Password-free authentication method and system based on blockchain, terminal and storage medium

Abstract

The invention provides a password-free authentication method and system based on a block chain, a terminal and a storage medium. Theauthentication method comprises the steps: building a password-freeauthentication system, dividing the password-free authentication system into function modules, and respectively deploying the function modules to a DApp of a public chain platform; when the third-party system sends the first transmission data to the back-end service, receiving the encrypted first transmission data of the third-party system, and judging whether the third-party system is a legal user or not; performing validity verification on the encrypted transmission data I; decrypting the legal encrypted transmission data I; performing validity verification on the decrypted transmission dataI; transmitting the legal decrypted transmission data I to a back-end service system; and when the back-end service system returns the second transmission data to the third-party system, sending theencrypted second transmission data and callback data to the third-party system. According to the invention, the problems of easy leakage and logic coupling of an encryption mode in a password-free authentication technology can be avoided, so that the security, availability and flexibility of the password-free authentication technology are improved.

Description

technical field [0001] The present invention relates to the technical field of block chain, and more specifically, relates to a block chain-based password-free authentication method, system, terminal and storage medium. Background technique [0002] Existing third-party password-free authentication systems are generally used for business systems where the system platform opens some data interfaces or pages to third-party access parties and needs to authenticate the identity of the access party. Usually, password-free authentication requires the first The third party provides reliable authentication information to verify its identity. [0003] In the current secret-free authentication system based on public-private key technology, it is necessary to inform the third-party system of parameters such as appkey and private key in advance, and to implement the agreed encryption process and encryption method, and to transmit the encrypted content to the salesman system In , the bu...

AI Technical Summary

Problems solved by technology

[0004] (1) The secret-free authentication system based on public and private keys needs to inform the third-party system of the content of the appkey and public key. The third-party system stores the appkey and public key in the code or database. If the third-party system is attacked by hackers, the If the appkey and public key are leaked, there will be a risk of data leakage

[0005] (2) Due to the need to implement the agreed encryption method, if the encryption method is leaked due to third-party business personnel leaking secrets, it is easy to cause other unauthorized personnel to call the authentication interface by imitating the data encryption method, which will affect the business system and Losses caused by third-party systems

[0006] (3) During the authentication process, if the appkey and public key are leaked, the encryption method is exposed, etc., it will cause the attacker to call the interface by disguising the implementation method and data. When this problem occurs, the password-free authentication system cannot Verify the legitimacy of the identity of the attacker

[0007] (4) The password-free authentication system is generally deployed on the same server as the business system that provides data in the rear. If the server is unavailable, the password-free authentication cannot provide external services, which may easily lead to business failures between the service provider and the third-party system. loss

Images