A blockchain-based password processing method, device and medium

By using blockchain Hyperledger technology to process user passwords in segments and encrypt and store them by multiple endorsing nodes, the security problem of centralized password storage is solved, achieving higher password management security and legality verification.

CN111008374BActive Publication Date: 2026-07-07INSPUR YUNZHOU (SHANDONG) IND INTERNET CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
INSPUR YUNZHOU (SHANDONG) IND INTERNET CO LTD
Filing Date
2019-11-26
Publication Date
2026-07-07

AI Technical Summary

Technical Problem

In existing technologies, passwords are stored on a central server, which poses a risk of information leakage and results in insufficient security due to centralized management permissions.

Method used

By employing blockchain Hyperledger technology, user passwords are processed in segments and encrypted and stored by multiple endorsing nodes. The security of password management is ensured through signature verification and consensus network recording of operations.

Benefits of technology

It significantly improves the security of password management, prevents password tampering and unauthorized access, and ensures the legitimacy verification of legitimate user terminals.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN111008374B_ABST
    Figure CN111008374B_ABST
Patent Text Reader

Abstract

The application discloses a password processing method and device based on a blockchain and a medium. The password processing method and device based on the blockchain utilize a blockchain super account book technology to perform segmented processing on user password plaintext when the user password plaintext is saved, and the user password plaintext is saved by multiple password administrators. When a user forgets a password, the password can be restored only by permission of the multiple password administrators. In addition, each time a password is input or restored, super account book verification and recording are performed, and the security of password management is significantly improved.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of blockchain technology, and more specifically to a blockchain-based cryptographic processing method, device, and medium. Background Technology

[0002] In existing technologies, password storage typically involves storing passwords on a central server. This means that after a user sets their password on their terminal, it is uploaded to the central server. Some central servers even store user passwords in plaintext, posing a significant risk of information leakage. Other central servers encrypt user passwords and store them in ciphertext, requiring an administrator with the appropriate permissions on the server to view the password information. However, because password viewing permissions are controlled by a single administrator, this method of password storage cannot guarantee security.

[0003] It should be noted that the above content falls within the inventor's technical knowledge and does not necessarily constitute prior art. Summary of the Invention

[0004] To address the aforementioned problems, this invention provides a blockchain-based cryptographic processing method, device, and medium, which utilizes blockchain's hyperledger technology to improve cryptographic security.

[0005] This invention discloses a blockchain-based cryptographic processing method, comprising the following steps:

[0006] Deploying blockchain;

[0007] Obtain the password entry information sent by the user terminal;

[0008] The password input information is segmented to form N segmented passwords, where N > 1;

[0009] The N segmented ciphers are sent to N endorsing nodes corresponding to the number of segmented ciphers. The N endorsing nodes use public keys to encrypt and encapsulate the received segmented ciphers and broadcast them to the consensus network.

[0010] Receive password retrieval requests sent by user terminals;

[0011] Obtain the user terminal's signature for verification;

[0012] Determine whether the user terminal signature has been correctly authorized based on the signature verification result;

[0013] If the judgment result is yes, then a password recovery request is sent to the corresponding N endorsement nodes, and the N endorsement nodes use their public keys to recover the segmented passwords separately according to the password recovery request;

[0014] Receive N segmented recovery passwords sent by N endorsing nodes;

[0015] The N segmented passwords are concatenated in order and sent to the user terminal.

[0016] As a preferred embodiment of the blockchain-based cryptographic processing method of the present invention, when performing the step of obtaining password entry information sent by the user terminal, the method further includes:

[0017] Retrieve the original password;

[0018] Generate the corresponding MD5 value for the original password;

[0019] Send the MD5 value corresponding to the original password to the endorsing node for verification;

[0020] Determine whether the user terminal that sent the password entry information is correctly authorized;

[0021] If the judgment result is yes, then the password entry information will be segmented.

[0022] As a preferred embodiment of the blockchain-based cryptographic processing method of the present invention, when performing the step of sending the MD5 value corresponding to the original ciphertext to the endorsing node for verification, the method further includes:

[0023] The MD5 value corresponding to the original password is sent to the first endorsement node, which then verifies the user terminal.

[0024] The verification result is returned to the user's terminal;

[0025] Obtain the signature verification information of the user terminal for the first endorsement node;

[0026] Send the MD5 value corresponding to the original password to the second to Nth endorsement nodes;

[0027] Obtain the verification results sent by the second to the Nth endorsement nodes and send them to the user terminal. The user terminal then determines whether all endorsement policies from the second to the Nth endorsement nodes are satisfied.

[0028] The system receives the judgment result from the user terminal. If the judgment result is yes, the system encapsulates the password entry information and broadcasts it to the consensus network.

[0029] As a preferred embodiment of the blockchain-based cryptographic processing method of the present invention, when performing the step of obtaining the password entry information sent by the user terminal, the method further includes:

[0030] Determine whether the password information entered on the user terminal is less than 16 characters and greater than 4 characters;

[0031] If the judgment result is yes, then it is further determined whether the password input information is at least one of numbers and uppercase and lowercase letters;

[0032] If the judgment result is yes, the password entry information will be processed in segments.

[0033] As a preferred embodiment of the blockchain-based cryptographic processing method of the present invention, the cryptographic input information is segmented to form a 4-segment cryptographic code.

[0034] As a preferred embodiment of the blockchain-based cryptographic processing method of the present invention, the method further includes:

[0035] Determine if each segment of the password has 4 digits.

[0036] If the judgment result is yes, the password entry information is divided into 4 segments, and any gaps in each segment that are less than 4 characters are filled with wildcards.

[0037] As a preferred embodiment of the blockchain-based cryptographic processing method of the present invention, when determining whether the user terminal signature has been correctly authorized based on the signature verification result, if the determination result is negative, the request is defined as an illegal request, the request information is broadcast to all nodes in the consensus network, and the determination result is sent to the user terminal.

[0038] As a preferred embodiment of the blockchain-based cryptographic processing method of the present invention, after performing the step of sending the concatenated password to the user terminal, the method further includes:

[0039] Define this request as a legitimate request;

[0040] The processed information is encapsulated and broadcast to the endorsing nodes in the consensus network.

[0041] This invention also discloses a blockchain-based cryptographic processing device, comprising:

[0042] At least one processor; and

[0043] A memory communicatively connected to the at least one processor; wherein,

[0044] The memory stores instructions executable by at least one processor, which, when executed by the at least one processor, enables the at least one processor to:

[0045] Deploying blockchain;

[0046] Obtain the password entry information sent by the user terminal;

[0047] The password input information is segmented to form N segmented passwords, where N > 1;

[0048] The N segmented ciphers are sent to N endorsing nodes corresponding to the number of segmented ciphers. The N endorsing nodes use public keys to encrypt and encapsulate the received segmented ciphers and broadcast them to the consensus network.

[0049] Receive password retrieval requests sent by user terminals;

[0050] Obtain the user terminal's signature for verification;

[0051] Determine whether the user terminal signature has been correctly authorized based on the signature verification result;

[0052] If the judgment result is yes, then a password recovery request is sent to the corresponding N endorsement nodes, and the N endorsement nodes use their public keys to recover the segmented passwords separately according to the password recovery request;

[0053] Receive N segmented recovery passwords sent by N endorsing nodes;

[0054] The N segmented passwords are concatenated in order and sent to the user terminal.

[0055] This invention also discloses a blockchain-based cryptographic processing medium storing computer-executable instructions, wherein the computer-executable instructions are:

[0056] Deploying blockchain;

[0057] Obtain the password entry information sent by the user terminal;

[0058] The password input information is segmented to form N segmented passwords, where N > 1;

[0059] The N segmented ciphers are sent to N endorsing nodes corresponding to the number of segmented ciphers. The N endorsing nodes use public keys to encrypt and encapsulate the received segmented ciphers and broadcast them to the consensus network.

[0060] Receive password retrieval requests sent by user terminals;

[0061] Obtain the user terminal's signature for verification;

[0062] Determine whether the user terminal signature has been correctly authorized based on the signature verification result;

[0063] If the judgment result is yes, then a password recovery request is sent to the corresponding N endorsement nodes, and the N endorsement nodes use their public keys to recover the segmented passwords separately according to the password recovery request;

[0064] Receive N segmented recovery passwords sent by N endorsing nodes;

[0065] The N segmented passwords are concatenated in order and sent to the user terminal.

[0066] The beneficial effects of this invention are as follows:

[0067] This invention utilizes blockchain Hyperledger technology to segment user passwords during storage, with each segment being encrypted and stored by multiple password administrators. When a user forgets their password, it can only be retrieved with the permission of multiple password administrators. Furthermore, each password entry and retrieval operation is verified and recorded by Hyperledger, significantly improving the security of password management. Attached Figure Description

[0068] The accompanying drawings, which are included to provide a further understanding of the invention and form part of this invention, illustrate exemplary embodiments of the invention and are used to explain the invention, but do not constitute an undue limitation of the invention. In the drawings:

[0069] Figure 1 A flowchart illustrating an embodiment of the present invention is shown.

[0070] Figure 2 A flowchart illustrating the steps of obtaining password entry information sent by a user terminal in one embodiment of the present invention is shown.

[0071] Figure 3 The diagram illustrates a flowchart of the step of sending the MD5 value corresponding to the original password to the endorsement node for verification in one embodiment of the present invention.

[0072] Figure 4 This is a schematic diagram of the structure of a blockchain-based cryptographic processing device according to one embodiment of the present invention. Detailed Implementation

[0073] To make the objectives, technical solutions, and advantages of this specification clearer, the technical solutions of this application will be clearly and completely described below in conjunction with specific embodiments and corresponding drawings. Obviously, the described embodiments are only a part of the embodiments of this application, and not all of them. All other embodiments obtained by those skilled in the art based on the embodiments in this specification without creative effort are within the scope of protection of this application.

[0074] The technical solutions provided by the various embodiments of this application are described in detail below with reference to the accompanying drawings.

[0075] The technical solution of this application addresses the problems existing in traditional technologies by providing a method for achieving reliable, tamper-proof, and distributed data recording.

[0076] like Figure 1 As shown, the present invention discloses a blockchain-based cryptographic processing method, comprising the following steps:

[0077] S1 deploys blockchain;

[0078] S2 obtains the password entry information sent by the user terminal;

[0079] S3 segments the password input information to form N segmented passwords, where N > 1;

[0080] S4 sends the N segmented ciphers to N endorsing nodes corresponding to the number of segmented ciphers. The N endorsing nodes use public keys to encrypt and encapsulate the received segmented ciphers and broadcast them to the consensus network.

[0081] S5 receives a password retrieval request sent by the user terminal;

[0082] S6 obtains the user terminal's signature for verification;

[0083] S7 determines whether the user terminal signature has been correctly authorized based on the signature verification result;

[0084] If the judgment result is yes, then send a password recovery request to the corresponding N endorsement nodes, and the N endorsement nodes use their public keys to recover the segmented passwords separately according to the password recovery request;

[0085] S9 receives N segmented recovery passwords sent by N endorsing nodes;

[0086] S10 concatenates the N segmented recovery passwords in sequence and sends them to the user terminal.

[0087] Blockchain, as a decentralized distributed storage technology, possesses characteristics such as trustworthiness, immutability, security, and privacy. These characteristics make it particularly suitable for storing user password information and verifying user terminal identities. Data recorded on the blockchain is stored in distributed ledger nodes, and modifications to data on a single node or a few nodes will not take effect, ensuring that the data on the blockchain cannot be tampered with. Information on the blockchain can also be viewed by all personnel, making it more fair and reliable. The Hyperledger technology used in this embodiment is a type of consortium blockchain technology. New blocks are created only when new transactions occur, making it more suitable for commercial applications, such as the mediation and hierarchical management of permissions between users and administrators, achieving access control for different roles. This embodiment uses Hyperledger technology to segment user passwords and distribute them to multiple administrators. Administrators with public keys can encrypt the segmented passwords. The entire password segmentation and encryption process requires verification, thereby improving the security of user passwords.

[0088] In this embodiment, the orderer node acts as the execution entity to complete the collaborative functions of information verification, information packaging, and information broadcasting between the user terminal application and the endorsing node in the entire Hyperledger. The order node receives the endorsed proposed transaction responses sent by the user terminal application, sorts the transactions, packages a large number of transactions into blocks, and prepares to distribute the blocks to all peer nodes connected to the order node. It should be noted that peer nodes are peer nodes at the same level, and the endorsing node is also one of the peer nodes.

[0089] After receiving the password entry information sent by the user terminal, to improve the overall security of the password information, the password information is divided into N segmented passwords. These N segmented passwords are then sent to N endorsement nodes to prevent all password information from a single user terminal from being stored in a single endorsement node. While some existing password management technologies store all password information in a single node—meaning that password saving, retrieval, and modification operations are all recorded on the blockchain—this approach carries a high risk because only one node can manipulate the password. Even if any modifications or updates to the password are saved, it still cannot prevent tampering. Furthermore, when a user terminal performs a password retrieval operation, the high level of management authority allows the user terminal to directly restore the password, compromising user password security.

[0090] This embodiment utilizes Hyperledger technology to distribute user password information, which was originally stored on a single node. The original complete password is segmented, and the resulting N segmented passwords are jointly encrypted by N endorsing nodes using their respective public keys. Without authorization or the key, the encrypted information can only reveal the update records of password-related information, but not detailed information.

[0091] When a user forgets their password, they attempt to retrieve it via their user terminal. This involves sending a password retrieval request to the orderer node. Upon receiving the request, the orderer node also retrieves the user terminal's signature. Only after verifying the signature is the user terminal's legitimacy confirmed. Only when the user terminal is confirmed as correctly authorized will the orderer node send a password recovery request to the endorsing nodes. The N endorsing nodes use their respective public keys to decrypt each segment of the user's password, restoring it to its original password text. The orderer node receives the restored password text from each endorsing node, concatenates them to form a complete password text, and returns the result to the user terminal, completing the password retrieval process.

[0092] like Figure 2 As shown, in this embodiment, when performing the step of obtaining the password entry information sent by the user terminal, the method further includes:

[0093] S201 Retrieve the original password;

[0094] S202 generates the corresponding MD5 value for the original ciphertext;

[0095] S203 sends the MD5 value corresponding to the original password to the endorsing node for verification;

[0096] S204 Determines whether the user terminal that sent the password entry information has been correctly authorized;

[0097] S205 If the judgment result is yes, then the password input information is segmented.

[0098] When saving a user's password, the saved information must include the MD5 hash of the password for verification. The endorsing node verifies the MD5 value corresponding to the original password. If it confirms that the user terminal is an authorized terminal or has a valid signature, it allows the user terminal's password entry request. Simultaneously, the password entry information is segmented so that multiple endorsing nodes can encrypt it separately.

[0099] like Figure 3 As shown, in this embodiment, when performing the step of sending the MD5 value corresponding to the original password to the endorsing node for verification, the method further includes:

[0100] S2021 sends the MD5 value corresponding to the original password to the first endorsement node, and the first endorsement node verifies the user terminal.

[0101] S2022 returns the verification result to the user terminal;

[0102] S2023 Obtain the signature verification information of the user terminal for the first endorsement node;

[0103] S2024 sends the MD5 value corresponding to the original ciphertext to the second to Nth endorsement nodes;

[0104] S2025 obtains the verification results sent by the second to Nth endorsement nodes and sends them to the user terminal, whereby the user terminal determines whether all endorsement policies from the second to Nth endorsement nodes are satisfied.

[0105] S2026 receives the judgment result from the user terminal. If the judgment result is yes, it encapsulates the password entry information and broadcasts it to the consensus network.

[0106] This step utilizes the verification principle of Hyperledger to verify the legitimacy of the user terminal. The first endorsing node receives a transaction request from the user terminal for a specific smart contract. The endorsement policy configured in the smart contract requires signatures from the first to the Nth endorsing node. The first endorsing node verifies the signature; the verification result does not update Hyperledger but is sent to the user terminal. The user terminal interacts with the first endorsing node using the same method and with the second to Nth endorsing nodes. After the endorsement processing results from the second to Nth endorsing nodes are returned to the user terminal, it checks whether all endorsement policies are satisfied. If all endorsement policies are satisfied, the user terminal encapsulates the transaction information and response information into a transaction message and broadcasts it to the consensus network. The consensus network sorts the received transaction information (password entry information) in chronological order, forming a block, and sends it to all nodes on the same channel. Furthermore, all nodes need to verify the block sent by the consensus network.

[0107] In this embodiment, when performing the step of obtaining the password entry information sent by the user terminal, the method further includes:

[0108] S211 determines whether the password input information of the user terminal is less than 16 characters and greater than 4 characters;

[0109] S212 If the judgment result is yes, then further determine whether the password input information is at least one of numbers and uppercase and lowercase letters;

[0110] S213 If the judgment result is yes, then the password input information will be segmented.

[0111] When setting up a smart contract, to ensure basic password security, the password should be at least 4 characters long. Additionally, depending on actual needs, the password length can be set to less than 16 characters. Upon receiving password entry information from the user terminal, the system first checks whether the password information conforms to the smart contract's triggering rules. If the password information contains the number of characters, identifiers other than numbers, uppercase and lowercase letters, or Chinese characters, it is considered that the password information does not conform to the segmentation rules, and the next step of segmentation processing will not be performed.

[0112] Furthermore, in order to ensure the standardization and uniformity of password processing, the password input information is segmented into four segments to form a password, which reduces the corresponding amount of computation and improves processing efficiency.

[0113] In this embodiment, when the password is segmented to form a 4-segment password, the method further includes:

[0114] Determine if each segment of the password has 4 digits.

[0115] If the judgment result is yes, the password entry information is divided into 4 segments, and any gaps in each segment that are less than 4 characters are filled with wildcards.

[0116] In practical applications, it's impossible to guarantee that every user terminal's entered password information will be exactly 16 characters long and can be divided into four segments of four characters each. Therefore, when each segment of the original password is less than four characters, wildcards are used to pad it. Wildcards can be "#", "*", or other symbols. For example, if the original password is eight characters long (AABBCCDD), after dividing it into four segments, it becomes A / A / BB / CCDD. The password after wildcard padding is A### / A### / BB## / CCDD. It should be noted that the above segmentation method is just one of many possible segmentation methods; multiple methods can be set as needed, which will not be elaborated upon here.

[0117] In this embodiment, when determining whether the user terminal's signature has been correctly authorized based on the signature verification result, if the determination result is negative, the request is defined as an illegal request, the request information is broadcast to all nodes in the consensus network, and the determination result is sent to the user terminal.

[0118] Based on the characteristics of blockchain technology, any operation record and operation information can be recorded. When a user terminal sends an illegal request, the operation needs to be recorded and broadcast to the consensus network, which will then send it to the corresponding node. This provides a basis for modification and also serves as a reminder to the user.

[0119] In this embodiment, after performing the step of sending the concatenated password to the user terminal, the method further includes:

[0120] Define this request as a legitimate request;

[0121] The processed information is encapsulated and broadcast to the endorsing nodes in the consensus network.

[0122] As revealed above, based on the characteristics of blockchain technology, once a user's password recovery request is allowed and executed, it will be broadcast to the consensus network, which will then send it to the corresponding nodes for easy modification and traceability.

[0123] like Figure 4 As shown, the present invention also discloses a blockchain-based cryptographic processing device, comprising:

[0124] At least one processor; and

[0125] A memory communicatively connected to the at least one processor; wherein,

[0126] The memory stores instructions executable by at least one processor, which, when executed by the at least one processor, enables the at least one processor to:

[0127] Deploying blockchain;

[0128] Obtain the password entry information sent by the user terminal;

[0129] The password input information is segmented to form N segmented passwords, where N > 1;

[0130] The N segmented ciphers are sent to N endorsing nodes corresponding to the number of segmented ciphers. The N endorsing nodes use public keys to encrypt and encapsulate the received segmented ciphers and broadcast them to the consensus network.

[0131] Receive password retrieval requests sent by user terminals;

[0132] Obtain the user terminal's signature for verification;

[0133] Determine whether the user terminal signature has been correctly authorized based on the signature verification result;

[0134] If the judgment result is yes, then a password recovery request is sent to the corresponding N endorsement nodes, and the N endorsement nodes use their public keys to recover the segmented passwords separately according to the password recovery request;

[0135] Receive N segmented recovery passwords sent by N endorsing nodes;

[0136] Concatenate the N segmented passwords in order;

[0137] The completed password is sent to the user's terminal.

[0138] This invention also discloses a blockchain-based cryptographic processing medium storing computer-executable instructions, wherein the computer-executable instructions are:

[0139] Deploying blockchain;

[0140] Obtain the password entry information sent by the user terminal;

[0141] The password input information is segmented to form N segmented passwords, where N > 1;

[0142] The N segmented ciphers are sent to N endorsing nodes corresponding to the number of segmented ciphers. The N endorsing nodes use public keys to encrypt and encapsulate the received segmented ciphers and broadcast them to the consensus network.

[0143] Receive password retrieval requests sent by user terminals;

[0144] Obtain the user terminal's signature for verification;

[0145] Determine whether the user terminal signature has been correctly authorized based on the signature verification result;

[0146] If the judgment result is yes, then a password recovery request is sent to the corresponding N endorsement nodes, and the N endorsement nodes use their public keys to recover the segmented passwords separately according to the password recovery request;

[0147] Receive N segmented recovery passwords sent by N endorsing nodes;

[0148] Concatenate the N segmented passwords in order;

[0149] The completed password is sent to the user's terminal.

[0150] The various embodiments in this application are described in a progressive manner. Similar or identical parts between embodiments can be referred to mutually. Each embodiment focuses on describing the differences from other embodiments. In particular, the device and medium embodiments are basically similar to the method embodiments, so the description is relatively simple; relevant parts can be referred to the description of the method embodiments.

[0151] The devices and media provided in this application are one-to-one with the methods. Therefore, the devices and media also have similar beneficial technical effects as their corresponding methods. Since the beneficial technical effects of the methods have been described in detail above, the beneficial technical effects of the devices and media will not be repeated here.

[0152] Those skilled in the art will understand that embodiments of the present invention can be provided as methods, systems, or computer program products. Therefore, the present invention can take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention can take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.

[0153] This invention is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, generate instructions for implementing the flowchart illustrations and / or block diagrams. Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.

[0154] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.

[0155] These computer program instructions may also be loaded onto a computer or other programmable data processing equipment to cause a series of operational steps to be performed on the computer or other programmable equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.

[0156] In a typical configuration, a computing device includes one or more processors (CPU), input / output interfaces, network interfaces, and memory.

[0157] Memory may include non-persistent storage in computer-readable media, such as random access memory (RAM) and / or non-volatile memory, such as read-only memory (ROM) or flash RAM. Memory is an example of computer-readable media.

[0158] Computer-readable media includes both permanent and non-permanent, removable and non-removable media that can store information using any method or technology. Information can be computer-readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, CD-ROM, digital versatile optical disc (DVD) or other optical storage, magnetic tape, magnetic magnetic disk storage or other magnetic storage devices, or any other non-transferable medium that can be used to store information accessible by a computing device. As defined herein, computer-readable media does not include transient computer-readable media, such as modulated data signals and carrier waves.

[0159] It should also be noted that the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes said element.

[0160] The above description is merely an embodiment of this application and is not intended to limit the scope of this application. Various modifications and variations can be made to this application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of this application should be included within the scope of the claims of this application.

Claims

1. A blockchain-based cryptographic processing method, characterized in that, The steps include the following: Deploying blockchain; Obtain the password entry information sent by the user terminal; The password input information is segmented to form N segmented passwords, where N > 1; The N segmented ciphers are sent to N endorsing nodes corresponding to the number of segmented ciphers. The N endorsing nodes use public keys to encrypt and encapsulate the received segmented ciphers and broadcast them to the consensus network. Receive password retrieval requests sent by user terminals; Obtain the user terminal's signature for verification; Determine whether the user terminal signature has been correctly authorized based on the signature verification result; If the judgment result is yes, then a password recovery request is sent to the corresponding N endorsement nodes, and the N endorsement nodes use their public keys to recover the segmented passwords separately according to the password recovery request; Receive N segmented recovery passwords sent by N endorsing nodes; Concatenate the N segmented passwords in order and send them to the user terminal; When performing the step of obtaining the password entry information sent by the user terminal, the method further includes: Determine whether the password information entered on the user terminal is less than 16 characters and greater than 4 characters; If the judgment result is yes, then it is further determined whether the password input information is at least one of numbers and uppercase and lowercase letters; If the judgment result is yes, the password entry information will be processed in segments; The password input information is segmented to form a 4-segment password; The method further includes: Determine if each segment of the password has 4 digits. If the judgment result is yes, the password input information is divided into 4 segments, and any gaps in each segment that are less than 4 characters are filled with wildcards. When performing the step of obtaining password entry information sent by the user terminal, the method further includes: Retrieve the original password; Generate the corresponding MD5 value for the original password; Send the MD5 value corresponding to the original password to the endorsing node for verification; Determine whether the user terminal that sent the password entry information is correctly authorized; If the judgment result is yes, then the password entry information will be segmented. When performing the step of sending the MD5 value corresponding to the original password to the endorsing node for verification, the method further includes: The MD5 value corresponding to the original password is sent to the first endorsement node, which then verifies the user terminal. The verification result is returned to the user's terminal; Obtain the signature verification information of the user terminal for the first endorsement node; Send the MD5 value corresponding to the original password to the second to Nth endorsement nodes; Obtain the verification results sent by the second to the Nth endorsement nodes and send them to the user terminal. The user terminal then determines whether all endorsement policies from the second to the Nth endorsement nodes are satisfied. The system receives the judgment result from the user terminal. If the judgment result is yes, the system encapsulates the password entry information and broadcasts it to the consensus network.

2. The blockchain-based cryptographic processing method according to claim 1, characterized in that, When determining whether the user terminal's signature has been correctly authorized based on the signature verification result, if the result is negative, the request is defined as an illegal request, the request information is broadcast to all nodes in the consensus network, and the result is sent to the user terminal.

3. The blockchain-based cryptographic processing method according to claim 1, characterized in that, After performing the step of sending the concatenated password to the user terminal, the method further includes: Define this request as a legitimate request; The processed information is encapsulated and broadcast to the endorsing nodes in the consensus network.

4. A blockchain-based cryptographic processing device, characterized in that, include: At least one processor; as well as A memory communicatively connected to the at least one processor; wherein, The memory stores instructions executable by at least one processor, which, when executed by the at least one processor, enables the at least one processor to perform a blockchain-based cryptographic processing method as described in any one of claims 1-3.

5. A blockchain-based cryptographic processing medium storing computer-executable instructions, characterized in that, The computer-executable instructions are capable of executing the blockchain-based cryptographic processing method described in any one of claims 1-3.