CN110336672A

CN110336672A - Method, system and the storage medium of citizen privacy protection based on zero-knowledge proof

Info

Publication number: CN110336672A
Application number: CN201910365740.8A
Authority: CN
Inventors: 张晓�; 许强; 周伟明; 刘春蕊
Original assignee: Shandong Ice Chain Network Information Technology Co Ltd; Shandong Technology and Business University
Current assignee: Shandong Ice Chain Network Information Technology Co Ltd; Shandong Technology and Business University
Priority date: 2019-04-29
Filing date: 2019-04-29
Publication date: 2019-10-15
Anticipated expiration: 2039-04-29
Also published as: CN110336672B; WO2020220412A1

Abstract

Method, system and the storage medium for the citizen privacy protection based on zero-knowledge proof that the invention discloses a kind of, method include: after examination terminal obtains citizen's biological information, to obtain the corresponding Merkel's root of the biological information；According to Merkel's root, the corresponding pressure public information of Merkel's root is obtained, after forcing public information to meet the first preset condition, sends privacy echo request to the user terminal；Receive the individual privacy information and Merkel's verification information of user terminal feedback, and it is calculated according to hash algorithm, orderly Merkel tree building rule, individual privacy information and Merkel's verification information, obtain Merkel's root to be verified, and judge whether Merkel's root to be verified and Merkel's root are identical, when Merkel's root to be verified is identical with Merkel's root, the individual privacy information for determining that user terminal provides is true.The present invention solves consult citizen during citizen privacy information the technical issues of being exposed.

Description

Method, system and the storage medium of citizen privacy protection based on zero-knowledge proof

Technical field

The present invention relates to block platform chain technical fields, more particularly to the side of the protection of the citizen privacy based on zero-knowledge proof Method, system and computer readable storage medium.

Background technique

In recent years, as universal and 5G network the preparation of 4G network is universal, artificial intelligence, the continuous development of internet With it is increasingly mature.One digitization big epoch has been fade-in the every aspect of people's life.When law enfrocement official consults a certain citizen When, by the way that using after the AI recognition of face citizen, all personal information of the citizen can be all pushed in the terminal of law enfrocement official, Law enfrocement official determines whether the citizen is runaway convict or " old further according to whether there is the information such as runaway convict or Lao Lai in these information Rely ".But the process of access will lead to the problem of being all exposed by all privacy informations of access citizen.

Above content is only used to facilitate the understanding of the technical scheme, and is not represented and is recognized that above content is existing skill Art.

Summary of the invention

The method of the citizen privacy protection that the main purpose of the present invention is to provide a kind of based on zero-knowledge proof, system and Computer readable storage medium, it is intended to the technical issues of citizen privacy information is exposed during solution access citizen.

To achieve the above object, the application provides a kind of method of citizen privacy protection based on zero-knowledge proof, application In examination terminal, comprising steps of

Obtain the biometric information of citizen, send include the citizen biometric information inquiry request to authority Authority server, so that authoritative institution receives the bio-identification for feeding back authoritative institution ID, the citizen after the inquiry request The corresponding Merkel's root of information, preset hash algorithm and preset orderly Merkel tree building rule；

According to the authoritative institution ID of the authoritative institution's server feedback received and Merkel's root, obtain Take the corresponding pressure public information of Merkel's root；

According to the pressure public information got, judge whether to meet the first preset condition, and meets the when determining When one preset condition, privacy echo request is sent to user terminal, so that the user terminal feeds back at least the one of the citizen Individual privacy information and Merkel's verification information；

It is personal according to the hash algorithm, the orderly Merkel tree building rule, each item of user terminal feedback Privacy information and Merkel's verification information calculate, and obtain Merkel's root to be verified, judge Merkel's root to be verified and Whether Merkel's root is identical, and according to judging result, the individual privacy information provided user terminal is verified.

Optionally, according to the authoritative institution ID and Merkel's root received, Merkel's root is obtained The step of corresponding pressure public information includes:

The inquiry request including Merkel's root and the authoritative institution ID is sent to block platform chain, so that described Block platform chain receive feed back after the inquiry request authoritative institution ID it is corresponding at least one with Merkel's root It is worth identical Merkel's root, corresponding pressure public information, corresponding digital signature and corresponding storage time；

It is selected from the corresponding each Merkel's root identical as Merkel's root of the authoritative institution ID received The nearest Merkel's root of storage time；

According to the authoritative institution ID, the first public key of the corresponding authoritative institution's server of authoritative institution ID is obtained, and is adopted It is verified with the first public key Merkel root corresponding digital signature nearest to the storage time of selection；

If being verified, the Merkel's root for selecting storage time nearest is corresponding to force public information, and as the public affairs The pressure public information of the people.

In addition, the application also provides a kind of method of citizen privacy protection based on zero-knowledge proof, comprising steps of

The biometric information that terminal obtains citizen is checked, the inquiry for sending the biometric information including the citizen is asked It asks to authoritative institution's server；

Authoritative institution's server receives the biometric information including the citizen that the examination terminal is sent Inquiry request after, according to the mapping relations of the Merkel's root and biometric information that prestore, obtain the biology of the citizen The corresponding Merkel's root of identification information, and by Merkel's root, authoritative institution ID, preset hash algorithm and preset Orderly Merkel tree building rule feeds back to the examination terminal；

After the examination terminal receives Merkel's root of authoritative institution's server feedback, according to authoritative machine Structure ID and Merkel's root obtain the corresponding pressure public information of Merkel's root, and according to getting Public information is forced, judges whether to meet the first preset condition, and when determining the first preset condition of satisfaction, send privacy examination It requests to user terminal；

After the user terminal receives privacy echo request, at least one individual privacy information and Merkel's verifying are fed back Information is to the examination terminal, wherein Merkel's verification information includes except each individual privacy information of feedback is corresponding each The cryptographic Hash of at least one other node outside Merkel's node includes except each individual privacy information of feedback is corresponding silent The cryptographic Hash of at least one other node outside Ke Er node and corresponding affiliated layer；

The examination terminal is fed back according to the hash algorithm, the orderly Merkel tree building rule, user terminal Each individual privacy information and Merkel's verification information calculate, and obtain Merkel's root to be verified, judge Merck to be verified Whether your root and Merkel's root identical, and according to judging result, the individual privacy information that user terminal is provided into Row verifying.

Optionally, the privacy echo request further includes examination Permission Levels；

After the user terminal receives privacy echo request, at least one individual privacy information and Merkel's verifying are fed back Information to the step of examination terminal includes:

It is hidden according to the examination Permission Levels and each item individual that receive after the user terminal receives privacy echo request The default access grade of personal letter breath feeds back each item corresponding with the identical Permission Levels of Permission Levels are checked in individual privacy information Individual privacy information and Merck verification information are to the examination terminal.

Optionally, the examination terminal obtains the biometric information of citizen, sends the bio-identification including the citizen Include: before the step of inquiry request of information to authoritative institution's server

Authoritative institution's server receives the citizen ID that each user terminal is sent respectively and the citizen ID is corresponding extremely A few personal information；

When the corresponding personal information quantity of the citizen ID received is greater than or equal to two, authoritative institution's clothes Device be engaged according to the second preset condition, respectively each personal information is divided into individual privacy information or forces public information；

Authoritative institution's server is believed according to the corresponding each personal information of the citizen ID received and each item individual Corresponding information category is ceased, the corresponding news file of the citizen ID is created, wherein the news file includes the citizen ID The news file of corresponding at least two personal information and the corresponding information category of each personal information；

Authoritative institution's server is regular and described using preset hash algorithm, preset orderly Merkel tree building Each personal information in news file, constructs the corresponding first Merkel tree of the file number, and according to the first Merkel tree and The biometric information of the citizen ID prestored creates Merkel's root of the first Merkel tree and the biology of the citizen ID The mapping relations of identification information；

Merkel root and the letter of the authoritative institution's server according to the first private key to the first Merkel tree It forces public information to be signed in breath archives, generates the first digital signature；

Authoritative institution's server will include authoritative institution ID, Merkel's root of the first Merkel tree, first The information of public information is forced to store to the block platform chain in digital signature and the news file.

Optionally, described when the corresponding personal information quantity of the citizen ID received is greater than or equal to two, institute Authoritative institution's server is stated according to the second preset condition, the corresponding each personal information of the citizen ID respectively received is drawn After the step of being divided into individual privacy information or forcing public information further include:

Authoritative institution's server is according to third preset condition, the corresponding each item of the citizen ID that respectively receives Different rights grade is arranged in personal information；

Authoritative institution server is according to the corresponding each personal information of the citizen ID received and each item The corresponding information category of people's information creates the corresponding news file of the citizen ID, wherein the news file includes the public affairs The step of news file of corresponding at least two personal information of people ID and the corresponding information category of each personal information includes:

Authoritative institution's server is according to the corresponding each personal information of the citizen ID received, each personal information Corresponding information category and corresponding Permission Levels create the corresponding news file of the citizen ID, wherein the news file Including corresponding at least two personal information of the citizen ID, the corresponding information category of each personal information and corresponding permission etc. The news file of grade.

Optionally, authoritative institution server by include authoritative institution ID, the first Merkel tree Merck The information of public information is forced to store to the step of the block platform chain in your root, the first digital signature and the news file After rapid further include:

Authoritative institution's server receives the update request that any user terminal is sent, wherein update request includes The citizen ID and at least one personal information；

Authoritative institution's server will update each personal information in request respectively and be divided into according to the second preset condition Individual privacy information forces public information；

Authoritative institution's server is believed according to each item individual in the corresponding news file of the citizen ID, update request Breath and corresponding information category, update the corresponding news file of the citizen ID and generate the new information archives of the citizen ID, The new information archives include each personal information and the corresponding information category of each personal information；

Authoritative institution's server is regular and described using preset hash algorithm, preset orderly Merkel tree building Each personal information in new information archives, building update the corresponding second Merkel tree of file number in request, and according to second The biometric information of Merkel tree and the citizen ID prestored creates the Merkel's root and the public affairs of the second Merkel tree Merkel's root of the first Merkel tree of mapping relations and deletion of the biometric information of people ID and the life of the citizen ID The mapping relations of object identification information；

Authoritative institution's server uses Merkel root and the new information of first private key to the second Merkel tree It forces public information to be signed in archives, generates the second digital signature；

The authoritative institution will include authoritative institution ID, Merkel's root of the second Merkel tree, the second digital signature and The information of public information is forced to store to the block platform chain in the new information archives.

Optionally, the authoritative institution will include authoritative institution ID, Merkel's root of the second Merkel tree, second The information of pressure public information, which was stored to the step of block platform chain, in digital signature and the new information archives includes:

Intelligent contract on block platform chain described in authoritative institution's server calls, creation one includes authoritative institution Public information is forced in ID, Merkel's root of the second Merkel tree, the second digital signature and the new information archives Second transaction record；

Authoritative institution's server sends second transaction record and stores to the block platform chain.

In addition, to achieve the above object, the present invention also provides a kind of zero-knowledge proof system of personal information, the systems Include:

Terminal is checked, for obtaining the biometric information of citizen, sends the biometric information including the citizen Inquiry request is to authoritative institution's server；

Authoritative institution's server, the biometric information including the citizen sent for receiving the examination terminal Inquiry request after, according to the mapping relations of the Merkel's root and biometric information that prestore, obtain the biology of the citizen The corresponding Merkel's root of identification information, and by Merkel's root, authoritative institution ID, preset hash algorithm and preset Orderly Merkel tree building rule feeds back to the examination terminal；

The examination terminal, after Merkel's root for receiving authoritative institution's server feedback, according to Authoritative institution ID and Merkel's root, obtain the corresponding pressure public information of Merkel's root, and according to getting The pressure public information, judge whether meet the first preset condition, and when determine meet the first preset condition when, send it is hidden Private echo request is to user terminal；

User terminal feeds back at least one individual privacy information and Merkel tests after receiving privacy echo request Information is demonstrate,proved to the examination terminal, wherein Merkel's verification information includes except each individual privacy information of feedback is corresponding The cryptographic Hash of at least one other node outside each Merkel's node includes except each individual privacy information of feedback is corresponding The cryptographic Hash of at least one other node outside Merkel's node and corresponding affiliated layer；

The examination terminal, for anti-according to the hash algorithm, the orderly Merkel tree building rule, user terminal Each individual privacy information and Merkel's verification information of feedback calculate, and obtain Merkel's root to be verified, judge to be verified Whether Merkel's root and Merkel's root are identical, and according to judging result, believe the individual privacy that user terminal provides Breath is verified.

In addition, to achieve the above object, it is described computer-readable the present invention also provides a kind of computer readable storage medium It is stored with computer program on storage medium, realizes when the computer program is executed by processor and knows as described above based on zero The step of knowing the method for the citizen privacy protection proved.

Method, system and the computer for a kind of citizen privacy protection based on zero-knowledge proof that the embodiment of the present invention proposes Readable storage medium storing program for executing sends the inquiry of the biometric information including the citizen by obtaining the biometric information of citizen Request is to authoritative institution's server, so that authoritative institution ID, the citizen feed back after receiving the inquiry request in authoritative institution The corresponding Merkel's root of biometric information, preset hash algorithm and preset orderly Merkel tree building rule；Root The authoritative institution ID and Merkel's root according to the authoritative institution's server feedback received, obtain the Merck The corresponding pressure public information of your root；According to the pressure public information got, judge whether to meet the first default item Part, and when determining the first preset condition of satisfaction, privacy echo request is sent to user terminal, so that the user terminal is fed back At least one individual privacy information and Merkel's verification information of the citizen；According to the hash algorithm, the orderly Merck You calculate tree building rule, each individual privacy information of user terminal feedback and Merkel's verification information, obtain Merkel's root to be verified judges whether Merkel's root to be verified and Merkel's root are identical, and according to judging result, The individual privacy information provided user terminal is verified.To examination person can only go examination force public information meet it is default The privacy information of the citizen (such as runaway convict, Lao Lai etc.) of condition, it is ensured that the citizen's for forcing public information ineligible is hidden Personal letter breath is not exposed.

Detailed description of the invention

Fig. 1 is the structural schematic diagram for the hardware running environment that the embodiment of the present invention is related to；

Fig. 2 is the flow diagram for the method first embodiment protected the present invention is based on the citizen privacy of zero-knowledge proof；

Fig. 3 is the thin of step S020 in the method second embodiment protected the present invention is based on the citizen privacy of zero-knowledge proof Change flow diagram；

Fig. 4 is the flow diagram for the method 3rd embodiment protected the present invention is based on the citizen privacy of zero-knowledge proof

Fig. 5 is the thin of step S120 in the method sixth embodiment protected the present invention is based on the citizen privacy of zero-knowledge proof Change flow diagram；

Fig. 6 is the system architecture signal for the method 3rd embodiment protected the present invention is based on the citizen privacy of zero-knowledge proof Figure；

Fig. 7 is the Merkel's tree schematic diagram constructed；

Fig. 8 is the transaction record schematic diagram for being stored with Merkel's root and forcing public information.

The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.

Specific embodiment

It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.

Fig. 1 is please referred to, Fig. 1 is examination terminal, authoritative institution's server, user provided in each embodiment of the present invention The hardware structural diagram of terminal or block platform chain, the examination terminal, authoritative institution's server, user terminal or block chain Platform includes the components such as communication module 10, memory 20 and processor 30.It will be understood by those skilled in the art that shown in Fig. 1 Examination terminal, authoritative institution's server or block platform chain out can also include components more more or fewer than diagram, or Combine certain components or different component layouts.Wherein, the processor 30 respectively with the memory 20 and the communication Module 10 connects, and is stored with computer program on the memory 20, the computer program is executed by processor 30 simultaneously.

Communication module 10 can be connect by network with external equipment.Communication module 10 can receive external equipment sending Data, also transmittable data, instruction and information to the external equipment.The external equipment can be the examination terminal, power Prestige authority server, user terminal or block platform chain.

Memory 20 can be used for storing software program and various data.Memory 20 can mainly include storing program area The storage data area and, wherein storing program area can application program needed for storage program area, at least one function (based on using Family information architecture Merkel tree) etc.；Storage data area can store according to examination terminal, authoritative institution's server, user terminal or Block platform chain uses created data or information etc..In addition, memory 20 may include high-speed random access memory, It can also include nonvolatile memory, a for example, at least disk memory, flush memory device or other volatile solid-states are deposited Memory device.

Processor 30 is the control centre for checking terminal, authoritative institution's server, user terminal or block platform chain, benefit Each portion of terminal, authoritative institution's server, user terminal or block platform chain is entirely checked with various interfaces and connection Point, by running or execute the software program and/or module that are stored in memory 20, and calls and be stored in memory 20 Data, execute examination terminal, authoritative institution's server, the various functions of user terminal or block platform chain and processing data, To carry out integral monitoring to examination terminal, authoritative institution's server, user terminal or block platform chain.Processor 30 may include One or more processing units；Preferably, processor 30 can integrate application processor and modem processor, wherein application The main processing operation system of processor, user interface and application program etc., modem processor mainly handles wireless communication.It can With understanding, above-mentioned modem processor can not also be integrated into processor 30.It is above-mentioned to look into although Fig. 1 is not shown Testing terminal, authoritative institution's server, user terminal or block platform chain can also include circuit control module, for being electrically connected with city It connects, realizes power supply control, guarantee the normal work of other component.

It will be understood by those skilled in the art that shown in Fig. 1 examination terminal, authoritative institution's server, user terminal or Block platform chain structure does not constitute the restriction to examination terminal, authoritative institution's server, user terminal or block platform chain, can To include perhaps combining certain components or different component layouts than illustrating more or fewer components.

According to above-mentioned hardware configuration, each embodiment of the method for the present invention is proposed.

Referring to Fig. 2, in the first embodiment for the method protected the present invention is based on the citizen privacy of zero-knowledge proof, application In examination terminal, it is described based on zero-knowledge proof citizen privacy protection method comprising steps of

Step S010 obtains the biometric information of citizen, sends the inquiry of the biometric information including the citizen Request is to authoritative institution's server, so that authoritative institution ID, the citizen feed back after receiving the inquiry request in authoritative institution The corresponding Merkel's root of biometric information, preset hash algorithm and preset orderly Merkel tree building rule；

In the present embodiment, zero-knowledge proof refer to a side (certifier) can be proved to another party (verifier) one it is old State be correctly, without reveal the statement be correctly except other useful informations.In in the present invention, " statement " refers to It is pending personal information.Merkel tree (Merkle Tree) is exactly a kind of binary tree data structure for storing cryptographic Hash, is write from memory The leaf of Ke Er tree is the cryptographic Hash of data block (for example, set that data block can be information, file or file), non-leaf segment Point is its cryptographic Hash for corresponding to child node series strings.Orderly Merkel tree building rule refers to constructing effective Merkel When tree, to the rule that position of all nodes in respective layer is ranked up in each layer, which can be according to According to the character ASCII character number of the cryptographic Hash of each node in the size of 16 binary values of the cryptographic Hash of node each in every layer or every layer Word sequence, successively arranges each node location for each node from small to large or from big to small from left to right.

Biometric information can be face characteristic, fingerprint, vocal print, iris, DNA etc..It checks terminal and obtains bio-identification The process of information can be video surveillance network, fingerprint identification device, voice print identification device, iris identification device, DNA detection dress It sets or citizen's identification information that other terminals will acquire is sent to examination terminal by wirelessly or non-wirelessly network, or is interior The examination terminal of the biological identification device of portion's insertion directly acquires the biometric information.

Biometric information is sent to authoritative institution's service by wired or wireless network by examination terminal.Authoritative institution's clothes After business device receives the inquiry request including biometric information, according to reflecting for the Merkel's root and biometric information prestored Relationship is penetrated, obtains the corresponding Merkel's root of biometric information, and Merkel's root, authoritative institution ID, building are somebody's turn to do The default hash algorithm and preset orderly Merkel tree building rule used when the corresponding Merkel tree of Merkel's root passes through Wired or wireless network is sent to examination terminal.Hash algorithm can be MD4 algorithm, MD5 algorithm, SHA-1, SHA-256, SHA- 512, national secret algorithm or other hash algorithms, are not limited thereto.

Step S020, according to the authoritative institution ID of the authoritative institution's server feedback received and the Merck That root, obtains the corresponding pressure public information of Merkel's root；

Examination terminal receives Merkel's root of authoritative institution's server feedback, authoritative institution ID, the calculation of preset Hash After method and preset orderly Merkel tree building rule, the pressure including Merkel's root and authoritative institution ID can be sent Public information inquiry request to block platform chain, block platform chain inquires according to Merkel's root and is pre-stored in block chain The corresponding pressure public information of Merkel's root described in platform, and by the pressure public information inquired by wired or wireless Network-feedback is to checking terminal.

Examination terminal receives Merkel's root of authoritative institution's server feedback, preset hash algorithm and preset has After sequence Merkel tree constructs rule then, the pressure public information inquiry request including Merkel's root can also be sent to institute Authoritative institution's server is stated, authoritative institution's server inquires according to Merkel's root and is pre-stored in authoritative institution's server Described in the corresponding pressure public information of Merkel's root, and the pressure public information inquired is passed through into wired or wireless network Feed back to examination terminal.

Step S030 judges whether to meet the first preset condition, and when true according to the pressure public information got When meeting the first preset condition surely, privacy echo request is sent to user terminal, so that the user terminal feeds back the citizen At least one individual privacy information and Merkel's verification information；

The examination terminal, which is got, forces in public information after all personal information, can be sentenced according to the first preset condition Disconnected that each personal information in public information is forced to judge whether to meet the first preset condition, the first preset condition is when pressure open letter Any bar personal information meets the first preset condition in breath, then sends privacy echo request to user terminal.

Such as force public information in include previous conviction, whether be fugitive personnel, whether be Lao Lai, whether be drug abuse people Member etc., the first preset condition are to meet runaway convict, drug addict, Lao Lai thrin.When the pressure for getting a certain citizen discloses After information, occur the information of drug addict in the pressure public information of the citizen, meets the first preset condition, then check terminal Privacy echo request can be sent to user terminal, the user terminal can be the user terminal of the citizen in the present embodiment, Or terminal, certain bank or the terminal of court system etc. of public security system, it is not limited thereto.

After user terminal receives privacy echo request, at least the one of the citizen can be fed back by wired or wireless network Individual privacy information and Merkel's verification information are to checking terminal, wherein Merkel's verification information includes each except feedback The cryptographic Hash of at least one other node outside the corresponding each Merkel's node of personal information includes each item except feedback The cryptographic Hash of at least one other node outside the corresponding Merkel's node of people's information and corresponding affiliated layer.The citizen can also Directly to input at least one individual privacy information and Merkel's verification information in examination terminal.

It should be noted that prevent the personal information sent, these information of Merkel's verification information from being cut by other people It obtains, these information of personal information and Merkel's verification information can be encrypted using the public key of examination terminal, then will add Information after close is sent to examination terminal, and examination terminal can carry out the information of the encryption using the private key of examination terminal oneself Decryption, to obtain the personal information and Merkel's verification information of user terminal transmission.

The cryptographic Hash of each node in Merkel's verification information be generated by Hash mapping function unidirectional as a result, itself simultaneously It cannot be used for extrapolating any useful information.These nodes in Merkel's verification information are Merkels corresponding from personal information All sections necessary on node to the Hash calculation path of Merkel's root in addition to the corresponding Merkel's node of personal information The cryptographic Hash of all nodes outside the corresponding Merkel's node of cryptographic Hash or personal information of point and corresponding affiliated layer, if adopting With most fast Hash calculation path, the node Hash of one group of ordered arrangement can be only included in the Merkel's verification information provided Value, this put in order for calculate Merkel's root process be using sequencing.According to non-most fast Hash calculation path, It further include layer belonging to each node cryptographic Hash is corresponding in Merkel's verification information of offer other than node cryptographic Hash.Such as it is a People's privacy information is the P1 name in Fig. 7, from the Hash of the corresponding node location of name Merkel's root of Merkel tree into Fig. 7 Calculating path can be B+CD+EF, or B+C+D+EF can also be B+C+D+E+F, wherein the Hash meter of B+CD+EF Path is calculated for A, is most fast Hash calculation path, and the Hash calculation path of B+C+D+E+F is for A, is most slow Hash calculation path, according to most fast Hash calculation path, then Merkel's verification information is the node of one group of ordered arrangement Cryptographic Hash array { hash (P2), hash (C+D), hash (E+F) }.If the calculating path is B+C+D+EF, then Merkel tests Card information be include node B cryptographic Hash and node B belonging to layer be first layer, layer belonging to the cryptographic Hash of node C and node C is the Layer belonging to one layer, the cryptographic Hash of node D and node D is first layer, layer is third layer belonging to the cryptographic Hash of node EF and node EF. In another example it is P1 name and the birthplace P3 in Fig. 7 that user terminal, which has fed back two individual privacy informations, then from P1 name and P3 It the Hash calculation path of the corresponding node A and C in birthplace Merkel's root of Merkel tree into Fig. 7 can be (most fast for B+D+EF Hash calculation path) or B+D+E+F.In Merkel's verification information in addition to the corresponding Merkel's node of individual privacy information to be checked The quantity of other nodes be to be determined by the complexity of Merkel tree, Merkel tree is simpler, and level is fewer, then needs to provide Other number of nodes are fewer.

Step S040 is fed back according to the hash algorithm, the orderly Merkel tree building rule, the user terminal Each individual privacy information and Merkel's verification information calculate, and obtain Merkel's root to be verified, judge Merck to be verified Whether your root and Merkel's root identical, and according to judging result, the individual privacy information that user terminal is provided into Row verifying.

Examination terminal can be according to each personal information for receiving citizen's offer and except each item of citizen offer be personal The cryptographic Hash of other nodes outside the corresponding Merkel's node of information and affiliated layer, it is using the hash algorithm got and orderly silent Ke Er tree building rule successively calculates cryptographic Hash, finally obtains Merkel's root.Such as by examination citizen of offer People's privacy information is the cleartext information and Merkel's verification information in " birthplace: Shandong Yantai " in Fig. 7, and wherein Merkel verifies Information is the cryptographic Hash hash (P4) of node D, the cryptographic Hash hash (A+B) of node AB and node EF of Merkel tree in Fig. 7 Cryptographic Hash hash (E+F), the orderly Merkel tree building rule that third-party authentication server is got is successively will from small to large Each node of same layer arranges each node location from left to right.Examination terminal can treat verification information using hash algorithm and be counted Calculation obtains the cryptographic Hash hash (P3) of node C, and hash (P3) is less than hash (P4) size；Then according to the cryptographic Hash of node C The cryptographic Hash hash (C+D) of the second node layer CD is calculated with the cryptographic Hash of node D, further relatively hash (A+B) and Hash (C+D) size obtains after hash (A+B) be less than hash (C+D), is calculated the according to hash (A+B) and hash (C+D) The cryptographic Hash of three node layer ABCD is hash (AB+CD), finally compares hash (AB+CD) and hash (E+F) size knows hash (AB+CD) it is less than hash (E+F), Merkel's root hash to be verified is calculated according to hash (AB+CD) and hash (E+F) (ABCD+EF)。

After obtaining Merkel's root to be verified, judges Merkel's root to be verified and check the biology obtained before terminal Whether the corresponding Merkel's root of identification information is identical, when Merkel's root to be verified is identical with Merkel's root, Determine privacy information that user terminal provides be it is true, when Merkel's root to be verified and Merkel's root be not identical, The privacy information for determining that user terminal provides is false.

The present embodiment sends looking into for the biometric information including the citizen by the biometric information of acquisition citizen Request is ask to authoritative institution's server, so that authoritative institution ID, the public affairs feed back after receiving the inquiry request in authoritative institution The corresponding Merkel's root of the biometric information of the people, preset hash algorithm and preset orderly Merkel tree building rule； According to the authoritative institution ID of the authoritative institution's server feedback received and Merkel's root, obtain described silent The corresponding pressure public information of Ke Er root；According to the pressure public information got, judge whether that meeting first presets Condition, and when determining the first preset condition of satisfaction, privacy echo request is sent to user terminal, so that the user terminal is anti- Present at least one individual privacy information and Merkel's verification information of the citizen；According to the hash algorithm, described orderly silent Ke Er tree building rule, each individual privacy information of user terminal feedback and Merkel's verification information calculate, and obtain Merkel's root to be verified is obtained, judges whether Merkel's root to be verified and Merkel's root are identical, and is tied according to judgement Fruit, the individual privacy information provided user terminal are verified.To which examination person can only go examination that public information is forced to meet The privacy information of the citizen (such as runaway convict, Lao Lai etc.) of preset condition, it is ensured that the citizen for forcing public information ineligible Privacy information be not exposed.

Further, referring to Fig. 3, the first of the method for the citizen privacy protection according to the application based on zero-knowledge proof is real The second embodiment for applying the method that example deduction proposes that the application is protected based on the citizen privacy of zero-knowledge proof, in the present embodiment In, the step S020 includes:

It is flat to block chain to send the inquiry request including Merkel's root and the authoritative institution ID by step S021 Platform so that the block platform chain receive feed back after the inquiry request authoritative institution ID it is corresponding at least one with institute When stating the identical Merkel's root of Merkel's root, corresponding pressure public information, corresponding digital signature and corresponding storage Between；

Step S022, from the corresponding each Merkel's root identical as Merkel's root of the authoritative institution ID received The Merkel's root for selecting storage time nearest in value；

Step S023 obtains the first of the corresponding authoritative institution's server of authoritative institution ID according to the authoritative institution ID Public key, and tested using the first public key Merkel root corresponding digital signature nearest to the storage time of selection Card；

Step S024, if being verified, the Merkel's root for selecting storage time nearest is corresponding to force public information, and makees For the pressure public information of the citizen.

In the present embodiment, since multiple Merck identical with Merkel's root may be stored on block platform chain Your root, some in these Merkel's roots are sent by the corresponding authoritative institution's server of authoritative institution ID, some be by What other authoritative institution's servers were sent, also some are sent by inauthoritativeness authority server.

After Merkel's root is calculated, examination terminal can will include Merkel's root and authoritative institution ID Inquiry request block platform chain is sent to by wired or wireless network.Such as examination terminal passes through the API of block platform chain Inquiry request including Merkel's root and authoritative institution ID is sent to block platform by interface.The block platform chain According to the Merkel's root and authoritative institution ID received, selected from all Merkel's roots stored on platform The corresponding all Merkel's roots identical with Merkel's root of authoritative institution ID, and by each Merck of acquisition You are sent to the examination terminal at root, corresponding pressure public information, corresponding digital signature and corresponding storage time.

Examination terminal receives each Merkel's root, corresponding pressure public information, corresponding of block platform chain transmission After digital signature and corresponding storage time, first according to storage time, storage time is selected most from these Merkel's roots Close Merkel's root, and according to authoritative institution ID, the first public key of authoritative institution ID is obtained, when using the first public key to storage Between the nearest corresponding digital signature of Merkel's root verify, if being verified, examination terminal selection storage time is nearest Merkel's root corresponding force public information, and the pressure public information as Merkel's root.The present embodiment provides It is a kind of to obtain the strategy for forcing public information from block platform chain, it is ensured that the pressure public information of acquisition is true.

It is described in the 3rd embodiment for the method protected the present invention is based on the citizen privacy of zero-knowledge proof referring to Fig. 4 Based on zero-knowledge proof citizen privacy protection method comprising steps of

Step S10, examination terminal obtain the biometric information of citizen, send the biometric information including the citizen Inquiry request to authoritative institution's server；

Biometric information can be face characteristic, fingerprint, vocal print, iris, DNA etc..It checks terminal and obtains bio-identification The process of information can be video surveillance network, fingerprint identification device, voice print identification device, iris identification device, DNA detection dress It sets or citizen's identification information that other terminals will acquire is sent to examination terminal by wirelessly or non-wirelessly network, or is interior The examination terminal of the biological identification device of portion's insertion directly acquires the biometric information.Examination terminal gets bio-identification After information, the biometric information is sent to authoritative institution's server by wired or wireless network.

Step S20, authoritative institution's server receive the biology including the citizen that the examination terminal is sent After the inquiry request of identification information, according to the mapping relations of the Merkel's root and biometric information that prestore, the public affairs are obtained The corresponding Merkel's root of the biometric information of the people, and by Merkel's root, authoritative institution ID, preset hash algorithm The examination terminal is fed back to preset orderly Merkel tree building rule；

After authoritative institution's server receives the inquiry request including biometric information that examination terminal is sent, according to pre- The mapping relations of the Merkel's root and biometric information deposited obtain the corresponding Merkel's root of biometric information, and will Merkel's root, authoritative institution ID, the default hash algorithm used when constructing the corresponding Merkel tree of Merkel's root Examination terminal is sent to by wired or wireless network with preset orderly Merkel tree building rule.

Step S30, after the examination terminal receives Merkel's root of authoritative institution's server feedback, root According to authoritative institution ID and Merkel's root, the corresponding pressure public information of Merkel's root is obtained；

Examination terminal receives Merkel's root of authoritative institution's server feedback, authoritative institution ID, presets Hash algorithm and preset orderly Merkel tree building rule then after, can send including Merkel's root and authoritative machine The pressure public information inquiry request of structure ID to block platform chain, block platform chain inquires pre- according to Merkel's root There are the corresponding pressure public informations of Merkel's root described in block platform chain, and will be each in the pressure public information inquired Personal information feeds back to examination terminal by wired or wireless network.

Examination terminal receive Merkel's root of authoritative institution's server feedback, preset hash algorithm and After preset orderly Merkel tree constructs rule then, the pressure public information inquiry including Merkel's root can also be sent To the corresponding authoritative institution's server of authoritative institution ID, authoritative institution's server is inquired according to Merkel's root for request It is pre-stored in the corresponding pressure public information of Merkel's root described in authoritative institution's server, and the pressure open letter that will be inquired Each personal information feeds back to examination terminal by wired or wireless network in breath.

Step S40, the examination terminal judge whether that meeting first presets according to the pressure public information got Condition, and when determining the first preset condition of satisfaction, privacy echo request is sent to user terminal；

Such as force public information in include previous conviction, whether be fugitive personnel, whether be Lao Lai, whether be drug abuse people Member etc., the first preset condition are to meet runaway convict, drug addict, Lao Lai thrin.When the pressure for getting a certain citizen discloses After information, occur the information of drug addict in the pressure public information of the citizen, meets the first preset condition, then check terminal Privacy echo request can be sent to user terminal.

Step S50 after the user terminal receives privacy echo request, feeds back at least one individual privacy information and writes from memory Ke Er verification information is to the examination terminal, wherein Merkel's verification information includes each individual privacy information except feedback The cryptographic Hash of at least one other node outside corresponding each Merkel's node includes except each individual privacy information fed back The cryptographic Hash of at least one other node outside corresponding Merkel's node and corresponding affiliated layer；

The cryptographic Hash of each node in Merkel's verification information be generated by Hash mapping function unidirectional as a result, itself simultaneously It cannot be used for extrapolating any useful information.These nodes in Merkel's verification information are Merkels corresponding from personal information All sections necessary on node to the Hash calculation path of Merkel's root in addition to the corresponding Merkel's node of personal information The cryptographic Hash of all nodes outside the corresponding Merkel's node of cryptographic Hash or personal information of point and corresponding affiliated layer, if adopting With most fast Hash calculation path, the node Hash of one group of ordered arrangement can be only included in the Merkel's verification information provided Value, this put in order for calculate Merkel's root process be using sequencing.According to non-most fast Hash calculation path, It further include layer belonging to each node cryptographic Hash is corresponding in Merkel's verification information of offer other than node cryptographic Hash.Such as with One individual privacy information of family terminal feedback is the P1 name in Fig. 7, from the corresponding node location of name Merkel into Fig. 7 The Hash calculation path of Merkel's root of tree can be B+CD+EF, or B+C+D+EF can also be B+C+D+E+F, The Hash calculation path of middle B+CD+EF is most fast Hash calculation path for A, and the Hash calculation path of B+C+D+E+F It is most slow Hash calculation path for A, according to most fast Hash calculation path, then Merkel's verification information is one The node cryptographic Hash array { hash (P2), hash (C+D), hash (E+F) } of group ordered arrangement.If the calculating path is B+C+D+ EF, then Merkel's verification information be include node B cryptographic Hash and node B belonging to layer be first layer, node C cryptographic Hash and Layer belonging to node C is first layer, layer is first layer, the cryptographic Hash of node EF and node EF belonging to the cryptographic Hash of node D and node D Affiliated layer is third layer.

Step S60, the examination terminal are whole according to the hash algorithm, the orderly Merkel tree building rule, user Hold feedback each individual privacy information and Merkel's verification information calculate, obtain Merkel's root to be verified, judge to It verifies Merkel's root and whether Merkel's root is identical, and according to judging result, the individual provided user terminal is hidden Personal letter breath is verified.

Examination terminal can be according to each personal information for receiving citizen's offer and except each item of citizen offer be personal The cryptographic Hash of other nodes outside the corresponding Merkel's node of information and affiliated layer, it is using the hash algorithm got and orderly silent Ke Er tree building rule successively calculates cryptographic Hash, finally obtains Merkel's root.Such as it is provided by examination citizen to be tested The cleartext information and Merkel's verification information that information is " birthplace: Shandong Yantai " in Fig. 7 are demonstrate,proved, wherein Merkel's verification information For the Hash of the cryptographic Hash hash (P4) of the node D of Merkel tree, cryptographic Hash hash (A+B) and node EF of node AB in Fig. 7 Value hash (E+F), the orderly Merkel tree building rule that third-party authentication server is got is from small to large successively will be same Each node of layer arranges each node location from left to right.Examination terminal can treat verification information using hash algorithm and calculate To the cryptographic Hash hash (P3) of node C, and hash (P3) is less than hash (P4) size；Then according to the cryptographic Hash and section of node C The cryptographic Hash hash (C+D) of the second node layer CD is calculated in the cryptographic Hash of point D, further relatively hash (A+B) and hash (C+ D) size obtains hash (A+B) less than after hash (C+D), and third node layer is calculated according to hash (A+B) and hash (C+D) The cryptographic Hash of ABCD is hash (AB+CD), finally compares hash (AB+CD) and hash (E+F) size knows that hash (AB+CD) is small In hash (E+F), Merkel's root hash (ABCD+EF) to be verified is calculated according to hash (AB+CD) and hash (E+F).

The present embodiment obtains the biometric information of citizen by examination terminal, sends the bio-identification including the citizen The inquiry request of information is to authoritative institution's server；Authoritative institution's server receive it is described examination terminal send include After the inquiry request of the biometric information of the citizen, closed according to the mapping of the Merkel's root and biometric information prestored System, obtains the corresponding Merkel's root of biometric information of the citizen, and by Merkel's root, authoritative institution ID, Preset hash algorithm and preset orderly Merkel tree building rule feed back to the examination terminal；The examination terminal receives To after Merkel's root of authoritative institution's server feedback, according to authoritative institution ID and Merkel's root, obtain Take the corresponding pressure public information of Merkel's root；The examination terminal according to the pressure public information got, Judge whether to meet the first preset condition, and when determining the first preset condition of satisfaction, sends privacy echo request to user's end End；After the user terminal receives privacy echo request, at least one individual privacy information and Merkel's verification information are fed back To the examination terminal, wherein Merkel's verification information includes the corresponding each Merck of each individual privacy information except feedback The cryptographic Hash of at least one other node outside your node includes except the corresponding Merkel of each individual privacy information fed back The cryptographic Hash of at least one other node outside node and corresponding affiliated layer；The examination terminal according to the hash algorithm, The orderly Merkel tree building rule, each individual privacy information of user terminal feedback and Merkel's verification information are counted It calculates, obtains Merkel's root to be verified, judge whether Merkel's root to be verified and Merkel's root are identical, and according to sentencing Break as a result, the individual privacy information provided user terminal is verified.To which examination person can only go examination to force public information Meet the privacy information of the citizen (such as runaway convict, Lao Lai etc.) of preset condition, it is ensured that force public information ineligible The privacy information of citizen is not exposed.

Further, the 3rd embodiment deduction for the method protected according to the application based on the citizen privacy of zero-knowledge proof It is proposed the fourth embodiment for the method that the application is protected based on the citizen privacy of zero-knowledge proof, it is in the present embodiment, described hidden Private echo request further includes examination Permission Levels；

The step S50 further include:

Step S51, after the user terminal receives privacy echo request, according to the examination Permission Levels received and respectively The default access grade of individual privacy information feeds back Permission Levels pair identical with examination Permission Levels in individual privacy information Each individual privacy information and Merck verification information answered are to the examination terminal.

In the present embodiment, it when checking the privacy echo request that terminal is sent further includes examination Permission Levels, uses After family terminal receives privacy echo request, according to the default access of each personal information, selected from all personal information Permission Levels each personal information identical not higher than examination Permission Levels, then passes through wired or wireless network for each of selection Personal information is sent to the examination terminal.Personal information gets over privacy, and the Permission Levels of the personal information are higher, needs to check Permission is higher.Such as individual's educational background, the Permission Levels of gender in individual privacy information are 2 grades, date of birth, home address power Limiting grade is 3 grades, and the information such as personal identification number, marital status, marriage and childbirth situation, spouse's name, parent's name, children's name are 4 grades.When the examination Permission Levels in the privacy echo request that user terminal receives be 3 grades when, citizen 1 grade of Permission Levels, The personal information that 2 grades and 3 grades of Permission Levels of Permission Levels is sent to examination terminal.

Need to illustrate when, the Permission Levels of personal information can also be lower with information more privacy, in such case Under, and after user terminal receives privacy echo request, according to the default access grade of each personal information, from all individuals Permission Levels each personal information identical not less than examination Permission Levels is selected in information, and feeds back selected personal information extremely Check terminal.

A kind of privacy information that corresponding authority grade is provided according to examination person's Permission Levels is present embodiments provided to looking into The person of testing, so that the privacy information of citizen is graded protection.

Further, the first embodiment proposition for the method protected according to the application based on the citizen privacy of zero-knowledge proof The fourth embodiment for the method that the application is protected based on the citizen privacy of zero-knowledge proof, in the present embodiment, the step S10 Before further include:

Step S70, authoritative institution's server receive the citizen ID that each user terminal is sent respectively and the citizen ID Corresponding at least one personal information；

Step S80, when the corresponding personal information quantity of the citizen ID received is greater than or equal to two, the power According to the second preset condition, respectively each personal information is divided into individual privacy information or forces open letter prestige authority server Breath；

Step S90, authoritative institution's server is according to the corresponding each personal information of the citizen ID received and respectively The corresponding information category of personal information, creates the corresponding news file of the citizen ID, wherein the news file includes institute State the news file of citizen ID corresponding at least two personal information and the corresponding information category of each personal information；

Step S100, authoritative institution's server is using preset hash algorithm, preset orderly Merkel tree building Each personal information in the regular and described news file constructs the corresponding first Merkel tree of the file number, and according to first The biometric information of Merkel tree and the citizen ID prestored creates the Merkel's root and the public affairs of the first Merkel tree The mapping relations of the biometric information of people ID；

Step S110, authoritative institution's server is according to the first private key to Merkel's root of the first Merkel tree It forces public information to be signed in the news file, generates the first digital signature；

Step S120, authoritative institution's server by include authoritative institution ID, the first Merkel tree Merkel The information of public information is forced to store to the block platform chain in root, the first digital signature and the news file.

, in the present embodiment, authoritative institution's server receive user terminal (user terminal can with the user terminal of citizen, Or terminal, certain bank or the terminal of court system etc. of public security system, it is not limited thereto) the citizen ID that sends respectively And corresponding at least one personal information of citizen ID.When the corresponding personal information quantity of the citizen ID received is greater than or waits When two, each personal information is divided into individual privacy respectively according to the second preset condition by authoritative institution's server Information or one of the two big information types for forcing public information.Second preset condition can be that personal information classification be It is no to meet preset information category, it is divided into pressure public information if meeting, does not meet and is divided into individual privacy information, example Such as preset information category is previous conviction, credit standing, history of drug abuse, when law court sends a personal information of certain citizen ID Classification belongs to credit standing, then according to the second preset condition, this information is divided into pressure public information, when public security system is sent out A personal information classification of the citizen ID sent is native place, then this information is divided into individual privacy information.Second is default Condition can also whether there is preset keyword according to personal information content, then be divided into pressure public information if it exists, if There is no being then divided into individual privacy information, for example, preset keyword can for Lao Lai, take drugs etc..Second preset condition is also Whether the personal information that can be received for judgement has been marked the disclosed label of pressure, is then divided into pressure open letter if it exists Breath, is then divided into individual privacy information if it does not exist.

Authoritative institution's server creates the public affairs for after the corresponding each personal information classified types of the citizen ID The corresponding news file of people ID, wherein the news file includes the citizen ID corresponding at least two personal information and each item The news file of the corresponding information category of personal information.

After creating news file for the citizen ID, authoritative institution's server uses preset hash algorithm, presets Orderly Merkel tree building rule and the news file in each personal information, it is corresponding first silent to construct the citizen ID Ke Er tree.Simultaneously according to the biometric information of the first Merkel tree and the citizen ID prestored, the first Merkel tree is created Merkel's root and the citizen ID biometric information mapping relations, and the mapping relations can be stored to Merck In that root and biometric information mapping table.Such as the detailed process of the building of the Merkel tree in Fig. 7 is as follows: first Step, using preset hash algorithm obtain the corresponding cryptographic Hash hash (P1) of each personal information, hash (P2), hash (P3), Hash (P4), hash (P5) and hash (P6), more each cryptographic Hash know hash (P1) < hash (P2) < hash (P3) < Hash (P4) < hash (P5) < hash (P6), according to preset orderly Merkel tree building rule (from as low as greatly successively from a left side To right sequence), successively sort first layer leaf node；Second step is according to the cryptographic Hash of each leaf node to have sorted, using Hash Algorithm obtains the cryptographic Hash hash (A+B) of the second node layer AB, the cryptographic Hash hash (C+D) and node EF cryptographic Hash of node CD Hash (E+F), and hash (A+B) < hash (C+D) < hash (E+F), according to ordering rule, the node with hash (A+B) AB is first position of the second layer, and the node CD with hash (C+D) is second position of the second layer, and the section of hash (E+F) Point EF rises to third node layer automatically；Third step calculates third node layer ABCD according to hash (A+B) and hash (C+D) Cryptographic Hash be hash (AB+CD), and node ABCD is placed on by hash (AB+CD) < hash (E+F) according to ordering rule First position of third layer, node EF are placed on second position of third layer；4th step, according to hash (AB+CD) and hash (E+F) The cryptographic Hash for calculating Merkel's root node is hash (ABCD+EF).

It should be noted that during above-mentioned cleartext information and Merkel's verification information transmit, and examination terminal During being verified to information, even if using secrecy transmission mechanism, it is also possible to cause part for Merkel's verifying Cryptographic Hash leakage.Such as ask for diversified personal information repeatedly by the certifying organization of network monitoring or malice, all may be used The data that all or part of Merkel tree can be will lead to are obtained by illegal person.To prevent the mode of malicious attacker exhaustion from pushing away Disconnected personal information can distribute a special value when constructing leaf node for every personal information, using hash algorithm to a People's information and corresponding special value, which calculate, obtains the corresponding cryptographic Hash of this personal information.The special value can be power The numerical value that prestige authority server is randomly generated, or send the numerical value that the terminal of personal information uploads.In this way, being attack Person can cleartext information in exhaustive finite discrete set, also middle special value impossible to exhaust, also just impossible to exhaust to calculate this bright The corresponding cryptographic Hash of literary information, also can not just extrapolate Merkel's root.

After the corresponding news file of authoritative institution server construction citizen ID, if the corresponding citizen of citizen ID needs to obtain institute When stating the personal information in the corresponding news file of citizen ID, citizen can be sent by user terminal to authoritative institution's server Information document acquisition request including citizen ID, authoritative institution's server can be by the corresponding information document of citizen ID and authoritative institutions ID is sent to user terminal, user terminal according to authoritative institution ID, obtain the corresponding hash algorithm of authoritative institution ID and orderly Merkel tree building rule, then according to the personal information of the acquisition, the hash algorithm and the orderly Merkel tree structure Rule is built, oneself the first Merkel tree of building, to obtain the data in the first Merkel tree.Authoritative institution's server is in addition to inciting somebody to action Personal information needed for authoritative institution ID and user is sent to user terminal, can also be directly by corresponding first Merck of citizen ID You are sent to the user terminal tree.

It should be noted that authoritative institution's server can include authoritative institution ID, the citizen ID by generating one The digital certificate of corresponding news file, digital certificate is sent to the user terminal, and can also include the public affairs in digital certificate People ID corresponds to the first Merkel tree.

Authoritative institution's server can use Merkel root and the letter of first private key to the first Merkel tree of building It forces public information to be signed in breath archives, generates the corresponding first number label of Merkel's root of the first Merkel tree Name (carries out signature to represent this Merkel's root being effective) using the first private key.Later, authoritative institution's server can will include Merkel's root of the first Merkel tree, first digital signature force public information and power in the news file The information of prestige mechanism ID is sent to block platform chain, and it includes authoritative institution ID, institute that block platform chain, which can store receive described, It states Merkel's root of the first Merkel tree, force public information, first digital signature and authority in the news file The information of mechanism ID.

The present embodiment is based on user terminal by using preset hash algorithm and the building rule building of orderly Merkel tree The Merkel tree of the corresponding each personal information of the citizen ID of offer, and by Merkel's root of the Merkel tree and citizen ID Public information is forced to be stored in block platform chain.It, can not be anti-by cryptographic Hash since hash digest algorithm is unidirectional mapping algorithm To the content for extrapolating each personal information, and the root of Merkel tree and the content of any leaf node and position are all directly related, The change of the interior perhaps position of any leaf node can all cause the data stored in the change and block platform chain of root to be not It can be modified and be deleted, to ensure that the safety of each personal information content, and be ensured corresponding each based on citizen ID Merkel's root of the Merkel tree of personal information creation and the pressure public information of citizen ID be not easily modified.

Further, the 3rd embodiment proposition for the method protected according to the application based on the citizen privacy of zero-knowledge proof 5th embodiment of the method that the application is protected based on the citizen privacy of zero-knowledge proof, in the present embodiment, the step S80 Later further include:

Step S130, authoritative institution's server is according to third preset condition, the citizen ID that respectively receives Different rights grade is arranged in corresponding each personal information；

In addition, the step S90 includes:

In the present embodiment, in authoritative institution's server according to the second preset condition, respectively each personal information After being divided into individual privacy information or forcing public information, authoritative institution's server is further each according to third preset condition Different Permission Levels of personal computer device.The third preset condition can be the affiliated type of preset personal information and permission Grade corresponding relationship, the type for the personal information that identification user terminal is sent, according to the affiliated type of preset personal information and power Grade corresponding relationship is limited, different permissions is respectively set；Third preset condition may be preset keyword and Permission Levels Corresponding relationship, the keyword for the personal information content matching that identification user terminal is sent, so that permission be arranged for the personal information Grade.

It is described after each personal information that authoritative institution is the citizen ID that user terminal is sent is divided into Permission Levels Citizen ID creates a news file, and the news file includes the citizen ID corresponding at least two personal information, each item The news file of personal information corresponding information category and corresponding Permission Levels.It is personal information that the present embodiment, which proposes a kind of, The strategy of different rights grade is set, so that it is guaranteed that the talent of only certain permission can touch personal information.

Further, referring to Fig. 5, according to the third reality for the method that the application is protected based on the citizen privacy of zero-knowledge proof Apply the sixth embodiment for the method that example proposes that the application is protected based on the citizen privacy of zero-knowledge proof, in the present embodiment, institute Stating step S120 includes:

Step S121, the intelligent contract on block platform chain described in authoritative institution's server calls, creates a packet It includes and forces public affairs in authoritative institution ID, Merkel's root of the first Merkel tree, the first digital signature and the news file Open the first transaction record of information；

Step S122, authoritative institution's server store first transaction record to the block platform chain.

In the present embodiment, authoritative institution's server can generate a friendship by calling the intelligent contract on block platform chain Easily, authoritative institution's server can be by the Merkel's root for including authoritative institution ID, the first Merkel tree, first number It is forced in signature and the news file in the information write-in transaction record of public information.Then the transaction record is stored in In the intelligent contract called on block platform chain.Fig. 8 is a kind of transaction record for storing Merkel's root, the transaction In the Input Data of record with aecb88 ending that string character string be just include Merkel's root, corresponding digital signature and The information of public information is forced in the news file, the information in From is then authoritative institution ID.

The present embodiment is by will force public information that transaction record is written and deposit in Merkel's root and the news file Storage is on block platform chain, so that it is guaranteed that Merkel's root is not easily modified.

Further, the 3rd embodiment proposition for the method protected according to the application based on the citizen privacy of zero-knowledge proof 7th embodiment of the method that the application is protected based on the citizen privacy of zero-knowledge proof, in the present embodiment, the step After S120 further include:

Step S140, authoritative institution's server receive the update request that any user terminal is sent, wherein it is described more New request includes the citizen ID and at least one personal information；

It is personal will to update each item in request according to the second preset condition respectively for step S150, authoritative institution's server Information is divided into individual privacy information or forces public information；

Step S160, authoritative institution's server is according in the corresponding news file of the citizen ID, update request Each personal information and corresponding information category update the corresponding news file of the citizen ID and generate the new of the citizen ID News file, the new information archives include each personal information and the corresponding information category of each personal information；

Step S170, authoritative institution's server is using preset hash algorithm, preset orderly Merkel tree building Each personal information in the regular and described new information archives, building update the corresponding second Merkel tree of file number in request, And according to the biometric information of the second Merkel tree and the citizen ID prestored, Merkel's root of the second Merkel tree is created The mapping relations of value and the biometric information of the citizen ID and delete Merkel's root of the first Merkel tree and described The mapping relations of the biometric information of citizen ID；

Step S180, authoritative institution's server use Merkel root and institute of first private key to the second Merkel tree Stating in new information archives forces public information to be signed, and generates the second digital signature；

Step S190, the authoritative institution will include authoritative institution ID, Merkel's root of the second Merkel tree, the second number The information of public information is forced to store to the block platform chain in word signature and the new information archives.

In the present embodiment, that authoritative institution's server receives the transmission of any user terminal includes citizen ID and at least one After the update request of personal information, authoritative institution's server will update each item in request according to the second preset condition respectively Personal information is divided into individual privacy information or public information is forced to recall the corresponding letter of citizen ID then according to citizen ID Archives are ceased, then according to a plurality of individual at least one personal information and the corresponding news file of citizen ID updated in request Information updates the corresponding news file of the citizen ID.

It should be noted that the personal information updated in request may be just for certain in original information archives personal letter An existing personal information " residence is Guangdong " in the update of breath, such as original information archives updates in request one Personal information is " residence is Shenzhen ", in this case can be by original this people including " residence is Guangdong " content Information deletion, will include " residence is Shenzhen " content personal information storage in original information archives, generate new information Archives.The personal information updated in request may be the personal information being not present in original information archives, can incite somebody to action in this case The personal information updated in request is added in original information archives, the new information archives of generation.

After news file updates, authoritative institution's server can be generated according to preset hash algorithm and new news file The corresponding second Merkel tree of the new news file, at the same delete the first Merkel tree Merkel's root and the citizen The Merkel's root of the second Merkel tree of mapping relations and creation and the biology of the citizen ID of the biometric information of ID are known The mapping relations of other information, and by the mapping of Merkel's root of the second Merkel tree and the biometric information of the citizen ID Relationship is stored into the mapping table of preset Merkel's root and citizen's biometric information.

Authoritative institution's server uses Merkel root and the new information archives of first private key to the second Merkel tree In belong to each personal information of public information forced to be signed, generate the second digital signature, and will include the second Merkel Belong in Merkel's root of tree, the second digital signature and the new information archives force public information each personal information, The information of authoritative institution ID is stored to block platform chain

The present embodiment is requested by being updated according to the personal information of user terminal, is updated to news file and is updated News file creates new Merkel tree and new Merkel's tree root value is stored in block platform chain, thus in the individual of citizen After information update, it is ensured that the updated personal information that citizen provides can be passed through by examination and old personal information cannot be by Examination passes through.

The system for the citizen privacy protection based on zero-knowledge proof that the invention also provides a kind of.

Referring to Fig. 6, in one embodiment, the system comprises: examination terminal 100, authoritative institution's server 200 and user Terminal 300.

Terminal 100 is checked, for obtaining the biometric information of citizen, sends the biometric information including the citizen Inquiry request to authoritative institution's server 200；

Authoritative institution's server 200 is known for receiving the biology including the citizen that the examination terminal 100 is sent After the inquiry request of other information, according to the mapping relations of the Merkel's root and biometric information that prestore, the citizen is obtained The corresponding Merkel's root of biometric information, and by Merkel's root, authoritative institution ID, preset hash algorithm and Preset orderly Merkel tree building rule feeds back to the examination terminal 100；

The examination terminal 100, the Merkel's root fed back for receiving authoritative institution's server 200 Afterwards, according to authoritative institution ID and Merkel's root, the corresponding pressure public information of Merkel's root is obtained, and according to The pressure public information got judges whether the first preset condition of satisfaction, and when determining the first preset condition of satisfaction, Privacy echo request is sent to user terminal 300；

User terminal 300 feeds back at least one individual privacy information and Merkel after receiving privacy echo request Verification information is to the examination terminal 100, wherein Merkel's verification information includes each individual privacy information except feedback The cryptographic Hash of at least one other node outside corresponding each Merkel's node includes except each individual privacy information fed back The cryptographic Hash of at least one other node outside corresponding Merkel's node and corresponding affiliated layer；

The examination terminal 100, for whole according to the hash algorithm, the orderly Merkel tree building rule, user Hold feedback each individual privacy information and Merkel's verification information calculate, obtain Merkel's root to be verified, judge to It verifies Merkel's root and whether Merkel's root is identical, and according to judging result, the individual that user terminal 300 is provided Privacy information is verified.

It should be noted that there is above system the third of the method for the citizen privacy protection based on zero-knowledge proof to implement The all technical features of example, the whole embodiments that specific interactive process is referred to preceding method execute, before also having accordingly State whole technical effects of the embodiment of method.

The present invention also proposes a kind of computer readable storage medium, is stored thereon with computer program.The computer can Reading storage medium can be the memory 20 in the server of Fig. 1, be also possible to as ROM (Read-Only Memory, it is read-only to deposit Reservoir)/RAM (Random Access Memory, random access memory), magnetic disk, at least one of CD, the calculating Machine readable storage medium storing program for executing includes that several information are used so that examination terminal, authoritative institution's server, user terminal and/or block chain Platform executes method described in each embodiment of the present invention.

It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, method, article or the system that include a series of elements not only include those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or system institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do There is also other identical elements in the process, method of element, article or system.

The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.

Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.

The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims

1. a kind of method of the citizen privacy protection based on zero-knowledge proof, which is characterized in that be applied to examination terminal, including step It is rapid:

Obtain the biometric information of citizen, send include the citizen biometric information inquiry request to authoritative institution Server, so that authoritative institution receives the biometric information for feeding back authoritative institution ID, the citizen after the inquiry request Corresponding Merkel's root, preset hash algorithm and preset orderly Merkel tree building rule；

According to the authoritative institution ID of the authoritative institution's server feedback received and Merkel's root, institute is obtained State the corresponding pressure public information of Merkel's root；

According to the pressure public information got, judge whether to meet the first preset condition, and meet first in advance when determining If when condition, sending privacy echo request to user terminal, so that the user terminal feeds back at least one of the citizen People's privacy information and Merkel's verification information；

According to the hash algorithm, the orderly Merkel tree building rule, each individual privacy of user terminal feedback Information and Merkel's verification information calculate, and obtain Merkel's root to be verified, judge Merkel's root to be verified and described Whether Merkel's root is identical, and according to judging result, the individual privacy information provided user terminal is verified.

2. the method for the citizen privacy protection based on zero-knowledge proof as described in claim 1, which is characterized in that according to reception The authoritative institution ID arrived and Merkel's root, the step of obtaining Merkel's root corresponding pressure public information Include:

The inquiry request including Merkel's root and the authoritative institution ID is sent to block platform chain, so that the block Platform chain receive feed back after the inquiry request authoritative institution ID it is corresponding at least one with Merkel's root phase Same Merkel's root, corresponding pressure public information, corresponding digital signature and corresponding storage time；

Storage is selected from the corresponding each Merkel's root identical as Merkel's root of the authoritative institution ID received Time nearest Merkel's root；

According to the authoritative institution ID, the first public key of the corresponding authoritative institution's server of authoritative institution ID is obtained, and uses institute The first public key Merkel root corresponding digital signature nearest to the storage time of selection is stated to verify；

If being verified, the Merkel's root for selecting storage time nearest is corresponding to force public information, and as the citizen's Force public information.

3. a kind of method of the citizen privacy protection based on zero-knowledge proof, which is characterized in that the step includes:

The biometric information that terminal obtains citizen is checked, sends the inquiry request of the biometric information including the citizen extremely Authoritative institution's server；

Authoritative institution's server receives looking into for the biometric information including the citizen that the examination terminal is sent After asking request, according to the mapping relations of the Merkel's root and biometric information that prestore, the bio-identification of the citizen is obtained The corresponding Merkel's root of information, and by Merkel's root, authoritative institution ID, preset hash algorithm and it is preset orderly Merkel tree building rule feeds back to the examination terminal；

After the examination terminal receives Merkel's root of authoritative institution's server feedback, according to authoritative institution ID With Merkel's root, the corresponding pressure public information of Merkel's root is obtained；

The examination terminal judges whether to meet the first preset condition according to the pressure public information got, and works as true When meeting the first preset condition surely, privacy echo request is sent to user terminal；

After the user terminal receives privacy echo request, at least one individual privacy information and Merkel's verification information are fed back To the examination terminal, wherein Merkel's verification information includes the corresponding each Merck of each individual privacy information except feedback The cryptographic Hash of at least one other node outside your node includes except the corresponding Merkel of each individual privacy information fed back The cryptographic Hash of at least one other node outside node and corresponding affiliated layer；

The examination terminal is according to the hash algorithm, each item of the orderly Merkel tree building rule, user terminal feedback Individual privacy information and Merkel's verification information calculate, and obtain Merkel's root to be verified, judge Merkel's root to be verified Whether value and Merkel's root are identical, and according to judging result, the individual privacy information provided user terminal is tested Card.

4. the method for the citizen privacy protection based on zero-knowledge proof as claimed in claim 3, which is characterized in that the privacy Echo request further includes examination Permission Levels；

After the user terminal receives privacy echo request, at least one individual privacy information and Merkel's verification information are fed back Include: to the step of examination terminal

After the user terminal receives privacy echo request, according to the examination Permission Levels received and each individual privacy letter It is personal to feed back each item corresponding with the identical Permission Levels of Permission Levels are checked in individual privacy information for the default access grade of breath Privacy information and Merck verification information are to the examination terminal.

5. the method for the citizen privacy protection based on zero-knowledge proof as claimed in claim 4, which is characterized in that the examination Terminal obtains the biometric information of citizen, send include the citizen biometric information inquiry request to authoritative institution Include: before the step of server

Authoritative institution's server receives the citizen ID that each user terminal is sent respectively and the citizen ID corresponding at least one Personal information；

When the corresponding personal information quantity of the citizen ID received is greater than or equal to two, authoritative institution's server According to the second preset condition, respectively each personal information is divided into individual privacy information or forces public information；

Authoritative institution's server is according to the corresponding each personal information of the citizen ID received and each personal information pair The information category answered creates the corresponding news file of the citizen ID, wherein the news file includes the citizen ID corresponding At least two personal information and the corresponding information category of each personal information news file；

Authoritative institution's server is using preset hash algorithm, preset orderly Merkel tree building rule and the information Each personal information in archives constructs the corresponding first Merkel tree of the file number, and according to the first Merkel tree and prestores The citizen ID biometric information, create the first Merkel tree Merkel's root and the citizen ID bio-identification The mapping relations of information；

Merkel root and the information shelves of the authoritative institution's server according to the first private key to the first Merkel tree It forces public information to be signed in case, generates the first digital signature；

Authoritative institution's server will include authoritative institution ID, Merkel's root of the first Merkel tree, the first number The information of public information is forced to store to the block platform chain in signature and the news file.

6. the method for the citizen privacy protection based on zero-knowledge proof as claimed in claim 5, which is characterized in that described to connect When the corresponding personal information quantity of the citizen ID received is greater than or equal to two, authoritative institution's server is according to second Preset condition, the corresponding each personal information of the citizen ID respectively received are divided into individual privacy information or force public After the step of opening information further include:

For authoritative institution's server according to third preset condition, the corresponding each item of the citizen ID respectively received is personal Different rights grade is arranged in information；

Authoritative institution server is believed according to the corresponding each personal information of the citizen ID received and each item individual Corresponding information category is ceased, the corresponding news file of the citizen ID is created, wherein the news file includes the citizen ID The step of news file of corresponding at least two personal information and the corresponding information category of each personal information includes:

Authoritative institution's server is corresponding according to the corresponding each personal information of the citizen ID received, each personal information Information category and corresponding Permission Levels, the corresponding news file of the citizen ID is created, wherein the news file includes Corresponding at least two personal information of the citizen ID, the corresponding information category of each personal information and corresponding Permission Levels News file.

7. the method for the citizen privacy protection based on zero-knowledge proof as claimed in claim 6, which is characterized in that described Authoritative institution's server will include authoritative institution ID, Merkel's root of the first Merkel tree, the first digital signature and institute After stating the step of forcing the information of public information to store to the block platform chain in news file further include:

Authoritative institution's server receives the update request that any user terminal is sent, wherein update request includes described Citizen ID and at least one personal information；

Authoritative institution's server will update each personal information in request respectively and be divided into individual according to the second preset condition Privacy information forces public information；

Authoritative institution's server according to the corresponding news file of the citizen ID, update request in each personal information and Corresponding information category updates the corresponding news file of the citizen ID and generates the new information archives of the citizen ID, described New information archives include each personal information and the corresponding information category of each personal information；

Authoritative institution's server is using preset hash algorithm, preset orderly Merkel tree building rule and the new letter Each personal information in archives is ceased, building updates the corresponding second Merkel tree of file number in request, and according to the second Merck The biometric information of your tree and the citizen ID prestored, Merkel's root of the second Merkel tree of creation and the citizen ID Biometric information mapping relations and delete the first Merkel tree Merkel's root and the citizen ID biology knowledge The mapping relations of other information；

Authoritative institution's server uses Merkel root and the new information archives of first private key to the second Merkel tree Middle pressure public information is signed, and the second digital signature is generated；

The authoritative institution will include authoritative institution ID, Merkel's root of the second Merkel tree, the second digital signature and described The information of public information is forced to store to the block platform chain in new information archives.

8. the method for the citizen privacy protection based on zero-knowledge proof as claimed in claim 7, which is characterized in that described Authoritative institution will include authoritative institution ID, Merkel's root of the second Merkel tree, the second digital signature and the new information shelves The information of pressure public information, which was stored to the step of block platform chain, in case includes:

Intelligent contract on block platform chain described in authoritative institution's server calls, creation one include authoritative institution ID, The second of public information is forced in Merkel's root of the second Merkel tree, the second digital signature and the new information archives Transaction record；

9. a kind of system of the citizen privacy protection based on zero-knowledge proof, which is characterized in that the system comprises:

Terminal is checked, for obtaining the biometric information of citizen, sends the inquiry of the biometric information including the citizen It requests to authoritative institution's server；

Authoritative institution's server, for receiving looking into for the biometric information including the citizen for checking terminal transmission After asking request, according to the mapping relations of the Merkel's root and biometric information that prestore, the bio-identification of the citizen is obtained The corresponding Merkel's root of information, and by Merkel's root, authoritative institution ID, preset hash algorithm and it is preset orderly Merkel tree building rule feeds back to the examination terminal；

The examination terminal, after Merkel's root for receiving authoritative institution's server feedback, according to authority Mechanism ID and Merkel's root obtain the corresponding pressure public information of Merkel's root, and according to the institute got Pressure public information is stated, judges whether to meet the first preset condition, and when determining the first preset condition of satisfaction, send privacy and look into Request is tested to user terminal；

User terminal feeds back at least one individual privacy information and Merkel verifies letter after receiving privacy echo request Breath is to the examination terminal, wherein Merkel's verification information includes except each individual privacy information of feedback is corresponding each silent The cryptographic Hash of at least one other node outside Ke Er node includes except the corresponding Merck of each individual privacy information fed back The cryptographic Hash of at least one other node outside your node and corresponding affiliated layer；

The examination terminal, for being fed back according to the hash algorithm, the orderly Merkel tree building rule, user terminal Each individual privacy information and Merkel's verification information calculate, and obtain Merkel's root to be verified, judge Merck to be verified Whether your root and Merkel's root identical, and according to judging result, the individual privacy information that user terminal is provided into Row verifying.

10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium Program is realized when the computer program is executed by processor and is demonstrate,proved as described in any item of the claim 1 to 8 based on Zero Knowledge The step of method of bright citizen privacy protection.