Method, system, equipment and storage medium for isolating user identity information
Technical Field
The present invention relates to the field of block chain technology, and in particular, to a method, system, device, and storage medium for isolating user identity information.
Background
In the internet era, various network applications are in endless, applications App related to real transactions such as car dropping, car hungry, fish leisure, 58 city and the like all require real-name authentication of users, the users usually do not want to disclose privacy information to the applications App due to privacy consideration, and as the data era comes, user data is more and more valuable to application software, however, in order to use application software, the user has to disclose the privacy, and with the government giving higher importance to the security of the application apps, various application apps also have to make the user provide more detailed authentication materials to require real-name authentication of the user, so that the user needs to take pictures on both sides of the identity card to upload the identity card and take pictures on the face to identify the identity card, if the identity card information is used elsewhere by the organization running the application, the user will not know either; the privacy revealed by the user is more and more, the user is more and more dislike, and the contradiction is more and more sharp.
Chinese patent application, publication No.: CN 108063752A; the publication date is as follows: 2018.05.22, respectively; the invention discloses a trusted gene detection and data sharing method based on a block chain and agent re-encryption technology, which is applied to an application system based on an application management layer, a block chain layer and a distributed data storage layer which are sequentially connected. The method establishes a credibility management scheme of a detection mechanism and a hospital based on a block chain technology, and solves the problem that a third-party mechanism gives a detection result at will. Meanwhile, based on a public key encryption scheme, private data of an individual user is protected, so that the individual has complete control right and ownership over own gene data. And finally, a revocable agent re-encryption scheme is realized in the intelligent block chain contract, so that a scientific research institution can acquire genome data after obtaining the authorization of the individual user. The patent is a leakage prevention sharing method for private data, which is oriented to individual users and aims at gene detection, and privacy leakage prevention in an absolute sense cannot be achieved when the gene data is disclosed to a third-party organization.
Disclosure of Invention
1. Technical problem to be solved by the invention
In order to overcome the technical problems, the invention provides a method, a system, equipment and a storage medium for isolating user identity information. The method can protect the privacy of the user and prevent the privacy of the user from being revealed.
2. Technical scheme
In order to solve the problems, the technical scheme provided by the invention is as follows:
a method of isolating user identity information, comprising the steps of:
s1, the user generates a public key and a private key through the blockchain;
the public key and the private key are generated in 2 modes, one mode is that the public key and the private key are randomly generated through a block chain, the other mode is that a block chain operator generates the private key and the public key after carrying out Hash encryption according to personal user identity information such as names, sexes, identity numbers, mobile phone numbers, mailboxes, sounds, facial images, fingerprints, family addresses, residence locations of family ports and the like or collective identity information such as names of enterprises, organizations or units, unified social credit codes, addresses, tax numbers and the like, and if the private key is lost, the private key and the public key can be found back to the block chain operator.
S2, storing the public key and the user identity information of the user in a block chain;
the identity information of the user needs to be authenticated and signed by a third-party authentication organization and then stored in a block chain, the classification of the identity information is different, different third-party authentication organizations are possible, for example, the identity card information needs to be authenticated by a government and public security bureau, the academic information needs to be authenticated by colleges and universities, the bank card asset information may need to be authenticated by banks, the automobile information is authenticated by vehicle management and stored in the block chain according to the classification, because the signature information is a series of numbers, the series of certificate signature information comprises the authentication organization, the block chain account ID of the authenticated user and the encrypted signature information of the real information, the authenticity can be identified through a website of the third-party authentication organization, meanwhile, specific information such as an identity card number, facial information and the like are not leaked, meanwhile, the authenticity of the identity information is also proved, the privacy information of the user is hidden, and the privacy of, so that the private information of the user cannot be stolen or abused. Meanwhile, if necessary, the real information can be acquired by a third-party certification authority under the condition of obtaining the consent of the user.
S3, generating a plurality of different account IDs for the same user by the blockchain;
if a user only has one account ID, the risk that the account ID of the user is attacked can be increased by tracing the transaction behavior or the activity behavior of the account ID on the blockchain, so that the privacy information of the user is easily stolen; one user correspondingly has a plurality of account IDs, the behavior of the user cannot be traced, and further the effect of protecting the privacy information of the user is achieved, so that an attacker cannot determine the user through the behavior of a certain account ID. The number of the account IDs may be set to be generated randomly in the blockchain, or may be set to be generated by a user request, and the generation manner of the account IDs may be to hash the public key of the user for different times, i.e., to generate a plurality of different account IDs.
S4, the user registers with the application by the account ID.
The user does not need to provide sensitive information such as a user identity card and the like for the application, the account ID represents that the privacy information of the user is backed up and authenticated by the blockchain, the privacy information of the user is stored on the blockchain, the blockchain provides the account ID representing that the privacy information of the user is backed up and authenticated to be registered on the application, the applications are not necessarily established on the blockchain, the applications can be software applications independently developed by an operator and can also be applications established based on the blockchain, but each application has a connection interface with the blockchain, a certain trust basis exists for the blockchain, so that the account ID representing the privacy information of the user can be conveniently obtained when the user registers on the corresponding application, and the privacy information of the user is isolated from the application.
Preferably, the user randomly generates a public key and a private key through the blockchain in step S1.
Preferably, the blockchain operator generates the private key and the public key according to the user identity information. The user identity information comprises user identity information such as an identity card number, a mobile phone number, a mailbox, sound, a facial image, a fingerprint, a family address, a place where a house entrance is located and the like, and if a private key is lost, the private key can be found back to a block chain operator.
Preferably, the registration in S4 includes the steps of:
s401, a user sends a verification transaction to a block chain, selects an account ID and private key signature information and sends the account ID and the private key signature information to the block chain;
s402, the block link points verify the account ID and the user signature information, and prove that the account ID belongs to the user and is not used after verification, and the application continues to be registered for use; the authentication is not passed, and the account ID is proved not to be all of the user or used and cannot be registered for use on the application;
and S403, after the verification is passed and the registration is successful, the blockchain records the account ID state as used.
The account ID is prevented from being repeatedly used when a new application is registered next time, the same account ID is prevented from being used by a plurality of applications, the opportunity of tracking the account ID track is created for an attacker, the user is prevented from being attacked, and the privacy of the user can be further protected from being leaked.
A system for isolating user identity information, a method for isolating user identity information according to any of the above, comprising: the public and private key generation module is used for generating a public key and a private key by a user through a block chain; the private information storage module is used for storing the public key and the user identity information generated in the public and private key generation module; the account ID generation module is used for generating a plurality of different account IDs for the users storing the public keys and the user identity information on the block chain; and the application module is used for registering the application account by the user by using the account ID generated by the account ID generation module.
Preferably, the public and private key generation module generates a public key and a private key at random on the block chain according to a request of a user, or generates the private key and the public key according to user identity information.
Preferably, the privacy information keeping module comprises a distributed storage database of a block chain and a private database of a block chain operator.
Preferably, the application module comprises an account ID verification module and a registration module, the account ID verification module is configured to verify whether the account ID belongs to the corresponding user, and verify whether the account ID has been used; and the registration module generates account information of the user on the application according to the account ID.
A device comprising a processor, an input device, an output device and a memory, the processor, the input device, the output device and the memory being interconnected, wherein the memory is adapted to store a computer program comprising program instructions, the processor being configured to invoke the program instructions to perform a method as described above.
A computer-readable storage medium, storing a computer program comprising program instructions, which, when executed by a processor, cause the processor to perform a method as described above.
3. Advantageous effects
Compared with the prior art, the technical scheme provided by the invention has the following beneficial effects:
(1) the invention provides a method for isolating user identity information based on a block chain technology, which can enable a user to enjoy the convenience brought by application without worrying about privacy information leakage by providing only one certifiable block chain account ID for third-party application without any other information;
(2) according to the invention, the privacy information of the user is isolated from the third-party application by utilizing the characteristics of block chain information ciphertext storage, decentralization and non-tampering, the account ID generated by the block chain is used for registering the user on the third-party application, and the third-party application cannot know the privacy information of the user corresponding to the account ID, so that the privacy of the user cannot be actively revealed;
(3) in the method for isolating the user identity information, provided by the invention, a user can generate a plurality of account IDs on a block chain, and different account IDs are used facing different applications, namely the plurality of account IDs of a single user correspond to the applications used by the user one by one, so that the account IDs used by the user are different when the user uses different applications, the behavior of the same account ID of the user on different applications is prevented from being traced and collected, and the possibility of passive leakage of the behavior of the user on different applications is prevented;
(4) according to the method for isolating the user identity information, provided by the invention, when a user registers an application, a verification transaction is sent to the block chain, and the user can register the application for use after the verification is passed, so that the privacy information of the user is not required to be provided for each application, and each application can also quickly acquire the number group of registered users based on the trust of the block chain;
(5) according to the method for isolating the user identity information, the privacy information stored on the block chain by the user is stored on the block chain in a ciphertext mode after Hash, and no private key signature verification of the user exists, so that anyone cannot know the plaintext content of the privacy information, and therefore the user can completely master the personal privacy information, and the privacy information is prevented from being leaked.
Drawings
FIG. 1 is a schematic diagram of the application of the method;
FIG. 2 is one of the flow chart diagrams of the method;
FIG. 3 is a second block flow diagram of the method;
FIG. 4 is a flow diagram of a verification transaction;
FIG. 5 is a system block diagram;
FIG. 6 is a block diagram of an apparatus;
FIG. 7 is one of the schematic views of example 2;
FIG. 8 is a second schematic view of the embodiment 2;
FIG. 9 is a schematic view of example 3;
FIG. 10 is a schematic view of example 7;
FIG. 11 is one of the schematic views of example 8;
FIG. 12 is a second schematic view of the embodiment 8.
Detailed Description
For a further understanding of the present invention, reference will now be made in detail to the embodiments illustrated in the drawings.
Example 1
As shown in fig. 2 and 3, a method for isolating user identity information includes the following steps:
s1, the user generates a public key and a private key through the blockchain;
the public key and the private key are generated in 2 modes, one mode is that the public key and the private key are randomly generated through a block chain, once the private key is lost, the public key and the private key cannot be found, the other mode is that a block chain operator carries out Hash encryption according to personal user identity information (name, gender, identity card number, mobile phone number, mailbox, voice, facial image, fingerprint, family address, residence place of a user and the like, or collective identity information such as the name of an enterprise, an organization or a unit, a unified social credit code, an address, a tax number and the like), then the private key and the public key are generated, and if the private key is lost, the private key can be found back to the block chain operator.
S2, storing the public key and the user identity information of the user in a block chain;
the identity information of the user needs to be authenticated and signed by a third-party authentication organization and then stored in a block chain, the classification of the identity information is different, different third-party authentication organizations are possible, for example, the identity card information needs to be authenticated by a government and public security bureau, the academic information needs to be authenticated by colleges and universities, the bank card asset information may need to be authenticated by banks, the automobile information is authenticated by vehicle management and stored in the block chain according to the classification, because the signature information is a series of numbers, the series of certificate signature information comprises the authentication organization, the block chain account ID of the authenticated user and the encrypted signature information of the real information, the authenticity can be identified through a website of the third-party authentication organization, meanwhile, specific information such as an identity card number, facial information and the like are not leaked, meanwhile, the authenticity of the identity information is also proved, the privacy information of the user is hidden, and the privacy of, so that the private information of the user cannot be stolen or abused. Meanwhile, if necessary, the real information can be acquired by a third-party certification authority under the condition of obtaining the consent of the user.
The public key and user identity information of the user can also be stored in a private database of the blockchain operator, as shown in fig. 3, the user information is more centralized, rather than open and diffused, and authentication is not required for every business application.
S3, generating a plurality of different account IDs for the same user by the blockchain;
if a user only has one account ID, the risk that the account ID of the user is attacked can be increased by tracing the transaction behavior or the activity behavior of the account ID on the blockchain, so that the privacy information of the user is easily stolen; one user correspondingly has a plurality of account IDs, the behavior of the user cannot be traced, and further the effect of protecting the privacy information of the user is achieved, so that an attacker cannot determine the user through the behavior of a certain account ID. The number of the account IDs may be set to be generated randomly in the blockchain, or may be set to be generated by a user request, and the generation manner of the account IDs may be to hash the public key of the user for different times, i.e., to generate a plurality of different account IDs.
S4, the user registers with the application by the account ID.
The user does not need to provide sensitive information such as a user identity card and the like for the application, the account ID represents that the privacy information of the user is backed up and authenticated by the blockchain, the privacy information of the user is stored on the blockchain, the blockchain provides the account ID representing that the privacy information of the user is backed up and authenticated to be registered on the application, the applications are not necessarily established on the blockchain, the applications can be software applications independently developed by an operator and can also be applications established based on the blockchain, but each application has a connection interface with the blockchain, a certain trust basis exists for the blockchain, so that the account ID representing the privacy information of the user can be conveniently obtained when the user registers on the corresponding application, and the privacy information of the user is isolated from the application.
An operator of one application only knows one account ID of a user, and determines that the account ID is backed up and authenticated by a blockchain, and the application can be used for the operation and the use of the operator, but the privacy information of the user cannot be obtained, so that the privacy information of the user cannot be used in other places, the privacy information of the user cannot be revealed, and the problem that the privacy is revealed when the user uses different applications is solved.
Example 2
A method for isolating user identity information is further improved on the basis of embodiment 1, and comprises the following steps:
s1, randomly generating a public key and a private key by the user through the blockchain, as shown in FIG. 7;
s2, storing the public key and the user identity information of the user in a block chain; the block chain such as a private chain and a alliance chain are permission chains, each node participating in the block chain system is permitted, and an unauthorized node cannot access the system. However, if a plurality of authentication nodes with limited number in the permission chain are combined together, identity information of the user can be leaked to cause certain threat, so if the block chain is the permission chain, the public key of the user and the identity information of the user are subjected to Hash encryption and then uploaded to the block chain; if the block chain is a public chain, the Hash encryption can be selectively carried out on the user identity information. As shown in fig. 8.
S3, generating a plurality of different account IDs for the same user by the blockchain;
s4, the user registers with the application by the account ID.
Example 3
A method for isolating user identity information is further improved on the basis of embodiments 1 and 2, and comprises the following steps:
s1, the user generates the private key and the public key according to the user identity information through the blockchain operator, as shown in fig. 9.
If the block chain is a permission chain, the public key of the user and the identity information of the user are subjected to Hash encryption, and then a private key and a public key are generated; if the block chain is a public chain, the Hash encryption can be selectively carried out on the user identity information. The user identity information comprises user identity information such as an identity card number, a mobile phone number, a mailbox, sound, a facial image, a fingerprint, a family address, a place where a house entrance is located and the like, and if a private key is lost, the private key can be found back to a block chain operator.
S2, storing the public key and the user identity information of the user in a block chain; the block chain such as a private chain and a alliance chain are permission chains, each node participating in the block chain system is permitted, and an unauthorized node cannot access the system. However, if a plurality of authentication nodes with limited number in the permission chain are combined together, identity information of the user can be leaked to cause certain threat, so if the block chain is the permission chain, the public key of the user and the identity information of the user are subjected to Hash encryption and then uploaded to the block chain; if the block chain is a public chain, the Hash encryption can be selectively carried out on the user identity information. As shown in fig. 8.
S3, generating a plurality of different account IDs for the same user by the blockchain;
s4, the user registers with the application by the account ID.
Example 4
The method for isolating the user identity information is further improved on the basis of the embodiments 1, 2 and 3, and comprises the following steps:
s1, the user generates a public key and a private key through the blockchain;
s2, storing the public key and the user identity information of the user in a block chain;
s3, generating a plurality of different account IDs for the same user by the blockchain;
s4, the user registers with the application by the account ID.
As shown in fig. 1, 3 and 4, the registration in S4 includes the steps of:
s401, a user sends a verification transaction to a block chain, selects an account ID and private key signature information and sends the account ID and the private key signature information to the block chain;
s402, the block link points verify the account ID and the user signature information, and prove that the account ID belongs to the user and is not used after verification, and the application continues to be registered for use; the authentication is not passed, and the account ID is proved not to be all of the user or used and cannot be registered for use on the application;
and S403, after the verification is passed and the registration is successful, the blockchain records the account ID state as used.
The account ID is prevented from being repeatedly used when a new application is registered next time, the same account ID is prevented from being used by a plurality of applications, the opportunity of tracking the account ID track is created for an attacker, the user is prevented from being attacked, and the privacy of the user can be further protected from being leaked.
The embodiment completely hides the privacy information of the user, and utilizes the advantages of block chain information ciphertext storage, decentralization, distributed storage and non-tampering, the account ID generated by the user through the block chain is in butt joint with the application of the third party, but the application mechanism of the third party cannot acquire the privacy information of the user, so that the leakage of the third party application operator to the privacy information of the user is completely prevented, and meanwhile, the user can normally enjoy the convenience brought by the application mechanism of the third party.
Example 5
As shown in fig. 1 and 5, a system for isolating user identity information according to the method for isolating user identity information in any one of embodiments 1 to 4 includes: the public and private key generation module is used for generating a public key and a private key by a user through a block chain; the private information storage module is used for storing the public key and the user identity information generated in the public and private key generation module; the account ID generation module is used for generating a plurality of different account IDs for the users storing the public keys and the user identity information on the block chain; and the application module is used for registering the application account by the user by using the account ID generated by the account ID generation module.
Example 6
As shown in fig. 1 and 5, a system for isolating user identity information, which is further improved on the basis of embodiment 5, includes: the public and private key generation module is used for generating a public key and a private key by a user through a block chain; the private information storage module is used for storing the public key and the user identity information generated in the public and private key generation module; the account ID generation module is used for generating a plurality of different account IDs for the users storing the public keys and the user identity information on the block chain; and the application module is used for registering the application account by the user by using the account ID generated by the account ID generation module. Further, the public and private key generation module randomly generates a public key and a private key according to a request of a user on the block chain, or generates the private key and the public key according to the identity information of the user. If the block chain is a permission chain, the public key of the user and the identity information of the user are subjected to Hash encryption, and then a private key and a public key are generated; if the block chain is a public chain, the Hash encryption can be selectively carried out on the user identity information. The user identity information comprises user identity information such as an identity card number, a mobile phone number, a mailbox, sound, a facial image, a fingerprint, a family address, a place where a house entrance is located and the like, and if a private key is lost, the private key can be found back to a block chain operator.
Example 7
A system for isolating user identity information is further improved on the basis of embodiments 5 and 6, and comprises: the public and private key generation module is used for generating a public key and a private key by a user through a block chain; the private information storage module is used for storing the public key and the user identity information generated in the public and private key generation module; the account ID generation module is used for generating a plurality of different account IDs for the users storing the public keys and the user identity information on the block chain; and the application module is used for registering the application account by the user by using the account ID generated by the account ID generation module. Further, as shown in fig. 10, the privacy information keeping module includes a distributed storage database of the blockchain and a private database of the blockchain operator. If the user identity information is stored in the private database, Hash encryption is required to be carried out on the user identity information so as to ensure the risk brought by the leakage of the user identity information.
Example 8
A system for isolating user identity information, which is further improved based on the embodiments 5, 6 and 7, and comprises: the public and private key generation module is used for generating a public key and a private key by a user through a block chain; the private information storage module is used for storing the public key and the user identity information generated in the public and private key generation module; the account ID generation module is used for generating a plurality of different account IDs for the users storing the public keys and the user identity information on the block chain; and the application module is used for registering the application account by the user by using the account ID generated by the account ID generation module. Further, as shown in fig. 11 and 12, the application modules include an account ID verification module and a registration module, the account ID verification module is configured to verify whether the account ID belongs to the corresponding user, and verify whether the account ID has been used; and the registration module generates account information of the user on the application according to the account ID.
Example 9
As shown in fig. 6, an apparatus comprises a processor, an input device, an output device, and a memory, the processor, the input device, the output device, and the memory being connected to each other, wherein the memory is configured to store a computer program, the computer program comprising program instructions, and the processor is configured to call the program instructions to perform the method according to any of the embodiments 1-5.
Example 10
A computer-readable storage medium, in which a computer program is stored, the computer program comprising program instructions which, when executed by a processor, cause the processor to carry out the method according to any of the claims 1-5.
Example 11
The embodiment provides a method for isolating real identity information based on a block chain technology, and in the method described in any one of the technical schemes in embodiments 1 to 5, only an account ID of a trusted and certifiable block chain user is provided for a third-party application without any other information, so that the method replaces identity card photographing and acquisition of other information oriented to an application APP, and personal user privacy is protected to a great extent.
Users (including individuals, businesses, institutions, group organizations, and the like); the user information includes, but is not limited to, data such as personal photos, birth certificates, identification numbers, mailboxes, mobile phone numbers, login accounts of a certain website, QQ numbers, contact addresses and the like for individuals; the user information includes, but is not limited to, social unified credit codes, organization codes, business content, external mailboxes, office phones, and other data for an organization such as an enterprise, a business entity, or a group organization.
In order to prove that an account ID is owned by a specific user, a user can send a verification transaction to the blockchain, the account ID is signed by a private key of the user and sent to the blockchain, the blockchain nodes can verify the account ID and user signature information, and the account ID can be proved to belong to the user. Not, this indicates that this account ID is not owned by this user. The application can trust the account ID to be owned by the user. Thus, the user does not need to provide sensitive information such as personal identification cards to the network application.
An individual user randomly generates a private key based on a block chain, and obtains a corresponding public key at the same time; the blockchain company can also generate a unique private key according to the ID of the user, so that the private key of the user can be retrieved to the blockchain operator when the private key of the user is lost.
The user obtains the identity card information of having certified through third party certificate authority, true information such as face collection, provides public key information simultaneously, for example identity card information, face information etc. such a user possesses which data all can be seen from the side, satisfies the demand of different APP's company to the information.
In order to adapt to different network applications, the blockchain generates different account IDs for the same user, so that personal privacy is protected to the maximum extent, for example, the account IDs of the Internet contract vehicles, the account ID of the Taobao merchant and the like.
The user registers own identity information with the application through an account ID generated for the network application. In order to prove that the account ID is owned by the user, the user can send a verification transaction to the blockchain, the account ID is signed by a private key of the user and sent to the blockchain, and the blockchain nodes can verify the account ID and the user signature information, so that the account ID can be proved to belong to the user. Not, this indicates that this account ID is not owned by this user.
The application can trust the account ID to be owned by the user. Thus, the user does not need to provide sensitive information such as personal identification cards to the network application. Through the scheme, the user can only provide the account ID of the user on the block chain to the network application company, and real identity card information does not need to be provided, so that the personal privacy of the user is protected to the maximum extent. And based on the block chain account IDs of different applications, the collection of user information among different applications can be effectively isolated, and the user information is prevented from being tracked and leaked. In addition, if necessary in the future, the passport information may be replaced by the block chain account ID information, and the information is globally used.
The present invention and its embodiments have been described above schematically, without limitation, and what is shown in the drawings is only one of the embodiments of the present invention, and the actual structure is not limited thereto. Therefore, if the person skilled in the art receives the teaching, without departing from the spirit of the invention, the person skilled in the art shall not inventively design the similar structural modes and embodiments to the technical solution, but shall fall within the scope of the invention.