Blockchain node authentication method, system, device and storage medium
By combining data signature and dynamic token multi-factor authentication methods with real-time security verification, the problem of insufficient security in existing consortium blockchain node authentication methods is solved, enabling timely identification and processing of nodes and improving the security of the consortium blockchain.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- SF TECH CO LTD
- Filing Date
- 2021-04-20
- Publication Date
- 2026-06-09
Smart Images

Figure CN115221491B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of blockchain, and specifically to a consortium blockchain node authentication method, system, device, and storage medium. Background Technology
[0002] The specific applications of blockchain can be divided into three types: public blockchain technology, consortium blockchain technology, and private blockchain technology. As a decentralized database, blockchain can establish trust relationships among nodes across the entire network based on technologies such as consensus mechanisms, distributed ledgers, and identity verification.
[0003] Consortium blockchain technology is considered the blockchain technology with the greatest potential for practical application, and can be widely used in various industries such as finance and logistics, with a very broad application prospect. Generally speaking, a consortium blockchain includes multiple child nodes, and each child node (sub-center node) has multiple child nodes under it, thus forming a multi-level consortium blockchain network. With the continuous development of consortium blockchain technology applications, many fields or scenarios involve node authentication issues in consortium blockchains, in order to further deploy and expand nodes, confirm transmitted data, store and manage it, and ensure the authenticity, reliability and traceability of data. Therefore, when deploying and expanding nodes, authenticating the identity of member nodes to ensure the security and authenticity of blockchain nodes has become particularly necessary. Existing node authentication methods mainly verify node signatures through keys, certificates, etc., or authenticate the identity of nodes through passwords, node identifiers, etc. However, the authentication mode used by existing node authentication methods is relatively simple, which cannot provide security guarantees and cannot detect maliciously controlled nodes in a timely manner. Summary of the Invention
[0004] This invention provides a consortium blockchain node authentication method, system, device, and storage medium to address the security issues caused by the limited availability of existing node authentication methods, which fail to detect malicious control of nodes in a timely manner.
[0005] On the one hand, this application provides a consortium blockchain node authentication method, applied to a verification server, the node authentication method comprising:
[0006] The receiving node sends an authentication request, obtains the digital signature associated with the authentication request, and verifies the legality of the digital signature;
[0007] If the digital signature is valid, the identity authentication request is decrypted using a pre-stored dynamic token to obtain the node's identification information;
[0008] The node is security verified based on the identification information, and the verification result information is recorded to determine whether the node is secure.
[0009] If the node is secure, then the node's identity authentication is completed based on the identification information.
[0010] In some embodiments of this application, the step of performing security verification on the node based on the identification information and recording the verification result information to determine whether the node is secure includes:
[0011] Extract the node identifier from the identification information, send dynamic verification information to the node corresponding to the node identifier for security verification; record the verification result of the node security verification, and count the multiple verification results of the node within the expected time period;
[0012] Determine whether the node is secure based on the verification results within the expected time period;
[0013] If the verification results meet the preset threshold conditions within the expected time period, the node is determined to be safe.
[0014] If the verification results do not meet the preset threshold conditions within the expected time period, the node is determined to be insecure.
[0015] In some embodiments of this application, recording the verification results of the node security verification and statistically analyzing the verification results of the node within a predicted time period includes:
[0016] Receive feedback information sent by the node based on the dynamic verification information, determine the verification result based on the feedback information, and record the verification result of the node's security verification;
[0017] If the verification result is that the security verification of the node fails, the pre-stored dynamic token is updated, and the node's update identity authentication request is received for re-authentication;
[0018] If the verification result indicates that the security verification of the node has passed, then the dynamic verification information is updated and the updated dynamic verification information is sent to the node;
[0019] The statistics show the verification results of nodes that failed security checks within the expected timeframe.
[0020] In some embodiments of this application, the step of completing the identity authentication of the node based on the identification information if the node is secure includes:
[0021] If the node is secure, then obtain the user identifier and user information corresponding to the node from the identifier information;
[0022] The reserved user information is obtained based on the user identifier, and the reserved user information is compared with the user information to determine whether the node identity is legitimate.
[0023] If the reserved user information matches the user information, then the node's identity authentication is successful;
[0024] If the reserved user information does not match the user information, the node's identity authentication will fail.
[0025] On the other hand, this application provides a consortium blockchain node authentication method, applied to nodes, the node authentication method comprising:
[0026] Send a dynamic token to the password server, and use the dynamic token to encrypt the identification information using an encryption algorithm to generate authentication information;
[0027] Obtain the node private key sent by the registration server, and encrypt the authentication information again using the node private key to obtain a digital signature;
[0028] An identity authentication request is generated based on the authentication information and the digital signature, and the identity authentication request is sent to the verification server so that the verification server can perform node authentication.
[0029] The system receives dynamic verification information sent by the verification server, generates feedback information corresponding to the dynamic verification information, and sends it to the verification server so that the verification server can complete the authentication of the node based on the feedback information and the identity authentication request.
[0030] In some embodiments of this application, before sending a dynamic token to a password server and using the dynamic token to encrypt the identification information using an encryption algorithm to generate authentication information, the method includes:
[0031] A registration request is generated based on the node identifier, and the registration request is sent to the registration server so that the registration server can register the node according to the registration request.
[0032] Receive and save the user information and node private key returned by the registration server during registration;
[0033] The step of using the dynamic token to encrypt the identifier information using an encryption algorithm to generate authentication information includes:
[0034] Obtain the user information, and obtain identification information based on the user information; use the dynamic token to encrypt the identification information according to a preset encryption algorithm to obtain authentication information.
[0035] On the other hand, this application provides a consortium blockchain node authentication system, including a verification server and nodes, wherein the consortium blockchain node authentication system includes:
[0036] The node is used to generate an authentication request based on the dynamic token and the node's private key and send it to the verification server;
[0037] The verification server is used to receive authentication requests sent by nodes, obtain the digital signature associated with the authentication request, and verify the legality of the digital signature.
[0038] A verification server is used to decrypt the authentication request using a pre-stored dynamic token to obtain the node's identification information if the digital signature is valid.
[0039] A verification server is used to perform security verification on the node based on the identification information;
[0040] A node is used to receive dynamic verification information sent by the verification server and return the verification result to the verification server;
[0041] A verification server is used to record the verification results of the security verification to determine whether the node is secure.
[0042] A verification server is used to authenticate the node based on the identification information if the node is secure.
[0043] In some embodiments of this application, the consortium blockchain node authentication system further includes a password server and a registration server, and the consortium blockchain node authentication system includes:
[0044] A registration server is used to generate user information, node public and private keys based on the registration request sent by the node, and to send the user information and the node private key back to the node.
[0045] A node is used to receive the user information and the node private key, and to manage the user information and the node private key separately;
[0046] A node is used to generate a dynamic token based on a dynamic factor and send the dynamic token to the password server;
[0047] The password server is used to encrypt a dynamic factor to obtain a random number string using a preset encryption algorithm, encapsulate the random number string and the preset encryption algorithm to generate a dynamic token, and send the dynamic token to the verification server.
[0048] A verification server is used to receive the dynamic token and update the pre-stored dynamic token.
[0049] A node is used to use the dynamic token and the node's private key to encrypt the user information multiple times to obtain an identity authentication request.
[0050] On the other hand, this application provides a consortium blockchain node authentication device, which includes: a node or verification server, and includes a memory, a processor and an application program; the memory stores the application program, and the processor is used to run the application program in the memory to perform the operations in the consortium blockchain node authentication method.
[0051] On the other hand, this application provides a storage medium storing a plurality of instructions adapted for loading by a processor to execute the steps in the consortium blockchain node authentication method.
[0052] This invention receives an authentication request sent by a node, obtains the digital signature associated with the authentication request, and verifies the legality of the digital signature. If the digital signature is legal, a pre-stored dynamic token is used to decrypt the authentication request to obtain the node's identification information. The node is then subjected to security verification based on the identification information, and the verification result is recorded to determine whether the node is secure. If the node is secure, the node's authentication is completed based on the identification information. This technical solution verifies the node's identity using multiple factors, including data signatures and dynamic tokens, and performs security verification on the node based on the identification information. By combining dynamic tokens and real-time security verification, a hybrid node authentication mode is established to promptly detect node insecurity and minimize losses caused by node insecurity. Attached Figure Description
[0053] To more clearly illustrate the technical solutions in the embodiments of the present invention, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0054] Figure 1 This is a schematic diagram of a scenario for consortium blockchain node authentication provided in an embodiment of the present invention;
[0055] Figure 2 This is a schematic flowchart of an embodiment of the consortium blockchain node authentication method provided by the present invention;
[0056] Figure 3 This is a schematic diagram of an embodiment of the security verification of nodes in the consortium blockchain node authentication method provided by the present invention;
[0057] Figure 4 This is a schematic flowchart of an embodiment of the consortium blockchain node authentication method for recording security verification results provided in this invention.
[0058] Figure 5 This is a schematic flowchart of an embodiment of the node identity authentication method in the consortium blockchain node authentication method provided by the present invention;
[0059] Figure 6 This is a schematic diagram of an embodiment of the consortium blockchain node authentication method provided by the present invention applied to a node;
[0060] Figure 7 This is a schematic diagram of a node authentication process of the consortium blockchain node authentication system provided in an embodiment of the present invention;
[0061] Figure 8 This is a schematic diagram of an embodiment of the consortium blockchain node authentication device provided in this invention. Detailed Implementation
[0062] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0063] This invention provides a method, system, device, and storage medium for authenticating consortium blockchain nodes.
[0064] The consortium blockchain node authentication method in this embodiment is applied to a consortium blockchain node authentication device. The consortium blockchain node authentication device is equipped with a memory and a processor. The memory stores an application program, and the processor runs the application program stored in the memory to achieve consortium blockchain node authentication. The consortium blockchain node authentication device can be a server, such as a single server or a server cluster composed of multiple servers. The consortium blockchain node authentication device can also be a terminal, such as a mobile phone, computer, or webpage.
[0065] like Figure 1 As shown, Figure 1 This is a schematic diagram of a scenario for consortium blockchain node authentication provided in an embodiment of this application. The consortium blockchain node authentication scenario in this embodiment includes a consortium blockchain node authentication device. The consortium blockchain node authentication device runs a computer-readable storage medium corresponding to consortium blockchain node authentication to perform the steps of consortium blockchain node authentication.
[0066] Understandable Figure 1The consortium blockchain node authentication device in the consortium blockchain node authentication application scenario shown, or the device contained in the consortium blockchain node authentication device, does not constitute a limitation on the embodiments of this application. That is, the number or type of device contained in the consortium blockchain node authentication scenario, or the number or type of device contained in each device, does not affect the overall implementation of the technical solution of the embodiments of this application, and can all be considered as equivalent substitutions or derivatives of the technical solutions claimed in the embodiments of this application.
[0067] The consortium blockchain node authentication device in this application embodiment is mainly used for:
[0068] The receiving node sends an authentication request, obtains the digital signature associated with the authentication request, and verifies the legality of the digital signature;
[0069] If the digital signature is valid, the identity authentication request is decrypted using a pre-stored dynamic token to obtain the node's identification information;
[0070] The node is security verified based on the identification information, and the verification result information is recorded to determine whether the node is secure.
[0071] If the node is secure, then the node's identity authentication is completed based on the identification information.
[0072] In this embodiment, the consortium blockchain node authentication device can be an independent consortium blockchain node authentication device, or a network or cluster of consortium blockchain node authentication devices. For example, the consortium blockchain node authentication device described in this embodiment includes, but is not limited to, computers, mobile terminals, network hosts, single network consortium blockchain node authentication devices, multiple sets of consortium blockchain node authentication devices, or multiple consortium blockchain node authentication devices constituting a cloud consortium blockchain node authentication device. The cloud consortium blockchain node authentication device consists of a large number of computer or network consortium blockchain node authentication devices based on cloud computing.
[0073] Those skilled in the art will understand that Figure 1 The application scenarios shown are merely one application scenario of the solution in this application and do not constitute a limitation on the application scenarios of the solution in this application. Other application scenarios may include more than one application scenario. Figure 1 This shows more or fewer consortium blockchain node authentication devices, or the network connection relationships of consortium blockchain node authentication devices, for example... Figure 1 Only one consortium blockchain node authentication device is shown. It is understood that the consortium blockchain node authentication device may also include one or more consortium blockchain node authentication devices, which are not limited here. The consortium blockchain node authentication device may also include a storage device for storing data, such as node user information, node identifier, node public key, dynamic token, etc.
[0074] Furthermore, in the scenario of consortium blockchain node authentication in this application, the consortium blockchain node authentication device can also be equipped with a display device 200, or the consortium blockchain node authentication device 100 may not have a current communication connection between the device 200 and an external display device. The display device 200 is used to output the result of the execution of the consortium blockchain node authentication method in the consortium blockchain node authentication device 100. The consortium blockchain node authentication device 100 can access the background database 300, which can be the local storage of the consortium blockchain node authentication device 100. The background database 300 stores information related to consortium blockchain node authentication, such as node user information, node public keys, and node identification information.
[0075] It should be noted that, Figure 1 The schematic diagram of the consortium blockchain node authentication scenario shown is merely an example. The consortium blockchain node authentication scenario described in this application embodiment is intended to more clearly illustrate the technical solution of this application embodiment and does not constitute a limitation on the technical solution provided in this application embodiment.
[0076] like Figure 2 As shown, Figure 2 This is a schematic flowchart of an embodiment of the consortium blockchain node authentication method provided in this application. The consortium blockchain node authentication method includes:
[0077] 101. Receive the authentication request sent by the receiving node, obtain the digital signature associated with the authentication request, and verify the legality of the digital signature.
[0078] The consortium blockchain node authentication method in this embodiment is applied to a consortium blockchain node authentication device. The type and number of devices in the consortium blockchain node authentication device are not limited. This embodiment uses a verification server as an example to illustrate the consortium blockchain node authentication device. The verification server receives an identity authentication request sent by a node, where the identity authentication request includes the node's digital signature, authentication information, device identifier, etc. It obtains the digital signature associated with the identity authentication request and verifies the legality of the digital signature. Specifically, the verification server receives the identity authentication request sent by the node, obtains the corresponding node's digital signature and device identifier from the identity authentication request, where the device identifier is a unique identifier for the node device, such as the node device ID (full name: Identity document), which is associated with the node's public key. The verification server obtains the node's public key associated with the device identifier based on the device identifier and verifies the legality of the digital signature through the node's public key. The specific steps include:
[0079] Step a1: The verification server uses the obtained node public key to decrypt the digital signature and obtain the node digest;
[0080] Step a2: The verification server obtains the authentication information from the received authentication request and uses a cryptographic hash function to encrypt the authentication information to generate a digest;
[0081] Step a3: Compare the decrypted node digest with the encrypted generated digest. If the node digest and the encrypted generated digest match, the digital signature is valid; if they do not match, the digital signature is invalid.
[0082] In this embodiment, if the digital signature is invalid, the verification server can output a node security warning message and perform re-authentication. Specifically, if the digital signature is invalid, the verification server records the number of times the digital signature is invalid, outputs a node security warning message, and sends a re-authentication instruction to the node, so that the node sends a re-authentication request to the verification server according to the re-authentication instruction. If the number of invalid digital signature verifications reaches a preset limit within a continuous period of time, the verification server determines that the corresponding node is insecure and initiates a node kick-out process to remove the node from the consortium blockchain.
[0083] In this embodiment, the verification server verifies the digital signature of the corresponding node through the node's public key, thereby improving the security of the consortium blockchain's verification of digital signatures. For nodes with invalid digital signatures, a second authentication is initiated, and nodes that have reached a preset limit for the number of invalid digital signature verifications within a continuous period are kicked out of the consortium blockchain, further improving the security of the verification server.
[0084] 102. If the digital signature is valid, the identity authentication request is decrypted using the pre-stored dynamic token to obtain the node's identification information.
[0085] In this embodiment, if the digital signature is valid, the verification server uses a pre-stored dynamic token to decrypt the authentication information in the identity authentication request to obtain the node's identification information. The authentication information is ciphertext obtained by the node encrypting its identification information using a dynamic token. The pre-stored dynamic token is the dynamic token received by the verification server. The dynamic token can be a random string obtained by calculating a dynamic factor using a preset encryption algorithm. The dynamic factor changes within a certain period of time, and the corresponding dynamic token is also different from the previous dynamic token. Specifically, if the digital signature is valid, the verification server extracts the authentication information from the identity authentication request and uses the pre-stored dynamic token to decrypt the authentication information to obtain the node's identification information. The identification information includes user information and node identification. The dynamic token pre-stored by the verification server is the same as the dynamic token used to encrypt the node's identification information.
[0086] In this embodiment, the verification server uses a pre-stored dynamic token to decrypt authentication information to obtain identification information. The randomness and variability of the dynamic token improve the security of node authentication.
[0087] 103. Perform security verification on the node based on the identification information, and record the verification result information to determine whether the node is secure.
[0088] In this embodiment, the verification server obtains the node identifier from the identification information, performs security verification on the node based on the node identifier, and records the verification result to determine whether the node is secure. Specifically, the verification server obtains the node identifier from the identification information, where the node identifier is unique identification information for the node. For example, the node identifier can be the MAC address (Media Access Control MAC address) of the node device's network interface card. Address (Chinese: Media Access Control Address), the verification server determines the node's network address based on the node identifier, and then performs security verification on the node corresponding to the node identifier using the network address. It receives feedback from the node to determine the verification result. Specifically, if feedback is received within a specified time, the security verification of the node passes, and a second security verification is initiated; if no feedback is received within the specified time, the security verification of the node fails, and a second security verification is initiated. The number of times the security verification of the node fails is recorded. If the number of consecutive security verification failures equals a preset number, the security verification result is considered a failure; if the number of consecutive security verification failures is less than the preset number, the security verification result is considered a success. The verification server determines whether the node is secure based on the verification result. If the security verification result fails, the corresponding node is considered insecure and may be maliciously controlled, and a process to remove the node is initiated; if the security verification result succeeds, the corresponding node is considered secure.
[0089] In this embodiment, the verification server can use heartbeat verification to perform security verification on nodes. Specifically, the verification server sends a detection packet to the corresponding node at regular intervals and starts a timeout timer when sending the detection packet. If a response packet is received from the node within the timeout timer, the timeout timer is deleted and the security verification is deemed successful. If no response packet is received from the node after the timeout timer expires, it means that the heartbeat verification of the corresponding node has timed out, and the security verification of the corresponding node has failed and is insecure.
[0090] In this embodiment, the verification server performs security verification on the node based on the identification information. The verification result determines whether the corresponding node has been maliciously controlled, thereby determining whether the node is secure. Real-time heartbeat verification is used to effectively identify maliciously controlled nodes, further improving the security of node authentication.
[0091] 104. If the node is secure, then the node's identity authentication is completed based on the identification information.
[0092] In this embodiment, if the node is secure, the verification server obtains user information based on the identification information and uses the user information to complete the node's identity authentication. Specifically, the verification service obtains the node's user information from the identification information and obtains the corresponding node's pre-stored user information based on the node's identifier. The pre-stored user information is used to verify the user information. If the user information matches the pre-stored user information, it indicates that the node's identity is not abnormal, the node's identity authentication is successful, and the verification server outputs a prompt message indicating that the node's authentication is successful. If the user information does not match the pre-stored user information, it indicates that the node's identity is abnormal, and the node's identity authentication fails.
[0093] In this embodiment, the verification server verifies the node's identity through multiple factors, including data signature and dynamic token, and performs security verification on the node based on the identification information. By combining dynamic token and real-time security verification, a hybrid node authentication mode is established to promptly detect whether a node is secure and minimize the losses caused by node insecurity.
[0094] like Figure 3 As shown, Figure 3 This is a schematic diagram of an embodiment of the security verification of nodes in the consortium blockchain node authentication method provided in this application.
[0095] Some embodiments of this application detail the method for security verification of nodes in a consortium blockchain node authentication method, specifically including:
[0096] 201. Extract the node identifier from the identification information and send dynamic verification information to the node corresponding to the node identifier for security verification.
[0097] In this embodiment, the verification server extracts the node identifier from the identification information and sends real-time dynamic verification information to the node corresponding to the node identifier for security verification. Specifically, the verification server extracts the node identifier from the identification information and determines the target node based on the uniqueness of the node identifier. Dynamic verification information is sent to the target node corresponding to the node identifier at regular intervals. The security verification result is determined by judging whether feedback information sent by the target node is received within a specified time. If feedback information sent by the target node is received within the specified time and the feedback information meets preset requirements, such as the data length or data type of the feedback information, then the security verification of the target node is passed. If no feedback information is received from the target node within the specified time, or the feedback information does not meet the preset requirements, then the security verification of the target node fails. 202. The verification result of the node security verification is recorded, and the multiple verification results of the node within the expected time period are statistically analyzed.
[0098] 203. Determine whether the node is secure based on the verification results within the expected time period.
[0099] In this embodiment of the application, the verification server determines the security verification result based on the feedback information from the node, records the verification result, and statistically analyzes the multiple verification results of the node within the expected time period to determine whether the node is secure. Specifically, within a preset time period, the verification server continuously performs security verification on the node multiple times, determines the result of each security verification based on the received feedback information from the node and records it, statistically analyzes the multiple verification results of the node within the preset time period, and analyzes the degree of conformity between the node verification results within the preset time period and the preset threshold conditions to determine whether the node is secure.
[0100] In this embodiment, the verification server can record the number of times a node fails security verification within a predicted time period, and determine whether a node is secure based on the number of times it fails security verification within the predicted time period. Specifically, the verification server determines whether each security verification passes based on feedback information, records the verification result and verification time, and statistically analyzes the number of times and time information of security verification failures within the predicted time period to determine whether the node is secure by analyzing whether the number of times and time information of security verification failures within the predicted time period meets preset threshold conditions.
[0101] 204. If the verification results meet the preset threshold conditions within the expected time period, the node is determined to be safe.
[0102] 205. If the verification results do not meet the preset threshold conditions within the expected time period, the node is determined to be insecure.
[0103] If the verification results meet the preset threshold conditions within the expected time period, it indicates that the node has not been maliciously controlled, and the verification server determines that the corresponding node is secure. If the verification results do not meet the preset threshold conditions within the expected time period, it indicates that the node may have been maliciously controlled, and the verification server determines that the corresponding node is insecure, terminates node authentication, initiates the node removal process, and removes the corresponding node from the consortium blockchain.
[0104] In this embodiment, the preset threshold condition of the verification server can be the number of consecutive security verification failures. Specifically, the verification server compares the results of security verifications within a statistically estimated time period with the preset threshold condition. If the number of consecutive security verification failures within the estimated time period is greater than or equal to the threshold number, it is determined that the verification results within the estimated time period do not meet the preset threshold condition; if the number of consecutive security verification failures within the estimated time period is less than the threshold number, it is determined that the verification results within the estimated time period meet the preset threshold condition. For example, if the number of consecutive security verification failures within the estimated time period is greater than or equal to 3, it is determined that the verification results within the estimated time period do not meet the preset threshold condition.
[0105] In this embodiment, the verification server sends real-time dynamic verification information to the node corresponding to the node identifier for security verification. By analyzing the verification results within the expected time period, it determines whether the node is secure, effectively identifies maliciously controlled nodes, improves the security of node authentication, and kicks insecure nodes out of the consortium blockchain to ensure the security of the consortium blockchain.
[0106] like Figure 4 As shown, Figure 4 This is a schematic flowchart of an embodiment of the consortium blockchain node authentication method provided in this application, which records the verification results of security verification.
[0107] Some embodiments of this application detail a method for recording the verification results of security checks in a consortium blockchain node authentication method, specifically including:
[0108] 301, Receive feedback information sent by the node based on the dynamic verification information, determine the verification result based on the feedback information, and record the verification result of the node's security verification.
[0109] In this embodiment, the verification server determines the verification result based on the received feedback information and records the verification result of the node security verification. Specifically, the verification server receives feedback information sent by the node based on dynamic verification information, checks whether the content of the feedback information is empty. If the content of the feedback information is empty, it means that the verification result of the corresponding node security verification is failed. If the content of the feedback information is not empty, it checks whether the content of the feedback information meets the preset requirements. If the content of the feedback information does not meet the preset requirements, it means that the verification result of the corresponding node security verification is failed. If the content of the feedback information meets the preset requirements, it means that the verification result of the corresponding node security verification is passed. The verification result of this security verification is recorded.
[0110] 302. If the verification result is that the security verification of the node fails, then update the pre-stored dynamic token and receive the node's update identity authentication request for re-authentication.
[0111] 303. If the verification result is that the security verification of the node is passed, then update the dynamic verification information and send the updated dynamic verification information to the node.
[0112] In this embodiment, if the verification result indicates that the security verification of the node fails, the verification server updates the pre-stored dynamic token and dynamic verification information, and receives the node's update authentication request for re-authentication. Specifically, if the verification result indicates that the security verification of the node fails, the verification server obtains an updated dynamic token to replace the pre-stored dynamic token, updates the dynamic verification information, sends the updated dynamic verification information to the corresponding node, and receives update feedback information sent by the corresponding node based on the updated dynamic verification information; the verification result is determined based on the update feedback information; if the verification result of the re-security verification fails, the pre-stored dynamic token is updated, and the node's update authentication request is received for re-authentication; if the verification result of the re-security verification passes, the dynamic verification information is updated again, and the corresponding node is re-verified; the number of security verifications and the verification result are recorded.
[0113] In this embodiment, the verification server can determine whether to continue security verification of a node based on the number of security verification attempts and the verification results. Specifically, the verification server determines whether the number of failed security verification attempts has reached the upper limit. If the number of failed security verification attempts reaches the upper limit, security verification is stopped, and the corresponding node's identity update authentication request is not accepted. If the number of failed security verification attempts has not reached the upper limit, security verification of the node continues, and the node is authenticated according to the identity update authentication request. In this embodiment, the number of failed security verification attempts can be the number of consecutive failed security verification attempts.
[0114] In this embodiment, the verification server receives the update authentication request from the corresponding node, decrypts the update authentication request using the updated dynamic token to obtain the identification information, and performs node authentication based on the identification information.
[0115] In this embodiment, the verification server re-authenticates nodes that fail the security verification and determines whether to continue security verification for nodes based on the number of security verifications and the verification results. Security verification is stopped for nodes that fail multiple consecutive security verifications, effectively reducing resource consumption and node authentication time.
[0116] 304 indicates the number of verification results that failed the security verification of the node within the estimated time.
[0117] The verification server, based on the recorded number of security verifications and verification results, counts the number and time of verification failures for nodes within an estimated time period, and then performs operations to determine the security status of a node based on the verification results within that estimated time period. The estimated time period can be a fixed time, such as 3 minutes or 6 minutes, or it can be a variable time, such as the time allotted for node authentication.
[0118] In this embodiment of the application, the verification server determines the verification result of the security verification based on the feedback information, improves the accuracy of the security verification result by performing multiple security verifications, and uses the updated pre-stored dynamic token to decrypt the corresponding node update identity authentication request during the security verification, thereby improving the security coefficient of node authentication.
[0119] like Figure 5 As shown, Figure 5 This is a schematic flowchart of an embodiment of the node identity authentication method in the consortium blockchain node authentication method provided in this application.
[0120] In some embodiments of this application, the node authentication method in the consortium blockchain node authentication method is described in detail, specifically including:
[0121] 401. If the node is secure, then obtain the user identifier and user information corresponding to the node from the identifier information.
[0122] In this embodiment of the application, if the node is secure, the verification server obtains the user identifier and user information corresponding to the node from the identification information. Specifically, the verification server obtains the corresponding user identifier and user information from the identification information, where the user identifier is the unique identifier of the node user, and the user information includes the username and username password. In this embodiment, the user identifier can be the username, and the username and username password can be assigned by the consortium blockchain.
[0123] 402. Obtain reserved user information based on the user identifier, and compare the reserved user information with the user information.
[0124] In this embodiment, the verification server queries the database based on the user identifier to obtain the reserved user information of the corresponding node associated with the user identifier, and compares the reserved user information with the user information to determine whether the node identity is legitimate. Specifically, the verification server queries the database based on the user identifier to obtain the reserved user information of the corresponding node associated with the user identifier, and extracts the reserved username and reserved username password from the reserved user information; the reserved username and reserved username password are compared with the username and username password and in reverse order; if the reserved username and reserved username password match the username and username password, it means that the reserved user information matches the user information; if the reserved username and reserved username password do not match the username and / or the reserved username password does not match the username and username password, it means that the reserved user information does not match the user information.
[0125] In this embodiment, the username and password extracted by the verification server from the user information can be encrypted ciphertext. The verification server extracts the ciphertext of the username and password from the user information, extracts the reserved username and password from the reserved user information, encrypts the reserved username and password using a preset password encryption method to obtain reserved ciphertext, and compares the reserved ciphertext with the ciphertext of the username and password. If the reserved ciphertext matches the ciphertext of the username and password, it is determined that the reserved username and password match the username and password; otherwise, it is determined that the reserved username and password do not match the username and password. In this embodiment, the preset password encryption method can be Bcrypt (a cross-platform file encryption tool).
[0126] 403. If the reserved user information matches the user information, then the node's identity authentication is successful.
[0127] 404. If the reserved user information does not match the user information, the node's identity authentication fails.
[0128] In this embodiment, the verification server determines the node's identity authentication result based on the matching analysis between the reserved user information and the user information. If the reserved user information matches the user information, it means that the node's identity is legitimate, and the verification server passes the node's identity authentication. If the reserved user information does not match the user information, it means that the node's identity is illegitimate, and the node's identity authentication fails. The verification server sends a prompt message indicating that the node's authentication failed to the node.
[0129] In this embodiment, if a node's authentication fails, the verification server sends an authentication failure message to the node and determines whether to initiate re-authentication based on the node's feedback. Specifically, if a node's authentication fails, the verification server sends an authentication failure message to the node, determines whether to initiate re-authentication based on whether it receives a re-authentication request from the node within a specified time, and then determines whether to initiate re-authentication. If a re-authentication request is received from the node within the specified time, the node is authenticated based on the re-authentication request, and the authentication result and number of authentication attempts for the corresponding node are recorded. If no re-authentication request is received from the node within the specified time, the authentication process for the corresponding node ends.
[0130] In this embodiment, the verification server determines whether to continue receiving re-authentication requests from the corresponding node based on the recorded authentication results and authentication counts. Specifically, the verification server obtains the number of consecutive authentication failures of the corresponding node based on the recorded authentication results and authentication counts. If the number of consecutive authentication failures is equal to or greater than a preset limit, the server stops receiving re-authentication requests from the corresponding node and terminates the authentication process. If the number of consecutive authentication failures is less than the preset limit, the server continues to receive re-authentication requests from the corresponding node. In this embodiment, if the number of consecutive authentication failures is equal to or greater than the preset limit, the verification server can disable the corresponding node's permission to send authentication requests for a period of time, or the verification server can initiate a process to remove the corresponding node from the consortium blockchain. For example, if the number of consecutive authentication failures of the corresponding node is greater than 3, the verification server disables the corresponding node's permission to send authentication requests for 24 hours.
[0131] In this embodiment, the verification server completes node authentication based on the user information in the identification information, initiates re-authentication for nodes that fail authentication, improves the accuracy of node authentication, and performs permission management on nodes that fail authentication continuously, thereby improving the security of node authentication.
[0132] like Figure 6 As shown, Figure 6 This is a schematic diagram of an embodiment of the consortium blockchain node authentication method provided in this application, applied to a node.
[0133] To better understand the consortium blockchain node authentication method in this application embodiment, this application embodiment also provides an embodiment of applying the consortium blockchain node authentication method to a node, wherein the method of applying the consortium blockchain node authentication method to a node includes...
[0134] 501. Send a dynamic token to the password server and use the dynamic token to encrypt the identification information using an encryption algorithm to generate authentication information.
[0135] In this embodiment, the consortium blockchain node authentication method is applied to nodes. A node generates a dynamic token, sends the dynamic token to a password server, and uses the dynamic token to encrypt identification information using an encryption algorithm to generate authentication information. Specifically, the node generates a dynamic token using a dynamic factor and sends it to the password server. The password server receives the dynamic token and sends it to a verification server. The node obtains a random number string from the generated dynamic token and determines the encryption algorithm based on the dynamic token. The node obtains identification information, concatenates the random number string with the identification information to obtain the original information, and then uses the encryption algorithm to encrypt the original information to obtain the authentication information.
[0136] In this embodiment, a node can generate a dynamic token using its recorded current time as a dynamic factor. Specifically, the node obtains its recorded current time, merges the current time into a number string, and then uses a preset encryption algorithm to calculate a random number string. Alternatively, the node can generate a dynamic token using the current cumulative number of dynamic factor generation counts as a dynamic factor. Specifically, the node counts the cumulative number of dynamic factor generation counts and the cumulative number of dynamic token trigger counts, merges these counts into a number string, and then uses a preset encryption algorithm to calculate a random number string. In this embodiment, the dynamic factor can be updated periodically, or it can be updated after each random number string is generated; for example, the dynamic factor can be updated every minute.
[0137] In this application embodiment, the preset encryption algorithm for the node encryption dynamic factor can be MD5 (Message Digest Algorithm 5), SHA (Secure Hash Algorithm), MAC (Message Authentication Code), etc.
[0138] In this embodiment of the application, the node obtains identification information based on user information, and uses a dynamic token to encrypt the identification information according to a preset encryption algorithm to obtain authentication information; specifically, the node obtains node identification and user information, and combines the node identification and user information as identification information, and uses a dynamic token to encrypt the identification information according to a preset encryption algorithm to obtain authentication information.
[0139] In this embodiment, the preset encryption algorithm can be a symmetric encryption algorithm. Plaintext (identification information) is grouped using a block cipher, and then each group of plaintext is encrypted using a first key to obtain ciphertext, thereby encrypting the identification information. In this embodiment, the symmetric encryption method can be AES (Advanced Encryption Standard). Nodes use AES encryption to group the identification information into 128-bit blocks, and then encrypt each block one by one until all identification information is encrypted. In this embodiment, the length of the first key can be 128, 192, or 256 bits.
[0140] In this embodiment of the application, the preset encryption algorithm may also be a preset encryption algorithm for the encryption dynamic factor.
[0141] 502. Obtain the node private key sent by the registration server, and encrypt the authentication information again using the node private key to obtain a digital signature.
[0142] In this embodiment, the node obtains the node private key sent by the registration server, and uses the node private key to re-encrypt the authentication information using an asymmetric encryption method to obtain a digital signature. In this embodiment, the node can obtain the node private key sent by the registration server from the database, or the node can obtain the node private key sent by the registration server from user input information.
[0143] In this embodiment, the asymmetric encryption method can be ECDSA (Elliptic Curve Digital Signature Algorithm) or RSA (Rivest Shamir Adleman).
[0144] 503. Generate an identity authentication request based on the authentication information and the digital signature, and send the identity authentication request to the verification server so that the verification server can perform node authentication.
[0145] 504, Receive dynamic verification information sent by the verification server, generate feedback information corresponding to the dynamic verification information and send it to the verification server, so that the verification server can complete the authentication of the node based on the feedback information and the identity authentication request.
[0146] In this embodiment, after encrypting the authentication information to obtain a digital signature, the node generates an identity authentication request based on the authentication information and the digital signature, and sends the identity authentication request to the verification server. Specifically, the node combines the authentication information and the digital signature to generate an identity authentication request, and sends the identity authentication request to the verification server so that the verification server can complete the authentication of the node based on the dynamic token and the node's private key corresponding to the node's public key.
[0147] In this embodiment, the node receives dynamic verification information sent by the verification server and generates feedback information corresponding to the dynamic verification information. Specifically, the node receives dynamic verification information sent by the verification server, parses the dynamic verification information, and generates feedback information corresponding to the dynamic verification information. In this embodiment, the node can receive dynamic verification information sent by the verification server after generating a dynamic token, or it can receive dynamic verification information sent by the verification server after sending an authentication request to the verification server. In this embodiment, the node can use its private key to parse the dynamic verification information and generate feedback information corresponding to the dynamic verification information.
[0148] In this embodiment of the application, a node can receive dynamic verification information sent by other nodes in the consortium blockchain, generate feedback information corresponding to the dynamic verification information, specifically, the node receives dynamic verification information sent by other nodes in the consortium blockchain, generates feedback information corresponding to the dynamic verification information, and sends the feedback information to other nodes in the consortium blockchain, so that other nodes in the consortium blockchain can determine the verification result based on the feedback information and send the verification result to the verification server.
[0149] In this embodiment, the node obtains the identity authentication request by continuously encrypting the identification information through a dynamic token and the node's private key, and completes the security verification by combining the dynamic verification information, thereby further improving the security of node authentication.
[0150] It should be added that, before the implementation of the technical solution in this application embodiment, the node sends a registration request to the registration server to obtain user information and node private key. Specifically, this includes: the node generating a registration request based on the node identifier and sending the registration request to the registration server so that the registration server can register according to the registration request; receiving and saving the user information and node private key fed back by the registration server during registration.
[0151] In this embodiment, the node can separately store the user information received in feedback and the node's private key. Specifically, the node generates a registration request based on its node identifier and sends it to the registration server. It receives the username and password returned by the registration server, uses the username and password as user information, and stores this user information in a database. The node sends a private key request to the CA server (CA, short for Certificate Authority), receives the node's private key and identity certificate returned by the CA server, and stores the node's private key and identity certificate locally. In this embodiment, the node can also store user information in a cloud database.
[0152] In this embodiment, a node can send an authentication request and identity certificate to a verification server so that the server can access the CA server based on the identity certificate to obtain the node's public key corresponding to the node's private key.
[0153] In this embodiment, the node obtains user information and node private key using a registration mechanism, and stores the node private key and user information separately to reduce the security risk of password loss and improve the security of node authentication.
[0154] To better implement the consortium blockchain node authentication method in this application embodiment, based on the consortium blockchain node authentication method, this application embodiment also provides a consortium blockchain node authentication system, including a verification server and nodes. The consortium blockchain node authentication system includes:
[0155] The node is used to generate an authentication request based on the dynamic token and the node's private key and send it to the verification server;
[0156] The verification server is used to receive authentication requests sent by nodes, obtain the digital signature associated with the authentication request, and verify the legality of the digital signature.
[0157] A verification server is used to decrypt the authentication request using a pre-stored dynamic token to obtain the node's identification information if the digital signature is valid.
[0158] A verification server is used to perform security verification on the node based on the identification information;
[0159] A node is used to receive dynamic verification information sent by the verification server and return the verification result to the verification server;
[0160] A verification server is used to record the verification results of the security verification to determine whether the node is secure.
[0161] A verification server is used to authenticate the node based on the identification information if the node is secure.
[0162] In some embodiments of this application, the consortium blockchain node authentication system further includes a password server and a registration server, and the consortium blockchain node authentication system includes:
[0163] A registration server is used to generate user information, node public and private keys based on the registration request sent by the node, and to send the user information and the node private key back to the node.
[0164] A node is used to receive the user information and the node private key, and to manage the user information and the node private key separately;
[0165] A node is used to generate a dynamic token based on a dynamic factor and send the dynamic token to the password server;
[0166] The password server is used to encrypt a dynamic factor to obtain a random number string using a preset encryption algorithm, encapsulate the random number string and the preset encryption algorithm to generate a dynamic token, and send the dynamic token to the verification server.
[0167] A verification server is used to receive the dynamic token and update the pre-stored dynamic token.
[0168] A node is used to encrypt the user information multiple times using the dynamic token and the node's private key to obtain an identity authentication request.
[0169] In some embodiments of this application, the consortium blockchain node authentication system further includes a CA server, and the consortium blockchain node authentication system includes:
[0170] A node is used to send a node private key request to the CA server;
[0171] The CA server is used to receive and verify the node private key request sent by the node, and send the node private key and identity certificate to the node.
[0172] A node is used to send the identity certificate to the verification server;
[0173] A verification server is used to receive the identity certificate and send the identity certificate to the CA server to obtain the node public key corresponding to the node private key;
[0174] A CA server is used to receive the identity certificate sent by the verification server, obtain the node public key based on the identity certificate, and send the node public key to the verification server.
[0175] In some embodiments of this application, the node includes:
[0176] The factor generation unit is used to count the cumulative number of dynamic factors generated and the cumulative number of dynamic tokens triggered, and to merge the cumulative number of generation and triggering as a number string to generate dynamic factors.
[0177] The token generation unit is used to generate a dynamic token based on a dynamic factor and send the dynamic token to the password server.
[0178] The request generation unit is used to generate registration requests, authentication requests, and node private key requests.
[0179] The encryption unit is used to obtain authentication information and digital signatures by encrypting identification information based on the node's private key and dynamic token;
[0180] Private key storage unit, used to store node private keys;
[0181] User storage unit, used to store user information.
[0182] In some embodiments of this application, the password server includes:
[0183] The synchronization unit is used to count the cumulative number of dynamic tokens sent by the node and the cumulative number of dynamic token triggers, and to combine the cumulative number of dynamic tokens sent and the cumulative number of triggers as a number string to generate a dynamic factor.
[0184] The token generation unit is used to encrypt a dynamic factor using a preset encryption algorithm to obtain a random number string, encapsulate the random number string and the preset encryption algorithm to generate a dynamic token, and send the dynamic token to the verification server.
[0185] In some embodiments of this application, in the consortium blockchain node authentication system, the registration server sends user information to the nodes either offline or online. For example... Figure 7 As shown, Figure 7 This is a schematic diagram of a node authentication process for a consortium blockchain node authentication system provided in this application embodiment; the node authentication process includes the following steps:
[0186] b1. The node generates registration information based on the node device's MAC address and other node identifiers, and submits the registration information to the registration server. The registration server reviews the registration information submitted by the node and returns the node's username and password via SMS or email.
[0187] b2, The node submits a private key request to the CA server, and the CA server distributes the node's private key and identity certificate to the node based on the private key request;
[0188] b3, the node receives the username and password, and stores the username and password in the MySQL database;
[0189] b4, the node receives the node private key and identity certificate, and stores the node private key locally on the node;
[0190] b5 triggers the hardware or software password generator to obtain a dynamic token and sends the dynamic token to the password server;
[0191] b6. The password server triggers a dynamic factor based on the received dynamic token, generates a dynamic token, and sends the dynamic token to the verification server.
[0192] b7. The node retrieves user information from the MySQL database, obtains the node private key, combines it with the node identifier to obtain the identifier information, uses the dynamic token and the node private key to encrypt the identifier information multiple times to obtain the authentication request, and sends the authentication request to the verification server.
[0193] b8, the verification server receives the authentication request, verifies the node's digital signature using the node's public key, and decrypts the authentication request using a dynamic token to complete the node authentication.
[0194] In this embodiment, the registration server returns the node's user information via SMS or email, reducing the risk of losing usernames and passwords; it verifies the node's identity through multiple factors, including data signatures and dynamic tokens, minimizing losses caused by node insecurity; and it further reduces the security risk of password loss by having private keys and passwords managed by different personnel.
[0195] This application also provides a consortium blockchain node authentication device, such as... Figure 8 As shown, Figure 8 This is a schematic diagram of an embodiment of the consortium blockchain node authentication device provided in this application.
[0196] The consortium blockchain node authentication device inherits any of the consortium blockchain node authentication methods provided in the embodiments of this application. The consortium blockchain node authentication device includes: a node or a verification server, and the consortium blockchain node authentication device includes a memory, a processor, and an application program. The memory stores the application program, and the processor is used to run the application program in the memory to perform the operations in the consortium blockchain node authentication method.
[0197] Specifically, the consortium blockchain node authentication device may include components such as a processor 701 with one or more processing cores, a memory 702 with one or more computer-readable storage media, a power supply 703, and an input unit 704. Those skilled in the art will understand that... Figure 8 The structure of the consortium blockchain node authentication device shown does not constitute a limitation on the consortium blockchain node authentication device. It may include more or fewer components than shown, or combine certain components, or have different component arrangements. Wherein:
[0198] The processor 701 is the control center of the consortium blockchain node authentication device. It connects various parts of the device via interfaces and lines, and performs various functions and data processing by running or executing software programs and / or modules stored in the memory 702, and by calling data stored in the memory 702, thereby providing overall monitoring of the consortium blockchain node authentication device. Optionally, the processor 701 may include one or more processing cores; preferably, it may integrate an application processor and a modem processor, wherein the application processor mainly handles the operating system, user interface, and applications, while the modem processor mainly handles wireless communication. It is understood that the modem processor may not be integrated into the processor 701.
[0199] The memory 702 can be used to store software programs and modules. The processor 701 executes various functional applications and data processing by running the software programs and modules stored in the memory 702. The memory 702 may mainly include a program storage area and a data storage area. The program storage area may store the operating system, application programs required for at least one function (such as sound playback function, image playback function, etc.), etc.; the data storage area may store data created based on the use of the consortium blockchain node authentication device, etc. In addition, the memory 702 may include high-speed random access memory, and may also include non-volatile memory, such as at least one disk storage device, flash memory device, or other volatile solid-state storage device. Accordingly, the memory 702 may also include a memory controller to provide the processor 701 with access to the memory 702.
[0200] The consortium blockchain node authentication device also includes a power supply 703 that supplies power to various components. Preferably, the power supply 703 can be logically connected to the processor 701 through a power management system, thereby enabling functions such as charging, discharging, and power consumption management through the power management system. The power supply 703 may also include one or more DC or AC power supplies, recharging systems, power fault detection circuits, power converters or inverters, power status indicators, and other arbitrary components. The consortium blockchain node authentication device may also include an input unit 704, which can be used to receive input digital or character information and generate keyboard, mouse, joystick, optical, or trackball signal inputs related to user settings and function control.
[0201] Although not shown, the consortium blockchain node authentication device may also include a display unit, etc., which will not be described in detail here. Specifically, in this embodiment, the processor 701 in the consortium blockchain node authentication device loads the executable files corresponding to the processes of one or more applications into the memory 702 according to the following instructions, and the processor 701 runs the applications stored in the memory 702 to realize various functions, as follows: receiving an identity authentication request sent by a node, obtaining the digital signature associated with the identity authentication request, and verifying the legality of the digital signature; if the digital signature is legal, using a pre-stored dynamic token to decrypt the identity authentication request to obtain the node's identification information; performing security verification on the node according to the identification information, recording the verification result information of the security verification to determine whether the node is secure; if the node is secure, completing the identity authentication of the node according to the identification information.
[0202] Those skilled in the art will understand that all or part of the steps in the various methods of the above embodiments can be performed by instructions, or by instructions controlling related hardware. These instructions can be stored in a computer-readable storage medium and loaded and executed by a processor.
[0203] Therefore, embodiments of the present invention provide a storage medium, which is a computer-readable storage medium. This storage medium may include: a read-only memory (ROM), a random access memory (RAM), a disk, or an optical disk, etc. A computer program is stored on it, which is loaded by a processor to execute the steps in any of the consortium blockchain node authentication methods provided in the embodiments of the present invention.
[0204] In the above embodiments, the descriptions of each embodiment have different focuses. For parts not described in detail in a certain embodiment, please refer to the detailed descriptions of other embodiments above, which will not be repeated here.
[0205] In practice, each of the above units or structures can be implemented as an independent entity or can be arbitrarily combined to be implemented as the same or several entities. For the specific implementation of each of the above units or structures, please refer to the previous method embodiments, which will not be repeated here.
[0206] The foregoing has provided a detailed description of a consortium blockchain node authentication method, system, device, and storage medium provided by embodiments of the present invention. Specific examples have been used to illustrate the principles and implementation methods of the present invention. The descriptions of the above embodiments are only for the purpose of helping to understand the method and core ideas of the present invention. At the same time, for those skilled in the art, there will be changes in the specific implementation methods and application scope based on the ideas of the present invention. Therefore, the content of this specification should not be construed as a limitation of the present invention.
Claims
1. A consortium blockchain node authentication method, characterized in that, Applied to a verification server, which is separate from the node's registration server, the node authentication method includes: The receiving node sends an authentication request, obtains the digital signature associated with the authentication request, and verifies the legality of the digital signature; If the digital signature is valid, the identity authentication request is decrypted using a pre-stored dynamic token to obtain the node's identification information; the dynamic token is generated by the node and sent to the verification server by the password server. The node is security verified based on the identification information, and the verification result information is recorded to determine whether the node is secure. If the node is secure, then the node's identity is authenticated based on the identification information; The step of performing security verification on the node based on the identification information and recording the verification result information to determine whether the node is secure includes: Extract the node identifier from the identification information and send dynamic verification information to the node corresponding to the node identifier for security verification; Receive feedback information sent by the node based on the dynamic verification information, determine the verification result based on the feedback information, and record the verification result of the node's security verification; If the verification result is that the security verification of the node fails, the pre-stored dynamic token is updated, and the node's update identity authentication request is received for re-authentication; If the verification result indicates that the security verification of the node has passed, then the dynamic verification information is updated and the updated dynamic verification information is sent to the node. The statistics show the verification results of nodes that failed security verification within the expected timeframe; Determine whether the node is secure based on the verification results within the expected time period; If the number of consecutive security verification failures within the expected time period is less than the threshold number, the node is determined to be secure; if the number of consecutive security verification failures within the expected time period is greater than or equal to the threshold number, the node is determined to be insecure. The verification result is determined based on the feedback information, including: If feedback information from the node is received within the specified time, and a response packet from the node to the detection packet is received, then the security verification of the node is passed; the detection packet is a heartbeat verification packet sent at preset time intervals. If no feedback information or response packet is received from the node within the specified time, the security verification of the node will fail.
2. The consortium blockchain node authentication method as described in claim 1, characterized in that, If the node is secure, then completing the node's identity authentication based on the identification information includes: If the node is secure, then obtain the user identifier and user information corresponding to the node from the identifier information; The reserved user information is obtained based on the user identifier, and the reserved user information is compared with the user information to determine whether the node's identity is legitimate. If the reserved user information matches the user information, then the node's identity authentication is successful; If the reserved user information does not match the user information, the node's identity authentication will fail.
3. A consortium blockchain node authentication method, characterized in that, Applied to nodes, the node authentication method includes: Generate dynamic tokens; Send the dynamic token to the password server, and use the dynamic token to encrypt the identification information using an encryption algorithm to generate authentication information; Obtain the node private key sent by the registration server, and encrypt the authentication information again using the node private key to obtain a digital signature; An identity authentication request is generated based on the authentication information and the digital signature, and the identity authentication request is sent to the verification server so that the verification server can perform node authentication. The system receives dynamic verification information sent by a verification server, generates feedback information corresponding to the dynamic verification information and sends it to the verification server, and receives detection packets sent by the verification server, so that the verification server completes the authentication of the node based on the feedback information, the response packet of the detection packet, and the identity authentication request; the verification server is separate from the node's registration server; wherein, if the verification server receives the node's feedback information and the node's response packet to the detection packet within a specified time, the security verification of the node passes; if the verification server does not receive the node's feedback information or the response packet within the specified time, the security verification of the node fails. If the verification result indicates that the security verification of the node fails, an update authentication request is sent; or, if the verification result indicates that the security verification of the node passes, updated dynamic verification information is received; wherein, if the number of consecutive security verification failures within the expected time period is less than the threshold number, the node is secure; if the number of consecutive security verification failures within the expected time period is greater than or equal to the threshold number, the node is insecure.
4. The consortium blockchain node authentication method as described in claim 3, characterized in that, Before sending the dynamic token to the password server and using the dynamic token to encrypt the identification information using an encryption algorithm to generate authentication information, the method includes: A registration request is generated based on the node identifier, and the registration request is sent to the registration server so that the registration server can register the node according to the registration request. Receive and save the user information and node private key returned by the registration server during registration; The step of using the dynamic token to encrypt the identifier information using an encryption algorithm to generate authentication information includes: Obtain the user information, and obtain identification information based on the user information; The authentication information is obtained by encrypting the identification information using the dynamic token according to a preset encryption algorithm.
5. A consortium blockchain node authentication system, characterized in that, The consortium blockchain node authentication system includes verification servers and nodes. A node is used to generate a dynamic token and, based on the dynamic token and the node's private key, generate an authentication request and send it to the verification server. The verification server is used to receive authentication requests sent by nodes, obtain the digital signature associated with the authentication request, and verify the legality of the digital signature; the verification server is separate from the node's registration server. A verification server is used to decrypt the authentication request using a pre-stored dynamic token to obtain the node's identification information if the digital signature is valid. A verification server is used to extract the node identifier from the identification information and send dynamic verification information to the node corresponding to the node identifier for security verification. A node is used to receive the dynamic verification information and send feedback information based on the dynamic verification information; A verification server is used to receive the feedback information, determine the verification result based on the feedback information, and record the verification result of the node security verification. If the verification result is that the security verification of the node fails, the pre-stored dynamic token is updated, and the node's updated identity authentication request is received for re-authentication. If the verification result is that the security verification of the node passes, the dynamic verification information is updated, and the updated dynamic verification information is sent to the node. The server counts the verification results that fail the security verification of the node within the expected time period. The server determines whether the node is secure based on the verification results within the expected time period. If the number of consecutive security verification failures within the expected time period is less than a threshold number, the node is determined to be secure. If the number of consecutive security verification failures within the expected time period is greater than or equal to the threshold number, the node is determined to be insecure. A verification server is used to authenticate the node's identity based on the identification information if the node is secure. The verification result is determined based on the feedback information, including: If feedback information from the node is received within the specified time, and a response packet from the node to the detection packet is received, then the security verification of the node is passed; the detection packet is a heartbeat verification packet sent at preset time intervals. If no feedback information or response packet is received from the node within the specified time, the security verification of the node will fail.
6. The consortium blockchain node authentication system as described in claim 5, characterized in that, It also includes a password server and a registration server. The consortium blockchain node authentication system includes: A registration server is used to generate user information, node public and private keys based on the registration request sent by the node, and to send the user information and the node private key back to the node. A node is used to receive the user information and the node private key, and to manage the user information and the node private key separately; A node is used to generate a dynamic token based on a dynamic factor and send the dynamic token to the password server; The password server is used to encrypt a dynamic factor to obtain a random number string using a preset encryption algorithm, encapsulate the random number string and the preset encryption algorithm to generate a dynamic token, and send the dynamic token to the verification server. A verification server is used to receive the dynamic token and update the pre-stored dynamic token. A node is used to use the dynamic token and the node's private key to encrypt the user information multiple times to obtain an identity authentication request.
7. A consortium blockchain node authentication device, characterized in that, The consortium blockchain node authentication device includes: a node or verification server, and the consortium blockchain node authentication device includes a memory, a processor and an application program; the memory stores the application program, and the processor is used to run the application program in the memory to perform the operations in the consortium blockchain node authentication method according to any one of claims 1 to 2 or 3 to 4.
8. A storage medium, characterized in that, The storage medium stores multiple instructions adapted for loading by a processor to execute the steps in the consortium blockchain node authentication method according to any one of claims 1 to 2 or 3 to 4.