Blockchain database of UTXO protocol
Knowledge test
Please briefly describe the technical problems solved.
What are the advantages of the proposed multi-signature login replacement method compared with the traditional OAuth2.0?
Please explain what is the authorization level and its relationship with the access level.
In the multi-signature login replacement method, what does the server challenge request information and the server challenge request response information contain respectively?
Please briefly describe how to use the PKI-based encryption method to securely transmit information.
When verifying the signature of the multi-signature value, how to determine whether the signature is valid?
Which users is the proposed temporary ID login replacement method applicable to?
In the temporary ID login replacement method, how is the temporary ID generated? What factors does it depend on?
Please explain what a smart contract is and its role in.
In the third embodiment of, how to use a smart contract to determine whether the server certificate and the application certificate are valid?
Knowledge test answer
Aiming to solve the problem of insufficient security of the existing OAuth2.0 protocol, blockchain technology and multi-signature mechanism are used to provide a more secure and reliable user login authentication method, and it can replace the previous OAuth method at a low cost.
Compared with the traditional OAuth2.0, the proposed multi-signature login replacement method has higher security. It not only verifies the user's personal certificate, but also verifies the service provider's certificate at the same time, and uses blockchain technology to prevent the forgery and tampering of the authentication information, ensuring the reliability of the authentication.
The authorization level refers to the scope of service usage permissions obtained by the user from the service provider server through the login replacement method, which is provided by the authentication server at each login. It must be equal to or less than the access level. The access level refers to the scope of access permissions specified by the authentication server when the service provider server registers the server certificate, which is an inherent attribute of the certificate itself.
The server challenge request information contains information such as the random number (variable authentication value) generated by the authentication server and the recommender authentication key, which is sent by the authentication application to the service provider server. The server challenge request response information contains the server's signature value for the variable authentication value, the recommender authentication key, the service type information, the authorization level, and the service provider server identification information, which is sent by the service provider server to the authentication application.
In the process, the sender encodes the information using the receiver's public key, and the receiver decodes it using its own private key, thereby realizing the confidentiality and integrity protection of the information. For example, the server challenge request message contains a variable authentication value encoded by the public key of the server authentication certificate. The service provider server decodes it with its own private key, signs the variable authentication value with the private key, and sends the signature value to the authentication application in the server challenge request response message.
The authentication server verifies the signature of the multi-signature value using the public key of the server authentication certificate and the public key of the application authentication certificate. Specifically, the public key is used to obtain a predetermined hash value (A) from the multi-signature value, and the hash value (A) is hashed with the variable authentication value to obtain the result value (B), and (A) and (B) are compared to see if they are consistent. If they are consistent, the signature is valid, otherwise the signature is invalid.
The proposed temporary ID login replacement method is applicable to users who do not have a user ID. By providing them with a temporary ID, they can also access the service securely.
In the temporary ID login replacement method, the temporary ID is generated with reference to the access token and authorization level information in the authentication success message. For example, different service usage permissions can be assigned to the temporary ID according to the user's service usage level to control the scope of services that the user can access.
A smart contract is a code that can be compiled into executable bytecode and run on the blockchain. It can automatically execute a pre-specified program when the preset conditions are met, and ensure the integrity and immutability of the execution results. In, smart contracts are used to define and verify the validity conditions of the certificate, such as limiting the number of times the certificate can be used.
In the third embodiment, the authentication server first verifies whether the signature of the multi-signature value is valid, and then uses the smart contract status contained in the server certificate and the application certificate as execution parameters, executes the corresponding smart contract bytecode respectively, and determines whether the certificate is valid based on the execution result of the smart contract. For example, the remaining number of uses of the certificate can be used as the smart contract state. If the remaining number of uses is 0, the certificate is invalid.
Paper title
Research on the application of blockchain database based on UTXO protocol in user login authentication
Security analysis of the proposed multi-signature login replacement method
Compared with the traditional OAuth2.0 protocol, a comparative study of the performance and efficiency of the proposed login authentication method
Design and implementation of user authentication mechanism based on smart contracts
Applicability analysis and future development trends in different application scenarios
Key vocabulary
Term definition UTXO (Unspent Transaction Output) Unspent transaction output is the basic unit of cryptocurrency transactions such as Bitcoin. It records the output information of the transaction and can be used as the input of subsequent transactions. PKI (Public Key Infrastructure) Public key infrastructure is a system that uses public key encryption technology to establish a secure and reliable network environment and provide security services such as digital certificates and digital signatures. Blockchain Database (Blockchain Database) A distributed database built on the basis of blockchain technology, with the characteristics of decentralization, immutability, security and transparency. Multi-signature (Multi-signature) An encryption technology that requires multiple users to sign with their own private keys to authorize transactions, which can improve the security of transactions. Authentication Server: A server responsible for user identity authentication, verifying the user's identity information, and issuing access tokens to authorize users to access protected resources. Service Provider Server: A server that provides various services, such as network services, applications, etc., which users need to pass authentication to access. Authentication Application: An application running on the user terminal to assist users in completing the login authentication process, such as providing authentication methods such as fingerprint recognition and face recognition. Certificate: A digital certificate containing user public key, identity information, etc., issued by a certification authority to verify the user's identity. Challenge Value: A random number generated by the authentication server to verify the identity of the user and the server to ensure the security of communication. Access Token: A credential issued to a user by the authentication server to prove that the user has passed the authentication and can access protected resources. Temporary ID: A temporary identity provided to users who do not have a user ID, used to access services in specific scenarios. Smart Contract is an automatically executed contract running on the blockchain. When the preset conditions are met, the contract content is automatically executed and the execution results are guaranteed to be tamper-proof. State Database is a database used to store and manage the status of smart contracts, such as the execution results and variable values of smart contracts.