CN115460017A - Block chain-based digital identity authority verification system - Google Patents

Block chain-based digital identity authority verification system Download PDF

Info

Publication number
CN115460017A
CN115460017A CN202211322214.1A CN202211322214A CN115460017A CN 115460017 A CN115460017 A CN 115460017A CN 202211322214 A CN202211322214 A CN 202211322214A CN 115460017 A CN115460017 A CN 115460017A
Authority
CN
China
Prior art keywords
verification
tag
block chain
client
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211322214.1A
Other languages
Chinese (zh)
Other versions
CN115460017B (en
Inventor
唐红武
曲新奎
薄满辉
佟业新
伍彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Travelsky Mobile Technology Co Ltd
Original Assignee
China Travelsky Mobile Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Travelsky Mobile Technology Co Ltd filed Critical China Travelsky Mobile Technology Co Ltd
Priority to CN202211322214.1A priority Critical patent/CN115460017B/en
Publication of CN115460017A publication Critical patent/CN115460017A/en
Application granted granted Critical
Publication of CN115460017B publication Critical patent/CN115460017B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a digital identity authority verification system based on a block chain, comprising: the system comprises a client, a server, a block chain platform and verification equipment; the client stores a DID identification Tag and a DID document; the client is used for executing: establishing an association relation between a user and an event to be executed, and generating a verification public key PK and a verification private key SK; sending the verification certificate A to a block chain platform; the server is configured to perform: responding to the establishment of a position selection task corresponding to an event to be executed, and determining the execution time interval delta T of the position selection task; sending the delta T and the Tag to a block chain platform; the authentication device is operable to perform: receiving authority verification information Y sent by a client; sending a first acquisition request H1 to a block chain platform to acquire PK; and performing authentication processing on the SK (F) by using the PK, and if the processing is successful, passing the authority authentication of the user. The system provided by the application can complete the authority verification under the condition that the user does not provide the entity identity card.

Description

Block chain-based digital identity authority verification system
Technical Field
The application relates to the field of block chains, in particular to a digital identity authority verification system based on a block chain.
Background
Many people today choose airplanes as vehicles. The check-in is required before the airplane is taken, and many airline operators do not provide an online check-in function, so that passengers need to hold identification cards to check-in counters or check-in on check-in equipment. Since the check-in does not require the operation of the passenger himself, some passengers entrust others to help check-in. However, the passenger is required to give his/her identification card to other people, so that it is difficult to ensure that other people cannot perform other unauthorized operations with the passenger's identification card, thereby forming a certain hidden danger.
Disclosure of Invention
In view of the above, the present application provides a block chain based digital authentication system, which at least partially solves the problems in the prior art.
In one aspect of the present application, there is provided a block chain-based digital authentication system, including: client, server, blockchain platform and verification device. The client, the server and the block chain platform are in communication connection, and the verification equipment is in communication connection with the block chain platform. The client stores the unique corresponding digital identity information of the corresponding user, and the digital identity information comprises a DID identification Tag and a DID document.
The client is used for executing the following steps:
s100, establishing an association relation between the user and the event to be executed in response to the user, and generating a verification public key PK and a verification private key SK according to the DID document.
S110, sending a verification credential a = (Tag, PK) to the blockchain platform, so that the blockchain platform performs data uplink on a.
And S120, sending the Tag to the server.
The server is used for executing the following steps:
s200, responding to establishment of a position selection task corresponding to the event to be executed, and determining an execution time interval delta T = [ T1, T2] of the position selection task; t1 is the starting time of the position selection task, T2 is the ending time of the position selection task, and the starting time of the position selection task is earlier than the starting time of the event to be executed.
S210, sending the delta T and the Tag to the block chain platform, so that the block chain platform establishes an association relation between the delta T and the A according to the Tag.
The authentication device is used for executing the following steps to authenticate the authority of the user:
s300, receiving authority verification information Y = (SK (F), tag) sent by the client; and the SK (F) is a certificate to be verified obtained after the client uses the SK to process the F.
S310, sending a first obtaining request H1= (Tag, tnow) to the blockchain platform, so that the blockchain platform obtains PK using the Tag as a query index, and returns PK to the verification device; wherein the blockchain platform is configured to send the PK to the authentication device only when Tnow ∈ Δ T. Tnow is the time when Y is received by the authentication device.
S320, using PK to verify SK (F), and if the process is successful, the authority of the user passes verification.
In an exemplary embodiment of the present application, a device type identifier L is stored in the authentication device.
The step S110 includes:
s111, sending a verification credential a = (Tag, PK, num 0) to the blockchain platform, so that the blockchain platform performs data uplink on a; and the Num0 is the unique identifier of the electronic equipment where the client is located.
The step S300 includes:
s301, receives the authority verification information Y = (SK (F), tag) sent by the client.
S302, acquiring L, if L = K1, then step S311 is performed, otherwise step S312 is performed; k1 is a preset mark.
The step S310 includes:
s311, sending a first obtaining request H1= (Tag, tnow, L) to the blockchain platform, so that the blockchain platform obtains PK using the Tag as a query index, and returns PK to the verification device.
And S312, establishing wireless communication connection with the electronic equipment.
S313, obtaining the equipment identifier Num1 to be verified from the electronic equipment through the wireless communication connection.
S314, sending a second obtaining request H2= (Tag, tnow, L, num 1) to the blockchain platform, so that the blockchain platform obtains PK using the Tag as a query index, and returns PK to the verification device.
The blockchain platform is configured to send PK to the authentication device only if Tnow ∈ Δ T if L = K1. Otherwise, the PK is sent to the authentication device only if Tnow > T1, and Num1= Num0.
In an exemplary embodiment of the present application, the client stores therein preset portrait information of a user corresponding thereto.
After the step S120, the client is further configured to perform the following steps:
s130, responding to the identity information generation request input by the user, and acquiring the current portrait information of the user.
And S140, if the current portrait information and the preset portrait information accord with matching conditions, generating authority verification information Y.
And S150, generating the graphic code according to the Y. And the verification equipment can acquire Y by identifying the graphic code, and the graphic code is provided with effective duration.
In an exemplary embodiment of the present application, the step S110 includes:
s112, the authentication voucher A = (Tag, PK, tag) F ) Sending the uplink data to the block chain platform so that the block chain platform carries out data uplink on A; wherein, tag F And identifying the event of the event to be executed.
After step S320, the authentication device is further configured to perform the following steps:
s330, if the authority of the user passes the verification, sending a verification identifier Z to the block chain platform so that the block chain platform establishes an association relationship between Z and A.
S340, responding to the arrival of the set time T3 and according to the Tag F Acquiring public keys to be verified in all candidate verification certificates which are not associated with Z from the block chain platform; wherein T3 is determined from T2 and T3 is earlier than T2.
In an exemplary embodiment of the present application, the graphic code is a two-dimensional code or a bar code.
In an exemplary embodiment of the present application, the unique identifier is a MAC code or a mobile phone number to which the electronic device is currently bound.
In an exemplary embodiment of the present application, SK (F) is obtained by:
s001, F is encrypted by using SK to obtain SK (F).
In an exemplary embodiment of the present application, SK (F) is obtained by:
s002, F is signed with SK to obtain SK (F).
After a user establishes an incidence relation with an event to be executed, a corresponding pair of PK and SK can be generated according to a DID document uniquely corresponding to the user, and the PK can verify information or data processed by the SK to determine whether the processed data is the information or data processed by the SK. Meanwhile, PK is stored on a block chain platform, and SK is only stored locally on a client of a user. I.e. only the user himself can use SK. After receiving the Tag, the server sends the delta T and the Tag to the block chain platform after the position selection task of the event to be executed is established, so that the block chain platform establishes an association relation between the delta T and the A according to the Tag.
Meanwhile, the SK can be used only by the client, so that the authentication device can be regarded as a user authorized that the authentication device can use the corresponding PK to perform the authority authentication of the user after receiving the Y sent by the client. Meanwhile, in order to avoid the verification device from randomly acquiring the PK at an unauthorized time, the block chain platform only sends the PK to the verification device when the Tnow belongs to the delta T. Therefore, the verification device can acquire the PK from the block chain platform to verify the SK (F) in the Y only after receiving the Y in the corresponding authorization period (delta T) so as to complete the authority verification of the user. In this way, the authority verification can be completed by holding Y and sending Y to the verification device without using an entity identity card. Meanwhile, when needing others to help to process corresponding affairs, the Y can also be sent to the electronic equipment or the client of other users to authorize others to process corresponding matters instead of directly giving the entity identity card to the other side, so that potential safety hazards are avoided.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a block diagram of a block chain-based digital authentication system according to this embodiment.
Detailed Description
The embodiments of the present application will be described in detail below with reference to the accompanying drawings.
It should be noted that, in the case of no conflict, the features in the following embodiments and examples may be combined with each other; moreover, all other embodiments that can be derived by one of ordinary skill in the art from the embodiments disclosed herein without making any creative effort fall within the scope of the present disclosure.
It is noted that various aspects of the embodiments are described below within the scope of the appended claims. It should be apparent that the aspects described herein may be embodied in a wide variety of forms and that any specific structure and/or function described herein is merely illustrative. Based on the disclosure, one skilled in the art should appreciate that one aspect described herein may be implemented independently of any other aspects and that two or more of these aspects may be combined in various ways. For example, an apparatus may be implemented and/or a method practiced using any number of the aspects set forth herein. Additionally, such an apparatus may be implemented and/or such a method may be practiced using other structure and/or functionality in addition to one or more of the aspects set forth herein.
The noun explains: DID is digital identity information.
Referring to fig. 1, in one aspect of the present application, there is provided a block chain-based digital authentication system, including: client, server, blockchain platform and verification device. The client, the server and the block chain platform are in communication connection, and the verification equipment is in communication connection with the block chain platform; the client stores digital identity information uniquely corresponding to a user corresponding to the client, and the digital identity information comprises a DID identification Tag and a DID document.
The digital identity information can be pre-established by the user and recorded on the blockchain platform to ensure the validity of the DID document. The DID identification is used to uniquely identify the DID document.
The client is used for executing the following steps:
s100, establishing an association relation between the user and the event to be executed in response to the user, and generating a verification public key PK and a verification private key SK according to the DID document. Specifically, the event to be executed may be an event such as a flight, and the association relationship between the user and the event to be executed may be understood that the user purchases a ticket of the flight. The DID document is stored locally at the client, and the client can generate an algorithm through a preset secret key according to the life times PK and SK of the DID document.
S110, sending an authentication credential a = (Tag, PK) to the blockchain platform, so that the blockchain platform performs data uplink on a.
And S120, sending the Tag to the server. So that the server knows that the user corresponding to the Tag has sent the PK to the blockchain platform.
The server is used for executing the following steps:
s200, responding to establishment of a position selection task corresponding to the event to be executed, and determining an execution time interval delta T = [ T1, T2] of the position selection task; t1 is the starting time of the position selection task, T2 is the ending time of the position selection task, and the starting time of the position selection task is earlier than the starting time of the event to be executed. The position selection task may be an on-duty task, and is generally established after the flight initialization.
S210, sending the delta T and the Tag to the block chain platform, so that the block chain platform establishes an association relation between the delta T and the A according to the Tag.
The authentication device is used for executing the following steps to authenticate the authority of the user:
s300, receiving authority verification information Y = (SK (F), tag) sent by the client; and the SK (F) is a certificate to be verified obtained after the client uses the SK to process the F.
Specifically, SK (F) is obtained by the following steps:
s001, F is encrypted by using SK to obtain SK (F). Or the like, or, alternatively,
s002, F is signed with SK to obtain SK (F).
S310, send a first acquisition request H1= (Tag, tnow) to the blockchain platform, so that the blockchain platform acquires PK using the Tag as a query index, and returns PK to the verification device. Wherein the blockchain platform is configured to send the PK to the authentication device only when Tnow ∈ Δ T. Tnow is the time when Y is received by the authentication device.
S320, using PK to verify SK (F), and if the process is successful, the authority of the user passes verification.
Specifically, the verification process may be a decryption process or a signature identification process for SK (F). If the decryption is successful or the signature identification is successful, the processing is considered to be successful.
The embodiment provides a block chain-based digital identity authority verification system, after a user establishes an association relationship with an event to be executed, a corresponding pair of PK and SK is generated according to a DID document uniquely corresponding to the user, and the PK can verify information or data processed by the SK to determine whether the processed data is the information or data processed by the SK. Meanwhile, PK is stored on a block chain platform, and SK is only stored locally on a client of a user. I.e. only the user himself can use SK. After receiving the Tag, the server sends the delta T and the Tag to the block chain platform after the position selection task of the event to be executed is established, so that the block chain platform establishes an association relation between the delta T and the A according to the Tag.
Meanwhile, the SK can be used only by the client, so that the authentication device can be regarded as a user authorized that the authentication device can use the corresponding PK to perform the authority authentication of the user after receiving the Y sent by the client. Meanwhile, in order to avoid the authentication device from acquiring the PK at will at an unauthorized time, the block chain platform sends the PK to the authentication device only when Tnow ∈ Δ T. Therefore, after the verification device receives Y within the corresponding authorization time interval (delta T) as far as possible, the verification device can acquire PK from the block chain platform to verify SK (F) within Y so as to complete the authority verification of the user. In this way, the authority verification can be completed by holding Y and sending Y to the verification device without using an entity identity card. Meanwhile, when other people are required to help to process corresponding affairs, the Y can also be sent to electronic equipment or clients of other users to authorize other people to process corresponding matters instead of directly giving an entity identity card to the other side, so that potential safety hazards are avoided.
In an exemplary embodiment of the present application, a device type identifier L is stored in the authentication device. The specific value of the device type identifier within the verification device may be actively adjusted by the staff. Specifically, when L = K1, the authentication device is used for authority authentication of the location selection task, and when L = K2 or another value, the authentication device is used for authority authentication of another task, and the authority authentication level of the other task is higher than that of the location selection task. Specifically, K1 may be 0 or other preset identifier, and K2 may be 1 or other preset identifier. For example, the authority verification of the location selection task may be authorized by the actual authority owner for authority verification by others, such as at check-in. The authority verification of other tasks requires the actual authority owner to carry out the authority verification, such as the authority verification of an airport VIP hall.
The step S110 includes:
s111, sending a verification credential a = (Tag, PK, num 0) to the blockchain platform, so that the blockchain platform performs data uplink on a; and the Num0 is the unique identifier of the electronic equipment where the client is located. The unique identifier may be a MAC code of the electronic device or a mobile phone number currently bound to the electronic device.
The step S300 includes:
s301, receives the authority verification information Y = (SK (F), tag) sent by the client.
S302, obtain L, if L = K1, go to step S311, otherwise go to step S312.
The step S310 includes:
s311, sending a first obtaining request H1= (Tag, tnow, L) to the blockchain platform, so that the blockchain platform obtains PK using the Tag as a query index, and returns PK to the verification device.
And S312, establishing wireless communication connection with the electronic equipment.
S313, obtaining the equipment identifier Num1 to be verified from the electronic equipment through the wireless communication connection.
S314, sending a second obtaining request H2= (Tag, tnow, L, num 1) to the blockchain platform, so that the blockchain platform obtains PK with the Tag as a query index, and returns PK to the verification device.
The blockchain platform is configured to send PK to the authentication device only if Tnow ∈ Δ T if L = K1; otherwise, the PK is sent to the authentication device only if Tnow > T1, and Num1= Num0. Num1= Num0 may indicate that the electronic device where the client sending Y is located is the electronic device of the user corresponding to the Tag.
In this embodiment, the unique identifier Num0 of the electronic device where the client is located is additionally added to the verification credential a sent by the client to the block chain platform. And the verification equipment can generate different acquisition requests according to the actual condition of the L so as to adapt to the authority verification of the current corresponding task. Meanwhile, the blockchain platform can also determine which task the verification device needs to perform permission verification currently according to the L in the acquisition request (H1 or H2). Therefore, when K ≠ K1, the blockchain platform will only send PK to the verification device when Tnow > T1, and Num1= Num0.
Since the SK is stored in the electronic device (e.g., mobile phone) of the user, and the general user does not give the mobile phone to another person other than the user, when Num1= Num0 is specified, it can be specified that the user corresponding to the Tag performs the authentication by himself or herself. Therefore, the rapid verification can be completed without the need of displaying the own identity card by the user, and the risk of leakage of private identity information is avoided.
Meanwhile, according to the method provided by the embodiment, the verification device can switch different verification modes by modifying the value of the L. And the client can adapt to the authority verification under different scenes only by executing the same processing no matter what kind of authority verification is carried out.
In an exemplary embodiment of the present application, the client stores therein preset portrait information of a user corresponding thereto;
after the step S120, the client is further configured to perform the following steps:
s130, responding to the identity information generation request input by the user, and acquiring the current portrait information of the user. The obtaining of the current portrait information of the user may be shooting the portrait of the user through a camera of the electronic device.
And S140, if the current portrait information and the preset portrait information accord with matching conditions, generating authority verification information Y.
And if the matching condition is met, the current portrait information and the preset portrait information correspond to the same person, namely the user corresponding to the Tag.
S150, generating a graphic code according to the Y; and the verification equipment can acquire Y by identifying the graphic code, and the graphic code is provided with effective duration. Specifically, the graphic code is a two-dimensional code or a bar code. The effective time period may be 1 minute to 10 minutes, and in this embodiment, the effective time period is 3 minutes.
As can be seen from the foregoing, in some cases, authentication of the person is required for the authentication of the authority. In the method provided by the embodiment, the client generates the Y for the authority verification only when the current portrait information and the preset portrait information meet the matching condition, and the corresponding valid duration is matched, so that the client can replace the verification device to determine whether the current person for the authority verification is the user. Therefore, the user can be authenticated when the authority is authenticated, and the hardware cost of the authentication equipment is reduced without additionally arranging a camera on the authentication equipment.
In an exemplary embodiment of the present application, one to-be-executed task may have an association relationship with a plurality of users at the same time. Each user with the association relation stores the corresponding authentication certificate on the deblocking chain platform.
The step S110 includes:
s112, verifying the certificate A = (Tag, PK, tag) F ) Sending the uplink data to the block chain platform so that the block chain platform carries out data uplink on the A; wherein, tag F And identifying the event of the event to be executed.
After step S320, the authentication device is further configured to perform the following steps:
s330, if the authority of the user passes the verification, sending a verification identifier Z to the block chain platform so that the block chain platform establishes an association relationship between Z and A. The authentication credential associated with Z indicates that its corresponding user has completed the authorization verification for the location selection task.
S340, responding to the arrival of the set time T3 and according to the Tag F Acquiring public keys to be verified in all candidate verification certificates which are not associated with Z from the block chain platform, wherein the public keys to be verified are the public keys; wherein T3 is determined from T2 and T3 is earlier than T2, T3-T2=5min. The public key to be verified is the Tag which is not completed F And selecting the verification public key of the user of the task according to the position of the corresponding event to be executed.
The blockchain platform is configured to verify that the device can rely on Tag if the current time is later than T3 F And directly acquiring the public key to be verified for the query index without performing query acquisition through a DID (binary-identification) sent by a user.
In this embodiment, each authentication credential stored on the blockchain platform has an event identifier of the corresponding event to be executed. When the verification device reaches T3 (namely the position selection task is just finished), the verification device actively acquires the incomplete Tag from the block chain platform F The corresponding location of the event to be executed selects the authentication public key of the user of the task (i.e., the public key to be authenticated). Therefore, when the users carry out authority verification, the corresponding public keys to be verified can be quickly acquired from the local database for authority verification. Therefore, the authority verification can be completed quickly under specific conditions. The situation that when the position selection task is about to end, due to time delay caused by the conditions of poor network environment, communication interaction and the like, the permission verification of the users is too slow, and therefore part of the users cannot complete the permission verification is avoided.
Moreover, although the steps of the methods of the present disclosure are depicted in the drawings in a particular order, this does not require or imply that the steps must be performed in this particular order, or that all of the depicted steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, and may also be implemented by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the present disclosure, an electronic device capable of implementing the above method is also provided.
As will be appreciated by one skilled in the art, aspects of the present application may be embodied as a system, method or program product. Accordingly, various aspects of the present application may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
An electronic device according to this embodiment of the present application. The electronic device is only an example, and should not bring any limitation to the function and the scope of use of the embodiments of the present application.
The electronic device is in the form of a general purpose computing device. Components of the electronic device may include, but are not limited to: the at least one processor, the at least one memory, and a bus connecting the various system components (including the memory and the processor).
Wherein the storage stores program code executable by the processor to cause the processor to perform steps according to various exemplary embodiments of the present application described in the "exemplary methods" section above.
The memory may include readable media in the form of volatile memory, such as Random Access Memory (RAM) and/or cache memory, and may further include Read Only Memory (ROM).
The storage may also include a program/utility having a set (at least one) of program modules including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which or some combination thereof may comprise an implementation of a network environment.
The bus may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, a processor, or a local bus using any of a variety of bus architectures.
The electronic device may also communicate with one or more external devices (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device to communicate with one or more other computing devices. Such communication may be through an input/output (I/O) interface. Also, the electronic device may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via a network adapter. The network adapter communicates with other modules of the electronic device over the bus. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device, including but not limited to: microcode, device drivers, redundant processors, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the present disclosure, there is also provided a computer-readable storage medium having stored thereon a program product capable of implementing the above-described method of the present specification. In some possible embodiments, various aspects of the present application may also be implemented in the form of a program product comprising program code for causing a terminal device to perform the steps according to various exemplary embodiments of the present application described in the "exemplary methods" section above of this specification, when the program product is run on the terminal device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
Furthermore, the above-described figures are merely schematic illustrations of processes involved in methods according to exemplary embodiments of the present application, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed, for example, synchronously or asynchronously in multiple modules.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functions of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present application should be covered within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (8)

1. A system for block chain based digital authentication, comprising: the system comprises a client, a server, a block chain platform and verification equipment; the client, the server and the block chain platform are in communication connection, and the verification equipment is in communication connection with the block chain platform; the client stores digital identity information uniquely corresponding to a corresponding user, wherein the digital identity information comprises a DID identification Tag and a DID document;
the client is used for executing the following steps:
s100, establishing an association relation between the user and the event to be executed in response to the user, and generating a verification public key PK and a verification private key SK according to the DID document;
s110, sending a verification credential a = (Tag, PK) to the blockchain platform, so that the blockchain platform performs data uplink on a;
s120, sending the Tag to the server;
the server is used for executing the following steps:
s200, responding to establishment of a position selection task corresponding to the event to be executed, and determining an execution time interval delta T = [ T1, T2] of the position selection task; t1 is the starting time of the position selection task, T2 is the ending time of the position selection task, and the starting time of the position selection task is earlier than the starting time of the event to be executed;
s210, sending the delta T and the Tag to the block chain platform so that the block chain platform establishes an association relation between the delta T and the A according to the Tag;
the authentication device is used for executing the following steps to authenticate the authority of the user:
s300, receiving authority verification information Y = (SK (F), tag) sent by the client; f is event information of the event to be executed, and SK (F) is a credential to be verified obtained after the client uses SK to process F;
s310, sending a first obtaining request H1= (Tag, tnow) to the blockchain platform, so that the blockchain platform obtains PK using the Tag as a query index, and returns PK to the verification device; wherein the blockchain platform is configured to send the PK to the verification device only when Tnow ∈ Δ T; tnow is the time when the verification device receives Y;
s320, using PK to verify SK (F), and if the process is successful, the authority of the user passes verification.
2. The block chain based digital identity rights verification system of claim 1 wherein a device type identifier L is stored within the verification device;
the step S110 includes:
s111, sending a verification certificate A = (Tag, PK, num 0) to the blockchain platform, so that the blockchain platform performs data uplink on A; wherein Num0 is a unique identifier of the electronic device where the client is located;
the step S300 includes:
s301, receiving the authority verification information Y = (SK (F), tag) sent by the client;
s302, obtain L, if L = K1, go to step S311, otherwise go to step S312; k1 is a preset mark;
the step S310 includes:
s311, sending a first acquisition request H1= (Tag, tnow, L) to the blockchain platform, so that the blockchain platform acquires PK using the Tag as a query index, and returns PK to the verification device;
s312, establishing wireless communication connection with the electronic equipment;
s313, acquiring a device identifier Num1 to be verified from the electronic device through the wireless communication connection;
s314, sending a second acquisition request H2= (Tag, tnow, L, num 1) to the blockchain platform, so that the blockchain platform acquires PK using the Tag as a query index, and returns PK to the verification device;
the blockchain platform is configured to send PK to the authentication device only if Tnow ∈ Δ T if L = K1; otherwise, the PK is sent to the authentication device only if Tnow > T1, and Num1= Num0.
3. The system according to claim 1, wherein the client stores therein preset portrait information of a user corresponding thereto;
after the step S120, the client is further configured to perform the following steps:
s130, responding to an identity information generation request input by a user, and acquiring current portrait information of the user;
s140, if the current portrait information and the preset portrait information accord with matching conditions, generating authority verification information Y;
s150, generating a graphic code according to the Y; and the verification equipment can acquire Y by identifying the graphic code, and the graphic code is provided with effective duration.
4. The system for block chain-based digital authentication according to claim 1, wherein the step S110 comprises:
s112, verifying the certificate A = (Tag, PK, tag) F ) Sending the uplink data to the block chain platform so that the block chain platform carries out data uplink on the A; wherein, tag F Identifying the event of the event to be executed;
after step S320, the authentication device is further configured to perform the steps of:
s330, if the authority of the user passes verification, sending a verification identifier Z to the block chain platform so that the block chain platform establishes an association relationship between Z and A;
s340, responding to the arrival of the set time T3 and according to the Tag F Acquiring public keys to be verified in all candidate verification certificates which are not associated with Z from the block chain platform; wherein T3 is determined from T2, and T3 is earlier than T2.
5. The blockchain-based digital authentication system according to claim 3, wherein the graphic code is a two-dimensional code or a bar code.
6. The system of claim 2, wherein the unique identifier is a MAC code or a cell phone number to which the electronic device is currently bound.
7. The blockchain-based digital authentication system according to claim 1, wherein SK (F) is obtained by:
s001, F is encrypted by using SK to obtain SK (F).
8. The blockchain-based digital authentication system according to claim 1, wherein SK (F) is obtained by:
s002, F is signed with SK to obtain SK (F).
CN202211322214.1A 2022-10-27 2022-10-27 Block chain-based digital identity authority verification system Active CN115460017B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211322214.1A CN115460017B (en) 2022-10-27 2022-10-27 Block chain-based digital identity authority verification system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211322214.1A CN115460017B (en) 2022-10-27 2022-10-27 Block chain-based digital identity authority verification system

Publications (2)

Publication Number Publication Date
CN115460017A true CN115460017A (en) 2022-12-09
CN115460017B CN115460017B (en) 2023-01-31

Family

ID=84310450

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211322214.1A Active CN115460017B (en) 2022-10-27 2022-10-27 Block chain-based digital identity authority verification system

Country Status (1)

Country Link
CN (1) CN115460017B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116244676A (en) * 2023-05-09 2023-06-09 中航信移动科技有限公司 Block chain-based secure identity verification system

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109889479A (en) * 2018-12-21 2019-06-14 中链科技有限公司 User identity based on block chain deposits card, verification method and device and verification system
WO2019204794A1 (en) * 2018-04-20 2019-10-24 Infonetworks Llc System for verification of pseudonymous credentials for digital identities with managed access to personal data on trust networks
US20200076602A1 (en) * 2018-08-29 2020-03-05 International Business Machines Corporation Trusted identity solution using blockchain
CN111291339A (en) * 2020-02-19 2020-06-16 上海方付通商务服务有限公司 Processing method, device and equipment of block chain data and storage medium
WO2020134942A1 (en) * 2018-12-25 2020-07-02 阿里巴巴集团控股有限公司 Identity verification method and system therefor
CN112307455A (en) * 2020-12-28 2021-02-02 支付宝(杭州)信息技术有限公司 Identity authentication method and device based on block chain and electronic equipment
CN112825521A (en) * 2019-11-21 2021-05-21 树根互联技术有限公司 Trusted identity management method, system, equipment and storage medium for block chain application
US20210385216A1 (en) * 2020-06-04 2021-12-09 Verizon Patent And Licensing Inc. Personal identity system
CN115118441A (en) * 2022-08-29 2022-09-27 中航信移动科技有限公司 Identity verification system based on block chain

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019204794A1 (en) * 2018-04-20 2019-10-24 Infonetworks Llc System for verification of pseudonymous credentials for digital identities with managed access to personal data on trust networks
US20200076602A1 (en) * 2018-08-29 2020-03-05 International Business Machines Corporation Trusted identity solution using blockchain
CN109889479A (en) * 2018-12-21 2019-06-14 中链科技有限公司 User identity based on block chain deposits card, verification method and device and verification system
WO2020134942A1 (en) * 2018-12-25 2020-07-02 阿里巴巴集团控股有限公司 Identity verification method and system therefor
CN112825521A (en) * 2019-11-21 2021-05-21 树根互联技术有限公司 Trusted identity management method, system, equipment and storage medium for block chain application
CN111291339A (en) * 2020-02-19 2020-06-16 上海方付通商务服务有限公司 Processing method, device and equipment of block chain data and storage medium
US20210385216A1 (en) * 2020-06-04 2021-12-09 Verizon Patent And Licensing Inc. Personal identity system
CN112307455A (en) * 2020-12-28 2021-02-02 支付宝(杭州)信息技术有限公司 Identity authentication method and device based on block chain and electronic equipment
CN115118441A (en) * 2022-08-29 2022-09-27 中航信移动科技有限公司 Identity verification system based on block chain

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116244676A (en) * 2023-05-09 2023-06-09 中航信移动科技有限公司 Block chain-based secure identity verification system
CN116244676B (en) * 2023-05-09 2023-07-07 中航信移动科技有限公司 Block chain-based secure identity verification system

Also Published As

Publication number Publication date
CN115460017B (en) 2023-01-31

Similar Documents

Publication Publication Date Title
CN107113315B (en) Identity authentication method, terminal and server
US10659457B2 (en) Information processing device, information processing system, and information processing method
US8572701B2 (en) Authenticating via mobile device
CN108111473B (en) Unified management method, device and system for hybrid cloud
JP5950225B2 (en) Server device, in-vehicle terminal, information communication method, and information distribution system
JP6401784B2 (en) Payment authentication system, method and apparatus
US11206544B2 (en) Checkpoint identity verification on validation using mobile identification credential
CN103827811A (en) Managing basic input/output system (BIOS) access
CN109150535A (en) A kind of identity identifying method, equipment, computer readable storage medium and device
CN110011957B (en) Security authentication method and device for enterprise account, electronic equipment and storage medium
JP2009181153A (en) User authentication system and method, program, medium
CN110661779B (en) Block chain network-based electronic certificate management method, system, device and medium
JP6894160B1 (en) Usage right information processing device based on smart contract, usage right information processing system, and usage right information processing method
CN115460017B (en) Block chain-based digital identity authority verification system
CN108400989B (en) Security authentication equipment, method and system for shared resource identity authentication
EP3332369B1 (en) Method and apparatus for service authentication
KR20210022532A (en) Information processing device, information processing method and program
JP2021523501A (en) Identification code pulling method, computer programs, terminal devices, and servers
KR101467746B1 (en) User authentication system and method using smart media
CN115935318B (en) Information processing method, device, server, client and storage medium
JP6841781B2 (en) Authentication server device, authentication system and authentication method
CN115967581A (en) Login verification method and device, electronic equipment and storage medium
KR20180039037A (en) Cross authentication method and system between online service server and client
CN108241980A (en) Authorization and authentication method, system and the ebanking server of cross-terminal, Mobile Server
KR101611099B1 (en) Method for issuing of authentication token for real name identification, method for certifying user using the authentication token and apparatus for performing the method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant