CN115396087B - Identity authentication method, device, equipment and medium based on temporary identity certificate - Google Patents

Abstract

The application provides an identity authentication method, device, equipment and medium based on a temporary identity certificate, wherein the method is applied to a first blockchain participation node and comprises the following steps: responding to an authentication request sent by a second blockchain participation node, and acquiring a first biological characteristic of a first user; generating a temporary encryption key; performing third party public key encryption processing and first private key signature processing on the temporary encryption key, the first blockchain participation node identifier, the second blockchain participation node identifier and the first biological feature to obtain authentication information, and sending the authentication information to a third party blockchain node so that the third party blockchain node can issue a temporary identity certificate to the first blockchain participation node and broadcast the temporary identity certificate to the blockchain; and acquiring a temporary identity certificate, and sending the temporary identity certificate to a second blockchain participation node so that the second blockchain participation node performs identity authentication on the first blockchain participation node according to the temporary identity certificate.

Description

Identity authentication method, device, equipment and medium based on temporary identity certificate

Technical Field

The present application relates to the field of communication technology, and in particular to an identity authentication method, device, equipment and medium based on a temporary identity certificate.

Background technique

Blockchain is a chain of blocks. Each block stores certain information, and they are connected into a chain in the order of their generation. This chain is stored in all servers. As long as there is a server in the entire system that can work, the entire blockchain is safe. These servers are called nodes in the blockchain system, and they provide storage space and computing power support for the entire blockchain system.

User authentication in the current blockchain relies on the user's private key. Whoever has the private key corresponding to the public key claiming the user's identity is the correct user. The user must strictly protect the security of the private key. Once the private key is lost or leaked, all assets in the blockchain will be irrecoverable. At present, the identity authentication method in the blockchain is usually to use the password as the private key for authentication.

However, using a password as a private key is easy to be leaked or cracked, and the authentication method in the prior art has a technical problem of low security.

Summary of the invention

The present application provides an identity authentication method, apparatus, device and medium based on a temporary identity certificate to solve the technical problems in the prior art that passwords are used as private keys and are easily leaked or cracked, and the authentication method has low security.

In a first aspect, the present application provides an identity authentication method based on a temporary identity certificate, which is applied to a first blockchain participating node, including:

In response to the authentication request sent by the second blockchain participating node, obtaining a first biometric feature of the first user;

Generate a temporary encryption key;

The temporary encryption key, the first blockchain participating node identifier, the second blockchain participating node identifier, and the first biometric feature are encrypted with a third-party public key and signed with a first private key to obtain authentication information, and the authentication information is sent to a third-party blockchain node, so that after the third-party blockchain node successfully verifies the first private key signature, it decrypts the authentication information with the third-party private key to obtain the first blockchain participating node identifier and the first biometric feature, and compares the first biometric feature with a preset biometric feature library. If the comparison is successful, a temporary identity certificate is issued to the first blockchain participating node, and the temporary identity certificate is broadcast to the blockchain;

Obtain the temporary identity certificate, and send the temporary identity certificate to the second blockchain participating node, so that the second blockchain participating node performs identity authentication on the first blockchain participating node based on the temporary identity certificate.

Here, the present application provides an identity authentication method based on a temporary identity certificate. For the nodes in the blockchain, an authoritative and trusted third party is used to participate in the authentication. By issuing a temporary identity certificate, a secure and reliable authentication can be provided for other nodes. If the second blockchain participating node needs to authenticate the first blockchain participating node, it is not necessary to master the private key of the first blockchain participating node, thereby improving security. Specifically, if the second blockchain participating node needs to authenticate the first blockchain participating node, the second blockchain participating node initiates an authentication request to the first blockchain participating node. The first blockchain participating node can request a temporary identity certificate from the authoritative third party, that is, the third-party blockchain node, based on the authentication request. The third-party blockchain participating node can issue a temporary identity certificate based on the temporary encryption key sent by the first blockchain participating node, the first blockchain participating node identifier, the second blockchain participating node identifier, and the first biometric feature. The first blockchain participating node can obtain a temporary identity certificate on the blockchain and send it to the second blockchain participating node to achieve authentication, thereby completing the method of achieving identity authentication without the need to have a private key, thereby improving the security of identity authentication of participants in the blockchain.

Optionally, before obtaining the temporary identity certificate, the method further includes:

Initiate a query fee payment request in the blockchain;

Accordingly, after sending the temporary identity certificate to the second blockchain participating node, the method further includes:

Obtain query fees in the blockchain and perform payment processing based on the query fees.

Among them, blockchain participants can initiate a query fee payment application in the blockchain during the authentication request process to realize automatic payment of identity authentication, thereby improving user experience.

Optionally, before obtaining the first biometric feature of the first user in response to the authentication request sent by the second blockchain participating node, the method further includes:

Verification information is registered at a third-party blockchain node, wherein the verification information includes a correspondence between the biometric data and the identity information of the first user.

Among them, before each blockchain participant performs identity authentication, he or she can first register the correspondence between his or her biometric data (such as fingerprints, irises) and identity information (the identity information can be a virtual identity on the blockchain, such as a blockchain identifier and a public key to represent the blockchain participant) with an authoritative and trusted third party (third-party blockchain node) so that the third-party blockchain node can perform authentication based on the registered information.

Optionally, after registering the verification information in the third-party blockchain node, the method further includes:

Receive the third-party blockchain identifier and third-party public key sent by the third-party blockchain node.

In the second aspect, the present application provides an identity authentication method based on a temporary identity certificate, which is applied to a third-party blockchain node, including:

Receiving authentication information sent by the first blockchain participating node, wherein the authentication information is obtained by the first blockchain participating node in response to the authentication request sent by the second blockchain participating node, and obtaining the first biometric feature of the first user; generating a temporary encryption key; performing third-party public key encryption processing and first private key signing processing on the temporary encryption key, the first blockchain participating node identifier, the second blockchain participating node identifier, and the first biometric feature;

After the first private key signature is successfully verified, the authentication information is decrypted using the third-party private key to obtain the first blockchain participating node identifier and the first biometric feature;

Comparing the first biometric feature with a preset biometric feature library;

If the comparison is successful, a temporary identity certificate is issued to the first blockchain participating node, and the temporary identity certificate is broadcast to the blockchain, so that the first blockchain participating node obtains the temporary identity certificate, and the temporary identity certificate is sent to the second blockchain participating node, wherein the temporary identity certificate is used by the second blockchain participating node to authenticate the first blockchain participating node.

Here, the identity authentication method based on temporary identity certificates provided in this application is applied to a third-party blockchain node, that is, an authoritative third party. This third-party blockchain node centrally stores biometric features, provides biometric feature matching services for all users, and issues temporary identity certificates to other blockchain participating nodes after the matching is successful, thereby completing identity authentication without the need to possess a private key, thereby improving the accuracy and security of identity authentication in the blockchain.

Optionally, comparing the first biometric feature according to a preset biometric feature library includes:

According to the first blockchain participating node identifier in the authentication information, query in a preset biometric database to determine a preset biometric corresponding to the first blockchain participating node identifier;

The preset biometric feature is compared with the first biometric feature.

Among them, the third-party blockchain participating node in the present application can determine the preset biometric corresponding to the first blockchain participating node in the preset biometric library based on the first blockchain participating node identifier in the authentication information, thereby identifying the identity of the first blockchain participating node, achieving accurate and efficient identity identification and authentication, further improving the security and stability of identity authentication, and improving the security of blockchain information transmission.

Optionally, issuing a temporary identity certificate to the first blockchain participating node includes:

A temporary identity certificate signed by the third-party blockchain participating node is issued to the first blockchain participating node, wherein the temporary identity certificate includes the first blockchain participating node identifier, the second blockchain participating node identifier, current time information, a random number, and an encryption result obtained by encrypting the random number with the temporary encryption key.

Here, when the third-party blockchain node of the present application issues a temporary identity certificate for the first blockchain participating node, the temporary identity certificate includes the first blockchain participating node identifier, the second blockchain participating node identifier, current time information, a random number, and an encryption result obtained by encrypting the random number with a temporary encryption key, so as to facilitate accurate and secure authentication of the second blockchain participating node.

In a third aspect, the present application provides an identity authentication method based on a temporary identity certificate, which is applied to a second blockchain participating node, including:

Send an authentication request to the first blockchain participating node, so that the first blockchain participating node responds to the authentication request and obtains the first biometric feature of the first user; generates a temporary encryption key; performs third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first blockchain participating node identifier, the second blockchain participating node identifier and the first biometric feature to obtain authentication information, and sends the authentication information to the third-party blockchain node; obtains a temporary identity certificate, and sends the temporary identity certificate to the second blockchain participating node, wherein the authentication information is used by the third-party blockchain node to decrypt the authentication information through the third-party private key after successfully verifying the first private key signature, obtain the first blockchain participating node identifier and the first biometric feature, and compare the first biometric feature according to a preset biometric feature library. If the comparison is successful, a temporary identity certificate is issued to the first blockchain participating node, and the temporary identity certificate is broadcast to the blockchain;

Receiving a temporary identity certificate sent by the first blockchain participating node;

According to the temporary identity certificate, the identity of the first blockchain participating node is authenticated.

Here, the identity authentication method based on temporary identity certificate provided in this application is applied to the second blockchain participating node that initiates authentication. When the second blockchain participating node needs to initiate identity authentication for other nodes, namely the first blockchain participating node, it sends an authentication request to the first blockchain participating node. The first blockchain participating node will request a temporary identity certificate from the third-party blockchain node based on this authentication request. The second blockchain participating node can perform identity authentication on the first blockchain participating node based on this temporary identity certificate. Identity authentication can be achieved without having the private key of the first blockchain participating node, thereby improving the security and reliability of identity authentication.

Optionally, the temporary identity certificate includes the first blockchain participating node identifier, the second blockchain participating node identifier, current time information, a random number, and an encryption result obtained by encrypting the random number with the temporary encryption key;

Correspondingly, receiving the temporary identity certificate sent by the first blockchain participating node includes:

Receiving the temporary identity certificate and the temporary encryption key sent by the first blockchain participating node;

The step of authenticating the first blockchain participating node according to the temporary identity certificate includes:

Encrypt the random number in the temporary identity certificate according to the temporary encryption key to obtain an authentication encryption result;

The identity of the first blockchain participating node is authenticated according to the authentication encryption result and the encryption result obtained by encrypting the random number with the temporary encryption key.

Here, the second blockchain participating node provided by the present application can authenticate the temporary identity certificate, thereby realizing identity authentication of the first blockchain participating node, and compare the encryption result obtained by encrypting the random number with the temporary encryption key in the temporary identity certificate, without obtaining the private key of the first blockchain participating node, thereby further improving the security of identity authentication.

In a fourth aspect, the present application provides an identity authentication method based on a temporary identity certificate, which is applied to an identity authentication system including a first blockchain participating node, a second blockchain participating node, and a third-party blockchain node, the method comprising:

The second blockchain participating node sends an authentication request to the first blockchain participating node;

The first blockchain participating node obtains a first biometric feature of the first user in response to the authentication request sent by the second blockchain participating node;

The first blockchain participating node generates a temporary encryption key;

The first blockchain participating node performs third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first blockchain participating node identifier, the second blockchain participating node identifier, and the first biometric feature to obtain authentication information;

The first blockchain participating node sends the authentication information to the third-party blockchain node;

After successfully verifying the signature of the first private key, the third-party blockchain node decrypts the authentication information using the third-party private key to obtain the first blockchain participating node identifier and the first biometric feature;

The third-party blockchain node compares the first biometric feature with a preset biometric feature library;

If the comparison is successful, the third-party blockchain node issues a temporary identity certificate to the first blockchain participating node and broadcasts the temporary identity certificate to the blockchain;

The first blockchain participating node obtains the temporary identity certificate, and sends the temporary identity certificate to the second blockchain participating node;

The second blockchain participating node receives the temporary identity certificate sent by the first blockchain participating node;

The second blockchain participating node performs identity authentication on the first blockchain participating node based on the temporary identity certificate.

In a fifth aspect, the present application provides an identity authentication device based on a temporary identity certificate, which is applied to a first blockchain participating node, including:

A first acquisition module, configured to acquire a first biometric feature of a first user in response to an authentication request sent by a second blockchain participating node;

A generation module, used for generating a temporary encryption key;

A first processing module is used to perform third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first blockchain participating node identifier, the second blockchain participating node identifier and the first biometric feature to obtain authentication information, and send the authentication information to a third-party blockchain node, so that the third-party blockchain node decrypts the authentication information by using the third-party private key after successfully verifying the first private key signature, obtains the first blockchain participating node identifier and the first biometric feature, compares the first biometric feature according to a preset biometric feature library, and if the comparison is successful, issues a temporary identity certificate to the first blockchain participating node, and broadcasts the temporary identity certificate to the blockchain;

The second processing module is used to obtain the temporary identity certificate and send the temporary identity certificate to the second blockchain participating node, so that the second blockchain participating node performs identity authentication on the first blockchain participating node according to the temporary identity certificate.

Optionally, before the second processing module obtains the temporary identity certificate, the apparatus further includes:

The payment initiation module is used to initiate a query fee payment application in the blockchain;

Correspondingly, after the second processing module sends the temporary identity certificate to the second blockchain participating node, the above-mentioned device further includes:

The payment processing module is used to obtain the query fee in the blockchain and perform payment processing based on the query fee.

Optionally, before the first acquisition module acquires the first biometric feature of the first user in response to the authentication request sent by the second blockchain participating node, the apparatus further includes:

A registration module is used to register verification information in a third-party blockchain node, wherein the verification information includes a correspondence between the biometric data and the identity information of the first user.

Optionally, after the registration module registers the verification information in the third-party blockchain node, it also includes:

The first receiving module is used to receive a third-party blockchain identifier and a third-party public key sent by a third-party blockchain node.

In a sixth aspect, the present application provides an identity authentication device based on a temporary identity certificate, which is applied to a third-party blockchain node, including:

A second receiving module is used to receive authentication information sent by the first blockchain participating node, wherein the authentication information is obtained by the first blockchain participating node in response to the authentication request sent by the second blockchain participating node, obtaining the first biometric feature of the first user; generating a temporary encryption key; and performing third-party public key encryption processing and first private key signing processing on the temporary encryption key, the first blockchain participating node identifier, the second blockchain participating node identifier, and the first biometric feature;

A third processing module is used to decrypt the authentication information by using a third-party private key after successfully verifying the signature of the first private key, so as to obtain the first blockchain participating node identifier and the first biometric feature;

A comparison module, used for comparing the first biometric feature with a preset biometric feature library;

The fourth processing module is used to issue a temporary identity certificate to the first blockchain participating node if the comparison is successful, and broadcast the temporary identity certificate to the blockchain so that the first blockchain participating node obtains the temporary identity certificate, and sends the temporary identity certificate to the second blockchain participating node, wherein the temporary identity certificate is used by the second blockchain participating node to authenticate the first blockchain participating node.

Optionally, the comparison module is specifically used for:

According to the first blockchain participating node identifier in the authentication information, query in a preset biometric database to determine a preset biometric corresponding to the first blockchain participating node identifier;

The preset biometric feature is compared with the first biometric feature.

Optionally, the fourth processing module is specifically configured to:

A temporary identity certificate signed by the third-party blockchain participating node is issued to the first blockchain participating node, wherein the temporary identity certificate includes the first blockchain participating node identifier, the second blockchain participating node identifier, current time information, a random number, and an encryption result obtained by encrypting the random number with the temporary encryption key.

In a seventh aspect, the present application provides an identity authentication device based on a temporary identity certificate, which is applied to a second blockchain participating node, including:

A first sending module is used to send an authentication request to a first blockchain participating node, so that the first blockchain participating node responds to the authentication request and obtains a first biometric feature of the first user; generates a temporary encryption key; performs third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first blockchain participating node identifier, the second blockchain participating node identifier and the first biometric feature to obtain authentication information, and sends the authentication information to the third-party blockchain node; obtains a temporary identity certificate, and sends the temporary identity certificate to the second blockchain participating node, wherein the authentication information is used by the third-party blockchain node to decrypt the authentication information through the third-party private key after successfully verifying the first private key signature, obtain the first blockchain participating node identifier and the first biometric feature, and compare the first biometric feature according to a preset biometric feature library. If the comparison is successful, a temporary identity certificate is issued to the first blockchain participating node, and the temporary identity certificate is broadcast to the blockchain;

A third receiving module, used to receive a temporary identity certificate sent by the first blockchain participating node;

An authentication module is used to perform identity authentication on the first blockchain participating node based on the temporary identity certificate.

Optionally, the temporary identity certificate includes the first blockchain participating node identifier, the second blockchain participating node identifier, current time information, a random number, and an encryption result obtained by encrypting the random number with the temporary encryption key;

Accordingly, the third receiving module is specifically used for:

Receiving the temporary identity certificate and the temporary encryption key sent by the first blockchain participating node;

The authentication module is specifically used for:

Encrypt the random number in the temporary identity certificate according to the temporary encryption key to obtain an authentication encryption result;

The identity of the first blockchain participating node is authenticated according to the authentication encryption result and the encryption result obtained by encrypting the random number with the temporary encryption key.

In an eighth aspect, the present application provides an identity authentication device based on a temporary identity certificate, comprising: at least one processor and a memory;

The memory stores computer-executable instructions;

The at least one processor executes the computer-executable instructions stored in the memory, so that the at least one processor performs the identity authentication method based on a temporary identity certificate as described in the first aspect and various possible designs of the first aspect.

In a ninth aspect, the present application provides an identity authentication device based on a temporary identity certificate, comprising: at least one processor and a memory;

The memory stores computer-executable instructions;

The at least one processor executes the computer-executable instructions stored in the memory, so that the at least one processor performs the identity authentication method based on a temporary identity certificate as described in the second aspect and various possible designs of the second aspect.

In a tenth aspect, the present application provides an identity authentication device based on a temporary identity certificate, comprising: at least one processor and a memory;

The memory stores computer-executable instructions;

The at least one processor executes the computer-executable instructions stored in the memory, so that the at least one processor performs the identity authentication method based on a temporary identity certificate as described in the third aspect and various possible designs of the third aspect.

In the eleventh aspect, the present application provides a computer-readable storage medium, which stores computer execution instructions. When the processor executes the computer execution instructions, the identity authentication method based on the temporary identity certificate as described in the first aspect and various possible designs of the first aspect is implemented.

In the twelfth aspect, the present application provides a computer-readable storage medium, which stores computer execution instructions. When the processor executes the computer execution instructions, it implements the identity authentication method based on the temporary identity certificate as described in the second aspect and various possible designs of the second aspect.

In the thirteenth aspect, the present application provides a computer-readable storage medium, which stores computer execution instructions. When the processor executes the computer execution instructions, it implements the identity authentication method based on the temporary identity certificate as described in the third aspect and various possible designs of the third aspect.

In a fourteenth aspect, the present application provides a computer program product, including a computer program. When the computer program is executed by a processor, it implements the identity authentication method based on a temporary identity certificate as described in the first aspect and various possible designs of the first aspect.

In a fifteenth aspect, the present application provides a computer program product, including a computer program. When the computer program is executed by a processor, it implements the identity authentication method based on a temporary identity certificate as described in the second aspect and various possible designs of the second aspect.

In a sixteenth aspect, the present application provides a computer program product, including a computer program. When the computer program is executed by a processor, it implements the identity authentication method based on a temporary identity certificate as described in the third aspect and various possible designs of the third aspect.

The present application provides an identity authentication method, device, server and storage medium based on a temporary identity certificate, wherein the method provides an identity authentication method based on a temporary identity certificate. For nodes in a blockchain, an authoritative and trusted third party is used to participate in the authentication, which can provide safe and reliable authentication. Specifically, if the second blockchain participating node needs to authenticate the first blockchain participating node, the second blockchain participating node initiates an authentication request to the first blockchain participating node. The first blockchain participating node can request a temporary identity certificate from the authoritative third party, i.e., the third-party blockchain node, based on the authentication request. The third-party blockchain participating node can issue a temporary identity certificate based on the temporary encryption key sent by the first blockchain participating node, the first blockchain participating node identifier, the second blockchain participating node identifier and the first biometric feature, etc. The first blockchain participating node can obtain the temporary identity certificate on the blockchain and send it to the second blockchain participating node to achieve authentication, thereby completing the method of achieving identity authentication without the need to possess a private key, thereby improving the security of identity authentication of participants in the blockchain.

BRIEF DESCRIPTION OF THE DRAWINGS

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings required for use in the embodiments or the description of the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present application. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying creative labor.

FIG1 is a schematic diagram of an identity authentication system architecture based on a temporary identity certificate provided in an embodiment of the present application;

FIG2 is a schematic diagram of a flow chart of an identity authentication method based on a temporary identity certificate provided in an embodiment of the present application;

FIG3 is a flow chart of another identity authentication method based on a temporary identity certificate provided in an embodiment of the present application;

FIG4 is a schematic diagram of a flow chart of another identity authentication method based on a temporary identity certificate provided in an embodiment of the present application;

FIG5 is a flow chart of another identity authentication method based on a temporary identity certificate provided in an embodiment of the present application;

FIG6 is a schematic diagram of the structure of an identity authentication device based on a temporary identity certificate provided in an embodiment of the present application;

FIG7 is a schematic diagram of the structure of an identity authentication device based on a temporary identity certificate provided in an embodiment of the present application;

FIG8 is a schematic diagram of the structure of another identity authentication device based on a temporary identity certificate provided in an embodiment of the present application;

FIG9 is a schematic diagram of the structure of another identity authentication device based on a temporary identity certificate provided in an embodiment of the present application.

The above drawings have shown clear embodiments of the present disclosure, which will be described in more detail below. These drawings and text descriptions are not intended to limit the scope of the present disclosure in any way, but to illustrate the concepts of the present disclosure to those skilled in the art by referring to specific embodiments.

Detailed ways

Exemplary embodiments will be described in detail herein, examples of which are shown in the accompanying drawings. When the following description refers to the drawings, unless otherwise indicated, the same numbers in different drawings represent the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present disclosure. Instead, they are merely examples of devices and methods consistent with some aspects of the present disclosure as detailed in the appended claims.

The terms "first", "second", "third", and "fourth", etc. (if any) in the specification and claims of the present application and the above-mentioned drawings are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequence. It should be understood that the data used in this way can be interchangeable where appropriate, so that the embodiments of the present application described herein can be implemented in an order other than those illustrated or described herein. In addition, the terms "including" and "having" and any of their variations are intended to cover non-exclusive inclusions, for example, a process, method, system, product, or device that includes a series of steps or units is not necessarily limited to those steps or units that are clearly listed, but may include other steps or units that are not clearly listed or inherent to these processes, methods, products, or devices.

In the technical solution of this application, the collection, storage, use, processing, transmission, provision and disclosure of user data and other information involved are in compliance with the provisions of relevant laws and regulations and do not violate public order and good morals.

Blockchain is a special distributed database. Blockchain is a new application mode of computer technologies such as distributed data storage, peer-to-peer transmission, consensus mechanism, encryption algorithm, etc. It is essentially a decentralized database. First of all, the main function of blockchain is to store information. Any information that needs to be saved can be written into the blockchain and read from it, so it is a database; secondly, anyone can set up a server, join the blockchain network, and become a node. In the world of blockchain, there is no central node. Each node is equal and stores the entire database. Data can be written/read to any node because all nodes will be synchronized in the end to ensure the consistency of the blockchain. Blockchain is a string of data blocks generated by cryptographic methods. Each data block contains information about a network transaction, which is used to verify the validity of its information (anti-counterfeiting) and generate the next block. In a narrow sense, blockchain is a chain data structure that combines data blocks in a sequential manner in chronological order, and a distributed ledger that is cryptographically guaranteed to be tamper-proof and unforgeable. In a broad sense, blockchain technology is a new distributed infrastructure and computing paradigm that uses block chain data structures to verify and store data, distributed node consensus algorithms to generate and update data, cryptography to ensure the security of data transmission and access, and smart contracts composed of automated script codes to program and operate data. The design of blockchain is a protection measure, such as (applied to) highly fault-tolerant distributed computing systems. Blockchain makes hybrid consistency possible. This makes blockchain suitable for recording events, titles, medical records and other activities that require data collection, identity management, transaction process management and provenance management.

User authentication in the current blockchain relies on the user's private key. Whoever has the private key corresponding to the public key claiming the user's identity is the correct user. However, users are required to strictly protect the security of their private keys. Once the private key is lost or leaked, all assets in the blockchain can no longer be recovered. The traditional commonly used password method is easy to remember but easy to crack. The method based on biometrics such as fingerprints/irises is highly anticipated, but biometrics are only suitable for local authentication. Once sent to the authenticator, it means that the biometric is in the hands of the other party, which can easily be used maliciously and cause biometric leakage.

In order to solve the above technical problems, the embodiments of the present application provide an identity authentication method, device, server and storage medium based on a temporary identity certificate. For the nodes in the blockchain, an authoritative and trusted third party is used to participate in the authentication. By issuing a temporary identity certificate, a secure and reliable authentication can be provided for other nodes. If the second blockchain participating node needs to authenticate the first blockchain participating node, it is not necessary to know the private key of the first blockchain participating node, thereby improving security.

Optionally, Figure 1 is a schematic diagram of an identity authentication system architecture based on a temporary identity certificate provided in an embodiment of the present application. As shown in Figure 1, the above architecture includes a first blockchain participating node 101, a third-party blockchain node 102, and a second blockchain participating node 103.

It can be understood that the number of the above-mentioned first blockchain participating node 101, third-party blockchain node 102 and second blockchain participating node 103 can be determined according to actual conditions. Figure 1 is only schematic, and the embodiment of the present application does not specifically limit the number of the above-mentioned nodes.

The above-mentioned first blockchain participating node 101, third-party blockchain node 102 and second blockchain participating node 103 are all nodes in the blockchain, and communication can be achieved between any two nodes (in this application, communication connection is required between nodes of different natures, for example, the third-party blockchain node broadcasts information to the first blockchain participating node and the second blockchain participating node. In Figure 1, only connecting lines are used to indicate the communication connection between nodes of different natures).

Among them, users can interact with the first blockchain participating node, the third-party blockchain node or the second blockchain participating node through input\output devices.

It is understandable that the structure illustrated in the embodiment of the present application does not constitute a specific limitation on the architecture of the identity authentication system based on temporary identity certificates. In other feasible implementations of the present application, the above architecture may include more or fewer components than those shown in the figure, or combine certain components, or split certain components, or arrange the components differently, which can be determined according to the actual application scenario and is not limited here. The components shown in Figure 1 can be implemented in hardware, software, or a combination of software and hardware.

In addition, the network architecture and business scenarios described in the embodiments of the present application are intended to more clearly illustrate the technical solutions of the embodiments of the present application, and do not constitute a limitation on the technical solutions provided in the embodiments of the present application. Ordinary technicians in this field can know that with the evolution of network architecture and the emergence of new business scenarios, the technical solutions provided in the embodiments of the present application are also applicable to similar technical problems.

The technical solution of the present application is described below by taking several embodiments as examples, and the same or similar concepts or processes may not be repeated in some embodiments.

FIG2 is a flow chart of an identity authentication method based on a temporary identity certificate provided by an embodiment of the present application. The embodiment of the present application can be applied to the first blockchain participating node 101 in FIG1 . The first blockchain participating node 101 can be a server. The specific execution subject can be determined according to the actual application scenario. As shown in FIG2 , the method includes the following steps:

S201: In response to an authentication request sent by a second blockchain participating node, obtaining a first biometric feature of a first user.

In the embodiment of the present application, for the sake of convenience of example, the second blockchain participating node may also be referred to as blockchain participant B, and the first blockchain participating node may also be referred to as blockchain participant A.

In one possible implementation, the second blockchain participant node is blockchain participant B, and the first blockchain participant node is blockchain participant A. When blockchain participant B needs to authenticate the identity of blockchain participant A, blockchain participant B initiates an authentication request to blockchain participant A.

Optionally, the first user here is a user belonging to the first blockchain participating node. For example, if the first blockchain participating node is a terminal, the first user is a user of the terminal. If the first blockchain node is a server, the first user is a server operator.

Optionally, the first biometric feature here is a biometric feature of the first user acquired by the first blockchain participating node, which may be a fingerprint feature or an iris feature, or a facial image, etc.

Optionally, the biometric features of the first user may be acquired through a terminal or a collection device. Specifically, the biometric features may be collected through devices such as a camera and a sensor.

In one possible implementation, if blockchain participant A is the first blockchain participating node, blockchain participant A collects his own biometrics such as FingerPrintA’.

Optionally, before obtaining the first biometric feature of the first user in response to the authentication request sent by the second blockchain participating node, the method further includes:

Verification information is registered at a third-party blockchain node, wherein the verification information includes a correspondence between the biometric data and the identity information of the first user.

Among them, before each blockchain participant performs identity authentication, he or she can first register the correspondence between his or her biometric data (such as fingerprints, irises) and identity information (the identity information can be a virtual identity on the blockchain, such as a blockchain identifier and a public key to represent the blockchain participant) with an authoritative and trusted third party (third-party blockchain node) so that the third-party blockchain node can perform authentication based on the registered information.

The verification information includes the correspondence between the biometric data and the identity information of the first user.

In one possible implementation, each blockchain participant first registers the correspondence between his or her biometric data (such as fingerprints, irises) and identity information (the identity information can be a virtual identity on the blockchain, such as a blockchain identifier and a public key to represent the blockchain participant) with an authoritative and trusted third party.

Optionally, the registration method can be performed offline or online. To ensure security, it is best to collect biometric data (such as fingerprints and irises) offline.

Optionally, after registering the verification information in the third-party blockchain node, it also includes:

Receive the third-party blockchain identifier and third-party public key sent by the third-party blockchain node.

S202: Generate a temporary encryption key.

Optionally, the first blockchain participating node randomly generates a temporary encryption key Key.

S201: Perform third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first blockchain participating node identifier, the second blockchain participating node identifier and the first biometric feature to obtain authentication information, and send the authentication information to the third-party blockchain node, so that after the third-party blockchain node successfully verifies the first private key signature, it decrypts the authentication information through the third-party private key to obtain the first blockchain participating node identifier and the first biometric feature, and compares the first biometric feature according to the preset biometric feature library. If the comparison is successful, a temporary identity certificate is issued to the first blockchain participating node, and the temporary identity certificate is broadcast to the blockchain.

In a possible implementation, blockchain participant A encrypts Key and IDa, IDb, and FingerPrintA’ with the public key of an authoritative third party, and then signs with the private key (first private key) of blockchain participant A and sends it to the authoritative third party. Among them, IDa and IDb are the identifiers in the blockchain corresponding to blockchain participant A and blockchain participant B, namely, the first blockchain participating node identifier and the second blockchain participating node identifier.

S204: Obtain a temporary identity certificate, and send the temporary identity certificate to the second blockchain participating node, so that the second blockchain participating node performs identity authentication on the first blockchain participating node based on the temporary identity certificate.

Optionally, the temporary identity certificate may be sent to the second blockchain participating node, or the address of the second blockchain participating node may be sent to the second blockchain participating node.

In one possible implementation, blockchain participant A obtains the temporary identity certificate and the key from the blockchain and sends them to blockchain participant B, or sends the address of the temporary identity certificate issued by an authoritative third party on the blockchain to blockchain participant B, who then picks it up.

Optionally, before obtaining the temporary identity certificate, the following steps are also included:

Initiate a query fee payment request in the blockchain;

Accordingly, after sending the temporary identity certificate to the second blockchain participating node, it also includes:

Obtain query fees in the blockchain and process payments based on the query fees.

Among them, blockchain participants can initiate a query fee payment application in the blockchain during the authentication request process to realize automatic payment of identity authentication, thereby improving user experience.

In one possible implementation, blockchain participant A initiates a query fee payment application in the blockchain. After the third-party blockchain participating node issues a temporary identity certificate, the temporary identity certificate on the blockchain is signed and confirmed by the third-party blockchain participating node. If the verification is successful, the query fee paid by blockchain participant A to the authoritative third party is written into the blockchain, and the payment is successful.

Among them, blockchain participants can initiate a query fee payment application in the blockchain during the authentication request process to realize automatic payment of identity authentication, thereby improving user experience.

Optionally, FIG3 is a flow chart of another identity authentication method based on a temporary identity certificate provided in an embodiment of the present application. The execution subject of the embodiment of the present application is the third-party blockchain node 102 in FIG1 , and the specific execution subject can be determined according to the actual application scenario. As shown in FIG3 , the method includes the following steps:

S301: Receive authentication information sent by the first blockchain participating node.

Among them, the authentication information is obtained by the first blockchain participating node in response to the authentication request sent by the second blockchain participating node, obtaining the first biometric feature of the first user; generating a temporary encryption key; and performing third-party public key encryption processing and first private key signing processing on the temporary encryption key, the first blockchain participating node identifier, the second blockchain participating node identifier and the first biometric feature.

S302: After the first private key signature is successfully verified, the authentication information is decrypted using a third-party private key to obtain the first blockchain participating node identifier and the first biometric feature.

Optionally, a third-party blockchain node can publish its own blockchain identity and third-party public key (the public key of the third-party blockchain node) in a broadcast message signed by a private key on the blockchain. Anyone on the blockchain can use his public key to confirm the identity certificate issued by him.

In one possible implementation, after receiving the above information, the third-party blockchain node verifies the private key signature of blockchain participant A. If the verification is successful, the encrypted information is decrypted using the authoritative third party's own private key (third-party private key). After decryption, FingerPrintA is obtained by indexing in the biometric library through IDa, and then FingerPrintA' is compared with the matching FingerPrintA in the biometric library.

S303: Compare the first biometric feature with a preset biometric feature library.

Optionally, comparing the first biometric feature according to a preset biometric feature library includes:

According to the first blockchain participating node identifier in the authentication information, a query is performed in a preset biometric library to determine the preset biometric corresponding to the first blockchain participating node identifier; and the preset biometric is compared with the first biometric.

Among them, the third-party blockchain participating node in the embodiment of the present application can determine the preset biometric corresponding to the first blockchain participating node in the preset biometric library based on the first blockchain participating node identifier in the authentication information, thereby identifying the identity of the first blockchain participating node, achieving accurate and efficient identity identification and authentication, further improving the security and stability of identity authentication, and improving the security of blockchain information transmission.

S304: If the comparison is successful, a temporary identity certificate is issued to the first blockchain participating node, and the temporary identity certificate is broadcast to the blockchain, so that the first blockchain participating node obtains the temporary identity certificate, and the temporary identity certificate is sent to the second blockchain participating node, wherein the temporary identity certificate is used by the second blockchain participating node to authenticate the first blockchain participating node.

Optionally, issuing a temporary identity certificate to the first blockchain participating node includes:

A temporary identity certificate signed by a third-party blockchain participating node is issued to the first blockchain participating node, wherein the temporary identity certificate includes the first blockchain participating node identifier, the second blockchain participating node identifier, current time information, a random number, and an encryption result obtained by encrypting the random number with a temporary encryption key.

In one possible implementation, once the comparison is passed, the authoritative third party issues a temporary identity certificate signed by the authoritative third party to blockchain participant A, including information about IDa, IDb, and the current time, and confirms the identity of IDa to IDb, and uses a random number Random and an encryption result 1 obtained by encrypting the random number Random with Key, and then the authoritative third party publishes the above information in the blockchain by means of a broadcast message signed by the private key.

Here, when the third-party blockchain node of the embodiment of the present application issues a temporary identity certificate for the first blockchain participating node, the temporary identity certificate includes the first blockchain participating node identifier, the second blockchain participating node identifier, current time information, a random number, and an encryption result obtained by encrypting the random number with a temporary encryption key, so as to facilitate accurate and secure authentication of the second blockchain participating node.

The identity authentication method based on temporary identity certificates provided in the embodiment of the present application is applied to a third-party blockchain node, that is, an authoritative third party. This third-party blockchain node centrally stores biometric features, provides biometric feature comparison services for all users, and issues temporary identity certificates to other blockchain participating nodes after the comparison is successful, thereby completing identity authentication without the need to possess a private key, thereby improving the accuracy and security of identity authentication in the blockchain.

Optionally, FIG4 is a flow chart of another identity authentication method based on a temporary identity certificate provided in an embodiment of the present application. The execution subject of the embodiment of the present application is the second blockchain participating node 103 in FIG1 , which may be a server, and the specific execution subject may be determined according to the actual application scenario. As shown in FIG4 , the method includes the following steps:

S401: Send an authentication request to the first blockchain participating node, so that the first blockchain participating node responds to the authentication request and obtains the first biometric feature of the first user; generates a temporary encryption key; performs third-party public key encryption processing and first private key signing processing on the temporary encryption key, the first blockchain participating node identifier, the second blockchain participating node identifier and the first biometric feature to obtain authentication information, and sends the authentication information to the third-party blockchain node; obtains a temporary identity certificate, and sends the temporary identity certificate to the second blockchain participating node.

Among them, the authentication information is used by the third-party blockchain node to decrypt the authentication information through the third-party private key after the first private key signature is successfully verified, to obtain the first blockchain participating node identification and the first biometric feature, and to compare the first biometric feature according to the preset biometric feature library. If the comparison is successful, a temporary identity certificate is issued to the first blockchain participating node, and the temporary identity certificate is broadcast to the blockchain.

S402: Receive a temporary identity certificate sent by the first blockchain participating node.

S403: Perform identity authentication on the first blockchain participating node according to the temporary identity certificate.

Optionally, the temporary identity certificate includes the first blockchain participating node identifier, the second blockchain participating node identifier, current time information, a random number, and an encryption result obtained by encrypting the random number with a temporary encryption key.

Correspondingly, receiving the temporary identity certificate sent by the first blockchain participating node includes: receiving the temporary identity certificate and the temporary encryption key sent by the first blockchain participating node.

According to the temporary identity certificate, the first blockchain participating node is authenticated, including: according to the temporary encryption key, the random number in the temporary identity certificate is encrypting to obtain an authentication encryption result; according to the authentication encryption result and the encryption result obtained by encrypting the random number with the temporary encryption key, the first blockchain participating node is authenticated.

Here, the second blockchain participating node provided in the embodiment of the present application can authenticate the temporary identity certificate, thereby realizing identity authentication of the first blockchain participating node, and compare the encryption result obtained by encrypting the random number with the temporary encryption key in the temporary identity certificate, without obtaining the private key of the first blockchain participating node, thereby further improving the security of identity authentication.

In one possible implementation, blockchain participant B uses Key to encrypt the Random in the certificate. If the calculation result is the same as the information in the temporary ID card, the identity of blockchain participant A is confirmed. This authentication is completed.

The identity authentication method based on a temporary identity certificate provided in the embodiment of the present application is applied to the second blockchain participating node that initiates the authentication. When the second blockchain participating node needs to initiate identity authentication for other nodes, namely the first blockchain participating node, it sends an authentication request to the first blockchain participating node. The first blockchain participating node will request a temporary identity certificate from the third-party blockchain node based on the authentication request. The second blockchain participating node can perform identity authentication on the first blockchain participating node based on the temporary identity certificate. Identity authentication can be achieved without having the private key of the first blockchain participating node, thereby improving the security and reliability of identity authentication.

Optionally, FIG5 is a flow chart of another identity authentication method based on a temporary identity certificate provided in an embodiment of the present application. The execution subject of the embodiment of the present application is a system including a first blockchain participating node, a second blockchain participating node and a third-party blockchain node, which can be a server. The specific execution subject can be determined according to the actual application scenario. As shown in FIG5, the method includes the following steps:

S501: The second blockchain participating node sends an authentication request to the first blockchain participating node.

S502: The first blockchain participating node obtains a first biometric feature of the first user in response to an authentication request sent by the second blockchain participating node.

S503: The first blockchain participating node generates a temporary encryption key.

S504: The first blockchain participating node performs third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first blockchain participating node identifier, the second blockchain participating node identifier and the first biometric feature to obtain authentication information.

S505: The first blockchain participating node sends the authentication information to the third-party blockchain node.

S506: After successfully verifying the first private key signature, the third-party blockchain node decrypts the authentication information using the third-party private key to obtain the first blockchain participating node identifier and the first biometric feature.

S507: The third-party blockchain node compares the first biometric feature according to a preset biometric feature library.

S508: If the comparison is successful, the third-party blockchain node issues a temporary identity certificate to the first blockchain participating node and broadcasts the temporary identity certificate to the blockchain.

S509: The first blockchain participating node obtains a temporary identity certificate and sends the temporary identity certificate to the second blockchain participating node.

S510: The second blockchain participating node receives the temporary identity certificate sent by the first blockchain participating node.

S511: The second blockchain participating node performs identity authentication on the first blockchain participating node based on the temporary identity certificate.

A possible specific authentication method is as follows:

When blockchain participant B needs to authenticate the identity of blockchain participant A, blockchain participant B initiates an authentication request to blockchain participant A; blockchain participant A collects his own biometric features such as FingerPrintA’ and randomly generates a temporary encryption key Key; at the same time, blockchain participant A encrypts Key and IDa, IDb, FingerPrintA’ with the public key of an authoritative third party, and then signs with blockchain participant A’s own private key and sends it to the authoritative third party. Blockchain participant A initiates a query fee payment application in the blockchain; after receiving the above information, the authoritative third party verifies the private key signature of blockchain participant A. If the verification is successful, the encrypted information is decrypted using the authoritative third party's own private key. After decryption, the authoritative third party obtains FingerPrintA from the biometric database through IDa and FingerPrintA' for comparison; once the comparison is successful, the authoritative third party issues a temporary identity certificate signed by the authoritative third party to blockchain participant A, including information about IDa, IDb, and the current time, and confirms the identity of IDa to IDb, and uses a random number Random and the encryption result 1 obtained by encrypting the random number Random with Key, and then the authoritative third party publishes the above information in the blockchain in the form of a broadcast message signed by the private key. The blockchain miner confirms the authoritative third party signature on the temporary certificate on the blockchain. If the verification is successful, the query fee paid by blockchain participant A to the authoritative third party is written into the blockchain, and the payment is successful. Blockchain participant A obtains the temporary certificate and Key from the blockchain and sends them to blockchain participant B, or sends the address where the authoritative third party issues the temporary certificate on the blockchain to blockchain participant B, who then picks it up. Blockchain participant B uses Key to encrypt the Random in the certificate. If the calculation result is the same as the information in the temporary ID card, the identity of blockchain participant A is confirmed. This authentication is completed.

FIG6 is a schematic diagram of the structure of an identity authentication device based on a temporary identity certificate provided in an embodiment of the present application, which is applied to a first blockchain participating node. As shown in FIG6, the device of the embodiment of the present application includes: a first acquisition module 601, a generation module 602, a first processing module 603, and a second processing module 604. The identity authentication device based on a temporary identity certificate here can be a server of the blockchain, or a chip or integrated circuit that implements the function of the server. It should be noted here that the division of the first acquisition module 601, the generation module 602, the first processing module 603, and the second processing module 604 is only a division of logical functions. Physically, the two can be integrated or independent.

The first acquisition module is used to obtain the first biometric feature of the first user in response to the authentication request sent by the second blockchain participating node;

A generation module, used for generating a temporary encryption key;

A first processing module is used to perform third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first blockchain participating node identifier, the second blockchain participating node identifier and the first biometric feature to obtain authentication information, and send the authentication information to the third-party blockchain node, so that after the third-party blockchain node successfully verifies the first private key signature, it decrypts the authentication information by the third-party private key to obtain the first blockchain participating node identifier and the first biometric feature, compares the first biometric feature according to a preset biometric feature library, and if the comparison is successful, issues a temporary identity certificate to the first blockchain participating node, and broadcasts the temporary identity certificate to the blockchain;

The second processing module is used to obtain a temporary identity certificate and send the temporary identity certificate to the second blockchain participating node, so that the second blockchain participating node can perform identity authentication on the first blockchain participating node according to the temporary identity certificate.

Optionally, before the second processing module obtains the temporary identity certificate, the apparatus further includes:

The payment initiation module is used to initiate a query fee payment application in the blockchain;

Correspondingly, after the second processing module sends the temporary identity certificate to the second blockchain participating node, the above-mentioned device further includes:

The payment processing module is used to obtain the query fee in the blockchain and perform payment processing based on the query fee.

Optionally, before the first acquisition module acquires the first biometric feature of the first user in response to the authentication request sent by the second blockchain participating node, the apparatus further includes:

A registration module is used to register verification information in a third-party blockchain node, wherein the verification information includes a correspondence between the first user's biometric data and identity information.

Optionally, after the registration module registers the verification information in the third-party blockchain node, it also includes:

The first receiving module is used to receive a third-party blockchain identifier and a third-party public key sent by a third-party blockchain node.

Figure 7 is a schematic diagram of the structure of an identity authentication device based on a temporary identity certificate provided in an embodiment of the present application. The device may be a server, applied to a first blockchain participating node, and the components, their connections and relationships, and their functions shown herein are merely examples and do not limit the implementation of the present application described and/or required herein.

As shown in Figure 7, the identity authentication device based on the temporary identity certificate includes: a processor 701 and a memory 702, each of which is connected to each other using different buses and can be installed on a common mainboard or installed in other ways as needed. The processor 701 can process instructions executed in the terminal, including instructions for graphic information stored in or on the memory to be displayed on an external input/output device (such as a display device coupled to an interface). In other embodiments, if necessary, multiple processors and/or multiple buses can be used together with multiple memories and multiple memories. In Figure 7, a processor 701 is taken as an example.

The memory 702, as a non-transient computer-readable storage medium, can be used to store non-transient software programs, non-transient computer executable programs and modules, such as program instructions/modules corresponding to the method of the identity authentication device based on a temporary identity certificate in the embodiment of the present application (for example, the first acquisition module 601, the generation module 602, the first processing module 603 and the second processing module 604 shown in FIG. 6). The processor 701 executes various functional applications and data processing of the identity authentication device based on the temporary identity certificate by running the non-transient software programs, instructions and modules stored in the memory 702, that is, implements the method of the identity authentication device based on the temporary identity certificate in the above method embodiment.

The identity authentication device based on the temporary identity certificate may further include: an input device 703 and an output device 704. The processor 701, the memory 702, the input device 703 and the output device 704 may be connected via a bus or other means, and FIG7 takes the bus connection as an example.

The input device 703 can receive input digital or character information, and generate key signal input related to user settings and function control of the identity authentication device based on the temporary identity certificate, such as a touch screen, a keypad, a mouse, or multiple mouse buttons, a trackball, a joystick and other input devices. The output device 704 can be an output device such as a display device of the identity authentication device based on the temporary identity certificate. The display device can include, but is not limited to, a liquid crystal display (LCD), a light emitting diode (LED) display and a plasma display. In some embodiments, the display device can be a touch screen.

The identity authentication device based on a temporary identity certificate in the embodiment of the present application can be used to execute the technical solutions in the above-mentioned method embodiments of the present application. Its implementation principles and technical effects are similar and will not be repeated here.

An embodiment of the present application also provides a computer-readable storage medium, which stores computer-executable instructions. When the computer-executable instructions are executed by a processor, they are used to implement any of the above-mentioned identity authentication methods based on temporary identity certificates.

An embodiment of the present application also provides a computer program product, including a computer program, which, when executed by a processor, is used to implement any of the above-mentioned identity authentication methods based on temporary identity certificates.

FIG8 is a schematic diagram of the structure of another identity authentication device based on a temporary identity certificate provided in an embodiment of the present application, which is applied to a third-party blockchain node. As shown in FIG8, the device of the embodiment of the present application includes: a second receiving module 801, a third processing module 802, a comparison module 803, and a fourth processing module 804. The identity authentication device based on a temporary identity certificate here can be a blockchain server, or a chip or integrated circuit that implements the function of the server. It should be noted here that the division of the second receiving module 801, the third processing module 802, the comparison module 803, and the fourth processing module 804 is only a division of logical functions. Physically, the two can be integrated or independent.

The second receiving module is used to receive authentication information sent by the first blockchain participating node, wherein the authentication information is obtained by the first blockchain participating node in response to the authentication request sent by the second blockchain participating node, obtaining the first biometric feature of the first user; generating a temporary encryption key; performing third-party public key encryption processing and first private key signing processing on the temporary encryption key, the first blockchain participating node identifier, the second blockchain participating node identifier and the first biometric feature;

A third processing module is used to decrypt the authentication information by using a third-party private key after the first private key signature is successfully verified, so as to obtain the first blockchain participating node identifier and the first biometric feature;

A comparison module, used for comparing the first biometric feature with a preset biometric feature library;

The fourth processing module is used to issue a temporary identity certificate to the first blockchain participating node if the comparison is successful, and broadcast the temporary identity certificate to the blockchain so that the first blockchain participating node obtains the temporary identity certificate, and sends the temporary identity certificate to the second blockchain participating node, wherein the temporary identity certificate is used by the second blockchain participating node to authenticate the first blockchain participating node.

Optionally, the comparison module is specifically used for:

According to the first blockchain participating node identifier in the authentication information, a query is performed in a preset biometric database to determine a preset biometric corresponding to the first blockchain participating node identifier;

The preset biometric feature is compared with the first biometric feature.

Optionally, the fourth processing module is specifically configured to:

A temporary identity certificate signed by a third-party blockchain participating node is issued to the first blockchain participating node, wherein the temporary identity certificate includes the first blockchain participating node identifier, the second blockchain participating node identifier, current time information, a random number, and an encryption result obtained by encrypting the random number with a temporary encryption key.

The embodiment of the present application also provides an identity authentication device based on a temporary identity certificate, which is applied to a third-party blockchain node. The identity authentication device based on the temporary identity certificate can be a server. The components shown in this article, their connections and relationships, and their functions are only examples and do not limit the implementation of the present application described and/or required in this article.

The temporary identity certificate-based identity authentication device includes: a processor and a memory, each component is connected to each other using different buses, and can be installed on a common motherboard or installed in other ways as needed. The processor can process instructions executed in the temporary identity certificate-based identity authentication device, including instructions for graphic information stored in or on the memory for display on an external input/output device (such as a display device coupled to an interface). In other embodiments, if necessary, multiple processors and/or multiple buses can be used together with multiple memories and multiple memories.

As a non-transient computer-readable storage medium, the memory can be used to store non-transient software programs, non-transient computer executable programs and modules, such as the program instructions/modules corresponding to the method of the identity authentication device based on a temporary identity certificate in the embodiment of the present application (for example, the second receiving module 801, the third processing module 802, the comparison module 803 and the fourth processing module 804 shown in Figure 8). The processor executes various functional applications and the identity authentication method based on the temporary identity certificate by running the non-transient software programs, instructions and modules stored in the memory, that is, the method of the identity authentication device based on the temporary identity certificate in the above method embodiment is implemented.

The identity authentication device based on the temporary identity certificate may further include: an input device and an output device. The processor, the memory, the input device and the output device may be connected via a bus or other means.

The input device can receive input digital or character information, and generate key signal input related to user settings and function control of the identity authentication device based on the temporary identity certificate, such as a touch screen, a keypad, a mouse, or multiple mouse buttons, a trackball, a joystick and other input devices. The output device can be an output device such as a display device of the identity authentication device based on the temporary identity certificate. The display device can include, but is not limited to, a liquid crystal display (LCD), a light emitting diode (LED) display and a plasma display. In some embodiments, the display device can be a touch screen.

The identity authentication device based on a temporary identity certificate in the embodiment of the present application can be used to execute the technical solutions in the above-mentioned method embodiments of the present application. Its implementation principles and technical effects are similar and will not be repeated here.

An embodiment of the present application also provides a computer-readable storage medium, which stores computer-executable instructions. When the computer-executable instructions are executed by a processor, they are used to implement any of the above-mentioned identity authentication methods based on temporary identity certificates.

An embodiment of the present application also provides a computer program product, including a computer program, which, when executed by a processor, is used to implement any of the above-mentioned identity authentication methods based on temporary identity certificates.

FIG9 is a schematic diagram of the structure of another identity authentication device based on a temporary identity certificate provided in an embodiment of the present application, which is applied to the second blockchain participating node. As shown in FIG9, the device of the embodiment of the present application includes: a first sending module 901, a third receiving module 902 and an authentication module 903. The identity authentication device based on a temporary identity certificate here can be a blockchain server, or a chip or integrated circuit that implements the function of the server. It should be noted here that the division of the first sending module 901, the third receiving module 902 and the authentication module 903 is only a division of logical functions. Physically, the two can be integrated or independent.

Among them, the first sending module is used to send an authentication request to the first blockchain participating node, so that the first blockchain participating node responds to the authentication request and obtains the first biometric feature of the first user; generates a temporary encryption key; performs third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first blockchain participating node identifier, the second blockchain participating node identifier and the first biometric feature to obtain authentication information, and sends the authentication information to the third-party blockchain node; obtains a temporary identity certificate, and sends the temporary identity certificate to the second blockchain participating node, wherein the authentication information is used by the third-party blockchain node to decrypt the authentication information through the third-party private key after successfully verifying the first private key signature, obtain the first blockchain participating node identifier and the first biometric feature, and compare the first biometric feature according to the preset biometric library. If the comparison is successful, a temporary identity certificate is issued to the first blockchain participating node, and the temporary identity certificate is broadcast to the blockchain;

A third receiving module is used to receive a temporary identity certificate sent by the first blockchain participating node;

The authentication module is used to authenticate the first blockchain participating node based on the temporary identity certificate.

Optionally, the temporary identity certificate includes the first blockchain participating node identifier, the second blockchain participating node identifier, current time information, a random number, and an encryption result obtained by encrypting the random number with the temporary encryption key;

Accordingly, the third receiving module is specifically used for:

Receiving a temporary identity certificate and a temporary encryption key sent by the first blockchain participating node;

The authentication module is specifically used for:

According to the temporary encryption key, the random number in the temporary ID card is encrypted to obtain the authentication encryption result;

The identity of the first blockchain participating node is authenticated according to the authentication encryption result and the encryption result obtained by encrypting the random number with the temporary encryption key.

The embodiment of the present application also provides an identity authentication device based on a temporary identity certificate, which is applied to the second blockchain participating node, and the identity authentication device based on the temporary identity certificate can be a server. The components shown in this article, their connections and relationships, and their functions are only examples and do not limit the implementation of the present application described and/or required in this article.

The temporary identity certificate-based identity authentication device includes: a processor and a memory, each component is connected to each other using different buses, and can be installed on a common motherboard or installed in other ways as needed. The processor can process instructions executed in the temporary identity certificate-based identity authentication device, including instructions for graphic information stored in or on the memory to be displayed on an external input/output device (such as a display device coupled to an interface). In other embodiments, if necessary, multiple processors and/or multiple buses can be used together with multiple memories and multiple memories.

As a non-transient computer-readable storage medium, the memory can be used to store non-transient software programs, non-transient computer executable programs and modules, such as the program instructions/modules corresponding to the method of the identity authentication device based on a temporary identity certificate in the embodiment of the present application (for example, the first sending module 901, the third receiving module 902 and the authentication module 903 shown in Figure 9). The processor executes various functional applications and the identity authentication method based on the temporary identity certificate by running the non-transient software programs, instructions and modules stored in the memory, that is, the method of the identity authentication device based on the temporary identity certificate in the above method embodiment is implemented.

The identity authentication device based on the temporary identity certificate may further include: an input device and an output device. The processor, the memory, the input device and the output device may be connected via a bus or other means.

The input device can receive input digital or character information, and generate key signal input related to user settings and function control of the identity authentication device based on the temporary identity certificate, such as a touch screen, a keypad, a mouse, or multiple mouse buttons, a trackball, a joystick and other input devices. The output device can be an output device such as a display device of the identity authentication device based on the temporary identity certificate. The display device can include, but is not limited to, a liquid crystal display (LCD), a light emitting diode (LED) display and a plasma display. In some embodiments, the display device can be a touch screen.

The identity authentication device based on a temporary identity certificate in the embodiment of the present application can be used to execute the technical solutions in the above-mentioned method embodiments of the present application. Its implementation principles and technical effects are similar and will not be repeated here.

An embodiment of the present application also provides a computer-readable storage medium, which stores computer-executable instructions. When the computer-executable instructions are executed by a processor, they are used to implement any of the above-mentioned identity authentication methods based on temporary identity certificates.

An embodiment of the present application also provides a computer program product, including a computer program, which, when executed by a processor, is used to implement any of the above-mentioned identity authentication methods based on temporary identity certificates.

In the several embodiments provided in the present application, it should be understood that the disclosed systems, devices and methods can be implemented in other ways. For example, the device embodiments described above are only schematic. For example, the division of units is only a logical function division. There may be other division methods in actual implementation, such as multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed. Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be an indirect coupling or communication connection through some interfaces, devices or units, which can be electrical, mechanical or other forms.

In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above-mentioned integrated unit may be implemented in the form of hardware or in the form of software functional units.

Those skilled in the art will readily appreciate other embodiments of the present disclosure after considering the specification and practicing the application disclosed herein. This application is intended to cover any variations, uses or adaptations of the present disclosure, which follow the general principles of the present disclosure and include common knowledge or customary techniques in the art that are not disclosed in the present disclosure. The specification and examples are intended to be exemplary only, and the true scope and spirit of the present disclosure are indicated by the following claims.

It should be understood that the present disclosure is not limited to the exact structures that have been described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (13)

1. An identity authentication method based on a temporary identity certificate is characterized by being applied to a first blockchain participation node and comprising the following steps:

responding to an authentication request sent by a second blockchain participation node, and acquiring a first biological characteristic of a first user;

Generating a temporary encryption key;

Performing third party public key encryption processing and first private key signature processing on the temporary encryption key, the first blockchain participation node identifier, the second blockchain participation node identifier and the first biological feature to obtain authentication information, and sending the authentication information to a third party blockchain node so that the third party blockchain node decrypts the authentication information through a third party private key after the first private key signature is successfully verified to obtain the first blockchain participation node identifier and the first biological feature, compares the first biological feature according to a preset biological feature library, and if the comparison is successful, signs a temporary identity certificate for the first blockchain participation node and broadcasts the temporary identity certificate to a blockchain;

and acquiring the temporary identity certificate, and sending the temporary identity certificate to the second blockchain participation node so that the second blockchain participation node performs identity authentication on the first blockchain participation node according to the temporary identity certificate.

2. The method of claim 1, further comprising, prior to said obtaining said temporary identity certificate:

initiating a query fee payment application in the blockchain;

accordingly, after the sending the temporary identity certificate to the second blockchain participation node, the method further includes:

And acquiring inquiry fees in the blockchain, and carrying out payment processing according to the inquiry fees.

3. The method of claim 1 or 2, further comprising, prior to the obtaining the first biometric of the first user in response to the authentication request sent by the second blockchain participating node:

And registering verification information in a third-party blockchain node, wherein the verification information comprises the corresponding relation between the biological characteristic data and the identity information of the first user.

4. The method of claim 3, further comprising, after the authentication information registration at the third party blockchain node:

And receiving a third party blockchain identification and a third party public key sent by the third party blockchain node.

5. The identity authentication method based on the temporary identity certificate is characterized by being applied to a third-party blockchain node and comprising the following steps of:

Receiving authentication information sent by a first blockchain participation node, wherein the authentication information is a first biological characteristic of a first user obtained by the first blockchain participation node in response to an authentication request sent by a second blockchain participation node; generating a temporary encryption key; the temporary encryption key, the first blockchain participation node identifier, the second blockchain participation node identifier and the first biological feature are subjected to third party public key encryption processing and first private key signature processing to obtain the temporary encryption key, the first blockchain participation node identifier, the second blockchain participation node identifier and the first biological feature;

After the first private key signature is successfully verified, decrypting the authentication information through a third-party private key to obtain a first blockchain participation node identifier and a first biological characteristic;

Comparing the first biological characteristics according to a preset biological characteristic library;

If the comparison is successful, a temporary identity certificate is issued to the first blockchain participation node, the temporary identity certificate is broadcasted to the blockchain, so that the first blockchain participation node acquires the temporary identity certificate, the temporary identity certificate is sent to the second blockchain participation node, and the temporary identity certificate is used for the second blockchain participation node to carry out identity authentication on the first blockchain participation node.

6. The method of claim 5, wherein the comparing the first biometric characteristic according to a pre-set biometric characteristic library comprises:

Inquiring in a preset biological characteristic library according to a first blockchain participation node identifier in the authentication information, and determining a preset biological characteristic corresponding to the first blockchain participation node identifier;

Comparing the preset biological characteristic with the first biological characteristic.

7. The method according to claim 5 or 6, wherein said issuing a temporary identity certificate to the first blockchain participating node comprises:

Issuing a temporary identity certificate signed by the third party blockchain participation node to the first blockchain participation node, wherein the temporary identity certificate comprises the first blockchain participation node identification, the second blockchain participation node identification, current time information, a random number and an encryption result obtained by encrypting the random number through the temporary encryption key.

8. An identity authentication method based on a temporary identity certificate, which is applied to a second blockchain participation node, comprises the following steps:

Sending an authentication request to a first blockchain participation node so that the first blockchain participation node responds to the authentication request to acquire a first biological characteristic of a first user; generating a temporary encryption key; performing third-party public key encryption processing and first private key signature processing on the temporary encryption key, the first blockchain participation node identifier, the second blockchain participation node identifier and the first biological feature to obtain authentication information, and sending the authentication information to a third-party blockchain node; acquiring a temporary identity certificate, and sending the temporary identity certificate to a second blockchain participation node, wherein the authentication information is used for decrypting the authentication information through a third party private key after the third party blockchain node successfully verifies the first private key signature to obtain a first blockchain participation node identifier and a first biological characteristic, comparing the first biological characteristic according to a preset biological characteristic library, if the comparison is successful, issuing the temporary identity certificate to the first blockchain participation node, and broadcasting the temporary identity certificate to a blockchain;

Receiving a temporary identity certificate sent by the first blockchain participation node;

And authenticating the identity of the first blockchain participation node according to the temporary identity certificate.

9. The method of claim 8, wherein the temporary identity certificate comprises the first blockchain participation node identification, the second blockchain participation node identification, current time information, a random number, and an encryption result obtained by encrypting the random number with the temporary encryption key;

Correspondingly, receiving the temporary identity certificate sent by the first blockchain participation node comprises the following steps:

receiving a temporary identity certificate and the temporary encryption key sent by the first blockchain participation node;

The step of authenticating the identity of the first blockchain participation node according to the temporary identity certificate comprises the following steps:

Encrypting the random number in the temporary identity certificate according to the temporary encryption key to obtain an authentication encryption result;

And authenticating the identity of the first blockchain participation node according to the authentication encryption result and the encryption result obtained by encrypting the random number by the temporary encryption key.

10. An identity authentication method based on a temporary identity certificate, which is applied to an identity authentication system comprising a first blockchain participation node, a second blockchain participation node and a third party blockchain node, the method comprising:

the second blockchain participation node sends an authentication request to the first blockchain participation node;

the first blockchain participation node responds to an authentication request sent by the second blockchain participation node to acquire a first biological characteristic of a first user;

The first blockchain participating node generates a temporary encryption key;

The first blockchain participation node carries out third party public key encryption processing and first private key signature processing on the temporary encryption key, the first blockchain participation node identification, the second blockchain participation node identification and the first biological feature to obtain authentication information;

The first blockchain participation node sends the authentication information to a third party blockchain node;

after the first private key signature is successfully verified, the third-party blockchain node decrypts the authentication information through the third-party private key to obtain a first blockchain participation node identifier and a first biological characteristic;

The third-party blockchain node compares the first biological characteristics according to a preset biological characteristic library;

If the third-party blockchain node successfully compares, a temporary identity certificate is issued to the first blockchain participation node, and the temporary identity certificate is broadcasted to the blockchain;

the first blockchain participation node acquires the temporary identity certificate and sends the temporary identity certificate to the second blockchain participation node;

The second blockchain participation node receives the temporary identity certificate sent by the first blockchain participation node;

And the second blockchain participation node performs identity authentication on the first blockchain participation node according to the temporary identity certificate.

11. An authentication device based on a temporary identity certificate, comprising:

at least one processor; and

A memory communicatively coupled to the at least one processor; wherein,

The memory stores instructions executable by the at least one processor to enable the at least one processor to perform any one of claims 1 to 4, any one of claims 5 to 7, or any one of claims 8 or 9.

12. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein computer executable instructions for implementing the temporary identity certificate based identity authentication method according to any one of claims 1 to 4, any one of claims 5 to 7 or any one of claims 8 or 9 when executed by a processor.

13. A computer program product comprising a computer program, characterized in that the computer program, when executed by a processor, implements the method of any one of claims 1 to 4, any one of claims 5 to 7, or any one of claims 8 or 9.