CN110336672A - Method, system and the storage medium of citizen privacy protection based on zero-knowledge proof - Google Patents
Method, system and the storage medium of citizen privacy protection based on zero-knowledge proof Download PDFInfo
- Publication number
- CN110336672A CN110336672A CN201910365740.8A CN201910365740A CN110336672A CN 110336672 A CN110336672 A CN 110336672A CN 201910365740 A CN201910365740 A CN 201910365740A CN 110336672 A CN110336672 A CN 110336672A
- Authority
- CN
- China
- Prior art keywords
- information
- merkel
- root
- citizen
- authoritative institution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
- H04L9/3221—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Abstract
Method, system and the storage medium for the citizen privacy protection based on zero-knowledge proof that the invention discloses a kind of, method include: after examination terminal obtains citizen's biological information, to obtain the corresponding Merkel's root of the biological information;According to Merkel's root, the corresponding pressure public information of Merkel's root is obtained, after forcing public information to meet the first preset condition, sends privacy echo request to the user terminal;Receive the individual privacy information and Merkel's verification information of user terminal feedback, and it is calculated according to hash algorithm, orderly Merkel tree building rule, individual privacy information and Merkel's verification information, obtain Merkel's root to be verified, and judge whether Merkel's root to be verified and Merkel's root are identical, when Merkel's root to be verified is identical with Merkel's root, the individual privacy information for determining that user terminal provides is true.The present invention solves consult citizen during citizen privacy information the technical issues of being exposed.
Description
Technical field
The present invention relates to block platform chain technical fields, more particularly to the side of the protection of the citizen privacy based on zero-knowledge proof
Method, system and computer readable storage medium.
Background technique
In recent years, as universal and 5G network the preparation of 4G network is universal, artificial intelligence, the continuous development of internet
With it is increasingly mature.One digitization big epoch has been fade-in the every aspect of people's life.When law enfrocement official consults a certain citizen
When, by the way that using after the AI recognition of face citizen, all personal information of the citizen can be all pushed in the terminal of law enfrocement official,
Law enfrocement official determines whether the citizen is runaway convict or " old further according to whether there is the information such as runaway convict or Lao Lai in these information
Rely ".But the process of access will lead to the problem of being all exposed by all privacy informations of access citizen.
Above content is only used to facilitate the understanding of the technical scheme, and is not represented and is recognized that above content is existing skill
Art.
Summary of the invention
The method of the citizen privacy protection that the main purpose of the present invention is to provide a kind of based on zero-knowledge proof, system and
Computer readable storage medium, it is intended to the technical issues of citizen privacy information is exposed during solution access citizen.
To achieve the above object, the application provides a kind of method of citizen privacy protection based on zero-knowledge proof, application
In examination terminal, comprising steps of
Obtain the biometric information of citizen, send include the citizen biometric information inquiry request to authority
Authority server, so that authoritative institution receives the bio-identification for feeding back authoritative institution ID, the citizen after the inquiry request
The corresponding Merkel's root of information, preset hash algorithm and preset orderly Merkel tree building rule;
According to the authoritative institution ID of the authoritative institution's server feedback received and Merkel's root, obtain
Take the corresponding pressure public information of Merkel's root;
According to the pressure public information got, judge whether to meet the first preset condition, and meets the when determining
When one preset condition, privacy echo request is sent to user terminal, so that the user terminal feeds back at least the one of the citizen
Individual privacy information and Merkel's verification information;
It is personal according to the hash algorithm, the orderly Merkel tree building rule, each item of user terminal feedback
Privacy information and Merkel's verification information calculate, and obtain Merkel's root to be verified, judge Merkel's root to be verified and
Whether Merkel's root is identical, and according to judging result, the individual privacy information provided user terminal is verified.
Optionally, according to the authoritative institution ID and Merkel's root received, Merkel's root is obtained
The step of corresponding pressure public information includes:
The inquiry request including Merkel's root and the authoritative institution ID is sent to block platform chain, so that described
Block platform chain receive feed back after the inquiry request authoritative institution ID it is corresponding at least one with Merkel's root
It is worth identical Merkel's root, corresponding pressure public information, corresponding digital signature and corresponding storage time;
It is selected from the corresponding each Merkel's root identical as Merkel's root of the authoritative institution ID received
The nearest Merkel's root of storage time;
According to the authoritative institution ID, the first public key of the corresponding authoritative institution's server of authoritative institution ID is obtained, and is adopted
It is verified with the first public key Merkel root corresponding digital signature nearest to the storage time of selection;
If being verified, the Merkel's root for selecting storage time nearest is corresponding to force public information, and as the public affairs
The pressure public information of the people.
In addition, the application also provides a kind of method of citizen privacy protection based on zero-knowledge proof, comprising steps of
The biometric information that terminal obtains citizen is checked, the inquiry for sending the biometric information including the citizen is asked
It asks to authoritative institution's server;
Authoritative institution's server receives the biometric information including the citizen that the examination terminal is sent
Inquiry request after, according to the mapping relations of the Merkel's root and biometric information that prestore, obtain the biology of the citizen
The corresponding Merkel's root of identification information, and by Merkel's root, authoritative institution ID, preset hash algorithm and preset
Orderly Merkel tree building rule feeds back to the examination terminal;
After the examination terminal receives Merkel's root of authoritative institution's server feedback, according to authoritative machine
Structure ID and Merkel's root obtain the corresponding pressure public information of Merkel's root, and according to getting
Public information is forced, judges whether to meet the first preset condition, and when determining the first preset condition of satisfaction, send privacy examination
It requests to user terminal;
After the user terminal receives privacy echo request, at least one individual privacy information and Merkel's verifying are fed back
Information is to the examination terminal, wherein Merkel's verification information includes except each individual privacy information of feedback is corresponding each
The cryptographic Hash of at least one other node outside Merkel's node includes except each individual privacy information of feedback is corresponding silent
The cryptographic Hash of at least one other node outside Ke Er node and corresponding affiliated layer;
The examination terminal is fed back according to the hash algorithm, the orderly Merkel tree building rule, user terminal
Each individual privacy information and Merkel's verification information calculate, and obtain Merkel's root to be verified, judge Merck to be verified
Whether your root and Merkel's root identical, and according to judging result, the individual privacy information that user terminal is provided into
Row verifying.
Optionally, the privacy echo request further includes examination Permission Levels;
After the user terminal receives privacy echo request, at least one individual privacy information and Merkel's verifying are fed back
Information to the step of examination terminal includes:
It is hidden according to the examination Permission Levels and each item individual that receive after the user terminal receives privacy echo request
The default access grade of personal letter breath feeds back each item corresponding with the identical Permission Levels of Permission Levels are checked in individual privacy information
Individual privacy information and Merck verification information are to the examination terminal.
Optionally, the examination terminal obtains the biometric information of citizen, sends the bio-identification including the citizen
Include: before the step of inquiry request of information to authoritative institution's server
Authoritative institution's server receives the citizen ID that each user terminal is sent respectively and the citizen ID is corresponding extremely
A few personal information;
When the corresponding personal information quantity of the citizen ID received is greater than or equal to two, authoritative institution's clothes
Device be engaged according to the second preset condition, respectively each personal information is divided into individual privacy information or forces public information;
Authoritative institution's server is believed according to the corresponding each personal information of the citizen ID received and each item individual
Corresponding information category is ceased, the corresponding news file of the citizen ID is created, wherein the news file includes the citizen ID
The news file of corresponding at least two personal information and the corresponding information category of each personal information;
Authoritative institution's server is regular and described using preset hash algorithm, preset orderly Merkel tree building
Each personal information in news file, constructs the corresponding first Merkel tree of the file number, and according to the first Merkel tree and
The biometric information of the citizen ID prestored creates Merkel's root of the first Merkel tree and the biology of the citizen ID
The mapping relations of identification information;
Merkel root and the letter of the authoritative institution's server according to the first private key to the first Merkel tree
It forces public information to be signed in breath archives, generates the first digital signature;
Authoritative institution's server will include authoritative institution ID, Merkel's root of the first Merkel tree, first
The information of public information is forced to store to the block platform chain in digital signature and the news file.
Optionally, described when the corresponding personal information quantity of the citizen ID received is greater than or equal to two, institute
Authoritative institution's server is stated according to the second preset condition, the corresponding each personal information of the citizen ID respectively received is drawn
After the step of being divided into individual privacy information or forcing public information further include:
Authoritative institution's server is according to third preset condition, the corresponding each item of the citizen ID that respectively receives
Different rights grade is arranged in personal information;
Authoritative institution server is according to the corresponding each personal information of the citizen ID received and each item
The corresponding information category of people's information creates the corresponding news file of the citizen ID, wherein the news file includes the public affairs
The step of news file of corresponding at least two personal information of people ID and the corresponding information category of each personal information includes:
Authoritative institution's server is according to the corresponding each personal information of the citizen ID received, each personal information
Corresponding information category and corresponding Permission Levels create the corresponding news file of the citizen ID, wherein the news file
Including corresponding at least two personal information of the citizen ID, the corresponding information category of each personal information and corresponding permission etc.
The news file of grade.
Optionally, authoritative institution server by include authoritative institution ID, the first Merkel tree Merck
The information of public information is forced to store to the step of the block platform chain in your root, the first digital signature and the news file
After rapid further include:
Authoritative institution's server receives the update request that any user terminal is sent, wherein update request includes
The citizen ID and at least one personal information;
Authoritative institution's server will update each personal information in request respectively and be divided into according to the second preset condition
Individual privacy information forces public information;
Authoritative institution's server is believed according to each item individual in the corresponding news file of the citizen ID, update request
Breath and corresponding information category, update the corresponding news file of the citizen ID and generate the new information archives of the citizen ID,
The new information archives include each personal information and the corresponding information category of each personal information;
Authoritative institution's server is regular and described using preset hash algorithm, preset orderly Merkel tree building
Each personal information in new information archives, building update the corresponding second Merkel tree of file number in request, and according to second
The biometric information of Merkel tree and the citizen ID prestored creates the Merkel's root and the public affairs of the second Merkel tree
Merkel's root of the first Merkel tree of mapping relations and deletion of the biometric information of people ID and the life of the citizen ID
The mapping relations of object identification information;
Authoritative institution's server uses Merkel root and the new information of first private key to the second Merkel tree
It forces public information to be signed in archives, generates the second digital signature;
The authoritative institution will include authoritative institution ID, Merkel's root of the second Merkel tree, the second digital signature and
The information of public information is forced to store to the block platform chain in the new information archives.
Optionally, the authoritative institution will include authoritative institution ID, Merkel's root of the second Merkel tree, second
The information of pressure public information, which was stored to the step of block platform chain, in digital signature and the new information archives includes:
Intelligent contract on block platform chain described in authoritative institution's server calls, creation one includes authoritative institution
Public information is forced in ID, Merkel's root of the second Merkel tree, the second digital signature and the new information archives
Second transaction record;
Authoritative institution's server sends second transaction record and stores to the block platform chain.
In addition, to achieve the above object, the present invention also provides a kind of zero-knowledge proof system of personal information, the systems
Include:
Terminal is checked, for obtaining the biometric information of citizen, sends the biometric information including the citizen
Inquiry request is to authoritative institution's server;
Authoritative institution's server, the biometric information including the citizen sent for receiving the examination terminal
Inquiry request after, according to the mapping relations of the Merkel's root and biometric information that prestore, obtain the biology of the citizen
The corresponding Merkel's root of identification information, and by Merkel's root, authoritative institution ID, preset hash algorithm and preset
Orderly Merkel tree building rule feeds back to the examination terminal;
The examination terminal, after Merkel's root for receiving authoritative institution's server feedback, according to
Authoritative institution ID and Merkel's root, obtain the corresponding pressure public information of Merkel's root, and according to getting
The pressure public information, judge whether meet the first preset condition, and when determine meet the first preset condition when, send it is hidden
Private echo request is to user terminal;
User terminal feeds back at least one individual privacy information and Merkel tests after receiving privacy echo request
Information is demonstrate,proved to the examination terminal, wherein Merkel's verification information includes except each individual privacy information of feedback is corresponding
The cryptographic Hash of at least one other node outside each Merkel's node includes except each individual privacy information of feedback is corresponding
The cryptographic Hash of at least one other node outside Merkel's node and corresponding affiliated layer;
The examination terminal, for anti-according to the hash algorithm, the orderly Merkel tree building rule, user terminal
Each individual privacy information and Merkel's verification information of feedback calculate, and obtain Merkel's root to be verified, judge to be verified
Whether Merkel's root and Merkel's root are identical, and according to judging result, believe the individual privacy that user terminal provides
Breath is verified.
In addition, to achieve the above object, it is described computer-readable the present invention also provides a kind of computer readable storage medium
It is stored with computer program on storage medium, realizes when the computer program is executed by processor and knows as described above based on zero
The step of knowing the method for the citizen privacy protection proved.
Method, system and the computer for a kind of citizen privacy protection based on zero-knowledge proof that the embodiment of the present invention proposes
Readable storage medium storing program for executing sends the inquiry of the biometric information including the citizen by obtaining the biometric information of citizen
Request is to authoritative institution's server, so that authoritative institution ID, the citizen feed back after receiving the inquiry request in authoritative institution
The corresponding Merkel's root of biometric information, preset hash algorithm and preset orderly Merkel tree building rule;Root
The authoritative institution ID and Merkel's root according to the authoritative institution's server feedback received, obtain the Merck
The corresponding pressure public information of your root;According to the pressure public information got, judge whether to meet the first default item
Part, and when determining the first preset condition of satisfaction, privacy echo request is sent to user terminal, so that the user terminal is fed back
At least one individual privacy information and Merkel's verification information of the citizen;According to the hash algorithm, the orderly Merck
You calculate tree building rule, each individual privacy information of user terminal feedback and Merkel's verification information, obtain
Merkel's root to be verified judges whether Merkel's root to be verified and Merkel's root are identical, and according to judging result,
The individual privacy information provided user terminal is verified.To examination person can only go examination force public information meet it is default
The privacy information of the citizen (such as runaway convict, Lao Lai etc.) of condition, it is ensured that the citizen's for forcing public information ineligible is hidden
Personal letter breath is not exposed.
Detailed description of the invention
Fig. 1 is the structural schematic diagram for the hardware running environment that the embodiment of the present invention is related to;
Fig. 2 is the flow diagram for the method first embodiment protected the present invention is based on the citizen privacy of zero-knowledge proof;
Fig. 3 is the thin of step S020 in the method second embodiment protected the present invention is based on the citizen privacy of zero-knowledge proof
Change flow diagram;
Fig. 4 is the flow diagram for the method 3rd embodiment protected the present invention is based on the citizen privacy of zero-knowledge proof
Fig. 5 is the thin of step S120 in the method sixth embodiment protected the present invention is based on the citizen privacy of zero-knowledge proof
Change flow diagram;
Fig. 6 is the system architecture signal for the method 3rd embodiment protected the present invention is based on the citizen privacy of zero-knowledge proof
Figure;
Fig. 7 is the Merkel's tree schematic diagram constructed;
Fig. 8 is the transaction record schematic diagram for being stored with Merkel's root and forcing public information.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
Fig. 1 is please referred to, Fig. 1 is examination terminal, authoritative institution's server, user provided in each embodiment of the present invention
The hardware structural diagram of terminal or block platform chain, the examination terminal, authoritative institution's server, user terminal or block chain
Platform includes the components such as communication module 10, memory 20 and processor 30.It will be understood by those skilled in the art that shown in Fig. 1
Examination terminal, authoritative institution's server or block platform chain out can also include components more more or fewer than diagram, or
Combine certain components or different component layouts.Wherein, the processor 30 respectively with the memory 20 and the communication
Module 10 connects, and is stored with computer program on the memory 20, the computer program is executed by processor 30 simultaneously.
Communication module 10 can be connect by network with external equipment.Communication module 10 can receive external equipment sending
Data, also transmittable data, instruction and information to the external equipment.The external equipment can be the examination terminal, power
Prestige authority server, user terminal or block platform chain.
Memory 20 can be used for storing software program and various data.Memory 20 can mainly include storing program area
The storage data area and, wherein storing program area can application program needed for storage program area, at least one function (based on using
Family information architecture Merkel tree) etc.;Storage data area can store according to examination terminal, authoritative institution's server, user terminal or
Block platform chain uses created data or information etc..In addition, memory 20 may include high-speed random access memory,
It can also include nonvolatile memory, a for example, at least disk memory, flush memory device or other volatile solid-states are deposited
Memory device.
Processor 30 is the control centre for checking terminal, authoritative institution's server, user terminal or block platform chain, benefit
Each portion of terminal, authoritative institution's server, user terminal or block platform chain is entirely checked with various interfaces and connection
Point, by running or execute the software program and/or module that are stored in memory 20, and calls and be stored in memory 20
Data, execute examination terminal, authoritative institution's server, the various functions of user terminal or block platform chain and processing data,
To carry out integral monitoring to examination terminal, authoritative institution's server, user terminal or block platform chain.Processor 30 may include
One or more processing units;Preferably, processor 30 can integrate application processor and modem processor, wherein application
The main processing operation system of processor, user interface and application program etc., modem processor mainly handles wireless communication.It can
With understanding, above-mentioned modem processor can not also be integrated into processor 30.It is above-mentioned to look into although Fig. 1 is not shown
Testing terminal, authoritative institution's server, user terminal or block platform chain can also include circuit control module, for being electrically connected with city
It connects, realizes power supply control, guarantee the normal work of other component.
It will be understood by those skilled in the art that shown in Fig. 1 examination terminal, authoritative institution's server, user terminal or
Block platform chain structure does not constitute the restriction to examination terminal, authoritative institution's server, user terminal or block platform chain, can
To include perhaps combining certain components or different component layouts than illustrating more or fewer components.
According to above-mentioned hardware configuration, each embodiment of the method for the present invention is proposed.
Referring to Fig. 2, in the first embodiment for the method protected the present invention is based on the citizen privacy of zero-knowledge proof, application
In examination terminal, it is described based on zero-knowledge proof citizen privacy protection method comprising steps of
Step S010 obtains the biometric information of citizen, sends the inquiry of the biometric information including the citizen
Request is to authoritative institution's server, so that authoritative institution ID, the citizen feed back after receiving the inquiry request in authoritative institution
The corresponding Merkel's root of biometric information, preset hash algorithm and preset orderly Merkel tree building rule;
In the present embodiment, zero-knowledge proof refer to a side (certifier) can be proved to another party (verifier) one it is old
State be correctly, without reveal the statement be correctly except other useful informations.In in the present invention, " statement " refers to
It is pending personal information.Merkel tree (Merkle Tree) is exactly a kind of binary tree data structure for storing cryptographic Hash, is write from memory
The leaf of Ke Er tree is the cryptographic Hash of data block (for example, set that data block can be information, file or file), non-leaf segment
Point is its cryptographic Hash for corresponding to child node series strings.Orderly Merkel tree building rule refers to constructing effective Merkel
When tree, to the rule that position of all nodes in respective layer is ranked up in each layer, which can be according to
According to the character ASCII character number of the cryptographic Hash of each node in the size of 16 binary values of the cryptographic Hash of node each in every layer or every layer
Word sequence, successively arranges each node location for each node from small to large or from big to small from left to right.
Biometric information can be face characteristic, fingerprint, vocal print, iris, DNA etc..It checks terminal and obtains bio-identification
The process of information can be video surveillance network, fingerprint identification device, voice print identification device, iris identification device, DNA detection dress
It sets or citizen's identification information that other terminals will acquire is sent to examination terminal by wirelessly or non-wirelessly network, or is interior
The examination terminal of the biological identification device of portion's insertion directly acquires the biometric information.
Biometric information is sent to authoritative institution's service by wired or wireless network by examination terminal.Authoritative institution's clothes
After business device receives the inquiry request including biometric information, according to reflecting for the Merkel's root and biometric information prestored
Relationship is penetrated, obtains the corresponding Merkel's root of biometric information, and Merkel's root, authoritative institution ID, building are somebody's turn to do
The default hash algorithm and preset orderly Merkel tree building rule used when the corresponding Merkel tree of Merkel's root passes through
Wired or wireless network is sent to examination terminal.Hash algorithm can be MD4 algorithm, MD5 algorithm, SHA-1, SHA-256, SHA-
512, national secret algorithm or other hash algorithms, are not limited thereto.
Step S020, according to the authoritative institution ID of the authoritative institution's server feedback received and the Merck
That root, obtains the corresponding pressure public information of Merkel's root;
Examination terminal receives Merkel's root of authoritative institution's server feedback, authoritative institution ID, the calculation of preset Hash
After method and preset orderly Merkel tree building rule, the pressure including Merkel's root and authoritative institution ID can be sent
Public information inquiry request to block platform chain, block platform chain inquires according to Merkel's root and is pre-stored in block chain
The corresponding pressure public information of Merkel's root described in platform, and by the pressure public information inquired by wired or wireless
Network-feedback is to checking terminal.
Examination terminal receives Merkel's root of authoritative institution's server feedback, preset hash algorithm and preset has
After sequence Merkel tree constructs rule then, the pressure public information inquiry request including Merkel's root can also be sent to institute
Authoritative institution's server is stated, authoritative institution's server inquires according to Merkel's root and is pre-stored in authoritative institution's server
Described in the corresponding pressure public information of Merkel's root, and the pressure public information inquired is passed through into wired or wireless network
Feed back to examination terminal.
Step S030 judges whether to meet the first preset condition, and when true according to the pressure public information got
When meeting the first preset condition surely, privacy echo request is sent to user terminal, so that the user terminal feeds back the citizen
At least one individual privacy information and Merkel's verification information;
The examination terminal, which is got, forces in public information after all personal information, can be sentenced according to the first preset condition
Disconnected that each personal information in public information is forced to judge whether to meet the first preset condition, the first preset condition is when pressure open letter
Any bar personal information meets the first preset condition in breath, then sends privacy echo request to user terminal.
Such as force public information in include previous conviction, whether be fugitive personnel, whether be Lao Lai, whether be drug abuse people
Member etc., the first preset condition are to meet runaway convict, drug addict, Lao Lai thrin.When the pressure for getting a certain citizen discloses
After information, occur the information of drug addict in the pressure public information of the citizen, meets the first preset condition, then check terminal
Privacy echo request can be sent to user terminal, the user terminal can be the user terminal of the citizen in the present embodiment,
Or terminal, certain bank or the terminal of court system etc. of public security system, it is not limited thereto.
After user terminal receives privacy echo request, at least the one of the citizen can be fed back by wired or wireless network
Individual privacy information and Merkel's verification information are to checking terminal, wherein Merkel's verification information includes each except feedback
The cryptographic Hash of at least one other node outside the corresponding each Merkel's node of personal information includes each item except feedback
The cryptographic Hash of at least one other node outside the corresponding Merkel's node of people's information and corresponding affiliated layer.The citizen can also
Directly to input at least one individual privacy information and Merkel's verification information in examination terminal.
It should be noted that prevent the personal information sent, these information of Merkel's verification information from being cut by other people
It obtains, these information of personal information and Merkel's verification information can be encrypted using the public key of examination terminal, then will add
Information after close is sent to examination terminal, and examination terminal can carry out the information of the encryption using the private key of examination terminal oneself
Decryption, to obtain the personal information and Merkel's verification information of user terminal transmission.
The cryptographic Hash of each node in Merkel's verification information be generated by Hash mapping function unidirectional as a result, itself simultaneously
It cannot be used for extrapolating any useful information.These nodes in Merkel's verification information are Merkels corresponding from personal information
All sections necessary on node to the Hash calculation path of Merkel's root in addition to the corresponding Merkel's node of personal information
The cryptographic Hash of all nodes outside the corresponding Merkel's node of cryptographic Hash or personal information of point and corresponding affiliated layer, if adopting
With most fast Hash calculation path, the node Hash of one group of ordered arrangement can be only included in the Merkel's verification information provided
Value, this put in order for calculate Merkel's root process be using sequencing.According to non-most fast Hash calculation path,
It further include layer belonging to each node cryptographic Hash is corresponding in Merkel's verification information of offer other than node cryptographic Hash.Such as it is a
People's privacy information is the P1 name in Fig. 7, from the Hash of the corresponding node location of name Merkel's root of Merkel tree into Fig. 7
Calculating path can be B+CD+EF, or B+C+D+EF can also be B+C+D+E+F, wherein the Hash meter of B+CD+EF
Path is calculated for A, is most fast Hash calculation path, and the Hash calculation path of B+C+D+E+F is for A, is most slow
Hash calculation path, according to most fast Hash calculation path, then Merkel's verification information is the node of one group of ordered arrangement
Cryptographic Hash array { hash (P2), hash (C+D), hash (E+F) }.If the calculating path is B+C+D+EF, then Merkel tests
Card information be include node B cryptographic Hash and node B belonging to layer be first layer, layer belonging to the cryptographic Hash of node C and node C is the
Layer belonging to one layer, the cryptographic Hash of node D and node D is first layer, layer is third layer belonging to the cryptographic Hash of node EF and node EF.
In another example it is P1 name and the birthplace P3 in Fig. 7 that user terminal, which has fed back two individual privacy informations, then from P1 name and P3
It the Hash calculation path of the corresponding node A and C in birthplace Merkel's root of Merkel tree into Fig. 7 can be (most fast for B+D+EF
Hash calculation path) or B+D+E+F.In Merkel's verification information in addition to the corresponding Merkel's node of individual privacy information to be checked
The quantity of other nodes be to be determined by the complexity of Merkel tree, Merkel tree is simpler, and level is fewer, then needs to provide
Other number of nodes are fewer.
Step S040 is fed back according to the hash algorithm, the orderly Merkel tree building rule, the user terminal
Each individual privacy information and Merkel's verification information calculate, and obtain Merkel's root to be verified, judge Merck to be verified
Whether your root and Merkel's root identical, and according to judging result, the individual privacy information that user terminal is provided into
Row verifying.
Examination terminal can be according to each personal information for receiving citizen's offer and except each item of citizen offer be personal
The cryptographic Hash of other nodes outside the corresponding Merkel's node of information and affiliated layer, it is using the hash algorithm got and orderly silent
Ke Er tree building rule successively calculates cryptographic Hash, finally obtains Merkel's root.Such as by examination citizen of offer
People's privacy information is the cleartext information and Merkel's verification information in " birthplace: Shandong Yantai " in Fig. 7, and wherein Merkel verifies
Information is the cryptographic Hash hash (P4) of node D, the cryptographic Hash hash (A+B) of node AB and node EF of Merkel tree in Fig. 7
Cryptographic Hash hash (E+F), the orderly Merkel tree building rule that third-party authentication server is got is successively will from small to large
Each node of same layer arranges each node location from left to right.Examination terminal can treat verification information using hash algorithm and be counted
Calculation obtains the cryptographic Hash hash (P3) of node C, and hash (P3) is less than hash (P4) size;Then according to the cryptographic Hash of node C
The cryptographic Hash hash (C+D) of the second node layer CD is calculated with the cryptographic Hash of node D, further relatively hash (A+B) and
Hash (C+D) size obtains after hash (A+B) be less than hash (C+D), is calculated the according to hash (A+B) and hash (C+D)
The cryptographic Hash of three node layer ABCD is hash (AB+CD), finally compares hash (AB+CD) and hash (E+F) size knows hash
(AB+CD) it is less than hash (E+F), Merkel's root hash to be verified is calculated according to hash (AB+CD) and hash (E+F)
(ABCD+EF)。
After obtaining Merkel's root to be verified, judges Merkel's root to be verified and check the biology obtained before terminal
Whether the corresponding Merkel's root of identification information is identical, when Merkel's root to be verified is identical with Merkel's root,
Determine privacy information that user terminal provides be it is true, when Merkel's root to be verified and Merkel's root be not identical,
The privacy information for determining that user terminal provides is false.
The present embodiment sends looking into for the biometric information including the citizen by the biometric information of acquisition citizen
Request is ask to authoritative institution's server, so that authoritative institution ID, the public affairs feed back after receiving the inquiry request in authoritative institution
The corresponding Merkel's root of the biometric information of the people, preset hash algorithm and preset orderly Merkel tree building rule;
According to the authoritative institution ID of the authoritative institution's server feedback received and Merkel's root, obtain described silent
The corresponding pressure public information of Ke Er root;According to the pressure public information got, judge whether that meeting first presets
Condition, and when determining the first preset condition of satisfaction, privacy echo request is sent to user terminal, so that the user terminal is anti-
Present at least one individual privacy information and Merkel's verification information of the citizen;According to the hash algorithm, described orderly silent
Ke Er tree building rule, each individual privacy information of user terminal feedback and Merkel's verification information calculate, and obtain
Merkel's root to be verified is obtained, judges whether Merkel's root to be verified and Merkel's root are identical, and is tied according to judgement
Fruit, the individual privacy information provided user terminal are verified.To which examination person can only go examination that public information is forced to meet
The privacy information of the citizen (such as runaway convict, Lao Lai etc.) of preset condition, it is ensured that the citizen for forcing public information ineligible
Privacy information be not exposed.
Further, referring to Fig. 3, the first of the method for the citizen privacy protection according to the application based on zero-knowledge proof is real
The second embodiment for applying the method that example deduction proposes that the application is protected based on the citizen privacy of zero-knowledge proof, in the present embodiment
In, the step S020 includes:
It is flat to block chain to send the inquiry request including Merkel's root and the authoritative institution ID by step S021
Platform so that the block platform chain receive feed back after the inquiry request authoritative institution ID it is corresponding at least one with institute
When stating the identical Merkel's root of Merkel's root, corresponding pressure public information, corresponding digital signature and corresponding storage
Between;
Step S022, from the corresponding each Merkel's root identical as Merkel's root of the authoritative institution ID received
The Merkel's root for selecting storage time nearest in value;
Step S023 obtains the first of the corresponding authoritative institution's server of authoritative institution ID according to the authoritative institution ID
Public key, and tested using the first public key Merkel root corresponding digital signature nearest to the storage time of selection
Card;
Step S024, if being verified, the Merkel's root for selecting storage time nearest is corresponding to force public information, and makees
For the pressure public information of the citizen.
In the present embodiment, since multiple Merck identical with Merkel's root may be stored on block platform chain
Your root, some in these Merkel's roots are sent by the corresponding authoritative institution's server of authoritative institution ID, some be by
What other authoritative institution's servers were sent, also some are sent by inauthoritativeness authority server.
After Merkel's root is calculated, examination terminal can will include Merkel's root and authoritative institution ID
Inquiry request block platform chain is sent to by wired or wireless network.Such as examination terminal passes through the API of block platform chain
Inquiry request including Merkel's root and authoritative institution ID is sent to block platform by interface.The block platform chain
According to the Merkel's root and authoritative institution ID received, selected from all Merkel's roots stored on platform
The corresponding all Merkel's roots identical with Merkel's root of authoritative institution ID, and by each Merck of acquisition
You are sent to the examination terminal at root, corresponding pressure public information, corresponding digital signature and corresponding storage time.
Examination terminal receives each Merkel's root, corresponding pressure public information, corresponding of block platform chain transmission
After digital signature and corresponding storage time, first according to storage time, storage time is selected most from these Merkel's roots
Close Merkel's root, and according to authoritative institution ID, the first public key of authoritative institution ID is obtained, when using the first public key to storage
Between the nearest corresponding digital signature of Merkel's root verify, if being verified, examination terminal selection storage time is nearest
Merkel's root corresponding force public information, and the pressure public information as Merkel's root.The present embodiment provides
It is a kind of to obtain the strategy for forcing public information from block platform chain, it is ensured that the pressure public information of acquisition is true.
It is described in the 3rd embodiment for the method protected the present invention is based on the citizen privacy of zero-knowledge proof referring to Fig. 4
Based on zero-knowledge proof citizen privacy protection method comprising steps of
Step S10, examination terminal obtain the biometric information of citizen, send the biometric information including the citizen
Inquiry request to authoritative institution's server;
In the present embodiment, zero-knowledge proof refer to a side (certifier) can be proved to another party (verifier) one it is old
State be correctly, without reveal the statement be correctly except other useful informations.In in the present invention, " statement " refers to
It is pending personal information.Merkel tree (Merkle Tree) is exactly a kind of binary tree data structure for storing cryptographic Hash, is write from memory
The leaf of Ke Er tree is the cryptographic Hash of data block (for example, set that data block can be information, file or file), non-leaf segment
Point is its cryptographic Hash for corresponding to child node series strings.Orderly Merkel tree building rule refers to constructing effective Merkel
When tree, to the rule that position of all nodes in respective layer is ranked up in each layer, which can be according to
According to the character ASCII character number of the cryptographic Hash of each node in the size of 16 binary values of the cryptographic Hash of node each in every layer or every layer
Word sequence, successively arranges each node location for each node from small to large or from big to small from left to right.
Biometric information can be face characteristic, fingerprint, vocal print, iris, DNA etc..It checks terminal and obtains bio-identification
The process of information can be video surveillance network, fingerprint identification device, voice print identification device, iris identification device, DNA detection dress
It sets or citizen's identification information that other terminals will acquire is sent to examination terminal by wirelessly or non-wirelessly network, or is interior
The examination terminal of the biological identification device of portion's insertion directly acquires the biometric information.Examination terminal gets bio-identification
After information, the biometric information is sent to authoritative institution's server by wired or wireless network.
Step S20, authoritative institution's server receive the biology including the citizen that the examination terminal is sent
After the inquiry request of identification information, according to the mapping relations of the Merkel's root and biometric information that prestore, the public affairs are obtained
The corresponding Merkel's root of the biometric information of the people, and by Merkel's root, authoritative institution ID, preset hash algorithm
The examination terminal is fed back to preset orderly Merkel tree building rule;
After authoritative institution's server receives the inquiry request including biometric information that examination terminal is sent, according to pre-
The mapping relations of the Merkel's root and biometric information deposited obtain the corresponding Merkel's root of biometric information, and will
Merkel's root, authoritative institution ID, the default hash algorithm used when constructing the corresponding Merkel tree of Merkel's root
Examination terminal is sent to by wired or wireless network with preset orderly Merkel tree building rule.
Step S30, after the examination terminal receives Merkel's root of authoritative institution's server feedback, root
According to authoritative institution ID and Merkel's root, the corresponding pressure public information of Merkel's root is obtained;
Examination terminal receives Merkel's root of authoritative institution's server feedback, authoritative institution ID, presets
Hash algorithm and preset orderly Merkel tree building rule then after, can send including Merkel's root and authoritative machine
The pressure public information inquiry request of structure ID to block platform chain, block platform chain inquires pre- according to Merkel's root
There are the corresponding pressure public informations of Merkel's root described in block platform chain, and will be each in the pressure public information inquired
Personal information feeds back to examination terminal by wired or wireless network.
Examination terminal receive Merkel's root of authoritative institution's server feedback, preset hash algorithm and
After preset orderly Merkel tree constructs rule then, the pressure public information inquiry including Merkel's root can also be sent
To the corresponding authoritative institution's server of authoritative institution ID, authoritative institution's server is inquired according to Merkel's root for request
It is pre-stored in the corresponding pressure public information of Merkel's root described in authoritative institution's server, and the pressure open letter that will be inquired
Each personal information feeds back to examination terminal by wired or wireless network in breath.
Step S40, the examination terminal judge whether that meeting first presets according to the pressure public information got
Condition, and when determining the first preset condition of satisfaction, privacy echo request is sent to user terminal;
The examination terminal, which is got, forces in public information after all personal information, can be sentenced according to the first preset condition
Disconnected that each personal information in public information is forced to judge whether to meet the first preset condition, the first preset condition is when pressure open letter
Any bar personal information meets the first preset condition in breath, then sends privacy echo request to user terminal.
Such as force public information in include previous conviction, whether be fugitive personnel, whether be Lao Lai, whether be drug abuse people
Member etc., the first preset condition are to meet runaway convict, drug addict, Lao Lai thrin.When the pressure for getting a certain citizen discloses
After information, occur the information of drug addict in the pressure public information of the citizen, meets the first preset condition, then check terminal
Privacy echo request can be sent to user terminal.
Step S50 after the user terminal receives privacy echo request, feeds back at least one individual privacy information and writes from memory
Ke Er verification information is to the examination terminal, wherein Merkel's verification information includes each individual privacy information except feedback
The cryptographic Hash of at least one other node outside corresponding each Merkel's node includes except each individual privacy information fed back
The cryptographic Hash of at least one other node outside corresponding Merkel's node and corresponding affiliated layer;
After user terminal receives privacy echo request, at least the one of the citizen can be fed back by wired or wireless network
Individual privacy information and Merkel's verification information are to checking terminal, wherein Merkel's verification information includes each except feedback
The cryptographic Hash of at least one other node outside the corresponding each Merkel's node of personal information includes each item except feedback
The cryptographic Hash of at least one other node outside the corresponding Merkel's node of people's information and corresponding affiliated layer.The citizen can also
Directly to input at least one individual privacy information and Merkel's verification information in examination terminal.
It should be noted that prevent the personal information sent, these information of Merkel's verification information from being cut by other people
It obtains, these information of personal information and Merkel's verification information can be encrypted using the public key of examination terminal, then will add
Information after close is sent to examination terminal, and examination terminal can carry out the information of the encryption using the private key of examination terminal oneself
Decryption, to obtain the personal information and Merkel's verification information of user terminal transmission.
The cryptographic Hash of each node in Merkel's verification information be generated by Hash mapping function unidirectional as a result, itself simultaneously
It cannot be used for extrapolating any useful information.These nodes in Merkel's verification information are Merkels corresponding from personal information
All sections necessary on node to the Hash calculation path of Merkel's root in addition to the corresponding Merkel's node of personal information
The cryptographic Hash of all nodes outside the corresponding Merkel's node of cryptographic Hash or personal information of point and corresponding affiliated layer, if adopting
With most fast Hash calculation path, the node Hash of one group of ordered arrangement can be only included in the Merkel's verification information provided
Value, this put in order for calculate Merkel's root process be using sequencing.According to non-most fast Hash calculation path,
It further include layer belonging to each node cryptographic Hash is corresponding in Merkel's verification information of offer other than node cryptographic Hash.Such as with
One individual privacy information of family terminal feedback is the P1 name in Fig. 7, from the corresponding node location of name Merkel into Fig. 7
The Hash calculation path of Merkel's root of tree can be B+CD+EF, or B+C+D+EF can also be B+C+D+E+F,
The Hash calculation path of middle B+CD+EF is most fast Hash calculation path for A, and the Hash calculation path of B+C+D+E+F
It is most slow Hash calculation path for A, according to most fast Hash calculation path, then Merkel's verification information is one
The node cryptographic Hash array { hash (P2), hash (C+D), hash (E+F) } of group ordered arrangement.If the calculating path is B+C+D+
EF, then Merkel's verification information be include node B cryptographic Hash and node B belonging to layer be first layer, node C cryptographic Hash and
Layer belonging to node C is first layer, layer is first layer, the cryptographic Hash of node EF and node EF belonging to the cryptographic Hash of node D and node D
Affiliated layer is third layer.
Step S60, the examination terminal are whole according to the hash algorithm, the orderly Merkel tree building rule, user
Hold feedback each individual privacy information and Merkel's verification information calculate, obtain Merkel's root to be verified, judge to
It verifies Merkel's root and whether Merkel's root is identical, and according to judging result, the individual provided user terminal is hidden
Personal letter breath is verified.
Examination terminal can be according to each personal information for receiving citizen's offer and except each item of citizen offer be personal
The cryptographic Hash of other nodes outside the corresponding Merkel's node of information and affiliated layer, it is using the hash algorithm got and orderly silent
Ke Er tree building rule successively calculates cryptographic Hash, finally obtains Merkel's root.Such as it is provided by examination citizen to be tested
The cleartext information and Merkel's verification information that information is " birthplace: Shandong Yantai " in Fig. 7 are demonstrate,proved, wherein Merkel's verification information
For the Hash of the cryptographic Hash hash (P4) of the node D of Merkel tree, cryptographic Hash hash (A+B) and node EF of node AB in Fig. 7
Value hash (E+F), the orderly Merkel tree building rule that third-party authentication server is got is from small to large successively will be same
Each node of layer arranges each node location from left to right.Examination terminal can treat verification information using hash algorithm and calculate
To the cryptographic Hash hash (P3) of node C, and hash (P3) is less than hash (P4) size;Then according to the cryptographic Hash and section of node C
The cryptographic Hash hash (C+D) of the second node layer CD is calculated in the cryptographic Hash of point D, further relatively hash (A+B) and hash (C+
D) size obtains hash (A+B) less than after hash (C+D), and third node layer is calculated according to hash (A+B) and hash (C+D)
The cryptographic Hash of ABCD is hash (AB+CD), finally compares hash (AB+CD) and hash (E+F) size knows that hash (AB+CD) is small
In hash (E+F), Merkel's root hash (ABCD+EF) to be verified is calculated according to hash (AB+CD) and hash (E+F).
After obtaining Merkel's root to be verified, judges Merkel's root to be verified and check the biology obtained before terminal
Whether the corresponding Merkel's root of identification information is identical, when Merkel's root to be verified is identical with Merkel's root,
Determine privacy information that user terminal provides be it is true, when Merkel's root to be verified and Merkel's root be not identical,
The privacy information for determining that user terminal provides is false.
The present embodiment obtains the biometric information of citizen by examination terminal, sends the bio-identification including the citizen
The inquiry request of information is to authoritative institution's server;Authoritative institution's server receive it is described examination terminal send include
After the inquiry request of the biometric information of the citizen, closed according to the mapping of the Merkel's root and biometric information prestored
System, obtains the corresponding Merkel's root of biometric information of the citizen, and by Merkel's root, authoritative institution ID,
Preset hash algorithm and preset orderly Merkel tree building rule feed back to the examination terminal;The examination terminal receives
To after Merkel's root of authoritative institution's server feedback, according to authoritative institution ID and Merkel's root, obtain
Take the corresponding pressure public information of Merkel's root;The examination terminal according to the pressure public information got,
Judge whether to meet the first preset condition, and when determining the first preset condition of satisfaction, sends privacy echo request to user's end
End;After the user terminal receives privacy echo request, at least one individual privacy information and Merkel's verification information are fed back
To the examination terminal, wherein Merkel's verification information includes the corresponding each Merck of each individual privacy information except feedback
The cryptographic Hash of at least one other node outside your node includes except the corresponding Merkel of each individual privacy information fed back
The cryptographic Hash of at least one other node outside node and corresponding affiliated layer;The examination terminal according to the hash algorithm,
The orderly Merkel tree building rule, each individual privacy information of user terminal feedback and Merkel's verification information are counted
It calculates, obtains Merkel's root to be verified, judge whether Merkel's root to be verified and Merkel's root are identical, and according to sentencing
Break as a result, the individual privacy information provided user terminal is verified.To which examination person can only go examination to force public information
Meet the privacy information of the citizen (such as runaway convict, Lao Lai etc.) of preset condition, it is ensured that force public information ineligible
The privacy information of citizen is not exposed.
Further, the 3rd embodiment deduction for the method protected according to the application based on the citizen privacy of zero-knowledge proof
It is proposed the fourth embodiment for the method that the application is protected based on the citizen privacy of zero-knowledge proof, it is in the present embodiment, described hidden
Private echo request further includes examination Permission Levels;
The step S50 further include:
Step S51, after the user terminal receives privacy echo request, according to the examination Permission Levels received and respectively
The default access grade of individual privacy information feeds back Permission Levels pair identical with examination Permission Levels in individual privacy information
Each individual privacy information and Merck verification information answered are to the examination terminal.
In the present embodiment, it when checking the privacy echo request that terminal is sent further includes examination Permission Levels, uses
After family terminal receives privacy echo request, according to the default access of each personal information, selected from all personal information
Permission Levels each personal information identical not higher than examination Permission Levels, then passes through wired or wireless network for each of selection
Personal information is sent to the examination terminal.Personal information gets over privacy, and the Permission Levels of the personal information are higher, needs to check
Permission is higher.Such as individual's educational background, the Permission Levels of gender in individual privacy information are 2 grades, date of birth, home address power
Limiting grade is 3 grades, and the information such as personal identification number, marital status, marriage and childbirth situation, spouse's name, parent's name, children's name are
4 grades.When the examination Permission Levels in the privacy echo request that user terminal receives be 3 grades when, citizen 1 grade of Permission Levels,
The personal information that 2 grades and 3 grades of Permission Levels of Permission Levels is sent to examination terminal.
Need to illustrate when, the Permission Levels of personal information can also be lower with information more privacy, in such case
Under, and after user terminal receives privacy echo request, according to the default access grade of each personal information, from all individuals
Permission Levels each personal information identical not less than examination Permission Levels is selected in information, and feeds back selected personal information extremely
Check terminal.
A kind of privacy information that corresponding authority grade is provided according to examination person's Permission Levels is present embodiments provided to looking into
The person of testing, so that the privacy information of citizen is graded protection.
Further, the first embodiment proposition for the method protected according to the application based on the citizen privacy of zero-knowledge proof
The fourth embodiment for the method that the application is protected based on the citizen privacy of zero-knowledge proof, in the present embodiment, the step S10
Before further include:
Step S70, authoritative institution's server receive the citizen ID that each user terminal is sent respectively and the citizen ID
Corresponding at least one personal information;
Step S80, when the corresponding personal information quantity of the citizen ID received is greater than or equal to two, the power
According to the second preset condition, respectively each personal information is divided into individual privacy information or forces open letter prestige authority server
Breath;
Step S90, authoritative institution's server is according to the corresponding each personal information of the citizen ID received and respectively
The corresponding information category of personal information, creates the corresponding news file of the citizen ID, wherein the news file includes institute
State the news file of citizen ID corresponding at least two personal information and the corresponding information category of each personal information;
Step S100, authoritative institution's server is using preset hash algorithm, preset orderly Merkel tree building
Each personal information in the regular and described news file constructs the corresponding first Merkel tree of the file number, and according to first
The biometric information of Merkel tree and the citizen ID prestored creates the Merkel's root and the public affairs of the first Merkel tree
The mapping relations of the biometric information of people ID;
Step S110, authoritative institution's server is according to the first private key to Merkel's root of the first Merkel tree
It forces public information to be signed in the news file, generates the first digital signature;
Step S120, authoritative institution's server by include authoritative institution ID, the first Merkel tree Merkel
The information of public information is forced to store to the block platform chain in root, the first digital signature and the news file.
, in the present embodiment, authoritative institution's server receive user terminal (user terminal can with the user terminal of citizen,
Or terminal, certain bank or the terminal of court system etc. of public security system, it is not limited thereto) the citizen ID that sends respectively
And corresponding at least one personal information of citizen ID.When the corresponding personal information quantity of the citizen ID received is greater than or waits
When two, each personal information is divided into individual privacy respectively according to the second preset condition by authoritative institution's server
Information or one of the two big information types for forcing public information.Second preset condition can be that personal information classification be
It is no to meet preset information category, it is divided into pressure public information if meeting, does not meet and is divided into individual privacy information, example
Such as preset information category is previous conviction, credit standing, history of drug abuse, when law court sends a personal information of certain citizen ID
Classification belongs to credit standing, then according to the second preset condition, this information is divided into pressure public information, when public security system is sent out
A personal information classification of the citizen ID sent is native place, then this information is divided into individual privacy information.Second is default
Condition can also whether there is preset keyword according to personal information content, then be divided into pressure public information if it exists, if
There is no being then divided into individual privacy information, for example, preset keyword can for Lao Lai, take drugs etc..Second preset condition is also
Whether the personal information that can be received for judgement has been marked the disclosed label of pressure, is then divided into pressure open letter if it exists
Breath, is then divided into individual privacy information if it does not exist.
Authoritative institution's server creates the public affairs for after the corresponding each personal information classified types of the citizen ID
The corresponding news file of people ID, wherein the news file includes the citizen ID corresponding at least two personal information and each item
The news file of the corresponding information category of personal information.
After creating news file for the citizen ID, authoritative institution's server uses preset hash algorithm, presets
Orderly Merkel tree building rule and the news file in each personal information, it is corresponding first silent to construct the citizen ID
Ke Er tree.Simultaneously according to the biometric information of the first Merkel tree and the citizen ID prestored, the first Merkel tree is created
Merkel's root and the citizen ID biometric information mapping relations, and the mapping relations can be stored to Merck
In that root and biometric information mapping table.Such as the detailed process of the building of the Merkel tree in Fig. 7 is as follows: first
Step, using preset hash algorithm obtain the corresponding cryptographic Hash hash (P1) of each personal information, hash (P2), hash (P3),
Hash (P4), hash (P5) and hash (P6), more each cryptographic Hash know hash (P1) < hash (P2) < hash (P3) <
Hash (P4) < hash (P5) < hash (P6), according to preset orderly Merkel tree building rule (from as low as greatly successively from a left side
To right sequence), successively sort first layer leaf node;Second step is according to the cryptographic Hash of each leaf node to have sorted, using Hash
Algorithm obtains the cryptographic Hash hash (A+B) of the second node layer AB, the cryptographic Hash hash (C+D) and node EF cryptographic Hash of node CD
Hash (E+F), and hash (A+B) < hash (C+D) < hash (E+F), according to ordering rule, the node with hash (A+B)
AB is first position of the second layer, and the node CD with hash (C+D) is second position of the second layer, and the section of hash (E+F)
Point EF rises to third node layer automatically;Third step calculates third node layer ABCD according to hash (A+B) and hash (C+D)
Cryptographic Hash be hash (AB+CD), and node ABCD is placed on by hash (AB+CD) < hash (E+F) according to ordering rule
First position of third layer, node EF are placed on second position of third layer;4th step, according to hash (AB+CD) and hash (E+F)
The cryptographic Hash for calculating Merkel's root node is hash (ABCD+EF).
It should be noted that during above-mentioned cleartext information and Merkel's verification information transmit, and examination terminal
During being verified to information, even if using secrecy transmission mechanism, it is also possible to cause part for Merkel's verifying
Cryptographic Hash leakage.Such as ask for diversified personal information repeatedly by the certifying organization of network monitoring or malice, all may be used
The data that all or part of Merkel tree can be will lead to are obtained by illegal person.To prevent the mode of malicious attacker exhaustion from pushing away
Disconnected personal information can distribute a special value when constructing leaf node for every personal information, using hash algorithm to a
People's information and corresponding special value, which calculate, obtains the corresponding cryptographic Hash of this personal information.The special value can be power
The numerical value that prestige authority server is randomly generated, or send the numerical value that the terminal of personal information uploads.In this way, being attack
Person can cleartext information in exhaustive finite discrete set, also middle special value impossible to exhaust, also just impossible to exhaust to calculate this bright
The corresponding cryptographic Hash of literary information, also can not just extrapolate Merkel's root.
After the corresponding news file of authoritative institution server construction citizen ID, if the corresponding citizen of citizen ID needs to obtain institute
When stating the personal information in the corresponding news file of citizen ID, citizen can be sent by user terminal to authoritative institution's server
Information document acquisition request including citizen ID, authoritative institution's server can be by the corresponding information document of citizen ID and authoritative institutions
ID is sent to user terminal, user terminal according to authoritative institution ID, obtain the corresponding hash algorithm of authoritative institution ID and orderly
Merkel tree building rule, then according to the personal information of the acquisition, the hash algorithm and the orderly Merkel tree structure
Rule is built, oneself the first Merkel tree of building, to obtain the data in the first Merkel tree.Authoritative institution's server is in addition to inciting somebody to action
Personal information needed for authoritative institution ID and user is sent to user terminal, can also be directly by corresponding first Merck of citizen ID
You are sent to the user terminal tree.
It should be noted that authoritative institution's server can include authoritative institution ID, the citizen ID by generating one
The digital certificate of corresponding news file, digital certificate is sent to the user terminal, and can also include the public affairs in digital certificate
People ID corresponds to the first Merkel tree.
Authoritative institution's server can use Merkel root and the letter of first private key to the first Merkel tree of building
It forces public information to be signed in breath archives, generates the corresponding first number label of Merkel's root of the first Merkel tree
Name (carries out signature to represent this Merkel's root being effective) using the first private key.Later, authoritative institution's server can will include
Merkel's root of the first Merkel tree, first digital signature force public information and power in the news file
The information of prestige mechanism ID is sent to block platform chain, and it includes authoritative institution ID, institute that block platform chain, which can store receive described,
It states Merkel's root of the first Merkel tree, force public information, first digital signature and authority in the news file
The information of mechanism ID.
The present embodiment is based on user terminal by using preset hash algorithm and the building rule building of orderly Merkel tree
The Merkel tree of the corresponding each personal information of the citizen ID of offer, and by Merkel's root of the Merkel tree and citizen ID
Public information is forced to be stored in block platform chain.It, can not be anti-by cryptographic Hash since hash digest algorithm is unidirectional mapping algorithm
To the content for extrapolating each personal information, and the root of Merkel tree and the content of any leaf node and position are all directly related,
The change of the interior perhaps position of any leaf node can all cause the data stored in the change and block platform chain of root to be not
It can be modified and be deleted, to ensure that the safety of each personal information content, and be ensured corresponding each based on citizen ID
Merkel's root of the Merkel tree of personal information creation and the pressure public information of citizen ID be not easily modified.
Further, the 3rd embodiment proposition for the method protected according to the application based on the citizen privacy of zero-knowledge proof
5th embodiment of the method that the application is protected based on the citizen privacy of zero-knowledge proof, in the present embodiment, the step S80
Later further include:
Step S130, authoritative institution's server is according to third preset condition, the citizen ID that respectively receives
Different rights grade is arranged in corresponding each personal information;
In addition, the step S90 includes:
Authoritative institution's server is according to the corresponding each personal information of the citizen ID received, each personal information
Corresponding information category and corresponding Permission Levels create the corresponding news file of the citizen ID, wherein the news file
Including corresponding at least two personal information of the citizen ID, the corresponding information category of each personal information and corresponding permission etc.
The news file of grade.
In the present embodiment, in authoritative institution's server according to the second preset condition, respectively each personal information
After being divided into individual privacy information or forcing public information, authoritative institution's server is further each according to third preset condition
Different Permission Levels of personal computer device.The third preset condition can be the affiliated type of preset personal information and permission
Grade corresponding relationship, the type for the personal information that identification user terminal is sent, according to the affiliated type of preset personal information and power
Grade corresponding relationship is limited, different permissions is respectively set;Third preset condition may be preset keyword and Permission Levels
Corresponding relationship, the keyword for the personal information content matching that identification user terminal is sent, so that permission be arranged for the personal information
Grade.
It is described after each personal information that authoritative institution is the citizen ID that user terminal is sent is divided into Permission Levels
Citizen ID creates a news file, and the news file includes the citizen ID corresponding at least two personal information, each item
The news file of personal information corresponding information category and corresponding Permission Levels.It is personal information that the present embodiment, which proposes a kind of,
The strategy of different rights grade is set, so that it is guaranteed that the talent of only certain permission can touch personal information.
Further, referring to Fig. 5, according to the third reality for the method that the application is protected based on the citizen privacy of zero-knowledge proof
Apply the sixth embodiment for the method that example proposes that the application is protected based on the citizen privacy of zero-knowledge proof, in the present embodiment, institute
Stating step S120 includes:
Step S121, the intelligent contract on block platform chain described in authoritative institution's server calls, creates a packet
It includes and forces public affairs in authoritative institution ID, Merkel's root of the first Merkel tree, the first digital signature and the news file
Open the first transaction record of information;
Step S122, authoritative institution's server store first transaction record to the block platform chain.
In the present embodiment, authoritative institution's server can generate a friendship by calling the intelligent contract on block platform chain
Easily, authoritative institution's server can be by the Merkel's root for including authoritative institution ID, the first Merkel tree, first number
It is forced in signature and the news file in the information write-in transaction record of public information.Then the transaction record is stored in
In the intelligent contract called on block platform chain.Fig. 8 is a kind of transaction record for storing Merkel's root, the transaction
In the Input Data of record with aecb88 ending that string character string be just include Merkel's root, corresponding digital signature and
The information of public information is forced in the news file, the information in From is then authoritative institution ID.
The present embodiment is by will force public information that transaction record is written and deposit in Merkel's root and the news file
Storage is on block platform chain, so that it is guaranteed that Merkel's root is not easily modified.
Further, the 3rd embodiment proposition for the method protected according to the application based on the citizen privacy of zero-knowledge proof
7th embodiment of the method that the application is protected based on the citizen privacy of zero-knowledge proof, in the present embodiment, the step
After S120 further include:
Step S140, authoritative institution's server receive the update request that any user terminal is sent, wherein it is described more
New request includes the citizen ID and at least one personal information;
It is personal will to update each item in request according to the second preset condition respectively for step S150, authoritative institution's server
Information is divided into individual privacy information or forces public information;
Step S160, authoritative institution's server is according in the corresponding news file of the citizen ID, update request
Each personal information and corresponding information category update the corresponding news file of the citizen ID and generate the new of the citizen ID
News file, the new information archives include each personal information and the corresponding information category of each personal information;
Step S170, authoritative institution's server is using preset hash algorithm, preset orderly Merkel tree building
Each personal information in the regular and described new information archives, building update the corresponding second Merkel tree of file number in request,
And according to the biometric information of the second Merkel tree and the citizen ID prestored, Merkel's root of the second Merkel tree is created
The mapping relations of value and the biometric information of the citizen ID and delete Merkel's root of the first Merkel tree and described
The mapping relations of the biometric information of citizen ID;
Step S180, authoritative institution's server use Merkel root and institute of first private key to the second Merkel tree
Stating in new information archives forces public information to be signed, and generates the second digital signature;
Step S190, the authoritative institution will include authoritative institution ID, Merkel's root of the second Merkel tree, the second number
The information of public information is forced to store to the block platform chain in word signature and the new information archives.
In the present embodiment, that authoritative institution's server receives the transmission of any user terminal includes citizen ID and at least one
After the update request of personal information, authoritative institution's server will update each item in request according to the second preset condition respectively
Personal information is divided into individual privacy information or public information is forced to recall the corresponding letter of citizen ID then according to citizen ID
Archives are ceased, then according to a plurality of individual at least one personal information and the corresponding news file of citizen ID updated in request
Information updates the corresponding news file of the citizen ID.
It should be noted that the personal information updated in request may be just for certain in original information archives personal letter
An existing personal information " residence is Guangdong " in the update of breath, such as original information archives updates in request one
Personal information is " residence is Shenzhen ", in this case can be by original this people including " residence is Guangdong " content
Information deletion, will include " residence is Shenzhen " content personal information storage in original information archives, generate new information
Archives.The personal information updated in request may be the personal information being not present in original information archives, can incite somebody to action in this case
The personal information updated in request is added in original information archives, the new information archives of generation.
After news file updates, authoritative institution's server can be generated according to preset hash algorithm and new news file
The corresponding second Merkel tree of the new news file, at the same delete the first Merkel tree Merkel's root and the citizen
The Merkel's root of the second Merkel tree of mapping relations and creation and the biology of the citizen ID of the biometric information of ID are known
The mapping relations of other information, and by the mapping of Merkel's root of the second Merkel tree and the biometric information of the citizen ID
Relationship is stored into the mapping table of preset Merkel's root and citizen's biometric information.
Authoritative institution's server uses Merkel root and the new information archives of first private key to the second Merkel tree
In belong to each personal information of public information forced to be signed, generate the second digital signature, and will include the second Merkel
Belong in Merkel's root of tree, the second digital signature and the new information archives force public information each personal information,
The information of authoritative institution ID is stored to block platform chain
The present embodiment is requested by being updated according to the personal information of user terminal, is updated to news file and is updated
News file creates new Merkel tree and new Merkel's tree root value is stored in block platform chain, thus in the individual of citizen
After information update, it is ensured that the updated personal information that citizen provides can be passed through by examination and old personal information cannot be by
Examination passes through.
The system for the citizen privacy protection based on zero-knowledge proof that the invention also provides a kind of.
Referring to Fig. 6, in one embodiment, the system comprises: examination terminal 100, authoritative institution's server 200 and user
Terminal 300.
Terminal 100 is checked, for obtaining the biometric information of citizen, sends the biometric information including the citizen
Inquiry request to authoritative institution's server 200;
Authoritative institution's server 200 is known for receiving the biology including the citizen that the examination terminal 100 is sent
After the inquiry request of other information, according to the mapping relations of the Merkel's root and biometric information that prestore, the citizen is obtained
The corresponding Merkel's root of biometric information, and by Merkel's root, authoritative institution ID, preset hash algorithm and
Preset orderly Merkel tree building rule feeds back to the examination terminal 100;
The examination terminal 100, the Merkel's root fed back for receiving authoritative institution's server 200
Afterwards, according to authoritative institution ID and Merkel's root, the corresponding pressure public information of Merkel's root is obtained, and according to
The pressure public information got judges whether the first preset condition of satisfaction, and when determining the first preset condition of satisfaction,
Privacy echo request is sent to user terminal 300;
User terminal 300 feeds back at least one individual privacy information and Merkel after receiving privacy echo request
Verification information is to the examination terminal 100, wherein Merkel's verification information includes each individual privacy information except feedback
The cryptographic Hash of at least one other node outside corresponding each Merkel's node includes except each individual privacy information fed back
The cryptographic Hash of at least one other node outside corresponding Merkel's node and corresponding affiliated layer;
The examination terminal 100, for whole according to the hash algorithm, the orderly Merkel tree building rule, user
Hold feedback each individual privacy information and Merkel's verification information calculate, obtain Merkel's root to be verified, judge to
It verifies Merkel's root and whether Merkel's root is identical, and according to judging result, the individual that user terminal 300 is provided
Privacy information is verified.
It should be noted that there is above system the third of the method for the citizen privacy protection based on zero-knowledge proof to implement
The all technical features of example, the whole embodiments that specific interactive process is referred to preceding method execute, before also having accordingly
State whole technical effects of the embodiment of method.
The present invention also proposes a kind of computer readable storage medium, is stored thereon with computer program.The computer can
Reading storage medium can be the memory 20 in the server of Fig. 1, be also possible to as ROM (Read-Only Memory, it is read-only to deposit
Reservoir)/RAM (Random Access Memory, random access memory), magnetic disk, at least one of CD, the calculating
Machine readable storage medium storing program for executing includes that several information are used so that examination terminal, authoritative institution's server, user terminal and/or block chain
Platform executes method described in each embodiment of the present invention.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, method, article or the system that include a series of elements not only include those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or system institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do
There is also other identical elements in the process, method of element, article or system.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (10)
1. a kind of method of the citizen privacy protection based on zero-knowledge proof, which is characterized in that be applied to examination terminal, including step
It is rapid:
Obtain the biometric information of citizen, send include the citizen biometric information inquiry request to authoritative institution
Server, so that authoritative institution receives the biometric information for feeding back authoritative institution ID, the citizen after the inquiry request
Corresponding Merkel's root, preset hash algorithm and preset orderly Merkel tree building rule;
According to the authoritative institution ID of the authoritative institution's server feedback received and Merkel's root, institute is obtained
State the corresponding pressure public information of Merkel's root;
According to the pressure public information got, judge whether to meet the first preset condition, and meet first in advance when determining
If when condition, sending privacy echo request to user terminal, so that the user terminal feeds back at least one of the citizen
People's privacy information and Merkel's verification information;
According to the hash algorithm, the orderly Merkel tree building rule, each individual privacy of user terminal feedback
Information and Merkel's verification information calculate, and obtain Merkel's root to be verified, judge Merkel's root to be verified and described
Whether Merkel's root is identical, and according to judging result, the individual privacy information provided user terminal is verified.
2. the method for the citizen privacy protection based on zero-knowledge proof as described in claim 1, which is characterized in that according to reception
The authoritative institution ID arrived and Merkel's root, the step of obtaining Merkel's root corresponding pressure public information
Include:
The inquiry request including Merkel's root and the authoritative institution ID is sent to block platform chain, so that the block
Platform chain receive feed back after the inquiry request authoritative institution ID it is corresponding at least one with Merkel's root phase
Same Merkel's root, corresponding pressure public information, corresponding digital signature and corresponding storage time;
Storage is selected from the corresponding each Merkel's root identical as Merkel's root of the authoritative institution ID received
Time nearest Merkel's root;
According to the authoritative institution ID, the first public key of the corresponding authoritative institution's server of authoritative institution ID is obtained, and uses institute
The first public key Merkel root corresponding digital signature nearest to the storage time of selection is stated to verify;
If being verified, the Merkel's root for selecting storage time nearest is corresponding to force public information, and as the citizen's
Force public information.
3. a kind of method of the citizen privacy protection based on zero-knowledge proof, which is characterized in that the step includes:
The biometric information that terminal obtains citizen is checked, sends the inquiry request of the biometric information including the citizen extremely
Authoritative institution's server;
Authoritative institution's server receives looking into for the biometric information including the citizen that the examination terminal is sent
After asking request, according to the mapping relations of the Merkel's root and biometric information that prestore, the bio-identification of the citizen is obtained
The corresponding Merkel's root of information, and by Merkel's root, authoritative institution ID, preset hash algorithm and it is preset orderly
Merkel tree building rule feeds back to the examination terminal;
After the examination terminal receives Merkel's root of authoritative institution's server feedback, according to authoritative institution ID
With Merkel's root, the corresponding pressure public information of Merkel's root is obtained;
The examination terminal judges whether to meet the first preset condition according to the pressure public information got, and works as true
When meeting the first preset condition surely, privacy echo request is sent to user terminal;
After the user terminal receives privacy echo request, at least one individual privacy information and Merkel's verification information are fed back
To the examination terminal, wherein Merkel's verification information includes the corresponding each Merck of each individual privacy information except feedback
The cryptographic Hash of at least one other node outside your node includes except the corresponding Merkel of each individual privacy information fed back
The cryptographic Hash of at least one other node outside node and corresponding affiliated layer;
The examination terminal is according to the hash algorithm, each item of the orderly Merkel tree building rule, user terminal feedback
Individual privacy information and Merkel's verification information calculate, and obtain Merkel's root to be verified, judge Merkel's root to be verified
Whether value and Merkel's root are identical, and according to judging result, the individual privacy information provided user terminal is tested
Card.
4. the method for the citizen privacy protection based on zero-knowledge proof as claimed in claim 3, which is characterized in that the privacy
Echo request further includes examination Permission Levels;
After the user terminal receives privacy echo request, at least one individual privacy information and Merkel's verification information are fed back
Include: to the step of examination terminal
After the user terminal receives privacy echo request, according to the examination Permission Levels received and each individual privacy letter
It is personal to feed back each item corresponding with the identical Permission Levels of Permission Levels are checked in individual privacy information for the default access grade of breath
Privacy information and Merck verification information are to the examination terminal.
5. the method for the citizen privacy protection based on zero-knowledge proof as claimed in claim 4, which is characterized in that the examination
Terminal obtains the biometric information of citizen, send include the citizen biometric information inquiry request to authoritative institution
Include: before the step of server
Authoritative institution's server receives the citizen ID that each user terminal is sent respectively and the citizen ID corresponding at least one
Personal information;
When the corresponding personal information quantity of the citizen ID received is greater than or equal to two, authoritative institution's server
According to the second preset condition, respectively each personal information is divided into individual privacy information or forces public information;
Authoritative institution's server is according to the corresponding each personal information of the citizen ID received and each personal information pair
The information category answered creates the corresponding news file of the citizen ID, wherein the news file includes the citizen ID corresponding
At least two personal information and the corresponding information category of each personal information news file;
Authoritative institution's server is using preset hash algorithm, preset orderly Merkel tree building rule and the information
Each personal information in archives constructs the corresponding first Merkel tree of the file number, and according to the first Merkel tree and prestores
The citizen ID biometric information, create the first Merkel tree Merkel's root and the citizen ID bio-identification
The mapping relations of information;
Merkel root and the information shelves of the authoritative institution's server according to the first private key to the first Merkel tree
It forces public information to be signed in case, generates the first digital signature;
Authoritative institution's server will include authoritative institution ID, Merkel's root of the first Merkel tree, the first number
The information of public information is forced to store to the block platform chain in signature and the news file.
6. the method for the citizen privacy protection based on zero-knowledge proof as claimed in claim 5, which is characterized in that described to connect
When the corresponding personal information quantity of the citizen ID received is greater than or equal to two, authoritative institution's server is according to second
Preset condition, the corresponding each personal information of the citizen ID respectively received are divided into individual privacy information or force public
After the step of opening information further include:
For authoritative institution's server according to third preset condition, the corresponding each item of the citizen ID respectively received is personal
Different rights grade is arranged in information;
Authoritative institution server is believed according to the corresponding each personal information of the citizen ID received and each item individual
Corresponding information category is ceased, the corresponding news file of the citizen ID is created, wherein the news file includes the citizen ID
The step of news file of corresponding at least two personal information and the corresponding information category of each personal information includes:
Authoritative institution's server is corresponding according to the corresponding each personal information of the citizen ID received, each personal information
Information category and corresponding Permission Levels, the corresponding news file of the citizen ID is created, wherein the news file includes
Corresponding at least two personal information of the citizen ID, the corresponding information category of each personal information and corresponding Permission Levels
News file.
7. the method for the citizen privacy protection based on zero-knowledge proof as claimed in claim 6, which is characterized in that described
Authoritative institution's server will include authoritative institution ID, Merkel's root of the first Merkel tree, the first digital signature and institute
After stating the step of forcing the information of public information to store to the block platform chain in news file further include:
Authoritative institution's server receives the update request that any user terminal is sent, wherein update request includes described
Citizen ID and at least one personal information;
Authoritative institution's server will update each personal information in request respectively and be divided into individual according to the second preset condition
Privacy information forces public information;
Authoritative institution's server according to the corresponding news file of the citizen ID, update request in each personal information and
Corresponding information category updates the corresponding news file of the citizen ID and generates the new information archives of the citizen ID, described
New information archives include each personal information and the corresponding information category of each personal information;
Authoritative institution's server is using preset hash algorithm, preset orderly Merkel tree building rule and the new letter
Each personal information in archives is ceased, building updates the corresponding second Merkel tree of file number in request, and according to the second Merck
The biometric information of your tree and the citizen ID prestored, Merkel's root of the second Merkel tree of creation and the citizen ID
Biometric information mapping relations and delete the first Merkel tree Merkel's root and the citizen ID biology knowledge
The mapping relations of other information;
Authoritative institution's server uses Merkel root and the new information archives of first private key to the second Merkel tree
Middle pressure public information is signed, and the second digital signature is generated;
The authoritative institution will include authoritative institution ID, Merkel's root of the second Merkel tree, the second digital signature and described
The information of public information is forced to store to the block platform chain in new information archives.
8. the method for the citizen privacy protection based on zero-knowledge proof as claimed in claim 7, which is characterized in that described
Authoritative institution will include authoritative institution ID, Merkel's root of the second Merkel tree, the second digital signature and the new information shelves
The information of pressure public information, which was stored to the step of block platform chain, in case includes:
Intelligent contract on block platform chain described in authoritative institution's server calls, creation one include authoritative institution ID,
The second of public information is forced in Merkel's root of the second Merkel tree, the second digital signature and the new information archives
Transaction record;
Authoritative institution's server sends second transaction record and stores to the block platform chain.
9. a kind of system of the citizen privacy protection based on zero-knowledge proof, which is characterized in that the system comprises:
Terminal is checked, for obtaining the biometric information of citizen, sends the inquiry of the biometric information including the citizen
It requests to authoritative institution's server;
Authoritative institution's server, for receiving looking into for the biometric information including the citizen for checking terminal transmission
After asking request, according to the mapping relations of the Merkel's root and biometric information that prestore, the bio-identification of the citizen is obtained
The corresponding Merkel's root of information, and by Merkel's root, authoritative institution ID, preset hash algorithm and it is preset orderly
Merkel tree building rule feeds back to the examination terminal;
The examination terminal, after Merkel's root for receiving authoritative institution's server feedback, according to authority
Mechanism ID and Merkel's root obtain the corresponding pressure public information of Merkel's root, and according to the institute got
Pressure public information is stated, judges whether to meet the first preset condition, and when determining the first preset condition of satisfaction, send privacy and look into
Request is tested to user terminal;
User terminal feeds back at least one individual privacy information and Merkel verifies letter after receiving privacy echo request
Breath is to the examination terminal, wherein Merkel's verification information includes except each individual privacy information of feedback is corresponding each silent
The cryptographic Hash of at least one other node outside Ke Er node includes except the corresponding Merck of each individual privacy information fed back
The cryptographic Hash of at least one other node outside your node and corresponding affiliated layer;
The examination terminal, for being fed back according to the hash algorithm, the orderly Merkel tree building rule, user terminal
Each individual privacy information and Merkel's verification information calculate, and obtain Merkel's root to be verified, judge Merck to be verified
Whether your root and Merkel's root identical, and according to judging result, the individual privacy information that user terminal is provided into
Row verifying.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium
Program is realized when the computer program is executed by processor and is demonstrate,proved as described in any item of the claim 1 to 8 based on Zero Knowledge
The step of method of bright citizen privacy protection.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910365740.8A CN110336672B (en) | 2019-04-29 | 2019-04-29 | Method, system and storage medium for citizen privacy protection based on zero-knowledge proof |
PCT/CN2019/088061 WO2020220412A1 (en) | 2019-04-29 | 2019-05-23 | Zero knowledge proof-based citizen privacy protection method and system, and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910365740.8A CN110336672B (en) | 2019-04-29 | 2019-04-29 | Method, system and storage medium for citizen privacy protection based on zero-knowledge proof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110336672A true CN110336672A (en) | 2019-10-15 |
CN110336672B CN110336672B (en) | 2020-07-28 |
Family
ID=68139509
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910365740.8A Active CN110336672B (en) | 2019-04-29 | 2019-04-29 | Method, system and storage medium for citizen privacy protection based on zero-knowledge proof |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN110336672B (en) |
WO (1) | WO2020220412A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110930153A (en) * | 2019-12-09 | 2020-03-27 | 趣派(海南)信息科技有限公司 | Block chain privacy data management method and system based on hidden third-party account |
CN111125741A (en) * | 2019-12-31 | 2020-05-08 | 广东卓启投资有限责任公司 | Zero knowledge verification method based on block chain |
CN112488683A (en) * | 2020-12-11 | 2021-03-12 | 深圳前海微众银行股份有限公司 | Method and device for offline transaction of block chain |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113746638B (en) * | 2021-09-03 | 2023-04-07 | 杭州复杂美科技有限公司 | NFT storage method, NFT restoration method, computer device, and storage medium |
CN114401091B (en) * | 2021-12-16 | 2023-10-24 | 北京航空航天大学 | Device cross-domain authentication management method and device based on block chain |
CN115941201A (en) * | 2022-11-15 | 2023-04-07 | 上海钛动网络科技有限公司 | Block chain privacy protection system based on zero-knowledge proof algorithm |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106899412A (en) * | 2017-03-30 | 2017-06-27 | 北京链银博科技有限责任公司 | A kind of block chain method for secret protection, apparatus and system |
CN108171511A (en) * | 2017-12-26 | 2018-06-15 | 陈晶 | A kind of block chain model with privacy protection function |
CN108418689A (en) * | 2017-11-30 | 2018-08-17 | 矩阵元技术(深圳)有限公司 | A kind of the zero-knowledge proof method and medium of suitable block chain secret protection |
CN108737109A (en) * | 2018-05-11 | 2018-11-02 | 北京奇虎科技有限公司 | Data proof of possession method, apparatus and system |
US20190020480A1 (en) * | 2017-07-14 | 2019-01-17 | International Business Machines Corporation | Establishing trust in an attribute authentication system |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019036831A1 (en) * | 2017-08-21 | 2019-02-28 | 达闼科技成都有限公司 | Information selection method, apparatus, electronic device and computer-readable storage medium |
CN108234515B (en) * | 2018-01-25 | 2020-07-24 | 中国科学院合肥物质科学研究院 | Self-authentication digital identity management system and method based on intelligent contract |
CN108769057B (en) * | 2018-06-15 | 2021-11-02 | 北京奇虎科技有限公司 | Identity recognition method and device based on block chain |
CN109039655A (en) * | 2018-09-13 | 2018-12-18 | 全链通有限公司 | Real name identity identifying method and device, identity block chain based on block chain |
CN109639632B (en) * | 2018-11-02 | 2021-06-22 | 远光软件股份有限公司 | User information management method based on block chain, electronic equipment and storage medium |
-
2019
- 2019-04-29 CN CN201910365740.8A patent/CN110336672B/en active Active
- 2019-05-23 WO PCT/CN2019/088061 patent/WO2020220412A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106899412A (en) * | 2017-03-30 | 2017-06-27 | 北京链银博科技有限责任公司 | A kind of block chain method for secret protection, apparatus and system |
US20190020480A1 (en) * | 2017-07-14 | 2019-01-17 | International Business Machines Corporation | Establishing trust in an attribute authentication system |
CN108418689A (en) * | 2017-11-30 | 2018-08-17 | 矩阵元技术(深圳)有限公司 | A kind of the zero-knowledge proof method and medium of suitable block chain secret protection |
CN108171511A (en) * | 2017-12-26 | 2018-06-15 | 陈晶 | A kind of block chain model with privacy protection function |
CN108737109A (en) * | 2018-05-11 | 2018-11-02 | 北京奇虎科技有限公司 | Data proof of possession method, apparatus and system |
Non-Patent Citations (1)
Title |
---|
李康等: "零知识证明应用到区块链中的技术挑战", 《大数据 BIG DATA RESEARCH》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110930153A (en) * | 2019-12-09 | 2020-03-27 | 趣派(海南)信息科技有限公司 | Block chain privacy data management method and system based on hidden third-party account |
CN110930153B (en) * | 2019-12-09 | 2022-09-30 | 趣派(海南)信息科技有限公司 | Block chain privacy data management method and system based on hidden third party account |
CN111125741A (en) * | 2019-12-31 | 2020-05-08 | 广东卓启投资有限责任公司 | Zero knowledge verification method based on block chain |
CN111125741B (en) * | 2019-12-31 | 2022-07-01 | 广东卓启投资有限责任公司 | Zero knowledge verification method based on block chain |
CN112488683A (en) * | 2020-12-11 | 2021-03-12 | 深圳前海微众银行股份有限公司 | Method and device for offline transaction of block chain |
CN112488683B (en) * | 2020-12-11 | 2024-02-23 | 深圳前海微众银行股份有限公司 | Under-chain transaction method and device of blockchain |
Also Published As
Publication number | Publication date |
---|---|
CN110336672B (en) | 2020-07-28 |
WO2020220412A1 (en) | 2020-11-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110336672A (en) | Method, system and the storage medium of citizen privacy protection based on zero-knowledge proof | |
CN110311782A (en) | Zero-knowledge proof method, system and the storage medium of personal information | |
CN110334175A (en) | Zero-knowledge proof method, system and the storage medium of medical document | |
CN110321735B (en) | Business handling method, system and storage medium based on zero knowledge certification | |
US7627895B2 (en) | Trust tokens | |
US8327450B2 (en) | Digital safety deposit box | |
KR102237014B1 (en) | System and method for blockchain-based authentication | |
CN110162936A (en) | A kind of use authorization method of software content | |
CN108898389A (en) | Based on the content verification method and device of block chain, electronic equipment | |
CN107864115A (en) | A kind of method that user account login authentication is carried out using portable terminal | |
US20060288213A1 (en) | System and method for authentication of users and web sites | |
CN110383752A (en) | Compact recording agreement | |
SG178726A1 (en) | Method and system for generating digital fingerprint | |
CN108259438A (en) | A kind of method and apparatus of the certification based on block chain technology | |
CN106330850A (en) | Biological characteristic-based security verification method, client and server | |
CZ78798A3 (en) | System and method of proving authenticity of documents | |
CN102946384B (en) | User authentication method and equipment | |
CN105593871A (en) | Attribute information providing method, and attribute information providing system | |
CN104125230B (en) | A kind of short message certification service system and authentication method | |
CN101093562A (en) | Electronic authentication method and electronic authentication system | |
CN110263584A (en) | A kind of data integrity auditing method and system based on block chain | |
CN108234509A (en) | FIDO authenticators, Verification System and method based on TEE and PKI certificates | |
CN107124409A (en) | A kind of access authentication method and device | |
CN110175439A (en) | User management method, device, equipment and computer readable storage medium | |
Phiri et al. | Modelling and information fusion in digital identity management systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20191015 Assignee: YANTAI DASHAN DATA TECHNOLOGY Co.,Ltd. Assignor: SHANDONG INSTITUTE OF BUSINESS AND TECHNOLOGY Contract record no.: X2021980000389 Denomination of invention: Method, system and storage medium of citizen privacy protection based on zero knowledge proof Granted publication date: 20200728 License type: Common License Record date: 20210114 |
|
EE01 | Entry into force of recordation of patent licensing contract |