CN111797373A - Method, system, computer device and readable storage medium for identity information authentication - Google Patents
Method, system, computer device and readable storage medium for identity information authentication Download PDFInfo
- Publication number
- CN111797373A CN111797373A CN202010650044.4A CN202010650044A CN111797373A CN 111797373 A CN111797373 A CN 111797373A CN 202010650044 A CN202010650044 A CN 202010650044A CN 111797373 A CN111797373 A CN 111797373A
- Authority
- CN
- China
- Prior art keywords
- identity information
- requester
- signature
- authority
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The application relates to a method, a system, a computer device and a readable storage medium for identity information authentication, wherein the method for identity information authentication comprises the following steps: acquiring first identity information of a first requester, and signing the first identity information to obtain a first signature; the first signature and the first identity information are sent to a blockchain, which saves the first signature, the first identity information, and a public key to an intelligent contract, wherein the public key is used to verify the first signature. By the method and the device, the problem that the information provided by the third-party certification authority through the certification service is lack of timeliness is solved, the decentralization of enterprise certification is realized, and the timeliness and the data accuracy of an enterprise in the certification process are improved.
Description
Technical Field
The present application relates to the field of blockchain technology, and in particular, to a method, system, computer device, and readable storage medium for identity information authentication.
Background
With the development of internet technology, more and more occasions need identity authentication, wherein identity authentication refers to a process in which an enterprise provides its own identity information in a process of processing a service, and an authentication organization verifies the identity information of the enterprise, thereby determining whether the enterprise has a right to use some resources.
In the related art, the authentication information provided by the third-party authentication mechanism does not endorse the information source by an authority, so that the third-party authentication mechanism often does not have strong legal effectiveness, the correctness of the authentication information is not guaranteed, and the timeliness of the enterprise information cannot be guaranteed by the authentication information obtained by the third-party authentication mechanism through the authentication service.
At present, no effective solution is provided for the problem that information provided by a third-party certification authority through a certification service in the related art lacks timeliness.
Disclosure of Invention
The embodiment of the application provides an identity information authentication method, an identity information authentication system, computer equipment and a computer readable storage medium, so as to at least solve the problem that information provided by a third-party authentication mechanism through an authentication service in the related art is lack of timeliness.
In a first aspect, an embodiment of the present application provides a method for authenticating identity information, where the method includes:
acquiring first identity information of a first requester, and signing the first identity information to obtain a first signature;
and sending the first signature and the first identity information to a block chain, wherein the block chain stores the first signature, the first identity information and a public key to an intelligent contract, and the public key is used for verifying the first signature.
In some of these embodiments, managing the first identity information comprises:
and setting an authority rule according to the binding relation between the first requester and the behavior body, and managing the first identity information according to the authority rule.
In some of these embodiments, modifying the entitlement rule comprises:
acquiring an authority modification instruction under the condition that a first behavior main body of the first requester is replaced by a second behavior main body;
verifying the first signature and the binding relationship through the public key, and further verifying the first behavior principal;
and under the condition that the authentication is passed, establishing a binding relationship between the first requester and the second behavior main body, and modifying the permission rule according to the binding relationship.
In some of these embodiments, modifying the entitlement rule comprises:
under the condition that a third action subject requests to acquire the authority of a first action subject, verifying the binding relationship between the first action subject and the first requester;
and under the condition that the verification is passed, acquiring request time, and under the condition that the request time is less than or equal to a preset time threshold, issuing a token to the third row principal.
In some of these embodiments, after the blockchain saves the first signature, the first identity information, and a public key to a smart contract, the method further comprises:
obtaining an authorization instruction of a second requester, and querying second identity information of the second requester in the block chain, wherein the authorization instruction is used for the second requester to obtain data of the first requester;
acquiring an authorization list of the first requester under the condition that the second identity information is consistent with the authentication information of the second requester;
and adding an authorization identifier to the second requester under the condition that the second requester exists in the authorization list.
In a second aspect, an embodiment of the present application provides a system for identity information authentication, where the system includes a service module and a blockchain:
the service module acquires first identity information of a first requester, and signs the first identity information to obtain a first signature;
the service module sends the first signature and the first identity information to the block chain, and the block chain stores the first signature, the first identity information and a public key to an intelligent contract, wherein the public key is used for verifying the first signature.
In some of these embodiments, the blockchain includes a rights management unit:
and the authority management unit sets an authority rule according to the binding relation between the first requester and the behavior body, and manages the first identity information according to the authority rule.
In some of these embodiments, the blockchain further includes a token verifying unit and a token issuing unit:
the token verifying unit is used for verifying the binding relationship between the first behavior main body and the first requester under the condition that a third behavior main body requests to acquire the authority of the first behavior main body;
the token issuing unit is used for acquiring request time under the condition that the verification is passed, and issuing a token to the third behavior main body under the condition that the request time is smaller than or equal to a preset time threshold.
In a third aspect, an embodiment of the present application provides a computer device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements any one of the above methods when executing the computer program.
In a fourth aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, and the computer program is executed by a processor to implement any of the above methods.
Compared with the related art, the method for authenticating the identity information, provided by the embodiment of the application, obtains the first signature by obtaining the first identity information of the first requester and signing the first identity information; the first signature and the first identity information are sent to a block chain, the block chain stores the first signature, the first identity information and a public key to an intelligent contract, wherein the public key is used for verifying the first signature, the problem that information provided by a third-party certification authority through a certification service lacks timeliness is solved, the decentralization of enterprise certification is realized, and the timeliness and the data accuracy of an enterprise in the certification process are improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic application environment diagram of a method for identity information authentication according to an embodiment of the present application;
FIG. 2 is a flow chart of a method of identity information authentication according to an embodiment of the present application;
FIG. 3 is a flow diagram of a method of entitlement rule modification according to an embodiment of the present application;
FIG. 4 is a flow diagram of a method of identity authorization according to an embodiment of the present application;
FIG. 5 is a block diagram of a system for identity information authentication according to an embodiment of the present application;
FIG. 6 is a schematic diagram of another system for identity information authentication according to an embodiment of the present application;
FIG. 7 is a schematic diagram of identity authentication according to an embodiment of the application;
FIG. 8 is a schematic diagram of identity authorization according to an embodiment of the application;
fig. 9 is an internal structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described and illustrated below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments provided in the present application without any inventive step are within the scope of protection of the present application.
It is obvious that the drawings in the following description are only examples or embodiments of the present application, and that it is also possible for a person skilled in the art to apply the present application to other similar contexts on the basis of these drawings without inventive effort. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of ordinary skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms referred to herein shall have the ordinary meaning as understood by those of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar words throughout this application are not to be construed as limiting in number, and may refer to the singular or the plural. The present application is directed to the use of the terms "including," "comprising," "having," and any variations thereof, which are intended to cover non-exclusive inclusions; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or elements, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Reference to "connected," "coupled," and the like in this application is not intended to be limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as referred to herein means two or more. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. Reference herein to the terms "first," "second," "third," and the like, are merely to distinguish similar objects and do not denote a particular ordering for the objects.
The method for authenticating identity information provided by the present application may be applied to an application environment shown in fig. 1, where fig. 1 is an application environment schematic diagram of the method for authenticating identity information according to the embodiment of the present application, as shown in fig. 1. Wherein the supplicant 102 communicates with the authentication system 104 over a network. The authentication system 104 acquires the identity information of the requester 102, and signs the identity information to obtain a signature; authentication system 104 saves the signature, the identity information, and a public key to the smart contract, where the public key is used to verify the signature, thereby completing authentication of requestor 102. The requesting party 102 may be various enterprises and institutions, and the authentication system 104 may be implemented by an independent server or a server cluster composed of a plurality of servers.
The present embodiment provides a method for authenticating identity information, fig. 2 is a flowchart of a method for authenticating identity information according to an embodiment of the present application, and as shown in fig. 2, the method includes the following steps:
step S201, obtaining first identity information of a first requester, and signing the first identity information to obtain a first signature, where the first requester in this embodiment may be a node in a block chain, and specifically, the first requester may be a financial investment enterprise, a supply chain enterprise, or a national and institutional entity such as a business bureau. When a first requester needs to acquire data of other nodes in a block chain, the first requester needs to be authenticated first, and at this time, first identity information of the first requester needs to be acquired. The first identity information may include a uniform social credit code, a license, company address information, etc. of the first requestor. After the first identity information is acquired, the first identity information with the hash value of the first requester can be signed to ensure that the first identity information is effective and cannot be tampered, and authentication is further realized;
step S202, sending the first signature and the first identity information to a blockchain, which saves the first signature, the first identity information and a public key to an intelligent contract, wherein the intelligent contract is a computer protocol intended to propagate, verify or execute contracts in an informational manner, which is embodied as an automatically executable computer program on the blockchain, and the intelligent contract allows trusted transactions to be conducted without a third party, which transactions are traceable and irreversible. In this embodiment, the block chain stores the first signature, the first identity information, and the public key to the intelligent contract, which can ensure the security of the first identity information. Further, the public key is used to verify the first signature, and implementing the first signature in this embodiment may include two algorithms: the first is signing, which uses a private key to process the hash value of the first requestor to generate the first signature, and the second is verifying, which uses a public key to verify the authenticity of the first signature.
Through the above steps S201 and S202, in the process of authenticating the identity information of the first requester, the first identity information of the first requester needs to be acquired, and after the first identity information is signed, the first identity information, the first signature, and the public key are all stored in the intelligent contract. The embodiment is realized based on the block chain, the decentralization of enterprise authentication is realized, under the condition that the first identity information of the first requester changes, the synchronous change of the first identity information can be realized through the block chain, the problem that the information provided by a third-party authentication mechanism through the authentication service is lack of timeliness is solved, and the timeliness and the data accuracy of an enterprise in the authentication process are improved.
In some of these embodiments, managing the first identity information comprises: and setting an authority rule according to the binding relationship between the first requester and the behavior body, and managing the first identity information according to the authority rule. The behavior main body in this embodiment may be staff at each level of the first requester, and the relationship between the staff and the company is a binding relationship, which may be embodied as an account of the staff in the company. The upper-lower level relation among the workers forms an organization structure of the first request party, in the organization structure, the workers have different data authorities, specific authorities comprise checking, using or deleting the data, and authority rules are formed according to the authorities of different workers and can be embodied in the form of authority trees. According to the embodiment, the authority limit is performed on the behavior main body in the first requester by setting the authority rule, so that the security of the first identity information of the first requester is improved.
In some embodiments, fig. 3 is a flowchart of a method for modifying an entitlement rule according to an embodiment of the present application, as shown in fig. 3, the method includes the following steps:
step S301, when the first behavior entity of the first requester is replaced by the second behavior entity, acquiring an authority modification instruction, in this embodiment, the first behavior entity is replaced by the second behavior entity, specifically, a change of a person in the first requester occurs frequently when the first requester is used as an enterprise, and at this time, the authority rule of the first requester needs to be modified. Under the condition that personnel change, the authentication system receives an authority modification instruction so as to deal with the personnel change of the first requester;
step S302, verifying the binding relation between the first signature and the first behavior subject through a public key, and further verifying the first behavior subject, wherein in the process of modifying the authority rule, the first behavior subject needs to be verified first, and the first behavior subject is determined to have the modification authority of the authority rule;
step S303, in a case that the authentication is passed, establishing a binding relationship between the first requester and the second behavior main body, modifying the permission rule according to the binding relationship, and after determining the binding relationship between the second behavior main body and the first requester, modifying the permission rule may be implemented by changing read-write configuration of the permission tree.
Through the steps S301 to S303, the embodiment provides a modification scheme of a corresponding permission rule for the replacement of the behavior entity in the first requester, specifically, the first behavior entity needs to be verified in the modification process, so as to ensure that the permission rule is not maliciously tampered, and further improve the security of data.
In some of these embodiments, modifying the entitlement rule comprises: and in the case that the third acting subject requests to acquire the authority of the first acting subject, verifying the binding relationship between the first acting subject and the first requester, in the case that the verification is passed, acquiring the request time, and in the case that the request time is less than or equal to the preset time threshold, issuing a token to the third acting subject. In this embodiment, the third behavior principal may specifically request to acquire the right of the first behavior principal, where the third behavior principal needs to borrow the right of the first behavior principal, at this time, the identity of the first behavior principal needs to be verified first, and it is determined that the first behavior principal has the right to lend the right. And under the condition that the request time is less than or equal to the preset time threshold, issuing a token to the third acting subject to ensure the authority of the third acting subject to obtain the data within the request time. The token may record authority information of the third row as a main body, and optionally, the token may further include signature information to improve security of the authority in the lending process. In the embodiment, the short-time permission lending is realized by issuing the token, and the third action body exercises permission through the token, so that the data security is improved.
In some embodiments, fig. 4 is a flowchart of a method for identity authorization according to an embodiment of the present application, and as shown in fig. 4, the method includes the following steps:
step S401, acquiring an authorization instruction of a second requester, and querying second identity information of the second requester in the blockchain, where the authorization instruction is used for the second requester to acquire data of the first requester, the second requester in this embodiment may be various enterprises and public institutions, and before authorizing the second requester, the identity information of the second requester needs to be verified, and in the verification process, the second identity information of the second requester is acquired in the blockchain. It should be noted that, in other embodiments, the authorization instruction may be an instruction for the second requester to request to acquire other nodes in the blockchain;
step S402, acquiring the authorization list of the first requester under the condition that the second identity information is consistent with the authentication information of the second requester, in this embodiment, the authentication information of the second requester is generated after being signed by the pre-stored identity information, and determining that the second requester passes the verification under the condition that the second identity information is consistent with the authentication information. Further, the authentication information of the second requester can be sent to the intelligent contract of the block chain for saving;
step S403, in the authorization list, if the second requester exists, adding an authorization identifier to the second requester, and after the identity of the second requester is verified, checking the authorization list of the first requester to determine whether the first requester grants the second requester the right to acquire data. In the case where the second requestor does not exist in the authority list of the first requestor, the second requestor still may not obtain the data of the first requestor.
Through the above steps S401 to S403, when the second requester requests to acquire the data of the first requester, the method provided in this embodiment needs to verify the identity of the second requester, and after the verification, it needs to confirm that the second requester has the permission to acquire the data according to the permission list of the first requester, and when the second requester satisfies multiple conditions at the same time, the data of the first requester can be acquired, which increases the security of the data.
It should be noted that the steps illustrated in the above-described flow diagrams or in the flow diagrams of the figures may be performed in a computer system, such as a set of computer-executable instructions, and that, although a logical order is illustrated in the flow diagrams, in some cases, the steps illustrated or described may be performed in an order different than here.
The present embodiment further provides a system for identity information authentication, which is used to implement the foregoing embodiments and preferred embodiments, and the description of the system is omitted here. As used hereinafter, the terms "module," "unit," "subunit," and the like may implement a combination of software and/or hardware for a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 5 is a block diagram of a system for identity information authentication according to an embodiment of the present application, and as shown in fig. 5, the system includes a service module 51 and a blockchain 52: the service module 51 obtains first identity information of the first requester, and signs the first identity information to obtain a first signature; the service module 51 sends the first signature and the first identity information to the blockchain 52, and the blockchain 52 stores the first signature, the first identity information, and a public key to an intelligent contract, wherein the public key is used for verifying the first signature. In the process of authenticating the identity information of the first requester, the first identity information of the first requester needs to be acquired, and after the first identity information is signed, the first identity information, the first signature and the public key are all stored in the intelligent contract. The identity authentication system in the embodiment is realized based on the block chain 52, so that decentralization of enterprise authentication is realized, under the condition that the first identity information of the first requester changes, the synchronous change of the first identity information can be completed through the block chain 52, the problem that information provided by a third-party authentication mechanism through an authentication service in the related art lacks timeliness is solved, and timeliness and data accuracy of an enterprise in the authentication process are improved.
In one embodiment, blockchain 52 includes a rights management unit: the authority management unit sets an authority rule according to the binding relation between the first requester and the behavior body, and manages the first identity information according to the authority rule. The upper-lower level relation among the behavior bodies forms an organization structure of a first request party, in the organization structure, the authority of each behavior body on data is different, specific authority comprises the authority for checking, deleting or using the data, and authority rules are formed according to the authority of different behavior bodies and can be embodied in the form of authority trees. In the embodiment, the authority rule is set through the authority management unit, and the authority limit is performed on the behavior main body in the first requester, so that the security of the first identity information of the first requester is improved.
In one embodiment, the blockchain 52 further includes a token verifying unit and a token issuing unit: the token verifying unit is used for verifying the binding relationship between the first action subject and the first requester under the condition that the third action subject requests to acquire the authority of the first action subject; the token issuing unit is used for acquiring the request time under the condition that the verification is passed, and issuing the token to the third behavior main body under the condition that the request time is smaller than or equal to a preset time threshold. In this embodiment, through the token verifying unit and the token issuing unit, a modification scheme of a corresponding permission rule is provided for replacement of an action subject in the first requestor, specifically, the first action subject needs to be verified in a modification process, so as to ensure that the permission rule is not maliciously tampered, and further improve data security.
The embodiments of the present application will be described and illustrated in the following application scenarios.
Fig. 6 is a schematic diagram of another identity information authentication system according to an embodiment of the present application, and as shown in fig. 6, the identity information authentication system includes an application component layer and an intelligent contract layer, where the application component layer includes a transaction encapsulation unit mainly responsible for encapsulating and packaging service requests of upper-layer applications into transactions, signing different transactions, and sending the different transactions to a block chain of the intelligent contract layer, main function services of the intelligent contract layer are collected in a contract account, the contract account includes an organization structure unit, a right management unit, a message management unit, a token issuance unit, and a token verification unit, where the organization structure unit is used to form an organization structure of a first requester, the right management unit forms a right tree according to the organization structure, and performs right management on a behavior entity in the first requester, and the message management unit is used to manage the first requester, And the token issuing unit and the token verifying unit are used for verifying the identity of the first action subject and issuing a token to the third action subject under the condition that the third action subject in the first requester needs to borrow the authority of the first action subject for a short time. Under the condition that the second requester authenticates, whether the authentication system of the second requester is endorsed by the existing signature is judged, if not, the authentication system finds corresponding original data in the block chain according to the identity in the system, and records and marks the original data.
Fig. 7 is a schematic diagram of identity authentication according to an embodiment of the present application, and as shown in fig. 7, when the first supplicant performs identity authentication, it is necessary to first confirm whether first identity information of the first supplicant exists in the authentication system, when the first identity information exists in the authentication system, it is necessary to obtain an identity information signature of the first supplicant, and through verification of the identity information signature, an authentication result of the first supplicant is obtained, when the first identity information does not exist in the authentication system, the authentication system needs to collect information elements of the first identity information, and after signing the first identity information, uplink is performed on the first identity information and the first signature.
Fig. 8 is a schematic diagram of identity authorization according to an embodiment of the present application, and as shown in fig. 8, in a case that a second requester initiates an authorization request, an authentication system needs to query and verify second identity information of the second requester, and in a case that verification is successful, the second requester lists an authorized account in a data authority system, adds an authorization identifier, and in a case that verification is failed, identity authorization of the second requester also fails.
Different first requesters have own authentication and authorization modes, the authentication system in the embodiment collects digital authentication modes of the first requesters in different authentication organizations in different services, and perfects and unifies enterprise portrayals of the first requesters in a block chain by means of endorsements in different trust organizations, so that a plurality of digital authentication modes are provided for the first requesters in the alliance.
The blockchain is a distributed database, and data is authorized to be linked up on the owner side, so that unified authentication can be performed in a plurality of system organization structures. Different organizations can still perform complex multi-level authentication. To ensure that the identity of the individual can be correctly authenticated in different business systems. Under the condition of carrying out digital identity authorization on the first requester, the identity use authorization can be carried out to a finer granularity so as to ensure the flexibility of the service and simultaneously achieve the reverse correct authorization. The authentication system in this embodiment combines the existing authentication method with the block chain technology, provides a set of complete and decentralized authentication and authorization systems, and aims to solve the problems of identity authentication and authorization in the multi-party collaboration process and the timeliness problem encountered in the data flow process of enterprise identity information in different applications.
The above modules may be functional modules or program modules, and may be implemented by software or hardware. For a module implemented by hardware, the modules may be located in the same processor; or the modules can be respectively positioned in different processors in any combination.
In one embodiment, a computer device is provided, which may be a terminal. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of identity information authentication. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
In an embodiment, fig. 9 is a schematic internal structure diagram of an electronic device according to an embodiment of the present application, and as shown in fig. 9, there is provided an electronic device, which may be a server, and its internal structure diagram may be as shown in fig. 9. The electronic device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the electronic device is configured to provide computing and control capabilities. The memory of the electronic equipment comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the electronic device is used for storing data. The network interface of the electronic device is used for connecting and communicating with an external terminal through a network. The computer program is executed by a processor to implement a method of identity information authentication.
Those skilled in the art will appreciate that the configuration shown in fig. 9 is a block diagram of only a portion of the configuration relevant to the present application, and does not constitute a limitation on the electronic device to which the present application is applied, and a particular electronic device may include more or less components than those shown in the drawings, or combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and when the processor executes the computer program, the steps in the method for authenticating identity information provided in the above embodiments are implemented.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which when executed by a processor implements the steps in the method for identity information authentication provided by the above-mentioned embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A method of identity information authentication, the method comprising:
acquiring first identity information of a first requester, and signing the first identity information to obtain a first signature;
and sending the first signature and the first identity information to a block chain, wherein the block chain stores the first signature, the first identity information and a public key to an intelligent contract, and the public key is used for verifying the first signature.
2. The method of claim 1, wherein managing the first identity information comprises:
and setting an authority rule according to the binding relation between the first requester and the behavior body, and managing the first identity information according to the authority rule.
3. The method of claim 2, wherein modifying the entitlement rule comprises:
acquiring an authority modification instruction under the condition that a first behavior main body of the first requester is replaced by a second behavior main body;
verifying the first signature and the binding relationship through the public key, and further verifying the first behavior principal;
and under the condition that the authentication is passed, establishing a binding relationship between the first requester and the second behavior main body, and modifying the permission rule according to the binding relationship.
4. The method of claim 2, wherein modifying the entitlement rule comprises:
under the condition that a third action subject requests to acquire the authority of a first action subject, verifying the binding relationship between the first action subject and the first requester;
and under the condition that the verification is passed, acquiring request time, and under the condition that the request time is less than or equal to a preset time threshold, issuing a token to the third row principal.
5. The method of claim 1, wherein after the blockchain saves the first signature, the first identity information, and a public key to a smart contract, the method further comprises:
obtaining an authorization instruction of a second requester, and querying second identity information of the second requester in the block chain, wherein the authorization instruction is used for the second requester to obtain data of the first requester;
acquiring an authorization list of the first requester under the condition that the second identity information is consistent with the authentication information of the second requester;
and adding an authorization identifier to the second requester under the condition that the second requester exists in the authorization list.
6. A system for identity information authentication, the system comprising a service module and a blockchain:
the service module acquires first identity information of a first requester, and signs the first identity information to obtain a first signature;
the service module sends the first signature and the first identity information to the block chain, and the block chain stores the first signature, the first identity information and a public key to an intelligent contract, wherein the public key is used for verifying the first signature.
7. The system of claim 6, wherein the blockchain comprises a rights management unit:
and the authority management unit sets an authority rule according to the binding relation between the first requester and the behavior body, and manages the first identity information according to the authority rule.
8. The system of claim 6, wherein the blockchain further comprises a token verifying unit and a token issuing unit:
the token verifying unit is used for verifying the binding relationship between the first behavior main body and the first requester under the condition that a third behavior main body requests to acquire the authority of the first behavior main body;
the token issuing unit is used for acquiring request time under the condition that the verification is passed, and issuing a token to the third behavior main body under the condition that the request time is smaller than or equal to a preset time threshold.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any of claims 1 to 5 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010650044.4A CN111797373B (en) | 2020-07-08 | 2020-07-08 | Method, system, computer device and readable storage medium for identity information authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010650044.4A CN111797373B (en) | 2020-07-08 | 2020-07-08 | Method, system, computer device and readable storage medium for identity information authentication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111797373A true CN111797373A (en) | 2020-10-20 |
| CN111797373B CN111797373B (en) | 2021-07-20 |
Family
ID=72810544
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010650044.4A Active CN111797373B (en) | 2020-07-08 | 2020-07-08 | Method, system, computer device and readable storage medium for identity information authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111797373B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113836521A (en) * | 2021-11-26 | 2021-12-24 | 北京溪塔科技有限公司 | Decentralized identity-based multiple identity management method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109005186A (en) * | 2018-08-20 | 2018-12-14 | 杭州复杂美科技有限公司 | A kind of method, system, equipment and the storage medium of user-isolated identity information |
| CN109918878A (en) * | 2019-04-24 | 2019-06-21 | 中国科学院信息工程研究所 | A kind of industrial internet of things equipment authentication and safety interacting method based on block chain |
| CN110852648A (en) * | 2019-11-19 | 2020-02-28 | 腾讯科技(深圳)有限公司 | Data processing method and device and computer storage medium |
| CN110958111A (en) * | 2019-12-09 | 2020-04-03 | 广东电网有限责任公司 | Electric power mobile terminal identity authentication mechanism based on block chain |
| CN111314172A (en) * | 2020-01-19 | 2020-06-19 | 腾讯科技(深圳)有限公司 | Data processing method, device and equipment based on block chain and storage medium |
| CN111369242A (en) * | 2020-03-06 | 2020-07-03 | 上海佩俪信息科技有限公司 | Method for recovering block chain assets through intelligent contracts, wallet and block chain link points |
-
2020
- 2020-07-08 CN CN202010650044.4A patent/CN111797373B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109005186A (en) * | 2018-08-20 | 2018-12-14 | 杭州复杂美科技有限公司 | A kind of method, system, equipment and the storage medium of user-isolated identity information |
| CN109918878A (en) * | 2019-04-24 | 2019-06-21 | 中国科学院信息工程研究所 | A kind of industrial internet of things equipment authentication and safety interacting method based on block chain |
| CN110852648A (en) * | 2019-11-19 | 2020-02-28 | 腾讯科技(深圳)有限公司 | Data processing method and device and computer storage medium |
| CN110958111A (en) * | 2019-12-09 | 2020-04-03 | 广东电网有限责任公司 | Electric power mobile terminal identity authentication mechanism based on block chain |
| CN111314172A (en) * | 2020-01-19 | 2020-06-19 | 腾讯科技(深圳)有限公司 | Data processing method, device and equipment based on block chain and storage medium |
| CN111369242A (en) * | 2020-03-06 | 2020-07-03 | 上海佩俪信息科技有限公司 | Method for recovering block chain assets through intelligent contracts, wallet and block chain link points |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113836521A (en) * | 2021-11-26 | 2021-12-24 | 北京溪塔科技有限公司 | Decentralized identity-based multiple identity management method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111797373B (en) | 2021-07-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11973750B2 (en) | Federated identity management with decentralized computing platforms | |
| US11171782B2 (en) | Identity and electronic signature verification in blockchain | |
| US10915552B2 (en) | Delegating credentials with a blockchain member service | |
| KR102173426B1 (en) | Privacy preserving public key infrastructure based self sign and verification system and method in decentralized identity | |
| CN111600908B (en) | Data processing method, system, computer device and readable storage medium | |
| US20180336554A1 (en) | Secure electronic transaction authentication | |
| CN108881252B (en) | Identity authentication data processing method and device, computer equipment and storage medium | |
| US9037849B2 (en) | System and method for managing network access based on a history of a certificate | |
| US11019053B2 (en) | Requesting credentials | |
| US8631486B1 (en) | Adaptive identity classification | |
| US20190141048A1 (en) | Blockchain identification system | |
| CN113656780B (en) | Cross-chain access control method and device | |
| CN109587154B (en) | Digital identity verification method, device, computer equipment and storage medium | |
| CN110908786A (en) | Intelligent contract calling method, device and medium | |
| US11405394B2 (en) | Trust broker system for managing and sharing trust levels | |
| WO2020173019A1 (en) | Access certificate verification method and device, computer equipment and storage medium | |
| CN111292174A (en) | Tax payment information processing method and device and computer readable storage medium | |
| CN111880919A (en) | Data scheduling method, system and computer equipment | |
| CN110011796B (en) | Certificate updating method and device, computer equipment and storage medium | |
| CN111797373B (en) | Method, system, computer device and readable storage medium for identity information authentication | |
| Kinkelin et al. | Hardening x. 509 certificate issuance using distributed ledger technology | |
| CN111274612B (en) | Practitioner trust verification method and system, witness service system and storage medium | |
| CN114978668B (en) | Cross-chain data entity identity management and authentication method and system | |
| WO2021073383A1 (en) | User registration method, user login method and corresponding device | |
| CN112202734B (en) | Service processing method, electronic device and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information |
Inventor after: Jiang Yong Inventor after: Chen Yufeng Inventor after: Wang Zewei Inventor after: Zhang Sitong Inventor after: Zhou Xin Inventor after: Han Yongnan Inventor before: Jiang Yong Inventor before: Han Yongnan Inventor before: Chen Yufeng |
|
| CB03 | Change of inventor or designer information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |