Disclosure of Invention
The content of the present application is intended to introduce concepts in a simplified form that are further described below in the detailed description. The section of this application is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.
In order to solve the technical problems mentioned in the background art, some embodiments of the present application provide the following technical solutions: an authentication and hierarchical access control integrated method based on a blockchain technology comprises the following steps:
an initialization stage: all servers form a block chain network, and all servers negotiate system parameters together;
a user registration stage: the user pays fees to any server, registration is completed on the server, the server issues certificates to the user, and user information is stored in a public account book of the blockchain;
authentication: the user performs bidirectional authentication with the server, the server authenticates the authority which can be accessed by the user, and the user authenticates the correctness of the server;
a fund settlement stage, wherein all servers forming the blockchain network periodically settle fees;
access right updating stage: the registered user updates the authority information at an arbitrary server.
The beneficial effects of this application lie in:
according to the method and the system, the servers are connected with the blockchain network information, so that when all the servers upload the registration information of the user to the blockchain network, the registration information stored in the blockchain can be subjected to decentralized management under the condition that the registration information cannot be tampered, the user can finish registration of any server and upload the registration information in the blockchain network, or when other servers are accessed, the registration is not needed, and the other servers only need to call the registration information of the user on the blockchain network; when the registered user accesses the server, the server authenticates the user, and the user authenticates the server, so that the problem that the user information is stolen by an illegal server because the user does not authenticate the server when the user performs information interaction between the server is avoided. Therefore, the technical scheme provided by the application can also avoid the problem that the information security is threatened because the user cannot identify the illegal server on the basis of providing the centralized cloud service system for the user. Meanwhile, the public account book is stored in the blockchain, so that the registration information stored in the public account book cannot be tampered, and the server and the user can monitor the information stored in the public account book, so that the registration information of the user is prevented from being invalid; meanwhile, the information stored in the public account book is the registration information generated by the public key, so that the information is generated by the public key in the clear text and does not reveal the specific information of the user, and the server can update the authority information of the user stored in the private account book in time according to the registration information published in the blockchain.
In summary, the beneficial effects of the present application include the following:
single point registration: the user can access various servers only by registering once, and the servers upload the registration information of the user to the blockchain commonly maintained by all the servers; the user may then access various different rights servers during the authentication phase.
And (3) bidirectional authentication: the two communication parties need to mutually verify identities, so that illegal users are prevented from disguising as users or disguising as servers to steal user information or server information. Meanwhile, in order to increase reliability of mutual authentication, when the server authenticates the user, the server S j First, the DID of the user is obtained by using the private key i Then the server S j Finding corresponding registration information on the blockchain according to the dynamic pseudonym, and extracting the corresponding public key PK Ui And registration time T 1i . Server S j With PK Ui Verify the signature of the user, if Ver (PK Ui ,S Ui ,DID i ‖Y‖T 3 ) =1, then server S j Will determine user U i Is a legal user. At the time of user authentication of the server, the user calculates V ', if V' =h (PK y Sj ‖DID i ) And checks if it is equal to the received message V, if so, the server S j Is an effective service provider. The probability of a polynomial adversary attempting to forge the identity information of a legitimate user or service provider is negligible due to the non-counterfeitability of the signature, the collision resistance of the hash function, and the difficulty of the deterministic Diffie-Hellman (DDH) problem.
User access rights: the user access rights are stored in the form of promise in a public account book, and because of the disguise of promise, an attacker can obtain the registration information of the user, but cannot infer the specific access rights of the user by using the information.
Linking of transactions: on blockchain networks, registration data is disclosed to all participants, and in order to protect the privacy of the service provider (e.g., target audience, number of users, etc.), a transaction contains promises calculated by the user for each server, regardless of whether the user needs to access the server, in such a way that the authorization information of the server is confused, and an attacker cannot determine whether the server authorizes the access of the user, nor can the attacker obtain the connection between them through a transaction.
User anonymity and non-traceability: during authentication phase, dynamic pseudonym DID is used
i Hidden in
Wherein the blind factor is a Diffie-Hellman tuple. Intercept messages { C, Y, T
1i After S, the attacker is due to the lack of the private key SK
Uj The identity of the user can only be obtained by solving the computational Diffie-Hellman (CDH) problem, and thus our solution provides user anonymity. On the other hand, since the first authentication random number generated each time is different, the generated message { C ', Y', T
1 'S' are also different. Thus, the attacker cannot decide that the transmitted messages C, C' come from the same user, i.e. that untraceability is achieved.
Hierarchical access control: in the registration stage, the user purchases the corresponding service grade, and registration information is uploaded to the blockchain after verification. When the server detects that the public account book changes, the private account book needs to be updated. During the authentication phase, the server S
j Reading registration/update time T from public ledgers and private ledgers, respectively
1i And rights
Checking user U
i Whether the access rights of (a) expire. The user cannot access outside the scope of the rights.
Centerless authorization: in our approach, the user can select any one of the service providers to register and update access rights without requiring a central authorization. With the aid of the intelligent contract, checking whether the service fee paid by the user is sufficient or not, and performing financial settlement.
Replay attack: to grant access rights, user U i And a server S j It is necessary to perform twiceAnd (5) message communication. User U i Send login message 1= { C, Y, T 3 S, server S j First through T 4 -T 3 The freshness of the message is checked. Furthermore, based on the non-counterfeitability of the signature, the server S j It can be easily detected whether an illegal user has changed any parameters of the message. Subsequently, the server S j Return message 2= (V). Since the user generates a new first authentication random number y for each session, it must be the current session when they accept each other. Typically, we use the current timestamp and the first authentication nonce to prevent replay attacks.
Simulation attack: to simulate a user, an illegitimate must forge a valid message1, however, it is not feasible due to the non-counterfeitability of the signature. In addition, an illegitimate cannot create a valid message2 on behalf of the server, because it needs to solve Diffie-Hellman (CDH) computational problems without the user's private key and the server's private key, so the solution can resist both user masquerading attacks and server masquerading attacks.
Man-in-the-middle attack: assume that an attacker eavesdrops on message1 and message2 and tries to modify them to form another legitimate message. Based on the above analysis, our solution supports two-way authentication, so that an attacker's modification to message1 and message2 will be detected, meaning that our solution can resist man-in-the-middle attacks.
The communication performance cost is low: according to the technical scheme, the communication performance is excellent, the communication cost is low, the calculation time of a user is about 40.327 ms in the test of the authentication stage, the calculation time of a service provider is about 6.509 ms, the calculation time is short, and the expected requirement is met. The reason is that the technical scheme provided by the application avoids the most time-consuming point-to-point hash function or a plurality of point multiplication operations. Message 1= { C, Y, T in terms of communication cost 3 S } requires (160+320+32+320) = 832b and message 2= (V) requires 160b, these two values are added, the total communication overhead of our scheme in authentication phase is 992 bits, and the proposed scheme only requires two rounds of message communication with minimum information quantity in related technology, so that the scheme is communicatedThe information cost is low.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete. It should be understood that the drawings and embodiments of the present disclosure are for illustration purposes only and are not intended to limit the scope of the present disclosure.
It should be noted that, for convenience of description, only the portions related to the present invention are shown in the drawings. Embodiments of the present disclosure and features of embodiments may be combined with each other without conflict.
The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
Corner mark description: in the formulas of the application documents, when some formulas are expressed as corner marks, it should be understood that they should also belong to the same parameter although they are not explicitly identified above and below. For example:
PK sj =g SKSj in the formula, the superscript SKSj of g is SK Sj For ease of representation, in SK Sj When the upper label or the lower label is used, the upper and lower label relation of SK and Sj is hidden. The same is true in the remaining examples of the application.
For example g
SKUi 、
、Y
SKSj 、g
ajk h
rjk 、g
SKUi’ 、
。
Referring to fig. 1, an authentication and hierarchical access control integrated system based on a blockchain technology includes a blockchain network, a number of servers, and a number of users accessing cloud services.
All servers constitute an MSP, which includes a server S 1 … Server S j … Server S m Wherein any one of the servers is denoted as server S j The method comprises the steps of carrying out a first treatment on the surface of the For any one of the servers S j The remaining servers are denoted as servers S k ,k∈[1,j-1]∪[j+1,m]For each server S j Are all generated with corresponding identity SIDs j 。
For each user accessing MSP, act as user U 1 User U 2 … user U i … user U t Wherein any one user is user U i ,U t For accessing the last subscriber of the MSP.
Referring to fig. 2, the scheme is implemented by the following scheme:
an initialization stage: several servers form a blockchain network, and all servers negotiate system parameters together.
A user registration stage: the user pays the fee to the server, the user finishes registering on the server, after the registering is finished, the server issues the certificate to the user, and the user information is stored in the public account book of the blockchain.
Authentication: the user performs two-way authentication with the server, which authenticates the user to access those resources, and the user authenticates the correctness of the server.
Fund settlement stage: to ensure that the server is able to obtain the user's service fee, all transactions are funded at intervals.
Access right updating stage: the user can update the authority on each server at any time on any server.
Specifically, the method for integrating authentication and hierarchical access control based on the blockchain technology comprises the following steps (it should be noted that there is no strict sequence relationship between the following steps, and the steps can be exchanged in any order).
Step 1 is the initialization phase of the present application.
Step 1: all servers negotiate to select a q-th order cyclic group G, a hash function H: {0,1} → {0,1} 1 And two generator elements G and h of group G, where l represents the number of bits output by the hash function, and then each server S j Generating a public-private key pair, wherein the private key is SK Sj The public key being PK sj ,SK Sj ∈Z q * ,PK sj =g SKSj ;Z q * Is a q-order cyclic group.
Step 2 is the user registration phase of the present application.
Step 2 comprises the following steps:
step 21: generating a unique identity mark by a user, generating a dynamic pseudonym through a public key, and generating a permission sum and a permission triplet required by each server according to the permission required by the user on each server; registration information is then generated that includes the dynamic pseudonym, the identity, the public key of the user, the sum of rights required on the respective servers, the permission triplets, the zero knowledge protocol that proves the private key, the registration request, the registration signature, and the registration time.
Step 21 comprises the steps of:
step 211: user U i Generating unique identification PID i And private key SK Ui ,SK Ui ∈Zq * And by private key SK Ui Generating dynamic pseudonym DID i Public key PK Ui ,PK Ui = g SKUi ,DID i =H(PK Ui );H(PK Ui ) Is PK Ui Is used to generate the hash value of (a).
Wherein, the identity mark PID i Is a string of randomly generated numbers.
Step 212: user U
i For each server S
j All select the first random number r
ij And a second random number
,
E Zq, where ∈>
Satisfy the condition of->
;
Definition of the definition
User U
i According to the server S
j Definition of application rights on->
,
Representing user U
i At server S
j Authority on the platform;
user U
i Rights sum to P on all servers
i ,
。
Step 213: user U
i Calculation of
;
User U
i Calculation pair
For determining the promise of the user U
i At the server S
j The required rights;
user U
i Definition of the definition
and L
ij ={comm
ij ,X
ij ,M
ij };
wherein ,
M ij for user U i At registered server S j A first permission parameter on the first permission parameter;
comm ij for user U i At registered server S j A second permission parameter on the first permission parameter;
X ij for user U i At registered server S j A third authority parameter on the first authority parameter;
L ij is user U i At the server S j Authority triples on the file;
II is a connector, and B is an exclusive OR symbol,
is->
Is used to generate the hash value of (a).
Step 214: user U
i Running zero knowledge proof protocol
Attesting to his temporary key SK
Ui ,
NIZK represents a verification method of a zero knowledge proof protocol;
step 215: by usingHousehold U i Generating a registration signature S Ui ,S Ui =Sig Ui (SK Ui ,DID i ‖PK Ui ‖SID j ‖P i ‖L i1 ‖…L im ‖T 1i ) Then transmits registration information including the registration request to the server S through the secure channel j The registration information is:
T 1i is the current time of execution of step 215, T 1i For registration time reg is a registration request.
Step 22: after receiving the registration information, the server verifies the dynamic pseudonym, the public key of the user, the authority sum required on each server, the authority triplets, the zero knowledge protocol for proving the private key, the registration signature and the registration time in the registration information, and if the verification is successful, the server sends a verification request to the rest of servers.
Step 22 specifically includes the steps of:
step 221: server S j Verifying the registration time T 1i If the current system time and registration time T 1i If the threshold is exceeded, the verification fails, the registration information fails, and otherwise, step 222 is executed;
step 222: server S
j Verification of zero knowledge proof
If the verification fails, the registration information fails, otherwise step 223 is performed;
step 223: server S j Verification Ver (PK) Ui ,S Ui ,DID i ‖PK Ui ‖SID j ‖P i ‖L i1 ‖…‖L im ‖T 1i ) If it is equal to 1, if it is not equal to 1, the verification fails, the registration information fails, otherwise step 224 is executed;
wherein, ver is the first verification parameter;
step 224: clothes with a pair of wearing articlesServer S
j Verification
If not, the verification fails, the registration information fails, otherwise, step 225 is performed,/->
Is->
Is a hash value of (2);
step 225: server S j Verifying whether the user U has been registered on the private ledger i If registration is already done, the authentication fails and the registration information is invalid, otherwise step 226 is performed.
Step 226: server S
j Verification
Whether or not it is true, if not, the authentication fails, the registration information fails, otherwise, step 227 is performed, wherein g
Pi Is the second verification parameter.
Step 227: server S
j Calculation of
Then verify->
If yes, if not, the verification fails, the registration information fails, otherwise, step 228 is executed; wherein (1)>
Is a third verification parameter;
step 228: server authentication user U i If the correct fee is paid, if the paid fee is not right, the verification fails, the registration information fails, otherwise step 229 is performed;
step 229: server S j Calculate a verification signature S Sj ,S Sj =Sig sj (SK Sj ,DID i ‖PK Ui ‖P i ‖L i1 ‖L i2 ‖…L im ‖T 2 ) Then the server S j Generating a verification request, wherein the verification request is { DID } i ,PK Ui ,P i ,L i1 ,L i2 ,…L im ,S Ui ,S Sj ,T 2 },T 2 For the current time of execution of step 229, T 2 Representing the time of generation of the authentication signature and broadcasting the authentication request to other servers S on the blockchain K ,K∈[1,j-1]∪[j+1,m]。
Step 23: after receiving the verification request and reaching consensus, the rest servers succeed in registering the user, the servers return registration time and certificates to the user, the servers upload dynamic pseudonyms, public keys, authority sum required on each server and authority triples of the user to a public account book, and simultaneously each server records the identity identification of the user and the authority on the user into a private account book of the user, and the user stores the dynamic pseudonyms, the identity identification, the public keys and the private keys of the user.
Step 23 specifically includes the following steps:
step 231: server S
k Respective calculations
and
,
Judging
And comm in message
ik If so, all servers agree to upload the registration information to the blockchain, server S
j Upload { DID
i ,PK
Ui ,SID
j ,P
i ,L
i1 ,L
i2 ,…L
im ,S
Ui ,S
Sj ,T
2 Public ledger to blockchain, (as shown in fig. 3 and 4), while each server will (PID)
i ,
) Deposit into its own private ledger (as shown in figure 5).
wherein ,
for user U
i At the server S
k The authority of the application;
for any one server S j User U i Are given a first random number r ij R is then ik Is user U i For the server S k A first random number selected;
M ik is user U i At the server S j At the time of registration, at the server S k A first permission parameter on the first permission parameter;
comm ik is user U i At the server S j At the time of registration, at the server S k A second permission parameter thereon.
X
ik Is user U
i At the server S
j At the time of registration, at the server S
k The third authority parameter is according to the formula
Calculating to obtain;
is user U
i For the server S
k A selected second random number;
is->
Hash value of (1), SK
Sk Is a server S
k Is a private key of (a).
User U i At any one of the servers S j When registering, user U i A first random number is generated for all servers, so for user U i Selected registration server S j In other words, the rest servers are S k While these servers S k User U i Also for this, a corresponding first random number is generated, these servers S for ease of differentiation k By user U i A defined first random number, denoted as a first random number r ik Correspondingly, for user U i For each server S j Can calculate the second authority parameter comm ij So for user U i Selected registration server S j In other words, the rest servers are S k While these servers S k User U of (2) i Corresponding second authority parameters are also generated for the servers S for convenience of distinguishing k By user U i The second authority parameter comm is defined and recorded as comm ik 。
Step 232: server S j Issuing vouchers and T 2 To the user, indicating the success of registration, user U i Storing PID i ,DID i ,PK Ui ,SK Ui 。
Step 3 is an authentication stage of the present application;
the step 3 is as follows: when a registered user accesses any server, the user generates an authentication signature of the user through a private key and sends an authentication request containing the authentication signature to the server to be accessed; the server verifies the authentication request according to the public key corresponding to the public account book, and meanwhile, the server returns verification information generated through the private key of the server to the user, and the user verifies the verification information through the public key of the server.
Step 3 comprises the following steps:
step 31: user U
i Selecting y ε Zq
* And Y is calculated by Y, y=g
y Calculation of
User U
i Generating an authentication signature s=sig
Ui (SK
Ui ,DID
i ‖Y‖T
3 ) User U
i Transmitting authentication request { C, Y, T over public channel
3 S } to server S
j, wherein T
3 Is the current time of
step 31 execution, T
3 The generation time of the authentication signature is represented by Y being a first authentication random number, Y being a second authentication random number generated randomly in the user authentication phase, and C being an authentication parameter.
Step 32: server S
j According to DID
i Querying public account book on blockchain to find user U
i Public key PK corresponding in registration phase
Ui 、L
ij Registration time T
1i Server S
j Then according to the private account book
Judging whether [ T ] is satisfied
4 -T
1i ]<
, wherein T
4 For the current time of step 32 execution, if not, indicating that the user's VIP has expired, the user is only allowed to access free resources, T
1i For user U
i Is used for the registration time of (a).
Step 33: server S
j Returns verification information V, v=h (Y
SKSj ‖DID
i ) To user U
i User U
i The verification parameter V' is calculated,
and verifying whether V' is equal to V, if so, indicating that the user successfully verifies the server, otherwise, verifying failure.
Step 4 is the fund settlement stage of the present application.
Step 4 comprises the following steps:
step 41: server S
j Calculation of
Obtaining the number of days authorized to the user per transaction per se +.>
,
The service fee which is required to be obtained in each transaction can be obtained by multiplying the unit price.
Step 42: each server S j Calculate the rest of the servers S k Among registered users, the server S j The service charge to be charged, k.epsilon.1, j-1]∪[j+1,m];
Server S j Calculate all users at server S k Registered server S j Days of authorization on a jk And the sum r of the corresponding first random numbers jk Server S j Multiplying by a jk Is obtained at the server S k Service fee at, wherein:
a jk is that all users are in the server S k Registered server S j Sum of the number of days authorized above;
r jk is that all users are in the server S k When registering, the server S is given j A first random number r is set ij Is the sum of (3);
calculation server S k Homomorphism of commitments in a registration transaction is for a jk Is a commitment to (1),
comm ajk is that all users are in the server S k At the time of registration, at the server S j The product of the set second authority parameters;
server S j Disclosure a jk Sum r of the first random number jk 。
Because for any one server S j The rest of the servers S K Registered users can also applyPlease server S j So for any one server S j All that is required is to calculate at the remaining server S k Sum of authorized days registered on.
Step 43: validating each server S j Whether the issued service charge is correct, if each server S j If the issued service fee is correct, the service fee is settled for all servers, if the server with incorrect issued service fee exists, the server with incorrect issued service fee is found, and the service fee is settled for the rest servers.
Step 43 specifically includes the following steps:
step 431: presetting a smart contract set () which collects a sent by all servers jk and rjk When the intelligent contract is triggered, j is E [1, m],k∈[1,j-1]∪[j+1,m]。
Step 432: the Smart contract Settlement () calculates the total days pay for all server registrations k The total amount that the corresponding server should pay can be reached by multiplying the unit price.
Step 433: smart contract Settlement () authentication pay
k And (3) with
Whether or not they are equal, k E [1, j-1 ]]∪[j+1,m]If the service fee is equal, it means that there is no server lie, the corresponding service fee is settled for all servers, and if the service fee is not equal, a is provided for each server
jk and r
jk Authentication is performed to find lie servers.
Step 434: the smart contract set () is for each server S in turn
j Provided a
jk R
jk Verification
And g is equal to
ajk h
rjk If not, indicate a
jk Correct, server S
j If not, the server is stated to lie.
g
ajk For the first settlement parameter, h
rjk As a second settlement parameter,
as a third settlement parameter,
is that all users are in the server S
k At the time of registration, at the server S
j The product of the set second authority parameters;
step 5 is the rights update phase of the present application.
The step 5 specifically comprises the following steps:
step 51: and the user regenerates a new public and private key pair and a new dynamic pseudonym, and sends authority update information to any server nearest to the user according to the authority required by the new application.
Step 511: user U i Generating a new private key SK Ui ’∈Z q * And generates a new public key PK Ui ' and New dynamic pseudonym DID i ’,PK Ui ’=g SKUi’ ,DID i ’ =H(PK Ui ’)。
Step 512: user U
i For each server S
j All select a new first random number r
ij ' and new second random number
, r
ij ’∈ Z
q * ,
∈ Z
q *, wherein ,r
ij ' satisfy Condition>
Definitions->
,j∈[1,m]。
Step 513: user U
i According to the server S
j Rights definition for the last new application
,
Is the authority required by the new application of the user, and the user calculates
M ij ' for user U i Server S applying for rights update j Updating parameters by the first authority;
user U
i The sum of rights to be updated on all servers is denoted as P
i ’,
;
User U
i Calculation pair
For determining the promise of the user U
i At the server S
j The required rights;
user U
i Definition of comm
ij ’=g
pij’ h
rij’ ,L
ij ’={ comm
ij ’, X
ij ’,L
ij ’},
comm ij ' for user U i Server S updated in authority j Updating parameters by the second authority; x is X ij ' for user U i At server S of authority update j The third authority on the server updates parameters L ij ' is user U i When the authority is updated, the server S j And authority triples.
Step 514: user U i Run zero knowledge proof protocol, prove his temporary key SK Ui ’,
NIZK is zeroAuthentication protocol verification.
Step 515: user U i Generating rights update signature S' Ui , S’ Ui= Sig Ui (SK Ui ’,DID i ’‖PK Ui ’‖SID j ‖P i ’‖L i1 ’‖…L im ’‖T 5 ) User U i Sending rights update information
For any nearest server, T 5 The current time performed for step 515 represents the generation time of the rights update information.
Step 52: after the server receives the rights update information, the new dynamic pseudonym in the rights update information, the new public key of the user, the new rights sum required on each server, the new rights triplet, the zero knowledge protocol of the new attestation private key, the rights update signature, and the generation of the rights update information
Time is verified, and finally, new authority sum is verified
And if the received money corresponds to the received money, the server generates a permission update request and broadcasts the permission update request to the rest servers if the content is verified successfully.
Step 52 specifically includes the steps of:
step 521: server S receiving update request
j Validating new zero knowledge proof protocol
Whether the rights update signature is correct or not +.>
Whether or not to establish;
step 522: server S receiving update request
j Calculation of
and
And verify
And->
If it is true, if at least one of the equations is not true, the authentication fails, the update request fails, and if both are true, the server S
j Computing authority verification signature S
Sj ’, S
Sj ’=Sig(SK
Sj ,DID
i ’‖PK
Ui ’‖SID
j ’‖P
i ’‖L
i1 ’‖L
i2 ’‖…‖L
im ’‖T
6 ),T
6 Is the current time.
Step 523: if the verification results of steps 521-522 are equal, and the new authority sum P i ' correspond to the received money, the server S j Generating a permission update request, wherein the permission update request is as follows: { DID i ’‖ PK Ui ’‖SID j ‖p i ’ ‖L i1 ’‖L i2 ’‖…‖L im ’‖T 6 And broadcasting entitlement update requests to other servers S on the blockchain k 。
Step 523: after receiving the permission update request, the rest servers verify the permission update request, after all the servers verify the permission update request, and after the permission update request passes the verification, the permission update information submitted by the user is uploaded to a public account book of the blockchain, and each server updates own private account book and returns permission update time and permission update certificates to the user.
Specifically, the other servers that received the rights update request each calculate
And verify->
If so, the servers agree on each other. Server S
j Uploading authority update information to public account book of blockchain, and finally server S
j Return rights update time T
6 And authority update credentials to the user, indicating successful upload, user U
i Preserving DID
i ’,PK
Ui ’,SK
Ui ' replace DID
i ,PK
Ui ,SK
Ui The method comprises the steps of carrying out a first treatment on the surface of the The rights update information uploaded to the blockchain is:
{DID i ’‖PK Ui ’ ‖SID j ‖P i ’‖L i1 ’‖L i2 ’‖…‖L im ’‖T 6 }。
step 54: when detecting the change of the public account, each server updates its private account, server S
j By DID
i Inquiring public account book to find corresponding registration time T
1i Updating in private ledgers
:T
1i For user U
i Is used for the registration time of (a).
The foregoing description is only of the preferred embodiments of the present disclosure and description of the principles of the technology being employed. It will be appreciated by those skilled in the art that the scope of the invention in the embodiments of the present disclosure is not limited to the specific combination of the above technical features, but encompasses other technical features formed by any combination of the above technical features or their equivalents without departing from the spirit of the invention. Such as the above-described features, are mutually substituted with (but not limited to) the features having similar functions disclosed in the embodiments of the present disclosure.