CN113904850B - Blockchain-based private key keystore secure login method, electronic device, storage medium - Google Patents

Abstract

The embodiment of the invention provides a safe login method based on a blockchain private key keystore and electronic equipment, wherein the safe login method based on the blockchain private key keystore comprises the following steps: acquiring user login information, wherein the login information comprises user biological identification information for uniquely identifying the user information; acquiring unique identification information generated based on the user biological identification information according to the user login information; decrypting the private key keystore stored with the private key according to the unique identification information to obtain the private key; authenticating whether the private key and the corresponding public key are successfully paired; if the pairing is successful, the user is logged in. The scheme of the invention utilizes the biological recognition technology to obtain the unique password encryption private key generation keystore to provide security. When keystore is lost, the user biometric information cannot be acquired and cannot be decrypted keystore, so that the security of the system is ensured.

Description

Blockchain-based private key keystore secure login method, electronic device, storage medium

Technical Field

The present invention relates to the field of blockchain technology, and in particular to a blockchain private key keystore secure login method, a keystore generation method, a system and an electronic device.

Background Art

With the rapid development of computer technology, information networks have become an important guarantee for social development. There is a lot of sensitive information, even state secrets. Therefore, it is inevitable that it will attract various human attacks from all over the world (such as information leakage, information theft, data tampering, data deletion, computer viruses, etc.)

Most security issues are intentionally caused by malicious attempts to gain some benefit or harm someone. It can be seen that ensuring network security is not just about making it free of programming errors. More importantly, it may be necessary to take more precautions to prevent those who maliciously exploit network information security loopholes to create network risks. At the same time, it must be clearly recognized that methods that can stop enemies who accidentally carry out destructive behavior have little effect. In the information network, login authentication is the first checkpoint of the system, so it is particularly important at this time. Although password authentication is also required in the login authentication process, traditional passwords are stored on the server, which has the risk of being lost and stolen.

Summary of the invention

In view of this, an embodiment of the present invention provides a secure login method based on a blockchain private keystore, which at least partially solves the problems existing in the prior art.

In a first aspect, an embodiment of the present invention provides a secure login method based on a blockchain private keystore, characterized in that the secure login method based on a blockchain private keystore includes:

Obtaining user login information, wherein the login information includes user biometric information for uniquely identifying user information;

Acquire unique identification information generated based on the user's biometric information according to the user login information;

Decrypting the private key keystore storing the private key according to the unique identification information to obtain the private key;

Verify whether the private key and the corresponding public key are paired successfully;

If the pairing is successful, the user will be asked to log in.

According to a specific implementation of an embodiment of the present invention, the method for generating the keystore in the step of decrypting the private key keystore storing the private key according to the unique identification information to obtain the private key includes:

Acquiring user information, wherein the user information includes user biometric information;

Encrypt the user's biometric information according to an encryption algorithm to generate unique identification information;

Encrypt the private key based on the unique identification information and blockchain encryption method to generate a private keystore;

The private key keystore is stored in the local storage and the server.

According to a specific implementation manner of the embodiment of the present invention, the encryption algorithm in the step of encrypting the user biometric information according to an encryption algorithm to generate unique identification information includes a hash algorithm or an elliptic curve encryption algorithm.

According to a specific implementation of the embodiment of the present invention, after the step of obtaining user information, the step further includes:

Generate a paired private key and public key on the blockchain service according to the user information;

The public key is saved to the server.

According to a specific implementation of an embodiment of the present invention, the method for verifying whether the private key and the corresponding public key are successfully paired includes:

Encrypting a random string according to the private key to generate a user signature string;

Obtain a public key paired with a private key, and generate a server-side signature string based on the public key pair of random strings;

Compare the user signature string and the server signature string to see if they are consistent.

In a second aspect, an embodiment of the present invention provides a keystore generation method, the keystore generation method comprising:

Acquiring user information, wherein the user information includes user biometric information;

Generate unique identification information based on the user's biometric information and encryption algorithm;

Encrypt the private key based on the unique identification information and blockchain encryption method to generate a private keystore;

The private key keystore is saved to the local storage and the server.

In a third aspect, a blockchain keystore-based secure login system is provided, wherein the blockchain keystore-based secure login system comprises:

An information acquisition module, used to acquire user login information, wherein the login information includes user biometric information for uniquely confirming user information;

A unique identification information acquisition module, used to acquire unique identification information generated based on the user's biometric information according to the user login information;

A keystore decryption module, used for decrypting a private key keystore storing a private key according to the unique identification information to obtain the private key;

An authentication module, used to authenticate whether the private key and the corresponding public key are successfully paired;

The login module is used to log in the user when pairing is successful.

According to a specific implementation of an embodiment of the present invention, the blockchain keystore-based secure login system further includes a Keystore generation module, and the Keystore generation module includes:

A user information acquisition unit, used to acquire user information, wherein the user information includes user biometric information;

A unique identification information generating unit, configured to generate unique identification information by encrypting the user biometric identification information according to an encryption algorithm;

A keystore generation unit, used to generate a private keystore by encrypting a private key according to the unique identification information in combination with a blockchain encryption method;

The storage unit is used to store the private key keystore in the local storage and the server.

In a fourth aspect, an embodiment of the present invention further provides an electronic device, the electronic device comprising:

at least one processor; and,

a memory communicatively connected to the at least one processor; wherein,

The memory stores instructions that can be executed by the at least one processor, and the instructions are executed by the at least one processor so that the at least one processor can execute the blockchain private key keystore-based secure login method in the aforementioned first aspect or any implementation of the first aspect.

In a fourth aspect, an embodiment of the present invention further provides a non-transitory computer-readable storage medium, which stores computer instructions, and the computer instructions are used to enable the computer to execute the blockchain private key keystore-based secure login method in the aforementioned first aspect or any implementation of the first aspect.

In the fifth aspect, an embodiment of the present invention further provides a computer program product, which includes a computer program stored on a non-transitory computer-readable storage medium, and the computer program includes program instructions. When the program instructions are executed by a computer, the computer executes the blockchain private key keystore-based secure login method in the aforementioned first aspect or any implementation of the first aspect.

The blockchain private key keystore secure login method in the embodiment of the present invention comprises: obtaining user login information, the login information includes user biometric information for uniquely confirming user information; obtaining unique identification information generated based on the user biometric information according to the user login information; decrypting the private key keystore storing the private key according to the unique identification information to obtain the private key; authenticating whether the private key and the corresponding public key are paired successfully; if the pairing is successful, the user is allowed to log in. The solution of the present invention uses biometric technology to obtain a unique password to encrypt the private key to generate a keystore to provide security. When the keystore is lost, the keystore cannot be decrypted because the user's biometric information cannot be obtained, thereby ensuring the security of the system.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG1 is a schematic diagram of a method for securely logging in to a blockchain private keystore provided by an embodiment of the present invention;

FIG2 is a schematic diagram of a method for secure login based on a blockchain private keystore provided by an embodiment of the present invention;

FIG3 is a module diagram of a blockchain private keystore-based secure login system provided by an embodiment of the present invention;

FIG. 4 is a schematic diagram of an electronic device provided by an embodiment of the present invention.

The purpose, features and advantages of the present invention will be further described with reference to the accompanying drawings in conjunction with the embodiments.

DETAILED DESCRIPTION

The embodiments of the present invention are described in detail below with reference to the accompanying drawings.

The following describes the embodiments of the present invention through specific examples, and those skilled in the art can easily understand other advantages and effects of the present invention from the contents disclosed in this specification. Obviously, the described embodiments are only part of the embodiments of the present invention, rather than all of the embodiments. The present invention can also be implemented or applied through other different specific embodiments, and the details in this specification can also be modified or changed in various ways based on different viewpoints and applications without departing from the spirit of the present invention. It should be noted that the following embodiments and features in the embodiments can be combined with each other without conflict. Based on the embodiments in the present invention, all other embodiments obtained by ordinary technicians in this field without making creative work belong to the scope of protection of the present invention.

It should be noted that various aspects of the embodiments within the scope of the appended claims are described below. It should be apparent that the aspects described herein can be embodied in a wide variety of forms, and any specific structure and/or function described herein is merely illustrative. Based on the present invention, it should be understood by those skilled in the art that an aspect described herein can be implemented independently of any other aspect, and two or more of these aspects can be combined in various ways. For example, any number of aspects described herein can be used to implement the device and/or practice the method. In addition, other structures and/or functionalities other than one or more of the aspects described herein can be used to implement this device and/or practice this method.

It should also be noted that the illustrations provided in the following embodiments are only schematic illustrations of the basic concept of the present invention. The drawings only show components related to the present invention rather than being drawn according to the number, shape and size of components in actual implementation. In actual implementation, the type, quantity and proportion of each component may be changed arbitrarily, and the component layout may also be more complicated.

Additionally, in the following description, specific details are provided to facilitate a thorough understanding of the examples. However, one skilled in the art will appreciate that the aspects described may be practiced without these specific details.

The embodiment of the present invention provides a blockchain-based private key keystore secure login method. The blockchain-based private key keystore secure login method provided in this embodiment can be executed by a computing device, which can be implemented as software, or as a combination of software and hardware, and the computing device can be integrated in a server, terminal device, etc.

Explanation of relevant terms involved in the embodiments of the present invention:

1. Blockchain public key and private key

The public key is the non-secret half of a key pair used with a private key algorithm. Public keys are often used to encrypt session keys, verify digital signatures, or encrypt data that can be decrypted with the corresponding private key. The public key and private key are a key pair (i.e., a public key and a private key) obtained through an algorithm, one of which is made public to the outside world, called the public key; the other is kept to oneself, called the private key. The key pair obtained by this algorithm is guaranteed to be unique worldwide. When using this key pair, if one of the keys is used to encrypt a piece of data, the other key must be used to decrypt it. If the data is encrypted with the public key, it must be decrypted with the private key. If it is encrypted with the private key, it must also be decrypted with the public key, otherwise the decryption will not be successful.

Public key encryption algorithms use two keys instead of a shared key. One key is a public key and the other is a private key. Ciphertext encrypted with a public key can only be decrypted with the corresponding private key, and vice versa, ciphertext encrypted with a private key can only be decrypted with the corresponding public key.

Public key encryption, also known as asymmetric (key) encryption, is a secondary discipline of network security under communication technology. It refers to an encryption method consisting of a pair of corresponding unique keys (i.e., a public key and a private key). It solves the problem of key issuance and management and is the core of commercial cryptography. In the public key encryption system, the private key is not disclosed, and the public key is disclosed.

2. Biometric technology.

The so-called biometric technology is to identify personal identity by closely combining computers with high-tech means such as optics, acoustics, biosensors and biostatistics principles, using the inherent physiological characteristics of the human body (such as fingerprints, facial images, irises, etc.) and behavioral characteristics (such as handwriting, voice, gait, etc.).

The biometric system samples biological features, extracts their features and converts them into digital codes, and further combines these codes into feature templates. As the cost of microprocessors and various electronic components continues to decline and the accuracy gradually increases, biometric systems are gradually applied to commercial authorization control such as access control, enterprise attendance management system security authentication and other fields. The biological features used for biometrics include hand shape, fingerprint, face shape, iris, retina, pulse, auricle, etc., and behavioral features include signature, sound, key strength, etc. Based on these features, people have developed a variety of biometric technologies such as hand shape recognition, fingerprint recognition, face recognition, pronunciation recognition, iris recognition, signature recognition, etc.

Because human characteristics are unique and cannot be copied, this biological key cannot be copied, stolen or forgotten. Using biometric technology for identity identification is safe, reliable and accurate. Common passwords, IC cards, bar codes, magnetic cards or keys have many disadvantages such as loss, forgetting, copying and theft. Therefore, with the use of biological "keys", you don't have to carry a bunch of keys, nor do you have to bother to remember or change passwords. And system administrators don't have to be helpless because of forgotten passwords. Biometric technology products are all realized with the help of modern computer technology, and it is easy to integrate with computers and security, monitoring and management systems to achieve automated management.

3. Hash Algorithm

Hash algorithm is also called digest algorithm. Its function is to calculate any set of input data and obtain an output digest of fixed length. Characteristics of hash algorithm:

1) One-way irreversible

Hash algorithm is a one-way cryptographic system, that is, there is only an encryption process but no decryption process.

2) Repeatability

The same input will get the same hash value when it passes through the same hash function, but the same hash value does not necessarily mean the input result is the same.

4. Elliptic Curve Cryptography

Elliptic curve cryptography (ECC) is an algorithm for establishing public key encryption based on elliptic curve mathematics. The use of elliptic curves in cryptography was independently proposed by Neal Koblitz and Victor Miller in 1985.

The main advantage of ECC is that in some cases it can provide equivalent or higher levels of security using smaller keys than other methods, such as the RSA encryption algorithm. Another advantage of ECC is that bilinear maps between groups can be defined, based on Weil pairs or Tate pairs; bilinear maps have found a large number of applications in cryptography, such as identity-based encryption. Its disadvantage is that encryption and decryption operations take longer to implement with keys of the same length than other mechanisms, but since shorter keys can be used to achieve the same level of security, it is relatively faster for the same level of security. It is generally believed that the security strength provided by a 140-bit elliptic curve key is equivalent to that of a 1024-bit RSA key.

Referring to FIG. 1 , an embodiment of the present invention provides a keystore generation method, the keystore generation method comprising:

Step S101, obtaining user information, wherein the user information includes user biometric information;

The step of obtaining user information further includes:

Generate a paired private key and public key on the blockchain service according to the user information;

The public key is saved to the server.

In this embodiment, the public key and the private key are a pair. If the data is encrypted with the public key, it can only be decrypted with the corresponding private key; if the data is encrypted with the private key, it can only be decrypted with the corresponding public key. Because two different keys are used for encryption and decryption, this algorithm is called an asymmetric encryption algorithm. The basic process of implementing confidential information exchange with an asymmetric encryption algorithm is: Party A generates a pair of keys and discloses one of them as a public key to other parties; Party B, who obtains the public key, uses the key to encrypt confidential information and then sends it to Party A; Party A then uses another private key that it keeps to decrypt the encrypted information. On the other hand, Party A can use Party B's public key to sign confidential information and then send it to Party B; Party B then uses its own private key to verify the signature of the data.

The user provides the service provider with identity information to register. After receiving the request, the service provider verifies the information and calls the blockchain service to generate a public key and a private key. The public key is stored on the server, and the private key is sent to the user. After this step, the server no longer has private key information. Even if the server user data is stolen, the user's private key cannot be obtained, thus ensuring the security of the user's login information.

Step S102, encrypting the user's biometric information with an encryption algorithm to generate unique identification information;

Step S103, encrypting the private key according to the unique identification information and the blockchain encryption method to generate a private keystore;

Step S104, saving the private key keystore to the local storage and the server.

The user calls biometric technology to obtain the user's face, fingerprint, body shape and other biological information, and uses the HasH algorithm and elliptic curve encryption algorithm to perform calculations, encryption and other operations to generate unique identification information. This unique identification information is not stored and is obtained by calling biometric technology each time it is needed.

The user's unique identification information is used as the password, and the blockchain technology is used to encrypt the private key to generate the keystore. The generated keystore is persistently stored locally and stored on the server.

The keystore is a re-encrypted form of the private key. When exporting the keystore in the blockchain wallet, the user is usually prompted to enter a password. This password is used to re-encrypt the private key. As long as the password is not lost, the keystore file can be spread in any network environment. Even if other users get the keystore file, they cannot recover the private key without the password.

The embodiment of the present invention adopts blockchain keystore technology to store private keys, and uses biometric technology to obtain a unique password to encrypt the private key to generate a keystore to provide security. When the keystore is lost, the keystore cannot be decrypted because the user's biometric information cannot be obtained, thereby ensuring the security of the system.

Based on the above embodiment, with reference to FIG2 , an embodiment of the present invention further provides a blockchain-based private key keystore secure login method, the blockchain-based private key keystore secure login method comprising:

Step S201, obtaining user login information, wherein the login information includes user biometric information for uniquely confirming user information;

The user enters login information, which includes the user's basic identity information. The basic identity information is limited when the user registers, and can be limited to registration with a related identity number, or a mobile phone number, or other related information. It also includes the user's biometric information that can uniquely confirm the user's information, including fingerprints, facial images, irises, etc.

Step S202, obtaining unique identification information generated based on the user's biometric information according to the user login information;

The user calls biometric technology to obtain the user's face, fingerprint, body shape and other biological information, and uses the HasH algorithm and elliptic curve encryption algorithm to perform calculations, encryption and other operations to generate unique identification information. This unique identification information is not stored and is obtained by calling biometric technology each time it is needed.

Step S203, decrypting the private key keystore storing the private key according to the unique identification information to obtain the private key;

The user uses biometric technology to obtain the user's unique identification information, and uses the user's unique identification information to decrypt the keystore to obtain the user's private key.

Step S204, verifying whether the private key and the corresponding public key are paired successfully;

Step S205: If the pairing is successful, the user is allowed to log in.

Call the server authentication interface, upload the random string and signature string to the server, the server uses the paired public key to sign the random string, compares the server signature string with the user signature string, and the authentication is successful if the two signature strings are consistent.

Corresponding to the above method embodiment, referring to FIG3 , an embodiment of the present invention further provides a blockchain keystore-based secure login system, the blockchain keystore-based secure login system comprising:

The information acquisition module 201 is used to acquire user login information, wherein the login information includes user biometric information for uniquely confirming user information;

A unique identification information acquisition module 203, configured to acquire unique identification information generated based on the user's biometric identification information according to the user login information;

Keystore decryption module 203, used to decrypt the private key keystore storing the private key according to the unique identification information to obtain the private key;

An authentication module 204 is used to authenticate whether the private key and the corresponding public key are paired successfully;

The login module 205 is used for allowing the user to log in when the pairing is successful.

The blockchain keystore-based secure login system also includes a Keystore generation module, which includes:

A user information acquisition unit, used to acquire user information, wherein the user information includes user biometric information;

A unique identification information generating unit, configured to generate unique identification information by encrypting the user biometric identification information according to an encryption algorithm;

A keystore generation unit, used to generate a private keystore by encrypting a private key according to the unique identification information in combination with a blockchain encryption method;

The storage unit is used to store the private key keystore in the local storage and the server.

The device shown in FIG3 can correspondingly execute the contents in the above method embodiment. For the parts not described in detail in this embodiment, refer to the contents recorded in the above method embodiment and will not be described again here.

Referring to FIG. 4 , an embodiment of the present invention further provides an electronic device 40, the electronic device comprising:

at least one processor; and,

a memory communicatively connected to the at least one processor; wherein,

The memory stores instructions that can be executed by the at least one processor, and the instructions are executed by the at least one processor so that the at least one processor can execute the keystore generation method based on the blockchain private key keystore secure login method in the aforementioned method embodiment.

An embodiment of the present invention also provides a non-transitory computer-readable storage medium, which stores computer instructions, and the computer instructions are used to enable the computer to execute the keystore generation method based on the blockchain private key keystore secure login method in the aforementioned method embodiment.

An embodiment of the present invention also provides a computer program product, which includes a computer program stored on a non-transitory computer-readable storage medium, and the computer program includes program instructions. When the program instructions are executed by a computer, the computer executes the keystore generation method based on the blockchain private key keystore secure login method in the aforementioned method embodiment.

Referring to FIG. 4 below, it shows a schematic diagram of the structure of an electronic device 40 suitable for implementing an embodiment of the present invention. The electronic device in the embodiment of the present invention may include, but is not limited to, mobile terminals such as mobile phones, laptop computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), vehicle-mounted terminals (such as vehicle-mounted navigation terminals), etc., and fixed terminals such as digital TVs, desktop computers, etc. The electronic device shown in FIG. 4 is only an example and should not bring any limitation to the functions and scope of use of the embodiments of the present invention.

As shown in FIG4 , the electronic device 40 may include a processing device (e.g., a central processing unit, a graphics processing unit, etc.) 401, which can perform various appropriate actions and processes according to a program stored in a read-only memory (ROM) 402 or a program loaded from a storage device 408 into a random access memory (RAM) 403. Various programs and data required for the operation of the electronic device 40 are also stored in the RAM 403. The processing device 401, the ROM 402, and the RAM 403 are connected to each other via a bus 404. An input/output (I/O) interface 405 is also connected to the bus 404.

Typically, the following devices may be connected to the I/O interface 405: input devices 406 including, for example, a touch screen, a touchpad, a keyboard, a mouse, an image sensor, a microphone, an accelerometer, a gyroscope, etc.; output devices 407 including, for example, a liquid crystal display (LCD), a speaker, a vibrator, etc.; storage devices 408 including, for example, a magnetic tape, a hard disk, etc.; and communication devices 409. The communication device 409 may allow the electronic device 40 to communicate wirelessly or wired with other devices to exchange data. Although the electronic device 40 with various devices is shown in the figure, it should be understood that it is not required to implement or have all the devices shown. More or fewer devices may be implemented or have alternatively.

In particular, according to an embodiment of the present invention, the process described above with reference to the flowchart can be implemented as a computer software program. For example, an embodiment of the present invention includes a computer program product, which includes a computer program carried on a computer-readable medium, and the computer program includes a program code for executing the method shown in the flowchart. In such an embodiment, the computer program can be downloaded and installed from the network through the communication device 409, or installed from the storage device 408, or installed from the ROM 402. When the computer program is executed by the processing device 401, the above-mentioned functions defined in the method of the embodiment of the present invention are executed.

It should be noted that the computer-readable medium of the present invention can be a computer-readable signal medium or a computer-readable storage medium or any combination of the above two. The computer-readable storage medium can be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, device or device, or any combination of the above. More specific examples of computer-readable storage media can include, but are not limited to: an electrical connection with one or more wires, a portable computer disk, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the above. In the present invention, a computer-readable storage medium can be any tangible medium containing or storing a program that can be used by or in combination with an instruction execution system, device or device. In the present invention, a computer-readable signal medium can include a data signal propagated in a baseband or as part of a carrier wave, which carries a computer-readable program code. This propagated data signal can take a variety of forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the above. The computer readable signal medium may also be any computer readable medium other than a computer readable storage medium, which may send, propagate or transmit a program for use by or in conjunction with an instruction execution system, apparatus or device. The program code contained on the computer readable medium may be transmitted using any suitable medium, including but not limited to: wires, optical cables, RF (radio frequency), etc., or any suitable combination of the above.

The computer-readable medium may be included in the electronic device, or may exist independently without being installed in the electronic device.

The computer-readable medium carries one or more programs. When the one or more programs are executed by the electronic device, the electronic device: obtains at least two Internet Protocol addresses; sends a node evaluation request including the at least two Internet Protocol addresses to a node evaluation device, wherein the node evaluation device selects an Internet Protocol address from the at least two Internet Protocol addresses and returns it; receives the Internet Protocol address returned by the node evaluation device; wherein the obtained Internet Protocol address indicates an edge node in a content distribution network.

Alternatively, the computer-readable medium carries one or more programs, and when the one or more programs are executed by the electronic device, the electronic device: receives a node evaluation request including at least two Internet Protocol addresses; selects an Internet Protocol address from the at least two Internet Protocol addresses; and returns the selected Internet Protocol address; wherein the received Internet Protocol address indicates an edge node in a content distribution network.

Computer program code for performing the operations of the present invention may be written in one or more programming languages, or a combination thereof, including object-oriented programming languages, such as Java, Smalltalk, C++, and conventional procedural programming languages, such as "C" or similar programming languages. The program code may be executed entirely on the user's computer, partially on the user's computer, as a separate software package, partially on the user's computer and partially on a remote computer, or entirely on a remote computer or server. In cases involving a remote computer, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or may be connected to an external computer (e.g., through the Internet using an Internet service provider).

The flow chart and block diagram in the accompanying drawings illustrate the possible architecture, function and operation of the system, method and computer program product according to various embodiments of the present invention. In this regard, each square box in the flow chart or block diagram can represent a module, a program segment or a part of a code, and the module, the program segment or a part of the code contains one or more executable instructions for realizing the specified logical function. It should also be noted that in some alternative implementations, the functions marked in the square box can also occur in a sequence different from that marked in the accompanying drawings. For example, two square boxes represented in succession can actually be executed substantially in parallel, and they can sometimes be executed in the opposite order, depending on the functions involved. It should also be noted that each square box in the block diagram and/or flow chart, and the combination of the square boxes in the block diagram and/or flow chart can be implemented with a dedicated hardware-based system that performs the specified function or operation, or can be implemented with a combination of dedicated hardware and computer instructions.

The units involved in the embodiments of the present invention may be implemented by software or hardware. The name of a unit does not limit the unit itself in some cases. For example, the first acquisition unit may also be described as a "unit for acquiring at least two Internet Protocol addresses".

It should be understood that various parts of the present invention can be implemented by hardware, software, firmware or a combination thereof.

The above is only a specific embodiment of the present invention, but the protection scope of the present invention is not limited thereto. Any changes or substitutions that can be easily thought of by a person skilled in the art within the technical scope disclosed by the present invention should be included in the protection scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (3)

1. The blockchain private key keystore-based secure login method is characterized in that the blockchain private key keystore-based secure login method comprises the following steps:

Acquiring user login information, wherein the user login information comprises user biological identification information for uniquely identifying the user information;

acquiring unique identification information generated based on the user biological identification information according to the user login information;

decrypting the private key keystore stored with the private key according to the unique identification information to obtain the private key;

authenticating whether the private key and the corresponding public key are successfully paired;

if the pairing is successful, the user is logged in;

The generating method of keystore in the step of decrypting the private key keystore stored with the private key according to the unique identification information to obtain the private key includes:

acquiring user information, wherein the user information comprises user biological identification information;

encrypting the user biological identification information according to an encryption algorithm to generate unique identification information; the unique identification information is not stored, and the biological identification technology is called for obtaining when the unique identification information is used every time;

Encrypting the private key according to the unique identification information by combining the blockchain encryption method to generate a private key keystore; keystore is a re-encrypted version of the private key;

storing the private key keystore to a local memory and a server side;

The encryption algorithm in the step of encrypting the user biometric information according to an encryption algorithm to generate unique identification information includes a hash algorithm or an elliptic curve encryption algorithm;

The step of obtaining the user information further comprises the following steps:

generating a matched private key and a matched public key on a blockchain service according to the user information;

storing the public key to a server side; the private key is issued to the user;

The method for authenticating whether the private key and the corresponding public key are successfully paired comprises the following steps:

Generating a user signature string according to the private key encryption random character string;

Obtaining a public key paired with a private key, and generating a server signature string for the random character string according to the public key;

And comparing whether the user signature string is consistent with the server signature string.

2. An electronic device, the electronic device comprising:

At least one processor; and

A memory communicatively coupled to the at least one processor; wherein,

The memory stores instructions executable by the at least one processor to enable the at least one processor to perform the blockchain-based private key keystore secure login method of claim 1.

3. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the blockchain-based private key keystore secure login method of preceding claim 1.