CN115396086B - Identity authentication method, device, equipment and storage medium - Google Patents

Abstract

The application provides an identity authentication method, an identity authentication device, identity authentication equipment and a storage medium, wherein the identity authentication method comprises the following steps: receiving an authentication request sent by a second blockchain participation node, wherein the authentication request carries a time domain identity number of a session; acquiring a first biological characteristic of a first user according to the authentication request; encrypting the first biological feature through the first secret key to obtain an encrypted feature; transmitting the encrypted feature to a second blockchain participation node; and carrying out third-party public key encryption processing and first key signature processing on the first key, the first blockchain participation node identifier, the second blockchain participation node identifier and the current authorization authentication identifier Fu Jinhang to obtain first authentication information, and sending the first authentication information to a third-party blockchain node.

Description

Identity authentication method, device, equipment and storage medium

Technical Field

The present application relates to the field of communication technology, and in particular to an identity authentication method, device, equipment and storage medium.

Background Art

Blockchain is a string of data blocks generated using cryptographic methods. Each data block contains information about a network transaction and is used to verify the validity of the information and generate the next block.

User authentication in the current blockchain relies on the user's private key. Whoever has the private key corresponding to the public key claiming the user's identity is the correct user. The user must strictly protect the security of the private key. Once the private key is lost or leaked, all assets in the blockchain will be irrecoverable. Currently, the identity authentication method in the blockchain is usually to use the password as the private key for authentication, or to authenticate locally based on biometrics such as fingerprints/irises.

However, using passwords as private keys is prone to leakage or cracking, and biometrics are only suitable for local authentication. Once sent to the authenticator, it will also cause the private key to be leaked. The authentication method in the prior art has the technical problem of low security.

Summary of the invention

The present application provides an identity authentication method, apparatus, device and storage medium to solve the technical problem in the prior art that passwords are used as private keys and are easily leaked or cracked, and biometrics are only suitable for local authentication. Once sent to the authenticator, it will also cause the private key to be leaked, and the authentication method has low security.

In a first aspect, the present application provides an identity authentication method, which is applied to a first blockchain participating node, comprising:

Receiving an authentication request sent by a second blockchain participating node, wherein the authentication request carries a time domain identity identification number of the session;

Acquiring a first biometric feature of the first user according to the authentication request;

Encrypting the first biometric feature using a first key to obtain an encrypted feature;

The encrypted feature is sent to the second blockchain participating node, so that after receiving the encrypted feature, the second blockchain participating node performs a third-party public key encryption process and a second key signature process on the encrypted feature, the first blockchain participating node identifier, the second blockchain participating node identifier, the current authorization authentication identifier and the time domain identity identification number to obtain second authentication information, and sends the second authentication information to the third-party blockchain node;

The first key, the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier are encrypted with a third-party public key and signed with a first key to obtain first authentication information, and the first authentication information is sent to a third-party blockchain node, so that after receiving the first authentication information and the second authentication information, the third-party blockchain node associates the first key with the encrypted feature through the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier, decrypts the first biometric feature, compares the first biometric feature with a preset feature in a preset biometric feature library, and sends the comparison result to the second blockchain participating node.

Here, the present application provides an identity authentication method. For the nodes in the blockchain, an authoritative and trusted third party is used to participate in the authentication, which can provide safe and reliable authentication. Specifically, if the second blockchain participating node needs to authenticate the first blockchain participating node, the second blockchain participating node initiates an authentication request to the first blockchain participating node. After initiating the identity authentication, the present application can generate a random number as a session key distribution to both parties based on the identity document (ID) and the session identity document (Session ID) of the first blockchain participating node and the second blockchain participating node as input. The authoritative and trusted third-party blockchain node centrally stores the biometrics and provides biometric comparison services for all users. The user's identity can be compared based on the above information, thereby completing the method of completing identity authentication without the need to have a private key. The blockchain participants have long-term identity certificates, which also makes it more convenient for the use and authentication of the blockchain participants, reduces the work of the third-party authoritative and trusted institutions, and improves the security of the identity authentication of participants in the blockchain.

Optionally, before encrypting the first biometric feature by using the first key to obtain the encrypted feature, the method further includes:

A first key is randomly generated.

Here, the first blockchain participating node of the present application can randomly generate a first key, thereby encrypting the information sent to the third-party blockchain node through the first key, further improving the security of identity authentication.

Optionally, before receiving the authentication request sent by the second blockchain participating node, the method further includes:

Verification information is registered at a third-party blockchain node, wherein the verification information includes a correspondence between the biometric data and the identity information of the first user.

Among them, before each blockchain participant performs identity authentication, he or she can first register the correspondence between his or her biometric data (such as fingerprints, irises) and identity information (the identity information can be a virtual identity on the blockchain, such as a blockchain identifier and a public key to represent the blockchain participant) with an authoritative and trusted third party (third-party blockchain node) so that the third-party blockchain node can perform authentication based on the registered information.

Optionally, before performing third-party public key encryption processing and first key signature processing on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier, the process further includes:

Receive the third-party blockchain identifier and third-party public key sent by the third-party blockchain node.

In a second aspect, the present application provides an identity authentication method, which is applied to a second blockchain participating node, including:

Initiate an authentication request to the first blockchain participating node, so that the first blockchain participating node obtains the first biometric feature of the first user according to the authentication request, encrypts the first biometric feature by using the first key to obtain the encrypted feature, sends the encrypted feature to the second blockchain participating node, and performs third-party public key encryption and first key signature processing on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier, and the current authorization authentication identifier to obtain first authentication information, and sends the first authentication information to the third-party blockchain node, wherein the authentication request carries the time domain identity identification number of the session;

Receiving the encrypted feature sent by the first blockchain participating node;

Perform third-party public key encryption processing and second key signature processing on the encrypted feature, the first blockchain participating node identifier, the second blockchain participating node identifier, the current authorization authentication identifier, and the time domain identity identification number to obtain second authentication information, and send the second authentication information to a third-party blockchain node, so that after receiving the first authentication information and the second authentication information, the third-party blockchain node associates the first key with the encrypted feature through the first blockchain participating node identifier, the second blockchain participating node identifier, and the current authorization authentication identifier, and decrypts to obtain the first biometric feature, compares the first biometric feature with a preset feature in a preset biometric feature library, and sends the comparison result to the second blockchain participating node;

Receive the comparison result sent by the third-party blockchain node.

Optionally, after receiving the comparison result sent by the third-party blockchain node, the method further includes:

Initiate a query fee payment request in the blockchain;

Obtain query fees in the blockchain and perform payment processing based on the query fees.

Among them, blockchain participants can initiate a query fee payment application in the blockchain during the authentication request process to realize automatic payment of identity authentication, thereby improving user experience.

In a third aspect, the present application provides an identity authentication method, which is applied to a third-party blockchain node, including:

Receive first authentication information sent by a first blockchain participating node and second authentication information sent by a second blockchain participating node, wherein the first authentication information is obtained by the first blockchain participating node, after receiving an authentication request sent by the second blockchain participating node, obtaining the first biometric feature of the first user according to the authentication request, and performing third-party public key encryption processing and first key signature processing on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier, and the current authorization authentication identifier, the authentication request carries the time domain identity identification number of the session, and the second authentication information is obtained by the second blockchain participating node, after initiating an authentication request to the first blockchain participating node and receiving the encrypted feature sent by the first blockchain participating node, performing third-party public key encryption processing and second key signature processing on the encrypted feature, the first blockchain participating node identifier, the second blockchain participating node identifier, the current authorization authentication identifier, and the time domain identity identification number;

By using the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier, the first key and the encrypted feature are associated, and the first biometric feature is decrypted to obtain the first biometric feature;

The first biometric feature is compared with a preset feature in a preset biometric feature library, and the comparison result is sent to the second blockchain participating node.

Optionally, sending the comparison result to the second blockchain participating node includes:

Generate a session key according to the first blockchain participating node identifier, the second blockchain participating node identifier and the time domain identity identification number;

The comparison result and the session key are sent to the second blockchain participating node.

Optionally, before receiving the first authentication information sent by the first blockchain participating node and the second authentication information sent by the second blockchain participating node, the method further includes:

Broadcast the third-party blockchain identity and third-party public key.

In a fourth aspect, the present application provides an identity authentication system, including a first blockchain participating node, a second blockchain participating node, and a third-party blockchain node;

The second blockchain participating node is used to initiate an authentication request to the first blockchain participating node, wherein the authentication request carries a time domain identity identification number of the session;

The first blockchain participating node is used to obtain a first biometric feature of the first user according to the authentication request after receiving the authentication request sent by the second blockchain participating node;

The first blockchain participating node is used to encrypt the first biometric feature using a first key to obtain an encrypted feature;

The first blockchain participating node is used to send the encryption feature to the second blockchain participating node, and perform third-party public key encryption processing and first key signature processing on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier to obtain first authentication information, and send the first authentication information to the third-party blockchain node;

The second blockchain participating node is used to perform third-party public key encryption processing and second key signature processing on the encryption feature, the first blockchain participating node identifier, the second blockchain participating node identifier, the current authorization authentication identifier and the time domain identity identification number after receiving the encryption feature, to obtain second authentication information, and send the second authentication information to the third-party blockchain node;

The third-party blockchain node is used to associate the first key with the encrypted feature through the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier after receiving the first authentication information sent by the first blockchain participating node and the second authentication information sent by the second blockchain participating node, and decrypt to obtain the first biometric feature;

The third-party blockchain node is used to compare the first biometric feature with a preset feature in a preset biometric feature library, and send the comparison result to the second blockchain participating node.

In a fifth aspect, the present application provides an identity authentication device, applied to a first blockchain participating node, comprising:

A first receiving module is used to receive an authentication request sent by a second blockchain participating node, wherein the authentication request carries a time domain identity identification number of a session;

An acquisition module, configured to acquire a first biometric feature of a first user according to the authentication request;

A first processing module, configured to encrypt the first biometric feature using a first key to obtain an encrypted feature;

A first sending module is used to send the encrypted feature to the second blockchain participating node, so that after receiving the encrypted feature, the second blockchain participating node performs a third-party public key encryption process and a second key signature process on the encrypted feature, the first blockchain participating node identifier, the second blockchain participating node identifier, the current authorization authentication identifier and the time domain identity identification number to obtain second authentication information, and send the second authentication information to the third-party blockchain node;

The second processing module is used to perform third-party public key encryption processing and first key signature processing on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier to obtain first authentication information, and send the first authentication information to a third-party blockchain node, so that after receiving the first authentication information and the second authentication information, the third-party blockchain node associates the first key with the encrypted feature through the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier, decrypts it to obtain the first biometric feature, compares the first biometric feature with a preset feature in a preset biometric feature library, and sends the comparison result to the second blockchain participating node.

Optionally, before the first processing module encrypts the first biometric feature using the first key to obtain the encrypted feature, the apparatus further includes:

The third processing module is used to randomly generate a first key.

Optionally, before the first receiving module receives the authentication request sent by the second blockchain participating node, the device further includes:

A registration module is used to register verification information in a third-party blockchain node, wherein the verification information includes a correspondence between the biometric data and the identity information of the first user.

Optionally, before the second processing module performs third-party public key encryption processing and first key signature processing on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier, the above-mentioned device also includes:

The second receiving module is used to receive a third-party blockchain identifier and a third-party public key sent by a third-party blockchain node.

In a sixth aspect, the present application provides an identity authentication device, which is applied to a second blockchain participating node, including:

The fourth processing module is used to initiate an authentication request to the first blockchain participating node, so that the first blockchain participating node obtains the first biometric feature of the first user according to the authentication request, encrypts the first biometric feature by using the first key to obtain the encrypted feature, sends the encrypted feature to the second blockchain participating node, and performs third-party public key encryption and first key signature processing on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier to obtain first authentication information, and sends the first authentication information to the third-party blockchain node, wherein the authentication request carries the time domain identity identification number of the session;

A third receiving module, used to receive the encryption feature sent by the first blockchain participating node;

a fifth processing module, configured to perform third-party public key encryption processing and second key signature processing on the encrypted feature, the first blockchain participating node identifier, the second blockchain participating node identifier, the current authorization authentication identifier, and the time domain identity identification number to obtain second authentication information, and send the second authentication information to a third-party blockchain node, so that after receiving the first authentication information and the second authentication information, the third-party blockchain node associates the first key with the encrypted feature through the first blockchain participating node identifier, the second blockchain participating node identifier, and the current authorization authentication identifier, and decrypts to obtain the first biometric feature, compares the first biometric feature with a preset feature in a preset biometric feature library, and sends the comparison result to the second blockchain participating node;

The fourth receiving module is used to receive the comparison result sent by the third-party blockchain node.

Optionally, after the fourth receiving module receives the comparison result sent by the third-party blockchain node, the device further includes:

The payment module is used to initiate a query fee payment application in the blockchain; obtain the query fee in the blockchain, and perform payment processing based on the query fee.

In a seventh aspect, the present application provides an identity authentication device, which is applied to a third-party blockchain node, including:

A fifth receiving module, used to receive first authentication information sent by the first blockchain participating node and second authentication information sent by the second blockchain participating node, wherein the first authentication information is obtained by the first blockchain participating node after receiving the authentication request sent by the second blockchain participating node and obtaining the first biometric feature of the first user according to the authentication request, and then performing third-party public key encryption processing and first key signature processing on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier, and the current authorization authentication identifier, the authentication request carries the time domain identity identification number of the session, and the second authentication information is obtained by the second blockchain participating node after initiating an authentication request to the first blockchain participating node and receiving the encrypted feature sent by the first blockchain participating node and performing third-party public key encryption processing and second key signature processing on the encrypted feature, the first blockchain participating node identifier, the second blockchain participating node identifier, the current authorization authentication identifier, and the time domain identity identification number;

a sixth processing module, configured to associate the first key with the encrypted feature through the first blockchain participating node identifier, the second blockchain participating node identifier, and the current authorization authentication identifier, and decrypt the first biometric feature;

The seventh processing module is used to compare the first biometric feature with a preset feature in a preset biometric feature library, and send the comparison result to the second blockchain participating node.

Optionally, the seventh processing module is specifically used to:

Generate a session key according to the first blockchain participating node identifier, the second blockchain participating node identifier and the time domain identity identification number; and send the comparison result and the session key to the second blockchain participating node.

Optionally, before the fifth receiving module receives the first authentication information sent by the first blockchain participating node and the second authentication information sent by the second blockchain participating node, the apparatus further includes:

The broadcast module is used to broadcast the third-party blockchain identifier and third-party public key.

In an eighth aspect, the present application provides an identity authentication device, comprising: at least one processor and a memory;

The memory stores computer-executable instructions;

The at least one processor executes the computer-executable instructions stored in the memory, so that the at least one processor performs the identity authentication method described in the first aspect and various possible designs of the first aspect.

In a ninth aspect, the present application provides an identity authentication device, including: at least one processor and a memory;

The memory stores computer-executable instructions;

The at least one processor executes the computer-executable instructions stored in the memory, so that the at least one processor performs the identity authentication method described in the second aspect and various possible designs of the second aspect.

In a tenth aspect, the present application provides an identity authentication device, including: at least one processor and a memory;

The memory stores computer-executable instructions;

The at least one processor executes the computer-executable instructions stored in the memory, so that the at least one processor executes the identity authentication method described in the third aspect and various possible designs of the third aspect.

In the eleventh aspect, the present application provides a computer-readable storage medium, which stores computer execution instructions. When the processor executes the computer execution instructions, the identity authentication method described in the first aspect and various possible designs of the first aspect is implemented.

In the twelfth aspect, the present application provides a computer-readable storage medium, which stores computer execution instructions. When the processor executes the computer execution instructions, the identity authentication method described in the second aspect and various possible designs of the second aspect is implemented.

In the thirteenth aspect, the present application provides a computer-readable storage medium, which stores computer execution instructions. When the processor executes the computer execution instructions, the identity authentication method described in the third aspect and various possible designs of the third aspect is implemented.

In a fourteenth aspect, the present application provides a computer program product, including a computer program. When the computer program is executed by a processor, it implements the identity authentication method described in the first aspect and various possible designs of the first aspect.

In a fifteenth aspect, the present application provides a computer program product, including a computer program. When the computer program is executed by a processor, it implements the identity authentication method described in the second aspect and various possible designs of the second aspect.

In a sixteenth aspect, the present application provides a computer program product, including a computer program. When the computer program is executed by a processor, it implements the identity authentication method described in the third aspect and various possible designs of the third aspect.

The identity authentication method, device, server and storage medium provided by the present application, wherein the method is aimed at nodes in the blockchain, and adopts an authoritative and trusted third party to participate in the authentication, which can provide safe and reliable authentication. Specifically, if the second blockchain participating node needs to authenticate the first blockchain participating node, the second blockchain participating node initiates an authentication request to the first blockchain participating node. After initiating the identity authentication, the present application can generate a random number as a session key distribution to both parties based on the ID and SessionID of the first blockchain participating node and the second blockchain participating node as input. The authoritative and trusted third-party blockchain node centrally stores the biometrics and provides biometric comparison services for all users. The user's identity comparison can be performed based on the above information, thereby completing the method of completing identity authentication without having a private key. The blockchain participants have long-term identity certificates, which also makes it more convenient for the use and authentication of the blockchain participants, reduces the work of the third-party authoritative and trusted institutions, and improves the security of the identity authentication of participants in the blockchain.

BRIEF DESCRIPTION OF THE DRAWINGS

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings required for use in the embodiments or the description of the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present application. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying creative labor.

FIG1 is a schematic diagram of a blockchain architecture of an identity authentication system provided in an embodiment of the present application;

FIG2 is a schematic diagram of a flow chart of an identity authentication method provided in an embodiment of the present application;

FIG3 is a flow chart of another identity authentication method provided in an embodiment of the present application;

FIG4 is a flow chart of another identity authentication method provided in an embodiment of the present application;

FIG5 is a schematic diagram of a flow chart of another identity authentication method provided in an embodiment of the present application;

FIG6 is a schematic diagram of the structure of an identity authentication device provided in an embodiment of the present application;

FIG7 is a schematic diagram of the structure of an identity authentication device provided in an embodiment of the present application;

FIG8 is a schematic diagram of the structure of another identity authentication device provided in an embodiment of the present application;

FIG. 9 is a schematic diagram of the structure of another identity authentication device provided in an embodiment of the present application.

The above drawings have shown clear embodiments of the present disclosure, which will be described in more detail below. These drawings and text descriptions are not intended to limit the scope of the present disclosure in any way, but to illustrate the concepts of the present disclosure to those skilled in the art by referring to specific embodiments.

DETAILED DESCRIPTION

Exemplary embodiments will be described in detail herein, examples of which are shown in the accompanying drawings. When the following description refers to the drawings, the same numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present disclosure. Instead, they are merely examples of devices and methods consistent with some aspects of the present disclosure as detailed in the appended claims.

The terms "first", "second", "third", and "fourth", etc. (if any) in the specification and claims of the present application and the above-mentioned drawings are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequence. It should be understood that the data used in this way can be interchangeable where appropriate, so that the embodiments of the present application described herein can be implemented in an order other than those illustrated or described herein. In addition, the terms "including" and "having" and any of their variations are intended to cover non-exclusive inclusions, for example, a process, method, system, product, or device that includes a series of steps or units is not necessarily limited to those steps or units that are clearly listed, but may include other steps or units that are not clearly listed or inherent to these processes, methods, products, or devices.

In the technical solution of this application, the collection, storage, use, processing, transmission, provision and disclosure of user data and other information involved are in compliance with the provisions of relevant laws and regulations and do not violate public order and good morals.

Blockchain is a special distributed database. Blockchain is a new application mode of computer technologies such as distributed data storage, peer-to-peer transmission, consensus mechanism, encryption algorithm, etc. It is essentially a decentralized database. First of all, the main function of blockchain is to store information. Any information that needs to be saved can be written into the blockchain and read from it, so it is a database; secondly, anyone can set up a server, join the blockchain network, and become a node. In the world of blockchain, there is no central node. Each node is equal and stores the entire database. Data can be written/read to any node because all nodes will be synchronized in the end to ensure the consistency of the blockchain. Blockchain is a string of data blocks generated by cryptographic methods. Each data block contains information about a network transaction, which is used to verify the validity of its information (anti-counterfeiting) and generate the next block. In a narrow sense, blockchain is a chain data structure that combines data blocks in a sequential manner in chronological order, and a distributed ledger that is cryptographically guaranteed to be tamper-proof and unforgeable. In a broad sense, blockchain technology is a new distributed infrastructure and computing paradigm that uses block chain data structures to verify and store data, distributed node consensus algorithms to generate and update data, cryptography to ensure the security of data transmission and access, and smart contracts composed of automated script codes to program and operate data. The design of blockchain is a protection measure, such as (applied to) highly fault-tolerant distributed computing systems. Blockchain makes hybrid consistency possible. This makes blockchain suitable for recording events, titles, medical records and other activities that require data collection, identity management, transaction process management, and provenance management.

User authentication in the current blockchain relies on the user's private key. Whoever has the private key corresponding to the public key claiming the user's identity is the correct user. However, users are required to strictly protect the security of their private keys. Once the private key is lost or leaked, all assets in the blockchain can no longer be recovered. The traditional commonly used password method is easy to remember but easy to crack. The method based on biometrics such as fingerprints/irises is highly anticipated, but biometrics are only suitable for local authentication. Once sent to the authenticator, it means that the biometric is in the hands of the other party, which can easily be used maliciously and cause biometric leakage.

In order to solve the above technical problems, the embodiments of the present application provide an identity authentication method, device, server and storage medium, which use an authoritative and trusted third party to centrally store biometrics and provide biometric comparison services for all users, which will notify both parties of the comparison results, thereby completing identity authentication without the need to possess a private key.

Optionally, Figure 1 is a schematic diagram of a blockchain architecture of an identity authentication system provided in an embodiment of the present application. As shown in Figure 1, the above architecture includes a first blockchain participating node 101, a third-party blockchain node 102, and a second blockchain participating node 103.

It can be understood that the number of the above-mentioned first blockchain participating node 101, the third-party blockchain node 102, and the second blockchain participating node 103 can be determined according to actual conditions. Figure 1 is only schematic, and the embodiment of the present application does not specifically limit the number of the above-mentioned nodes.

The above-mentioned first blockchain participating node 101, third-party blockchain node 102 and second blockchain participating node 103 are all nodes in the blockchain, and communication can be achieved between any two nodes (in this application, communication connection is required between nodes of different natures, for example, the third-party blockchain node broadcasts information to the first blockchain participating node and the second blockchain participating node. In Figure 1, only connecting lines are used to indicate the communication connection between nodes of different natures).

Among them, users can interact with the first blockchain participating node, the third-party blockchain node or the second blockchain participating node through input\output devices to achieve information exchange.

It is understandable that the structure illustrated in the embodiment of the present application does not constitute a specific limitation on the blockchain architecture of the identity authentication system. In other feasible implementations of the present application, the above architecture may include more or fewer components than shown in the figure, or combine certain components, or split certain components, or arrange the components differently, which can be determined according to the actual application scenario and is not limited here. The components shown in Figure 1 can be implemented in hardware, software, or a combination of software and hardware.

In addition, the network architecture and business scenarios described in the embodiments of the present application are intended to more clearly illustrate the technical solutions of the embodiments of the present application, and do not constitute a limitation on the technical solutions provided in the embodiments of the present application. Ordinary technicians in this field can know that with the evolution of network architecture and the emergence of new business scenarios, the technical solutions provided in the embodiments of the present application are also applicable to similar technical problems.

The technical solution of the present application is described below by taking several embodiments as examples, and the same or similar concepts or processes may not be repeated in some embodiments.

FIG2 is a flow chart of an identity authentication method provided by an embodiment of the present application. The embodiment of the present application can be applied to the first blockchain participating node 101 in FIG1. The first blockchain participating node 101 can be a server. The specific execution subject can be determined according to the actual application scenario. As shown in FIG2, the method includes the following steps:

S201: Receive an authentication request sent by a second blockchain participating node.

The authentication request carries the session domain identity number.

Optionally, when the second blockchain participating node wants to authenticate the identity of the first blockchain participating node, it initiates an authentication request to the first blockchain participating node and indicates the SessionID of the next session.

In one possible implementation, the second blockchain participant node is blockchain participant B, and the first blockchain participant node is blockchain participant A. When blockchain participant B needs to authenticate the identity of blockchain participant A, blockchain participant B initiates an authentication request to blockchain participant A and indicates the SessionID of the next session.

Optionally, before receiving the authentication request sent by the second blockchain participating node, the method further includes:

Verification information is registered at a third-party blockchain node, wherein the verification information includes a correspondence between the biometric data and the identity information of the first user.

Among them, before each blockchain participant performs identity authentication, he or she can first register the correspondence between his or her biometric data (such as fingerprints, irises) and identity information (the identity information can be a virtual identity on the blockchain, such as a blockchain identifier and a public key to represent the blockchain participant) with an authoritative and trusted third party (third-party blockchain node) so that the third-party blockchain node can perform authentication based on the registered information.

The verification information includes the correspondence between the biometric data and the identity information of the first user.

In one possible implementation, each blockchain participant first registers the correspondence between his or her biometric data (such as fingerprints, irises) and identity information (the identity information can be a virtual identity on the blockchain, such as a blockchain identifier and a public key to represent the blockchain participant) with an authoritative and trusted third party.

Optionally, the registration method can be performed offline or online. To ensure security, it is best to collect biometric data (such as fingerprints and irises) offline.

After successful registration, the authoritative third party publishes its own blockchain identifier and public key (third-party blockchain identifier and third-party public key) in the form of a broadcast message signed by a private key on the blockchain. Anyone on the blockchain can use their public key to confirm the identity certificate issued by the third-party blockchain node. The authoritative third party in the embodiment of the present application is a third-party blockchain node.

Optionally, before performing third-party public key encryption processing and first key signature processing on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier, the method further includes:

Receive the third-party blockchain identifier and third-party public key sent by the third-party blockchain node.

Here, before each blockchain participant performs identity authentication, he or she can first register the correspondence between his or her biometric data (such as fingerprints, irises) and identity information (the identity information can be a virtual identity on the blockchain, such as a blockchain identifier and a public key to represent the blockchain participant) with an authoritative and trusted third party (third-party blockchain node) so that the third-party blockchain node can perform authentication based on the registered information.

S202: Acquire a first biometric feature of the first user according to the authentication request.

Optionally, the first user here is a user belonging to the first blockchain participating node. For example, if the first blockchain participating node is a terminal, the first user is a user of the terminal. If the first blockchain node is a server, the first user is a server operator.

Optionally, the first biometric feature here may be a fingerprint feature or an iris feature, or a facial image or the like.

Optionally, the biometric features of the first user may be acquired through a terminal or a collection device. Specifically, the biometric features may be collected through devices such as a camera and a sensor.

In one possible implementation, if blockchain participant A is the first blockchain participating node, blockchain participant A collects its own biometrics such as FingerPrintA’.

S203: Encrypt the first biometric feature using the first key to obtain an encrypted feature.

Among them, the first key here is the private key of the first blockchain participating node.

Optionally, before encrypting the first biometric feature with the first key to obtain the encrypted feature, the method further includes: randomly generating the first key.

In a possible implementation, blockchain participant A randomly generates an encryption key Key (i.e., a first key), uses Key to encrypt FingerPrintA’ to obtain E(FingerPrintA’), and then sends it to blockchain participant B. Among them, E(FingerPrintA’) is an encryption feature.

Here, the first blockchain participating node of the embodiment of the present application can randomly generate a first key, thereby encrypting the information sent to the third-party blockchain node through the first key, further improving the security of identity authentication.

S204: Send the encrypted feature to the second blockchain participating node, so that after receiving the encrypted feature, the second blockchain participating node performs third-party public key encryption and second key signature processing on the encrypted feature, the first blockchain participating node identifier, the second blockchain participating node identifier, the current authorization authentication identifier and the time domain identity identification number to obtain second authentication information, and send the second authentication information to the third-party blockchain node.

In one possible implementation, blockchain participant A randomly generates an encryption key Key, uses Key to encrypt FingerPrintA’, obtains E(FingerPrintA’), and then sends it to blockchain participant B. At the same time, blockchain participant A sends Key and IDa, IDb, and the authorization authentication identifier (Authorization, AuthN) to an authoritative third party (also referred to as a third-party blockchain node in the embodiment of this application). When the above information is sent, it needs to be encrypted with the public key of the authoritative third party and then signed with the private key of blockchain participant A before being sent out. Among them, IDa and IDb are the identifiers in the blockchain corresponding to blockchain participant A and blockchain participant B, namely the first blockchain participating node identifier and the second blockchain participating node identifier.

Optionally, based on the encryption feature E(FingerPrintA’), after blockchain participant B receives E(FingerPrintA’), it sends it together with IDa, IDb, AuthN, and SessionID to the authoritative third party. When sending the above information, it needs to be encrypted with the public key of the authoritative third party and then signed with the private key of blockchain participant B before sending it out. Blockchain participant B also pays the corresponding authentication query fee to the authoritative third party in the blockchain.

S205: Perform third-party public key encryption processing and first key signature processing on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier to obtain first authentication information, and send the first authentication information to the third-party blockchain node, so that after receiving the first authentication information and the second authentication information, the third-party blockchain node associates the first key and the encrypted feature through the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier, and decrypts it to obtain the first biometric feature, compares the first biometric feature with the preset feature in the preset biometric feature library, and sends the comparison result to the second blockchain participating node.

Optionally, when each blockchain participating node registers with a third-party blockchain node, it adds its own preset features to the preset biometric library, and the third-party blockchain node can perform feature comparison and identity authentication based on this feature when performing identity authentication.

Optionally, the authoritative third party receives the information from both parties, associates Key and E (FingerPrintA’) through IDa, IDb, and AuthN, decrypts to obtain FingerPrintA’, and then compares FingerPrintA’ with the matching FingerPrintA in the biometric library. The authoritative third party then signs the comparison result with the private key and sends it to blockchain participant B to complete the authentication.

The present application provides an identity authentication method. For nodes in a blockchain, an authoritative and trusted third party is used to participate in authentication, which can provide secure and reliable authentication. Specifically, if the second blockchain participating node needs to authenticate the first blockchain participating node, the second blockchain participating node initiates an authentication request to the first blockchain participating node. After initiating identity authentication, the embodiment of the present application can generate a random number as a session key distribution to both parties based on the ID and SessionID of the first blockchain participating node and the second blockchain participating node as input. The authoritative and trusted third-party blockchain node centrally stores biometric features and provides biometric feature comparison services for all users. The user's identity comparison can be performed based on the above information, thereby completing the method of completing identity authentication without having to own a private key. The blockchain participants have long-term identity certificates, which also makes it more convenient for the use and authentication of the blockchain participants, reduces the work of the third-party authoritative and trusted organization, and improves the security of the identity authentication of participants in the blockchain.

Optionally, FIG3 is a flow chart of another identity authentication method provided in an embodiment of the present application. The execution subject of the embodiment of the present application is the second blockchain participating node 103 in FIG1 , and the specific execution subject can be determined according to the actual application scenario. As shown in FIG3 , the method includes the following steps:

S301: Initiate an authentication request to the first blockchain participating node, so that the first blockchain participating node obtains the first biometric feature of the first user according to the authentication request, encrypts the first biometric feature by using the first key to obtain the encrypted feature, sends the encrypted feature to the second blockchain participating node, and performs third-party public key encryption and first key signature processing on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier and this authorization authentication identifier to obtain first authentication information, and sends the first authentication information to the third-party blockchain node.

The authentication request carries the session domain identity number.

S302: Receive the encryption feature sent by the first blockchain participating node.

S303: Perform third-party public key encryption processing and second key signature processing on the encrypted feature, the first blockchain participating node identifier, the second blockchain participating node identifier, the current authorization authentication identifier and the time domain identity identification number to obtain second authentication information, and send the second authentication information to the third-party blockchain node, so that after receiving the first authentication information and the second authentication information, the third-party blockchain node associates the first key and the encrypted feature through the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier, and decrypts to obtain the first biometric feature, compares the first biometric feature with the preset feature in the preset biometric feature library, and sends the comparison result to the second blockchain participating node.

S304: Receive the comparison result sent by the third-party blockchain node.

Optionally, after receiving the comparison result sent by the third-party blockchain node, it also includes: initiating a query fee payment application in the blockchain; obtaining the query fee in the blockchain, and performing payment processing based on the query fee.

Among them, blockchain participants can initiate a query fee payment application in the blockchain during the authentication request process to realize automatic payment of identity authentication, thereby improving user experience.

Optionally, FIG4 is a flow chart of another identity authentication method provided in an embodiment of the present application. The execution subject of the embodiment of the present application is the third-party blockchain node 102 in FIG1 , which may be a server, and the specific execution subject may be determined according to the actual application scenario. As shown in FIG4 , the method includes the following steps:

S401: Receive first authentication information sent by a first blockchain participating node and second authentication information sent by a second blockchain participating node.

Among them, the first authentication information is obtained by the first blockchain participating node after receiving the authentication request sent by the second blockchain participating node, obtaining the first biometric feature of the first user according to the authentication request, and performing third-party public key encryption processing and first key signature processing on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier, and the authentication request carries the time domain identity identification number of the session. The second authentication information is obtained by the second blockchain participating node after initiating an authentication request to the first blockchain participating node and receiving the encrypted feature sent by the first blockchain participating node, and performing third-party public key encryption processing and second key signature processing on the encrypted feature, the first blockchain participating node identifier, the second blockchain participating node identifier, the current authorization authentication identifier and the time domain identity identification number.

Optionally, before receiving the first authentication information sent by the first blockchain participating node and the second authentication information sent by the second blockchain participating node, it also includes: broadcasting a third-party blockchain identifier and a third-party public key.

Here, the third-party blockchain node in the embodiment of the present application can broadcast a third-party blockchain identifier and a third-party public key so that other blockchain participating nodes can perform identity authentication based on the third-party blockchain identifier and the third-party public key, thereby improving the security and accuracy of identity authentication.

S402: The first key and the encrypted feature are associated through the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier, and the first biometric feature is decrypted.

Optionally, the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier can all be obtained through the first authentication information sent by the first blockchain participating node and the second authentication information sent by the second blockchain participating node.

S403: Compare the first biometric feature with a preset feature in a preset biometric feature library, and send the comparison result to the second blockchain participating node.

Optionally, sending the comparison result to the second blockchain participating node includes:

Generate a session key based on the first blockchain participating node identifier, the second blockchain participating node identifier and the time domain identity identification number; and send the comparison result and the session key to the second blockchain participating node.

In one possible implementation, before sending the comparison result to blockchain participant B, the authoritative third party generates a session key SessionKey based on IDa, IDb, and SessionID as input, and sends the comparison result and the session key SessionKey to blockchain participant B together.

Optionally, blockchain participant A can initiate an authentication request to blockchain participant B, and use the same SessionID, so that the authoritative third party will generate the same SessionKey, thereby distributing the same key for subsequent sessions and encrypting subsequent sessions.

Here, the third-party blockchain node of the embodiment of the present application can send the comparison result and the session key together to the second blockchain participating node. In the subsequent authentication process, identity authentication can be performed based on the session key. The authoritative third party can obtain the key for this session without waiting for the other party to complete the authentication, thereby ensuring the security of subsequent communications.

Optionally, FIG5 is a flow chart of another identity authentication method provided in an embodiment of the present application. The execution subject of the embodiment of the present application is a system including a first blockchain participating node, a second blockchain participating node and a third-party blockchain node, which may be a server. The specific execution subject may be determined according to the actual application scenario. As shown in FIG5, the method includes the following steps:

S501: The second blockchain participating node initiates an authentication request to the first blockchain participating node.

The authentication request carries the session domain identity number.

S502: After receiving the authentication request sent by the second blockchain participating node, the first blockchain participating node obtains the first biometric feature of the first user according to the authentication request.

S503: The first blockchain participating node encrypts the first biometric feature using the first key to obtain an encrypted feature.

S504: The first blockchain participating node sends the encryption feature to the second blockchain participating node, and performs third-party public key encryption processing and first key signature processing on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier to obtain first authentication information, and send the first authentication information to the third-party blockchain node.

S505: After receiving the encrypted feature, the second blockchain participating node performs third-party public key encryption and second key signature processing on the encrypted feature, the first blockchain participating node identifier, the second blockchain participating node identifier, the current authorization authentication identifier and the time domain identity identification number to obtain second authentication information, and sends the second authentication information to the third-party blockchain node.

S506: After receiving the first authentication information sent by the first blockchain participating node and the second authentication information sent by the second blockchain participating node, the third-party blockchain node associates the first key and the encrypted feature through the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier, and decrypts to obtain the first biometric feature.

S507: The third-party blockchain node compares the first biometric feature with a preset feature in a preset biometric feature library, and sends the comparison result to the second blockchain participating node.

The embodiment of the present application proposes a method of using an authoritative and trusted third party to centrally store biometrics and provide biometric comparison services for all users, which notifies both parties of the comparison results, thereby completing identity authentication without the need for a private key. In order to improve security, this patent directly generates a random number as a session key based on IDa, IDb and SessionID as input to distribute to both parties. In this way, the authoritative third party can obtain the key for this session without waiting for the other party to complete the authentication, thereby ensuring the security of subsequent communications.

The embodiment of the present application also provides an identity authentication system, including a first blockchain participating node, a second blockchain participating node, and a third-party blockchain node;

The second blockchain participating node is used to initiate an authentication request to the first blockchain participating node, wherein the authentication request carries the time domain identity identification number of the session;

The first blockchain participating node is used to obtain a first biometric feature of the first user according to the authentication request after receiving the authentication request sent by the second blockchain participating node;

The first blockchain participating node is used to encrypt the first biometric feature using the first key to obtain an encrypted feature;

The first blockchain participating node is used to send the encryption feature to the second blockchain participating node, and perform third-party public key encryption processing and first key signature processing on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier to obtain first authentication information, and send the first authentication information to the third-party blockchain node;

The second blockchain participating node is used to perform third-party public key encryption processing and second key signature processing on the encrypted feature, the first blockchain participating node identifier, the second blockchain participating node identifier, the current authorization authentication identifier and the time domain identity identification number after receiving the encrypted feature, to obtain second authentication information, and send the second authentication information to the third-party blockchain node;

The third-party blockchain node is used to associate the first key and the encrypted feature through the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier after receiving the first authentication information sent by the first blockchain participating node and the second authentication information sent by the second blockchain participating node, and decrypt to obtain the first biometric feature;

The third-party blockchain node is used to compare the first biometric feature with the preset features in the preset biometric feature library, and send the comparison result to the second blockchain participating node.

FIG6 is a schematic diagram of the structure of an identity authentication device provided in an embodiment of the present application, which is applied to a first blockchain participating node. As shown in FIG6, the device in the embodiment of the present application includes: a first receiving module 601, an acquisition module 602, a first processing module 603, a first sending module 604, and a second processing module 605. The identity authentication device here can be a blockchain server, or a chip or integrated circuit that implements the function of the server. It should be noted here that the division of the first receiving module 601, the acquisition module 602, the first processing module 603, the first sending module 604, and the second processing module 605 is only a division of logical functions. Physically, the two can be integrated or independent.

The first receiving module is used to receive an authentication request sent by the second blockchain participating node, wherein the authentication request carries a time domain identity identification number of the session;

An acquisition module, configured to acquire a first biometric feature of a first user according to an authentication request;

A first processing module, configured to encrypt the first biometric feature using a first key to obtain an encrypted feature;

A first sending module is used to send the encrypted feature to the second blockchain participating node, so that after receiving the encrypted feature, the second blockchain participating node performs a third-party public key encryption process and a second key signature process on the encrypted feature, the first blockchain participating node identifier, the second blockchain participating node identifier, the current authorization authentication identifier and the time domain identity identification number to obtain second authentication information, and send the second authentication information to the third-party blockchain node;

The second processing module is used to perform third-party public key encryption processing and first key signature processing on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier to obtain first authentication information, and send the first authentication information to the third-party blockchain node, so that after receiving the first authentication information and the second authentication information, the third-party blockchain node associates the first key and the encrypted feature through the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier, decrypts and obtains the first biometric feature, compares the first biometric feature with a preset feature in a preset biometric feature library, and sends the comparison result to the second blockchain participating node.

Optionally, before the first processing module encrypts the first biometric feature using the first key to obtain the encrypted feature, the apparatus further includes:

The third processing module is used to randomly generate a first key.

Optionally, before the first receiving module receives the authentication request sent by the second blockchain participating node, the apparatus further includes:

A registration module is used to register verification information in a third-party blockchain node, wherein the verification information includes a correspondence between the first user's biometric data and identity information.

Optionally, before the second processing module performs third-party public key encryption processing and first key signature processing on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier, the above-mentioned device further includes:

The second receiving module is used to receive a third-party blockchain identifier and a third-party public key sent by a third-party blockchain node.

Figure 7 is a schematic diagram of the structure of an identity authentication device provided in an embodiment of the present application. The device may be a server, applied to a first blockchain participating node, and the components, their connections and relationships, and their functions shown herein are merely examples and do not limit the implementation of the present application described and/or required herein.

As shown in FIG. 7 , the identity authentication device includes: a processor 701 and a memory 702, each of which is connected to each other using different buses and can be installed on a common mainboard or installed in other ways as needed. The processor 701 can process instructions executed in the terminal, including instructions for graphic information stored in or on the memory to be displayed on an external input/output device (such as a display device coupled to an interface). In other embodiments, if necessary, multiple processors and/or multiple buses can be used together with multiple memories and multiple memories. FIG. 7 takes a processor 701 as an example.

The memory 702, as a non-transient computer-readable storage medium, can be used to store non-transient software programs, non-transient computer executable programs and modules, such as program instructions/modules corresponding to the method of the identity authentication device in the embodiment of the present application (for example, the first receiving module 601, the acquisition module 602, the first processing module 603, the first sending module 604 and the second processing module 605 shown in FIG. 6). The processor 701 executes various functional applications and data processing of the identity authentication device by running the non-transient software programs, instructions and modules stored in the memory 702, that is, implements the method of the identity authentication device in the above method embodiment.

The identity authentication device may further include: an input device 703 and an output device 704. The processor 701, the memory 702, the input device 703 and the output device 704 may be connected via a bus or other means, and FIG7 takes the bus connection as an example.

The input device 703 can receive input digital or character information, and generate key signal input related to user settings and function control of the identity authentication device, such as a touch screen, a keypad, a mouse, or multiple mouse buttons, a trackball, a joystick and other input devices. The output device 704 can be an output device such as a display device of the identity authentication device. The display device can include, but is not limited to, a liquid crystal display (LCD), a light emitting diode (LED) display and a plasma display. In some embodiments, the display device can be a touch screen.

The identity authentication device of the embodiment of the present application can be used to execute the technical solutions in the above-mentioned method embodiments of the present application. Its implementation principles and technical effects are similar and will not be repeated here.

An embodiment of the present application also provides a computer-readable storage medium, which stores computer-executable instructions. When the computer-executable instructions are executed by a processor, they are used to implement any of the above-mentioned identity authentication methods.

An embodiment of the present application also provides a computer program product, including a computer program, which is used to implement any of the above-mentioned identity authentication methods when executed by a processor.

FIG8 is a schematic diagram of the structure of another identity authentication device provided in an embodiment of the present application, which is applied to the second blockchain participating node. As shown in FIG8, the device in the embodiment of the present application includes: a fourth processing module 801, a third receiving module 802, a fifth processing module 803 and a fourth receiving module 804. The identity authentication device here can be a blockchain server, or a chip or integrated circuit that implements the function of the server. It should be noted here that the division of the fourth processing module 801, the third receiving module 802, the fifth processing module 803 and the fourth receiving module 804 is only a division of logical functions. Physically, the two can be integrated or independent.

Among them, the fourth processing module is used to initiate an authentication request to the first blockchain participating node, so that the first blockchain participating node obtains the first biometric feature of the first user according to the authentication request, encrypts the first biometric feature by using the first key to obtain the encrypted feature, sends the encrypted feature to the second blockchain participating node, and performs third-party public key encryption and first key signature processing on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier to obtain the first authentication information, and sends the first authentication information to the third-party blockchain node, wherein the authentication request carries the time domain identity identification number of the session;

A third receiving module, used to receive the encryption feature sent by the first blockchain participating node;

The fifth processing module is used to perform third-party public key encryption processing and second key signature processing on the encrypted feature, the first blockchain participating node identifier, the second blockchain participating node identifier, the current authorization authentication identifier and the time domain identity identification number to obtain second authentication information, and send the second authentication information to the third-party blockchain node, so that after receiving the first authentication information and the second authentication information, the third-party blockchain node associates the first key and the encrypted feature through the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier, and decrypts to obtain the first biometric feature, compares the first biometric feature with a preset feature in a preset biometric feature library, and sends the comparison result to the second blockchain participating node;

The fourth receiving module is used to receive the comparison result sent by the third-party blockchain node.

Optionally, after the fourth receiving module receives the comparison result sent by the third-party blockchain node, the device further includes:

The payment module is used to initiate a query fee payment application in the blockchain; obtain the query fee in the blockchain, and perform payment processing based on the query fee.

The embodiment of the present application also provides an identity authentication device, which is applied to the second blockchain participating node, and the identity authentication device can be a server. The components shown in this article, their connections and relationships, and their functions are only examples and do not limit the implementation of the present application described and/or required in this article.

The identity authentication device includes: a processor and a memory, each of which is interconnected by different buses and can be installed on a common motherboard or installed in other ways as needed. The processor can process instructions executed in the identity authentication device, including instructions for graphical information stored in or on the memory for display on an external input/output device (such as a display device coupled to the interface). In other embodiments, if necessary, multiple processors and/or multiple buses can be used with multiple memories and multiple memories.

As a non-transient computer-readable storage medium, the memory can be used to store non-transient software programs, non-transient computer executable programs and modules, such as the program instructions/modules corresponding to the method of the identity authentication device in the embodiment of the present application (for example, the fourth processing module 801, the third receiving module 802, the fifth processing module 803 and the fourth receiving module 804 shown in Figure 8). The processor executes various functional applications and identity authentication methods by running the non-transient software programs, instructions and modules stored in the memory, that is, the method of the identity authentication device in the above method embodiment is implemented.

The identity authentication device may further include: an input device and an output device. The processor, the memory, the input device and the output device may be connected via a bus or other means.

The input device can receive input digital or character information, and generate key signal input related to user settings and function control of the identity authentication device, such as a touch screen, a keypad, a mouse, or multiple mouse buttons, a trackball, a joystick and other input devices. The output device can be an output device such as a display device of the identity authentication device. The display device can include, but is not limited to, a liquid crystal display (LCD), a light emitting diode (LED) display and a plasma display. In some embodiments, the display device can be a touch screen.

The identity authentication device of the embodiment of the present application can be used to execute the technical solutions in the above-mentioned method embodiments of the present application. Its implementation principles and technical effects are similar and will not be repeated here.

An embodiment of the present application also provides a computer-readable storage medium, which stores computer-executable instructions. When the computer-executable instructions are executed by a processor, they are used to implement any of the above-mentioned identity authentication methods.

An embodiment of the present application also provides a computer program product, including a computer program, which is used to implement any of the above-mentioned identity authentication methods when executed by a processor.

FIG9 is a schematic diagram of the structure of another identity authentication device provided in an embodiment of the present application, which is applied to a third-party blockchain node. As shown in FIG9 , the device in the embodiment of the present application includes: a fifth receiving module 901, a sixth processing module 902, and a seventh processing module 903. The identity authentication device here can be a blockchain server, or a chip or integrated circuit that implements the function of the server. It should be noted here that the division of the fifth receiving module 901, the sixth processing module 902, and the seventh processing module 903 is only a division of logical functions. Physically, the two can be integrated or independent.

Among them, the fifth receiving module is used to receive the first authentication information sent by the first blockchain participating node and the second authentication information sent by the second blockchain participating node, wherein the first authentication information is obtained by the first blockchain participating node after receiving the authentication request sent by the second blockchain participating node, and obtaining the first biometric feature of the first user according to the authentication request, and performing third-party public key encryption processing and first key signature processing on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier, and the current authorization authentication identifier, and the authentication request carries the time domain identity identification number of the session, and the second authentication information is obtained by the second blockchain participating node after initiating an authentication request to the first blockchain participating node and receiving the encrypted feature sent by the first blockchain participating node, and performing third-party public key encryption processing and second key signature processing on the encrypted feature, the first blockchain participating node identifier, the second blockchain participating node identifier, the current authorization authentication identifier, and the time domain identity identification number;

A sixth processing module, configured to associate the first key and the encrypted feature through the first blockchain participating node identifier, the second blockchain participating node identifier, and the current authorization authentication identifier, and decrypt the first key to obtain the first biometric feature;

The seventh processing module is used to compare the first biometric feature with a preset feature in a preset biometric feature library, and send the comparison result to the second blockchain participating node.

Optionally, the seventh processing module is specifically used for:

Generate a session key based on the first blockchain participating node identifier, the second blockchain participating node identifier and the time domain identity identification number; and send the comparison result and the session key to the second blockchain participating node.

Optionally, before the fifth receiving module receives the first authentication information sent by the first blockchain participating node and the second authentication information sent by the second blockchain participating node, the above-mentioned device further includes:

The broadcast module is used to broadcast the third-party blockchain identifier and third-party public key.

The embodiment of the present application also provides an identity authentication device, which is applied to a third-party blockchain node, and the identity authentication device can be a server. The components shown in this article, their connections and relationships, and their functions are only examples and do not limit the implementation of the present application described and/or required in this article.

The identity authentication device includes: a processor and a memory, each of which is interconnected by different buses and can be installed on a common motherboard or installed in other ways as needed. The processor can process instructions executed in the identity authentication device, including instructions for graphical information stored in or on the memory for display on an external input/output device (such as a display device coupled to the interface). In other embodiments, if necessary, multiple processors and/or multiple buses can be used with multiple memories and multiple memories.

As a non-transient computer-readable storage medium, the memory can be used to store non-transient software programs, non-transient computer executable programs and modules, such as the program instructions/modules corresponding to the method of the identity authentication device in the embodiment of the present application (for example, the fifth receiving module 901, the sixth processing module 902 and the seventh processing module 903 shown in Figure 9). The processor executes various functional applications and identity authentication methods by running the non-transient software programs, instructions and modules stored in the memory, that is, the method of the identity authentication device in the above method embodiment is implemented.

The identity authentication device may further include: an input device and an output device. The processor, the memory, the input device and the output device may be connected via a bus or other means.

The input device can receive input digital or character information, and generate key signal input related to user settings and function control of the identity authentication device, such as a touch screen, a keypad, a mouse, or multiple mouse buttons, a trackball, a joystick and other input devices. The output device can be an output device such as a display device of the identity authentication device. The display device can include, but is not limited to, a liquid crystal display (LCD), a light emitting diode (LED) display and a plasma display. In some embodiments, the display device can be a touch screen.

The identity authentication device of the embodiment of the present application can be used to execute the technical solutions in the above-mentioned method embodiments of the present application. Its implementation principles and technical effects are similar and will not be repeated here.

An embodiment of the present application also provides a computer-readable storage medium, which stores computer-executable instructions. When the computer-executable instructions are executed by a processor, they are used to implement any of the above-mentioned identity authentication methods.

An embodiment of the present application also provides a computer program product, including a computer program, which is used to implement any of the above-mentioned identity authentication methods when executed by a processor.

In the several embodiments provided in the present application, it should be understood that the disclosed systems, devices and methods can be implemented in other ways. For example, the device embodiments described above are only schematic. For example, the division of units is only a logical function division. There may be other division methods in actual implementation, such as multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed. Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be an indirect coupling or communication connection through some interfaces, devices or units, which can be electrical, mechanical or other forms.

In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above-mentioned integrated unit may be implemented in the form of hardware or in the form of software functional units.

Those skilled in the art will readily appreciate other embodiments of the present disclosure after considering the specification and practicing the application disclosed herein. This application is intended to cover any variations, uses or adaptations of the present disclosure, which follow the general principles of the present disclosure and include common knowledge or customary techniques in the art that are not disclosed in the present disclosure. The specification and examples are intended to be exemplary only, and the true scope and spirit of the present disclosure are indicated by the following claims.

It should be understood that the present disclosure is not limited to the exact structures that have been described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (11)

1. An identity authentication method, characterized in that it is applied to a first blockchain participating node, comprising: Receiving an authentication request sent by a second blockchain participating node, wherein the authentication request carries a time domain identity identification number of the session; Acquiring a first biometric feature of the first user according to the authentication request; Encrypting the first biometric feature using a first key to obtain an encrypted feature; The encrypted feature is sent to the second blockchain participating node, so that after receiving the encrypted feature, the second blockchain participating node performs third-party public key encryption processing and second key signature processing on the encrypted feature, the first blockchain participating node identifier, the second blockchain participating node identifier, the current authorization authentication identifier and the time domain identity identification number to obtain second authentication information, and sends the second authentication information to the third-party blockchain node; the third-party public key is sent by the third-party blockchain node; the third-party blockchain node is an authoritative and trusted third party; The first key, the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier are encrypted by a third-party public key and signed by a first key to obtain first authentication information, and the first authentication information is sent to a third-party blockchain node, so that after receiving the first authentication information and the second authentication information, the third-party blockchain node associates the first key with the encrypted feature through the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier, and decrypts to obtain the first biometric feature, compares the first biometric feature with a preset feature in a preset biometric feature library, and sends the comparison result and a session key to the second blockchain participating node; the session key is generated according to the first blockchain participating node identifier, the second blockchain participating node identifier and the time domain identity identification number. 2. The method according to claim 1, characterized in that before encrypting the first biometric feature with the first key to obtain the encrypted feature, it also includes: A first key is randomly generated. 3. The method according to claim 1 or 2, characterized in that before receiving the authentication request sent by the second blockchain participating node, it also includes: Verification information is registered at a third-party blockchain node, wherein the verification information includes a correspondence between the biometric data and the identity information of the first user. 4. The method according to claim 3 is characterized in that before the third-party public key encryption processing and the first key signature processing are performed on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier, the method further comprises: Receive the third-party blockchain identifier and third-party public key sent by the third-party blockchain node. 5. An identity authentication method, characterized in that it is applied to a second blockchain participating node, comprising: Initiate an authentication request to the first blockchain participating node, so that the first blockchain participating node obtains the first biometric feature of the first user according to the authentication request, encrypts the first biometric feature by using the first key to obtain the encrypted feature, sends the encrypted feature to the second blockchain participating node, and performs third-party public key encryption and first key signature processing on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier to obtain first authentication information, and sends the first authentication information to the third-party blockchain node, wherein the authentication request carries the time domain identity identification number of the session; the third-party public key is sent by the third-party blockchain node; Receiving the encrypted feature sent by the first blockchain participating node; Performing third-party public key encryption processing and second key signature processing on the encrypted feature, the first blockchain participating node identifier, the second blockchain participating node identifier, the current authorization authentication identifier and the time domain identity identification number to obtain second authentication information, and sending the second authentication information to the third-party blockchain node, so that after receiving the first authentication information and the second authentication information, the third-party blockchain node associates the first key with the encrypted feature through the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier, and decrypts to obtain the first biometric feature, compares the first biometric feature with a preset feature in a preset biometric feature library, and sends the comparison result and a session key to the second blockchain participating node; the session key is generated according to the first blockchain participating node identifier, the second blockchain participating node identifier and the time domain identity identification number; Receive the comparison result sent by the third-party blockchain node. 6. The method according to claim 5, characterized in that after receiving the comparison result sent by the third-party blockchain node, it also includes: Initiate a query fee payment request in the blockchain; Obtain query fees in the blockchain and perform payment processing based on the query fees. 7. An identity authentication method, characterized in that it is applied to a third-party blockchain node, comprising: Broadcast the third-party blockchain identity and third-party public key; Receive first authentication information sent by a first blockchain participating node and second authentication information sent by a second blockchain participating node, wherein the first authentication information is obtained by the first blockchain participating node, after receiving an authentication request sent by the second blockchain participating node, obtaining the first biometric feature of the first user according to the authentication request, and performing third-party public key encryption processing and first key signature processing on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier, and the current authorization authentication identifier, the authentication request carries the time domain identity identification number of the session, and the second authentication information is obtained by the second blockchain participating node, after initiating an authentication request to the first blockchain participating node and receiving the encrypted feature sent by the first blockchain participating node, performing third-party public key encryption processing and second key signature processing on the encrypted feature, the first blockchain participating node identifier, the second blockchain participating node identifier, the current authorization authentication identifier, and the time domain identity identification number; By using the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier, the first key and the encrypted feature are associated, and the first biometric feature is decrypted to obtain the first biometric feature; Compare the first biometric feature with a preset feature in a preset biometric feature library, and send the comparison result to the second blockchain participating node; The sending the comparison result to the second blockchain participating node includes: Generate a session key according to the first blockchain participating node identifier, the second blockchain participating node identifier and the time domain identity identification number; The comparison result and the session key are sent to the second blockchain participating node. 8. An identity authentication system, characterized by comprising a first blockchain participating node, a second blockchain participating node and a third-party blockchain node; The second blockchain participating node is used to initiate an authentication request to the first blockchain participating node, wherein the authentication request carries a time domain identity identification number of the session; The third-party blockchain node is used to broadcast the third-party blockchain identifier and the third-party public key; The first blockchain participating node is used to obtain a first biometric feature of the first user according to the authentication request after receiving the authentication request sent by the second blockchain participating node; The first blockchain participating node is used to encrypt the first biometric feature using a first key to obtain an encrypted feature; The first blockchain participating node is used to send the encryption feature to the second blockchain participating node, receive the third-party blockchain identifier and the third-party public key sent by the third-party blockchain node, and perform third-party public key encryption processing and first key signature processing on the first key, the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier to obtain first authentication information, and send the first authentication information to the third-party blockchain node; The second blockchain participating node is used to perform third-party public key encryption processing and second key signature processing on the encryption feature, the first blockchain participating node identifier, the second blockchain participating node identifier, the current authorization authentication identifier and the time domain identity identification number after receiving the encryption feature, to obtain second authentication information, and send the second authentication information to the third-party blockchain node; The third-party blockchain node is used to associate the first key with the encrypted feature through the first blockchain participating node identifier, the second blockchain participating node identifier and the current authorization authentication identifier after receiving the first authentication information sent by the first blockchain participating node and the second authentication information sent by the second blockchain participating node, and decrypt to obtain the first biometric feature; The third-party blockchain node is used to compare the first biometric feature with a preset feature in a preset biometric feature library, and send the comparison result to the second blockchain participating node; When the third-party blockchain node sends the comparison result to the second blockchain participating node, it is specifically used to generate a session key according to the first blockchain participating node identifier, the second blockchain participating node identifier and the time domain identity identification number; and send the comparison result and the session key to the second blockchain participating node. 9. An identity authentication device, comprising: at least one processor; and a memory communicatively connected to the at least one processor; wherein, The memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor to enable the at least one processor to perform any one of claims 1 to 4, any one of claims 5 or 6, or the method of claim 7. 10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores computer-executable instructions, which, when executed by a processor, are used to implement any one of claims 1 to 4, execute any one of claims 5 or 6, or execute the identity authentication method as claimed in claim 7. 11. A computer program product, comprising a computer program, characterized in that when the computer program is executed by a processor, it implements any one of claims 1 to 4, executes any one of claims 5 or 6, or executes the method according to claim 7.