CN116188007A - Identity verification method and system - Google Patents

Abstract

The application provides an identity verification method and system. The method is applied to an identity verification system, the system comprising: calculating a node end, a user end and a terminal equipment end; the terminal equipment end is provided with at least one application program; the method comprises the following steps: the user sends a target identity certificate and an open authority request to the terminal equipment; the terminal equipment end sends the target identity certificate and the verification request to the computing node end; the computing node end responds to the determination that the target identity credential passes verification according to the verification request and sends positive feedback information to the terminal equipment end; and the terminal equipment end opens the authority of the target application program to the user end according to the positive feedback information. Through the identity verification method, the system, the electronic equipment and the storage medium, the risk of information leakage of the user can be reduced, and therefore data security is improved.

Description

Authentication method and system

Technical Field

The present application relates to the field of information security technology, and in particular to an identity authentication method and system.

Background Art

In the financial business field, some trading platforms support users to conduct financial transactions such as financial payments through applications on terminal devices. In related technologies, the user's identity information is authenticated through the terminal device or a third party to confirm the legitimacy of the user's use of data. However, when the third party is untrustworthy, the terminal device or the third party is attacked, etc., the related technical methods cannot guarantee the security of user information.

This shows that the related technology has the problem of low security of user information data.

Summary of the invention

In view of this, the purpose of this application is to solve the problem of low security of user information data described in the background technology and to propose an identity authentication method and system.

Based on the above purpose, the present application provides an identity authentication method, which is applied to an identity authentication system, the system comprising: a computing node end, a user end, and a terminal device end; the terminal device end is installed with at least one application;

The method comprises:

The user terminal sends the target identity certificate and the open permission request to the terminal device terminal;

The terminal device sends the target identity certificate and the verification request to the computing node;

In response to determining that the target identity credential is verified according to the verification request, the computing node sends positive feedback information to the terminal device;

The terminal device opens the permission of the target application to the user terminal according to the positive feedback information.

Optionally, the method for obtaining the target identity credential includes:

The user terminal sends user identity information and a master credential request to the computing node terminal;

In response to the user information verification being passed by the request according to the master credential, the computing node encrypts the master credential and sends it to the user end;

The user terminal obtains the master certificate by decrypting;

The user terminal sends user attribute information, the main credential and a system sub-credential request to the computing node terminal;

In response to the user attribute information and the primary credential being verified according to the system credential request, the computing node encrypts the system credential and sends it to the user end;

The user terminal obtains the system sub-credential by decryption;

The user terminal sends the master credential, the system sub-credential and the application sub-credential request to the computing node terminal;

In response to the main credential and the system credential being verified according to the application credential request, the computing node encrypts the application credential and sends it to the user end; each application credential uniquely corresponds to an application program;

The user terminal obtains the application sub-credential by decrypting;

The user terminal uses the main credential, the system sub-credential, and the application sub-credential corresponding to the target application as a sub-credential set to obtain a target identity credential.

Optionally, the encryption method at the computing node end includes:

并生成一个生成元为P的循环群；Get random numbers

And generate a cyclic group with generator P;

Calculate Y _i =λ _i ·P, δ _i =H ₃ (PID _i , cred _i , pk _i , Y _i ),

Wherein, P is the generator of the cyclic group, PID _i is the pseudonym of the computing node, cred _i is the sub-credential sent by the computing node, pk _i is the public key of the computing node, and sk _i is the private key of the computing node;

Set the encrypted signature to σ _i =(Y _i ,Φ _i );

(PID _i , cred _i , pk _i , σ _i , _Ti ) is used as the encryption information, where _Ti is the timestamp of the encryption information.

Optionally, the decryption method of the user terminal includes:

Calculate δ _i =H ₃ (PID _i , cred _i , pk _i , Y _i );

According to the δ _i , the calculation verifies the equation

Wherein, U _i is the intermediate value of the public key generation process of the computing node end, and θ _i is the intermediate value of the private key generation process of the computing node end;

In response to determining that the verification equation can be correctly proved, it is determined that decryption is complete.

Optionally, the method for acquiring user attribute information includes:

The user terminal obtains the attribute structure information of the target application, and determines the attribute name according to the attribute structure information;

The user terminal retrieves the corresponding attribute value according to the attribute name;

The user terminal determines the user attribute information according to the attribute name and the attribute value.

Optionally, the user terminal sends the target identity credential and the open permission request to the terminal device terminal, including:

Get the predetermined system master key Msk and system public parameters

Specifying an access structure of all sub-credentials of the target identity credential;

For any sub-credential f _u , a secret number k _u ∈ _GT is randomly selected as its symmetric encryption key, and a random number is randomly selected

表示对f_u进行以k_u为密钥的对称加密算法；响应于确定该分凭证的每一属性att_i的属性值

确定

所述每一属性att_i为用户身份信息或用户属性信息；According to the secret number _ku and the random number _su , the ciphertext of the sub-voucher _fu is calculated as _Cu = {Cu _,-1 , _Cu,0 , Cu _,1 , Cu _,2 }; wherein,

represents a symmetric encryption algorithm using k _u as the key for f _u ; in response to determining the attribute value of each attribute att _i of the sub-voucher

Sure

Each attribute at _i is user identity information or user attribute information;

确定C_i,2,t为数据集合G的一个随机数；In response to determining the attribute value of each attribute at _i of the sub-credential

Determine _Ci,2,t as a random number in the data set G;

Gather the ciphertexts of all the sub-vouchers to obtain the target ciphertext C = {C ₁ ,C ₂ ,···,C _u ,···,C _N };

The user terminal sends the target identity credential, the target ciphertext and an open permission request to the terminal device terminal.

Optionally, the terminal device sends the target identity credential and the verification request to the computing node, including:

The terminal device sends the target identity credential, target ciphertext and verification request to the computing node according to the open permission request.

Optionally, after the terminal device sends the target identity credential, the target ciphertext and the verification request to the computing node, the method further includes:

The computing node, in response to determining that the access structure of the sub-credential of the target identity credential meets the verification condition, calculates the private key of the target identity credential through a secret key encryption algorithm;

Obtaining a decryption key according to the private key and the master key;

In response to determining that the decryption key is capable of decrypting the target ciphertext, it is determined that the target identity credential is authenticated.

Optionally, the calculating the private key of the target identity credential by using a secret key encryption algorithm includes:

Obtaining the identity attribute list L=[L ₁ ,L ₂ ,...,L _n ] of the target identity credential;

D₁＝{D_1i}，

Q_s＝h₁(L)，According to the identity attribute list, the key sk _L ={D ₀ ,D ₁ ,D ₂ } is calculated; wherein,

D ₁ = {D _1i },

_Qs = _h1 (L),

Among them, α and s are predetermined system master key elements, _ui is the i-th attribute value of the target identity credential, and iti is the i-th identity attribute of the identity attribute list.

Based on the same inventive concept, the present application also provides an identity authentication system, including:

A computing node end, a user end, and a terminal device end; the terminal device end is installed with at least one application; the computing node end, the user end, and the terminal device end are in communication connection;

The user terminal is configured to send a target identity certificate and an open permission request to the terminal device terminal;

The terminal device is configured to send the target identity credential and the verification request to the computing node;

The computing node is configured to send positive feedback information to the terminal device in response to determining that the target identity credential is authenticated according to the authentication request;

The terminal device is configured to open permissions of the target application to the user terminal according to the positive feedback information.

From the above, it can be seen that the identity authentication method, system, electronic device and storage medium provided by this application realize the distribution and verification of user identity credentials through a trusted third party - the computing node. In the distribution and verification process of the identity credentials, only part of the user's attribute information is involved. In this way, the user's information is protected from leakage and the security of the user's information is improved.

BRIEF DESCRIPTION OF THE DRAWINGS

In order to more clearly illustrate the technical solutions in the present application or related technologies, the drawings required for use in the embodiments or related technical descriptions are briefly introduced below. Obviously, the drawings described below are merely embodiments of the present application. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying any creative work.

FIG1 is a schematic diagram of a process flow of an identity authentication method according to one or more embodiments of the present application;

FIG2 is a schematic diagram of a process flow of an identity authentication method according to one or more embodiments of the present application;

FIG3 is a schematic diagram of the structure of an identity authentication system according to one or more embodiments of the present application.

DETAILED DESCRIPTION

In order to make the objectives, technical solutions and advantages of the present application more clearly understood, the present application is further described in detail below in combination with specific embodiments and with reference to the accompanying drawings.

It should be noted that, unless otherwise defined, the technical terms or scientific terms used in the embodiments of the present application should be the usual meanings understood by people with ordinary skills in the field to which the present application belongs. The "first", "second" and similar words used in the embodiments of the present application do not represent any order, quantity or importance, but are only used to distinguish different components. "Including" or "comprising" and similar words mean that the elements or objects appearing in front of the word cover the elements or objects listed after the word and their equivalents, without excluding other elements or objects. "Connect" or "connected" and similar words are not limited to physical or mechanical connections, but can include electrical connections, whether direct or indirect. "Up", "down", "left", "right" and the like are only used to indicate relative positional relationships. When the absolute position of the described object changes, the relative positional relationship may also change accordingly.

As described in the background art, in the field of financial services, some trading platforms support users to conduct financial transactions such as financial payments through applications on terminal devices.

In the related technologies, the user's identity information is authenticated through the terminal device or a third party to confirm the legitimacy of the user's use of data. In the process of legitimacy verification, the related technologies require the user to provide all the information, which allows attackers to obtain all the user's information through technical means, and the user's private data is leaked.

In summary, the related technology has the problem of low security of user information data.

Therefore, the present application proposes an identity authentication method, which provides the attribute data required by the target application, rather than all the attribute data, according to the requirements of the target application, so as to protect the user's data security.

The technical solutions of one or more embodiments of this specification are described in detail below through specific examples.

Referring to FIG1 , the identity authentication method of one or more embodiments of the present application is applied to an identity authentication system, the system comprising: a computing node end, a user end, and a terminal device end; the terminal device end is installed with at least one application;

The method comprises:

Step S101: The user terminal sends a target identity certificate and an open permission request to the terminal device terminal.

In some embodiments, before sending the target identity credential and the open permission request to the terminal device, the user end obtains the target identity credential by the following method: the user end sends user identity information and a master credential request to the computing node end; the computing node end sends the master credential to the user end in response to the verification of the user information according to the master credential request; the user end sends user attribute information, the master credential and a system sub-credential request to the computing node end; the computing node end sends the system sub-credential to the user end in response to the verification of the user attribute information and the master credential according to the system sub-credential request; the user end sends the master credential, the system sub-credential and the application sub-credential request to the computing node end; the computing node end sends the application sub-credential to the user end in response to the verification of the master credential and the system sub-credential according to the application sub-credential request; each of the application sub-credentials uniquely corresponds to an application; the user end collects the master credential, the system sub-credential and the application sub-credential corresponding to the target application to obtain the target identity credential.

That is, in some embodiments, the user terminal obtains the main credential, the system sub-credential and the application sub-credential in sequence through interaction with the computing node terminal.

In some embodiments, the master credential consists of three parts: context, claim, and source. Among them, context specifies the fixed bit "master" to indicate that the credential is a master credential; claim consists of the attribute name, the commitment to the attribute value, and the source of the attribute value, which is represented by claim = {a, value, P}. The attribute name a is the user identity identification number (ID, Identity Document), the attribute value is the user identity information, and the source of the attribute value can be obtained from a predetermined trusted third party; source is the ID of the computing node that issued the credential. In some embodiments, the attribute value is stored encrypted.

In some embodiments, the system sub-credential consists of three parts: context, claim, and source. Among them, context indicates the information content stored; claim consists of the attribute name, the commitment to the attribute value, and the source of the attribute value, which is represented by claim = {a, value, P}, where the attribute name a is the user identity identification number (ID, IdentityDocument), the attribute value is the user attribute information, and the source of the attribute value can be obtained from a predetermined trusted third party; source is the ID of the computing node that issued the credential. In some embodiments, the attribute value is stored encrypted.

In some embodiments, the application sub-credential consists of two parts: context and source, wherein the context indicates the operating environment information of the corresponding application program; and the source is the ID of the computing node that issued the credential.

As shown in FIG. 2 , in some embodiments, the step of obtaining the master credential specifically includes: the user end obtains the user identification number through a trusted third party, and then sends a claim to the computing node end to request the master credential based on the user identification number. As described above, the claim is a triplet including three groups of information: attribute name, attribute value, and source of attribute value; in response to receiving the claim, the computing node end verifies the legitimacy of the claim, and compares the attribute name and attribute value with the attribute name and attribute value stored in the database on the basis of confirming the legitimacy. In response to not finding the corresponding data in the database, indicating that the user has not registered the master credential, the master credential is generated and sent to the user end. In some embodiments, the computing node end encrypts the master credential using a certificateless signature. In some embodiments, the computing node stores the attribute name and attribute value in the database while sending the master credential.

In some embodiments, the step of obtaining the system sub-credential specifically includes: the user terminal submits the master credential, user attribute information and the system sub-credential request to the computing node terminal; the computing node terminal verifies the attribute name and attribute value in the master credential in response to receiving the master credential, and compares the attribute name and attribute value stored in the database to determine the legitimacy of the master credential, and generates the system sub-credential and sends it to the user terminal in response to determining that the master credential passes the verification. In some embodiments, the method for obtaining user attribute information includes: the user terminal obtains the attribute structure information of the target application, and determines the attribute name according to the attribute structure information; the user terminal retrieves the corresponding attribute value according to the attribute name; the user terminal determines the user attribute information according to the attribute name and the attribute value. For example, according to the attribute structure information of the target application, the attribute information required to be provided by the user includes gender, age and home address. According to the above requirements, the user terminal selects the attribute values of gender, age and home address, and determines the user attribute information according to the above attribute name and attribute value. In some embodiments, the user attribute information may include information such as gender, age, and address. In some embodiments, the computing node encrypts the master credential using a certificateless signature.

In some embodiments, the step of obtaining the application sub-credential specifically includes: the user terminal submits the master credential, system sub-credential and application sub-credential request to the computing node terminal; after receiving the above information, the computing node first verifies according to the attribute name and attribute value of the master credential, and then verifies according to the system sub-credential, and in response to the verification passing, issues the application sub-credential according to the application sub-credential request. In some embodiments, the computing node terminal encrypts the master credential using a certificateless signature.

In some embodiments, the main credential is obtained by verifying the user identity information, and the system sub-credential is obtained by verifying the user attribute information. In some embodiments, the user identity information is the only authentication credential of the user terminal. In some embodiments, the user identity information may be the user ID number or the unique identification code assigned to the user by the system. In some embodiments, the user attribute information includes other identity information of the user, which may include gender, nationality, occupation and other information. In some embodiments, the user attribute information may be provided according to the requirements of the target application. For example, if the target application requires attribute information such as user name, age, gender, occupation, etc., the user terminal only needs to provide the above attribute information, without providing all attribute information.

In some embodiments, the computing node uses a certificateless cryptographic signature technology to encrypt the credentials when sending them to the user. The certificateless cryptographic signature technology can achieve the following security requirements: ensuring that the credentials cannot be forged; having no linkability, that is, attackers cannot link messages sent at different times; and resisting various known attacks, such as man-in-the-middle attacks, replay attacks, modification attacks, etc.

并计算P_pub＝α·P，P为预先生成的循环群的生成元。设置α为共同密钥，P_pub为公钥，选择三个通用哈希函数

在保证α保密的前提下，发布系统参数params＝{q,G,P,P_pub,H₁,H₂,H₃}；然后根据计算节点端真实的标识符ID_i∈{0,1}^*生成相应的假名，在一些实施例中，所述计算节点端包括多个计算节点，各计算节点计算各自节点的假名PID_i＝(AID_i,T_i)，其中，

T_i为所述加密信息的时间戳。计算节点端的计算节点基于自己的假名PID_i生成自己的部分私钥，计算节点选择一个随机数

并计算X_i＝x_i·P，R_i＝H₂(PID_i,X_i,P_pub)和θ_i＝(x_i+α·R_i)modq，各个计算节点生成部分私钥spk_i＝(θ_i,X_i)，并计算R_i＝H₂(PID_i,X_i,P_pub)，计算节点端的各个计算节点通过证明等式θ_i·P＝X_i+R_i·P_pub来验证部分私钥spk_i的合法性，正确性的证明：θ_i·P＝(X_i+α·R_i)·P＝X_i·P+α·R_i·P＝X_i+R_i·P_pub，响应于证明所述证明成功验证的计算节点接收其部分私钥spk_i，然后生成最终的公钥/私钥，该计算节点选择密值

并计算U_i＝β_i·P，计算节点将sk_i＝β_i+θ_i设置为私钥，与之对应的公钥是pk_i＝(U_i,θ_i)，并将公钥pk_i公开。In some embodiments, the method for generating a certificateless cryptographic signature is as follows: First, initialization is performed, and the computing node negotiates a digital

And calculate P _pub = α·P, where P is the generator of the pre-generated cyclic group. Set α as the common key and P _pub as the public key, and select three universal hash functions

Under the premise of ensuring the confidentiality of α, the system parameters params = {q, G, P, P _pub , H ₁ , H ₂ , H ₃ } are published; then the corresponding pseudonym is generated according to the real identifier ID _i ∈ {0, 1} ^* of the computing node end. In some embodiments, the computing node end includes multiple computing nodes, and each computing node calculates the pseudonym PID _i = (AID _i , T _i ) of its own node, where

_Ti is the timestamp of the encrypted information. The computing node at the computing node end generates its own partial private key based on its own pseudonym PID _i , and the computing node selects a random number

And calculate _Xi = _xi ·P, _Ri =H ₂ (PID _i , _Xi , P _pub ) and _θi =( _xi +α·R _i ) modq, each computing node generates a partial private key spk _i =( _θi , _Xi ), and calculates _Ri =H ₂ (PID _i , _Xi , P _pub ), each computing node on the computing node end verifies the legitimacy of the partial private key spk _i by proving the equation _θi ·P= _Xi +R _i ·P _pub , the proof of correctness is: θi _· P=( _Xi +α·R _i )·P=Xi _· P+α·R _i ·P= _Xi +R _i ·P _pub , in response to the computing node proving the successful verification of the proof receives its partial private key spk _i , and then generates a final public key/private key, the computing node selects a secret value

And calculate U _i =β _i ·P, the computing node sets sk _i =β _i +θ _i as the private key, the corresponding public key is pk _i =(U _i ,θ _i ), and the public key pk _i is made public.

计算Y_i＝λ_i·P，δ_i＝H₃(PID_i,cred_i,pk_i,Y_i)，

其中，其中，P为循环群的生成元，PID_i为所述计算节点端假名，cred_i为所述计算节点端发送的分凭证，pk_i为所述计算节点端的公钥，sk_i为所述计算节点端的私钥；设置加密签名为σ_i＝(Y_i,Φ_i)；将(PID_i,cred_i,pk_i,σ_i,T_i)作为加密信息，其中T_i为所述加密信息的时间戳。In some embodiments, in response to the computing node sending any one of the main credentials, the system sub-credentials, and the application sub-credentials, a random number is obtained.

Calculate Y _i =λ _i ·P, δ _i =H ₃ (PID _i , cred _i , pk _i , Y _i ),

Among them, P is the generator of the cyclic group, PID _i is the pseudonym of the computing node, cred _i is the sub-credential sent by the computing node, pk _i is the public key of the computing node, and sk _i is the private key of the computing node; the encryption signature is set to σ _i =(Y _i ,Φ _i ); (PID _i ,cred _i ,pk _i ,σ _i ,T _i ) is used as the encrypted information, where T _i is the timestamp of the encrypted information.

其中，U_i为所述计算节点端的公钥生成过程的中间值，θ_i为所述计算节点端的私钥生成过程的中间值；响应于确定所述验证等式能够正确证明，确定解密完成。在一些实施例中，如下述等式成立，确定所述验证等式证明正确：In some embodiments, in response to the user terminal decrypting any one of the main credential, the system sub-credential, and the application sub-credential, δ _i =H ₃ (PID _i , cred _i , pk _i , _Yi ) is calculated; based on the δ _i , the verification equation is calculated

Wherein, U _i is an intermediate value of the public key generation process of the computing node end, θ _i is an intermediate value of the private key generation process of the computing node end; in response to determining that the verification equation can be correctly proved, it is determined that the decryption is completed. In some embodiments, if the following equation is established, it is determined that the verification equation is proved correctly:

In some embodiments, the computing node end is composed of multiple computing nodes. In some embodiments, the computing node can be a blockchain node.

In some embodiments, the application sub-credential is obtained based on the master credential. In other embodiments, the application sub-credential is obtained based on the master credential and the system sub-credential. The application sub-credential corresponds one-to-one with the application on the terminal device side, including the environmental information of the application. For example, a certain bank application is installed on the terminal device side. When the user side wants to obtain the permission of the certain bank application, it is necessary to provide the target identity credential of the application. In some embodiments, the target identity credential includes the master credential and the application sub-credential. In some embodiments, the target identity credential includes the master credential, the system sub-credential, and the application sub-credential. The above-mentioned application sub-credential includes the environmental information of the certain bank application, and therefore corresponds one-to-one with the certain bank application.

In the related art, when authenticating or verifying a user, the user is often required to provide all data information to different third parties in order to obtain permissions for different applications. When the third party is untrustworthy or attacked, user data is leaked. Therefore, the applicant proposes the technical solution of the present application, which uses the target identity credential to obtain the permissions of the target application. Since the target identity credential includes the main credential, the system sub-credential and the application sub-credential, when it is necessary to obtain permissions for different applications, it is only necessary to replace different application sub-credentials, without providing all user information to obtain permissions each time. In the process of credential issuance and verification, only necessary user information is required each time. The above method reduces the possibility of user information leakage, thereby improving the security of user information data.

In some embodiments, the user end calculates the target ciphertext corresponding to the target identity credential through a ciphertext encryption algorithm based on the target identity credential, and sends the target ciphertext to the terminal device end at the same time as sending the target identity credential and the open permission request.

Attribute-based encryption (ABE) encrypts messages according to attributes, without paying attention to the identity of the data owner. Only visitors who meet the attribute requirements can decrypt the ciphertext, ensuring the confidentiality of the data. In addition, the visitor key in ABE is related to a random polynomial or random number, and the keys of different visitors cannot be combined to prevent visitor collusion attacks. Among them, the private key of the visitor in Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is related to a series of attributes, and only the visitor's attributes that meet the access structure of the ciphertext can decrypt the ciphertext. In this application, the applicant encrypts the target identity credentials through attribute encryption based on ciphertext policy, further reducing the possibility of user information leakage.

并设置一个

上的多项式

其中，

表示m个多项式

相乘，其中，X表示变量，

表示常数，b₁是哈希函数H₁的密钥，

表示循环群中若干点A_it相乘，其中A_it所对应的属性值vit需属于用户属性列表L^T，即vit∈L^T，ci为多项式系数。多项式的阶m＝num_u；选取秘密数k_u∈G_T作为分凭证f_u的对称加密密钥，选取随机值

并计算

计算1≤i≤n时的

响应于确定

则

否则C_i,2,t从群G中随机选取，设置分凭证f_u的密文：C_u＝{C_u,-1,C_u,0,C_u,1,C_u,2}，其中

并组合分凭证密文得到目标身份凭证的密文报C＝{C₁,C₂,···,C_u,···,C_N}；最后利用哈希函数h₂计算属性为L^T的用户端标签

其中

是属性身份为L^T的应用程序可以查询的分凭证集，组合所有的

为

计算

并将Γ、γ、C、A、

存储在本地。In some embodiments, the process of generating the target ciphertext specifically includes: first, specifying an access structure for each credential in the target identity credential

And set a

Polynomials on

in,

Represents m polynomials

Multiply, where X represents the variable,

represents a constant, _b1 is the key of the hash function _H1 ,

It represents the multiplication of several points A _it in the cyclic group, where the attribute value vit corresponding to A _it must belong to the user attribute list L ^T , that is, vit∈L ^T , and ci is the polynomial coefficient. The order of the polynomial m=num _u ; select the secret number k _u ∈G _T as the symmetric encryption key of the sub-voucher f _u , and select the random value

And calculate

Calculate when 1≤i≤n

In response to determining

but

Otherwise, Ci _,2,t is randomly selected from group G and the ciphertext of sub-voucher f _u is set to: _Cu = {Cu _,-1 , _Cu,0 , _Cu,1 ,Cu _,2 }, where

Combine the sub-credential ciphertexts to obtain the target identity credential ciphertext message C = {C ₁ ,C ₂ ,···,C _u ,···, _CN }; finally, use the hash function h ₂ to calculate the user-side tag with the attribute ^LT

in

It is a set of sub-credentials that can be queried by applications with attribute identity ^LT , combining all

for

calculate

And Γ, γ, C, A,

Stored locally.

H,Y₁,Y₂属于系统公共参数。在一些实施例中，所述系统公共参数的获取方式如下：选择两个阶为素数q的乘法循环群G，G_T，其中，q≥2^λ，G的生成元为g：选择一双线性映射e(·,·)：G×G→G_T，6个单向防碰撞Hash函数：

其中，H₁,H₂,H₃的密钥分别为

Hash函数集为H＝{H₁,H₂,H₃,h₁,h₂,h₃}；选择

计算Y₁＝e(g,g)，

P_pub＝g^s；为每个att_i随机选取一系列值

计算

其中，1≤i≤n,1≤t≤n_i，所述系统公共参数为

In some embodiments, G, _GT , q, g, e (·, ·), _Ppub ,

H, Y ₁ , Y ₂ are system public parameters. In some embodiments, the system public parameters are obtained as follows: select two multiplication cyclic groups G, _GT of prime order q, where ^q≥2λ , and the generator of G is g: select a bilinear mapping e(·,·): G×G→ _GT , and 6 one-way anti-collision hash functions:

Among them, the keys of H ₁ , H ₂ , and H ₃ are

The set of hash functions is H = {H ₁ ,H ₂ ,H ₃ ,h ₁ ,h ₂ ,h ₃ }; select

Calculate Y ₁ = e(g,g),

P _pub = g ^s ; randomly select a series of values for each att _i

calculate

Among them, 1≤i≤n,1≤t≤n _i , the common parameters of the system are

In some embodiments, the terminal device sends the target identity credential, the target ciphertext and the verification request to the computing node according to the open permission request.

Step S102: The terminal device sends the target identity certificate and verification request to the computing node.

来验证凭证cred_i的合法性。正确性的证明：

In some embodiments, when the user terminal receives a message sent by the computing node terminal, it first determines whether the timestamp _Ti is within the legal range. If it is within the legal range, it continues to verify the legitimacy of the signature. The verification method is as follows: Calculate δ _i =H ₃ (PID _i ,cred _i ,pk _i ,Y _i ); By verifying the equation

To verify the legitimacy of the credential cred _i . Proof of correctness:

如果上述等式成立，则凭证cred_i验证成功。

If the above equation holds true, the credential cred _i is successfully verified.

In some embodiments, the terminal device sends the target identity credentials, target ciphertext and verification request to the computing node according to the open permission request.

Step S103: In response to determining that the target identity credential is verified according to the verification request, the computing node sends positive feedback information to the terminal device.

In some embodiments, the computing node calculates the private key of the target identity credential through a secret key encryption algorithm; determines whether the secret key can decrypt the target ciphertext, and determines whether the target identity credential is verified.

计算

对每个L_i＝viti，区块链节点计算

D₁＝{D_1i}；对于整个身份属性列表L，计算节点端计算Q_s＝h₁(L)，

并得到私钥sk_L＝{D₀,D₁,D₂}，其中，α和s为预定的系统主密钥元素，u_i为所述目标身份凭证的第i个属性值，iti为所述身份属性列表的第i个身份属性。In some embodiments, the method for generating the private key is as follows: input the system public parameter GP, the master key M _sk , the identity attribute list L = [L ₁ , L ₂ , . . . , L _n ], in response to determining 1 ≤ i ≤ n, the blockchain node selects a random number

calculate

For each _Li = viti, the blockchain node calculates

D ₁ = {D _1i }; for the entire identity attribute list L, the computing node calculates Q _s = h ₁ (L),

And obtain the private key sk _L ={D ₀ ,D ₁ ,D ₂ }, wherein α and s are predetermined system master key elements, _ui is the i-th attribute value of the target identity credential, and iti is the i-th identity attribute of the identity attribute list.

In some embodiments, the master key is calculated in a similar manner to the above-mentioned method for calculating the system global parameter, and the formula is:

Step S104: the terminal device opens the permission of the target application to the user terminal according to the positive feedback information.

It should be noted that the method of the embodiment of the present application can be performed by a single device, such as a computer or server. The method of this embodiment can also be applied to a distributed scenario and completed by multiple devices cooperating with each other. In the case of such a distributed scenario, one of the multiple devices can only perform one or more steps in the method of the embodiment of the present application, and the multiple devices will interact with each other to complete the described method.

It should be noted that the above describes some embodiments of the present application. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps recorded in the claims can be performed in an order different from that in the above embodiments and still achieve the desired results. In addition, the processes depicted in the accompanying drawings do not necessarily require the specific order or continuous order shown to achieve the desired results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.

Based on the same inventive concept, corresponding to any of the above-mentioned embodiment methods, the present application also provides an identity authentication system.

Referring to FIG3 , the identity authentication system includes: a computing node end 13, a user end 11, and a terminal device end 12; the terminal device end 12 is installed with at least one application; the computing node end 13, the user end 11, and the terminal device end 12 are in communication connection;

The user terminal 11 is configured to send a target identity certificate and an open permission request to the terminal device terminal 12;

The terminal device end 12 is configured to send the target identity credential and the verification request to the computing node end 13;

The computing node end 13 is configured to send positive feedback information to the terminal device end 12 in response to determining that the target identity credential verification is passed according to the verification request;

The terminal device 12 is configured to open permissions of the target application to the user terminal 11 according to the positive feedback information.

For the convenience of description, the above device is described in terms of functions divided into various modules. Of course, when implementing the present application, the functions of each module can be implemented in the same or multiple software and/or hardware.

The device of the above embodiment is used to implement the corresponding identity authentication method in any of the above embodiments, and has the beneficial effects of the corresponding method embodiment, which will not be repeated here.

Those skilled in the art should understand that the discussion of any of the above embodiments is merely illustrative and is not intended to imply that the scope of the present application (including the claims) is limited to these examples. In line with the concept of the present application, the technical features in the above embodiments or different embodiments may be combined, the steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present application as described above, which are not provided in detail for the sake of simplicity.

In addition, to simplify the description and discussion, and in order not to make the embodiments of the present application difficult to understand, the known power supply/ground connection with the integrated circuit (IC) chip and other components may or may not be shown in the provided drawings. In addition, the device can be shown in the form of a block diagram to avoid making the embodiments of the present application difficult to understand, and this also takes into account the fact that the details of the implementation of these block diagram devices are highly dependent on the platform to be implemented in the embodiments of the present application (that is, these details should be fully within the scope of understanding of those skilled in the art). In the case of elaborating specific details (e.g., circuits) to describe exemplary embodiments of the present application, it is obvious to those skilled in the art that the embodiments of the present application can be implemented without these specific details or when these specific details are changed. Therefore, these descriptions should be considered to be illustrative rather than restrictive.

Although the present application has been described in conjunction with specific embodiments of the present application, many replacements, modifications and variations of these embodiments will be apparent to those skilled in the art from the foregoing description. For example, other memory architectures (e.g., dynamic RAM (DRAM)) may use the embodiments discussed.

The embodiments of the present application are intended to cover all such substitutions, modifications and variations that fall within the broad scope of the appended claims. Therefore, any omissions, modifications, equivalent substitutions, improvements, etc. made within the spirit and principles of the embodiments of the present application should be included in the scope of protection of the present application.

Claims (10)

1. An identity authentication method, applied to an identity authentication system, the system comprising: a computing node end, a user end, and a terminal device end; the terminal device end is installed with at least one application; The method comprises: The user terminal sends the target identity certificate and the open permission request to the terminal device terminal; The terminal device sends the target identity certificate and the verification request to the computing node; In response to determining that the target identity credential is verified according to the verification request, the computing node sends positive feedback information to the terminal device; The terminal device opens the permission of the target application to the user terminal according to the positive feedback information. 2. The identity authentication method according to claim 1, wherein the method for obtaining the target identity credential comprises: The user terminal sends user identity information and a master credential request to the computing node terminal; In response to the user information verification being passed by the request according to the master credential, the computing node encrypts the master credential and sends it to the user end; The user terminal obtains the master certificate by decrypting; The user terminal sends user attribute information, the main credential and a system sub-credential request to the computing node terminal; In response to the user attribute information and the primary credential being verified according to the system credential request, the computing node encrypts the system credential and sends it to the user end; The user terminal obtains the system sub-credential by decryption; The user terminal sends the master credential, the system sub-credential and the application sub-credential request to the computing node terminal; In response to the main credential and the system credential being verified according to the application credential request, the computing node encrypts the application credential and sends it to the user end; each application credential uniquely corresponds to an application program; The user terminal obtains the application sub-credential by decrypting; The user terminal uses the main credential, the system sub-credential, and the application sub-credential corresponding to the target application as a sub-credential set to obtain a target identity credential. 3. The identity authentication method according to claim 2, wherein the encryption method at the computing node end comprises: Get random numbers

And generate a cyclic group with generator P; Calculate Y _i =λ _i ·P, δ _i =H ₃ (PID _i , cred _i , pk _i , Y _i ),

Wherein, P is the generator of the cyclic group, PID _i is the pseudonym of the computing node, cred _i is the sub-credential sent by the computing node, pk _i is the public key of the computing node, and sk _i is the private key of the computing node; Set the encrypted signature to σ _i =(Y _i ,Φ _i ); (PID _i , cred _i , pk _i , σ _i , _Ti ) is used as the encryption information, where _Ti is the timestamp of the encryption information. 4. The identity authentication method according to claim 3, wherein the decryption method of the user terminal comprises: Calculate δ _i =H ₃ (PID _i , cred _i , pk _i , Y _i ); According to the δ _i , the calculation verifies the equation

Wherein, U _i is the intermediate value of the public key generation process of the computing node end, and θ _i is the intermediate value of the private key generation process of the computing node end; In response to determining that the verification equation can be correctly proved, it is determined that decryption is complete. 5. The identity authentication method according to any one of claims 2 to 4, characterized in that the method for obtaining the user attribute information comprises: The user terminal obtains the attribute structure information of the target application, and determines the attribute name according to the attribute structure information; The user terminal retrieves the corresponding attribute value according to the attribute name; The user terminal determines the user attribute information according to the attribute name and the attribute value. 6. The identity authentication method according to claim 5, wherein the user terminal sends the target identity certificate and the open permission request to the terminal device terminal, comprising: Get the predetermined system master key Msk and system public parameters

Specifying an access structure of all sub-credentials of the target identity credential; For any sub-credential f _u , a secret number k _u ∈ _GT is randomly selected as its symmetric encryption key, and a random number is randomly selected

According to the secret number _ku and the random number _su , the ciphertext of the sub-voucher _fu is calculated as _Cu = {Cu _,-1 , _Cu,0 , Cu _,1 , Cu _,2 }; wherein,

Indicates that f _u is encrypted using a symmetric encryption algorithm with k _u as the key; In response to determining the attribute value of each attribute at _i of the sub-credential

Sure

Each attribute at _i is user identity information or user attribute information; In response to determining the attribute value of each attribute at _i of the sub-credential

Determine _Ci,2,t as a random number in the data set G; Gather the ciphertexts of all the sub-vouchers to obtain the target ciphertext C = {C ₁ ,C ₂ ,···,C _u ,···,C _N }; The user terminal sends the target identity credential, the target ciphertext and an open permission request to the terminal device terminal. 7. The identity authentication method according to claim 6, wherein the terminal device sends the target identity credential and the verification request to the computing node, comprising: The terminal device sends the target identity credential, target ciphertext and verification request to the computing node according to the open permission request. 8. The identity authentication method according to claim 7, characterized in that after the terminal device sends the target identity credential, target ciphertext and verification request to the computing node, the method further comprises: The computing node, in response to determining that the access structure of the sub-credential of the target identity credential meets the verification condition, calculates the private key of the target identity credential through a secret key encryption algorithm; Obtaining a decryption key according to the private key and the master key; In response to determining that the decryption key is capable of decrypting the target ciphertext, it is determined that the target identity credential is authenticated. 9. The identity authentication method according to claim 8, wherein the step of calculating the private key of the target identity credential by using a secret key encryption algorithm comprises: Obtaining the identity attribute list L=[L ₁ ,L ₂ ,...,L _n ] of the target identity credential; According to the identity attribute list, the key sk _L ={D ₀ ,D ₁ ,D ₂ } is calculated; wherein,

D ₁ = {D _1i },

_Qs = _h1 (L), Among them, α and s are predetermined system master key elements, _ui is the i-th attribute value of the target identity credential, and iti is the i-th identity attribute of the identity attribute list. 10. An identity authentication system, characterized in that it comprises: a computing node end, a user end, and a terminal device end; the terminal device end is installed with at least one application; the computing node end, the user end, and the terminal device end are in communication connection; The user terminal is configured to send a target identity certificate and an open permission request to the terminal device terminal; The terminal device is configured to send the target identity credential and the verification request to the computing node; The computing node is configured to send positive feedback information to the terminal device in response to determining that the target identity credential is authenticated according to the authentication request; The terminal device is configured to open permissions of the target application to the user terminal according to the positive feedback information.

Images