator blockchain server;

the eleventh receiving module is configured to receive a request for querying a device identifier determination rule from the application server;

the second sending module is specifically configured to generate a second request for querying a block chain node account book, and send the second request for querying the block chain node account book to the block chain node; the second request for inquiring the blockchain node account book comprises the equipment identifier;

the third receiving module is specifically configured to receive an authenticator blockchain transit server address from the blockchain node;

the eleventh sending module is configured to send a request for obtaining data to be authenticated to the application server; the request for obtaining the data to be authenticated comprises the equipment identifier;

the twelfth receiving module is configured to receive an identity authentication packet from the application server; the identity authentication data packet comprises: the device identifier and the data to be authenticated;

the twelfth sending module is configured to send an authentication request to the authenticator block chain transfer server according to the authenticator block chain transfer server address;

the thirteenth receiving module is configured to receive the authentication result from the authenticator block chain transit server;

the thirteenth sending module is configured to send the authentication result to the application server;

the fourteenth receiving module is configured to receive an authentication sending request from the initiator blockchain server;

the fourteenth sending module is configured to send the authentication request to the authentication server;

the fifteenth receiving module is configured to receive an authentication result from the authentication server;

the fifteenth sending module is configured to send the authentication result to the initiator blockchain server;

the sixteenth receiving module is configured to receive an authentication request from the authenticator block chain transit server;

the first authentication module is specifically configured to acquire an equipment identifier and data to be authenticated from the authentication request, and acquire authentication valid data corresponding to the equipment identifier stored in the first authentication module; authenticating the data to be authenticated by using the authentication valid data to obtain an authentication result;

the sixteenth sending module is configured to send an authentication result to the authenticator block chain transit server;

the second obtaining module specifically includes: the second storage unit, the second judgment unit, the second acquisition unit and the second error reporting unit;

the second judging unit is configured to query whether a judging rule corresponding to the device identifier exists in all device identifier judging rules stored in the block link point book;

the second obtaining unit is configured to obtain a determination rule corresponding to the device identifier after the second determining unit determines that the device identifier is the device identifier; acquiring an address of the block chain transfer server of the authenticator according to the judgment rule;

18. The system of claim 11, wherein the application further comprises: a second judgment module;

the first sending module is specifically configured to send the device identifier and the data to be authenticated, which are acquired by the first acquiring module, to the server when the second determining module determines that the authentication device does not complete authentication according to the authentication state identifier.

19. The system according to claim 18, wherein the first sending module is specifically configured to send a first request including the device identifier and the data to be authenticated to the server if the second determining module determines, according to the authentication status identifier, that the authentication of the authentication device is not completed and no blockchain inquiry is performed; and if the second judging module judges that the authentication equipment does not finish authentication and has already inquired the equipment identifier according to the authentication state identifier, sending a second request comprising the equipment identifier and the data to be authenticated to the server.

20. The system according to claim 11, wherein the first authentication module is specifically configured to obtain authentication valid data according to the authentication association data, and authenticate the data to be authenticated using the authentication valid data.