CN116346355A - Block chain digital identity processing method, device and system - Google Patents

Block chain digital identity processing method, device and system Download PDF

Info

Publication number
CN116346355A
CN116346355A CN202310287205.1A CN202310287205A CN116346355A CN 116346355 A CN116346355 A CN 116346355A CN 202310287205 A CN202310287205 A CN 202310287205A CN 116346355 A CN116346355 A CN 116346355A
Authority
CN
China
Prior art keywords
digital identity
attribute data
verifiable
service provider
blockchain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310287205.1A
Other languages
Chinese (zh)
Inventor
陈浩坚
苏恒
张叶飞
江洪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202310287205.1A priority Critical patent/CN116346355A/en
Publication of CN116346355A publication Critical patent/CN116346355A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3265Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a method, a device and a system for processing a blockchain digital identity, which relate to the technical field of blockchains, and the method comprises the following steps: receiving and storing a verifiable certificate sent by a certificate issuer in a blockchain network, wherein the verifiable certificate is generated after the certificate issuer signs and endorses digital identity attribute data of the user through a merkel tree; sending a service request to a service provider in a blockchain network, and receiving a verification condition returned by the service provider; determining corresponding disclaimer digital identity attribute data in the verifiable certificate according to the verification condition, and sending the disclaimer digital identity attribute data to the service provider to finish verification operation; the method and the device can effectively improve the accuracy of disclosure of the blockchain digital identity attribute information.

Description

Block chain digital identity processing method, device and system
Technical Field
The application relates to the technical field of blockchains, and also can be used in the financial field, in particular to a blockchain digital identity processing method, device and system.
Background
The blockchain digital identity is a digital identity authentication system based on cryptography, and the ownership and data flow control rights of the digital identity are returned to an identity owner, so that the problems of low safety, insufficient privacy protection, incapacity of transplanting the identity and the like of the existing identity management mode can be effectively solved. Attribute selective disclosure is one of the key features of blockchain digital identity, which is the key to protecting user identity privacy. The user applies for the verifiable certificate from the identity attribute provider by taking the decentralised identifier as a user name, and the attribute contained in the verifiable certificate is selected and disclosed to the application service provider for verification according to the requirement, so that the privacy protection of the user is realized.
At present, the blockchain digital identity is usually realized based on zero knowledge proof, by acquiring the verification condition of a service provider in advance, then selecting partial information enough to prove that the verification condition is met from the attributes possessed by the user to be revealed, avoiding simple and complete display of all attribute information without reservation, then designing a corresponding zero knowledge proof circuit to generate the zero knowledge proof, and finally realizing that the verifier can verify whether the attributes possessed by the user meet the verification condition while not knowing the content of the revealed attribute information, thereby realizing privacy protection of the user.
The inventor finds that the solution based on the traditional zero knowledge proof algorithm relates to the proof circuit algorithm design, the process is complex, the universal circuit cannot be designed to adapt to diversified verification conditions under different scenes, and the subsequent process can be processed after knowing the specific verification conditions, so that the related scheme needs to be optimized and enhanced in the aspects of system design and simplicity of user use.
Disclosure of Invention
Aiming at the problems in the prior art, the application provides a blockchain digital identity processing method, device and system, which can effectively improve the accuracy of disclosure of blockchain digital identity attribute information.
In order to solve at least one of the above problems, the present application provides the following technical solutions:
in a first aspect, the present application provides a blockchain digital identity processing method, applied to a user terminal in a blockchain network, the method including:
receiving and storing a verifiable certificate sent by a certificate issuer in a blockchain network, wherein the verifiable certificate is generated after the certificate issuer signs and endorses digital identity attribute data of the user through a merkel tree;
sending a service request to a service provider in a blockchain network, and receiving a verification condition returned by the service provider;
and determining corresponding disclaimer digital identity attribute data in the verifiable certificate according to the verification condition, and sending the disclaimer digital identity attribute data to the service provider to finish verification operation.
Further, the determining the corresponding disclaimer digital identity attribute data in the verifiable credential according to the verification condition includes:
determining a corresponding Meeker tree calculation path in the verifiable certificate according to the attribute data to be disclosed in the verification condition;
and determining corresponding publicly available digital identity attribute data according to the Merkel tree calculation path.
In a second aspect, the present application provides a blockchain digital identity processing method applied to a credential issuer in a blockchain network, the method comprising:
signing and endorsing the digital identity attribute data of the user through a Merkel tree to generate a verifiable certificate;
and sending the verifiable credentials to a user terminal for storage, so that the user terminal sends a service request to a service provider in a blockchain network, receives verification conditions returned by the service provider, determines corresponding disclaimer digital identity attribute data in the verifiable credentials according to the verification conditions, and sends the disclaimer digital identity attribute data to the service provider to finish verification operation.
Further, the signing endorsement is performed on the digital identity attribute data of the user through the merkel tree, and the verifiable credential generation includes:
performing digital fingerprint hash conversion on the digital identity attribute data of the user through a Merkel tree;
and collecting the digital identity attribute data subjected to digital fingerprint hash conversion to a single tree root, and signing and endorsing the tree root to generate the verifiable certificate.
In a third aspect, the present application provides a blockchain digital identity processing device, comprising:
The system comprises a credential receiving module, a verification module and a verification module, wherein the credential receiving module is used for receiving and storing a verifiable credential sent by a credential issuer in a blockchain network, wherein the verifiable credential is generated after the credential issuer signs and endorses digital identity attribute data of a user through a merkel tree;
the request sending module is used for sending a service request to a service provider in the blockchain network and receiving a verification condition returned by the service provider;
and the information disclosure module is used for determining corresponding disclaimer digital identity attribute data in the verifiable certificate according to the verification condition and sending the disclaimer digital identity attribute data to the service provider to finish verification operation.
Further, the information disclosure module includes:
a calculation path determining unit, configured to determine a corresponding merkel tree calculation path in the verifiable certificate according to the attribute data to be disclosed in the verification condition;
and the corresponding disclosing unit is used for determining corresponding revealed digital identity attribute data according to the Merkel tree calculation path.
In a fourth aspect, the present application provides a blockchain digital identity processing device, comprising:
the certificate generation module is used for signing and endorsing the digital identity attribute data of the user through the Meeker tree to generate a verifiable certificate;
And the credential sending module is used for sending the verifiable credential to a user side for storage, so that the user side sends a service request to a service provider in a blockchain network, receives verification conditions returned by the service provider, determines corresponding disclaimer digital identity attribute data in the verifiable credential according to the verification conditions, and sends the disclaimer digital identity attribute data to the service provider to finish verification operation.
Further, the credential generation module includes:
the hash conversion unit is used for carrying out digital fingerprint hash conversion on the digital identity attribute data of the user through the Meeker tree;
and the tree root gathering unit is used for gathering the digital identity attribute data subjected to digital fingerprint hash conversion to a single tree root and signing and endorsing the tree root to generate the verifiable certificate.
In a fifth aspect, the present application provides a blockchain digital identity processing system, including a credential issuer, a client, and a service provider in a blockchain network;
the credential issuer includes:
the certificate generation module is used for signing and endorsing the digital identity attribute data of the user through the Meeker tree to generate a verifiable certificate;
The certificate sending module is used for sending the verifiable certificate to a user side for storage;
the user terminal comprises:
the certificate receiving module is used for receiving and storing verifiable certificates sent by a certificate issuer in the blockchain network;
the request sending module is used for sending a service request to a service provider in the blockchain network and receiving a verification condition returned by the service provider;
and the information disclosure module is used for determining corresponding disclaimer digital identity attribute data in the verifiable certificate according to the verification condition and sending the disclaimer digital identity attribute data to the service provider to finish verification operation.
In a sixth aspect, the present application provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the blockchain digital identity processing method when the program is executed.
In a seventh aspect, the present application provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the blockchain digital identity processing method.
In an eighth aspect, the present application provides a computer program product comprising computer programs/instructions which when executed by a processor implement the steps of the blockchain digital identity processing method.
According to the technical scheme, the application provides a blockchain digital identity processing method, device and system, and verifiable certificates sent by a certificate issuer in a blockchain network are received and stored, wherein the verifiable certificates are generated by the certificate issuer after signing and endorsing digital identity attribute data of a user through a merkel tree; sending a service request to a service provider in a blockchain network, and receiving a verification condition returned by the service provider; and determining corresponding disclaimer digital identity attribute data in the verifiable certificate according to the verification condition, and sending the disclaimer digital identity attribute data to the service provider to finish verification operation, so that accuracy of disclosure of the blockchain digital identity attribute information can be effectively improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a blockchain digital identity processing method according to an embodiment of the present application;
FIG. 2 is a second flow chart of a blockchain digital identity processing method in an embodiment of the present application;
FIG. 3 is a third flow chart of a blockchain digital identity processing method in the embodiment of the present application;
FIG. 4 is a flowchart of a blockchain digital identity processing method in an embodiment of the present application;
FIG. 5 is one of the block chain digital identity processing devices in one embodiment of the present application;
FIG. 6 is a second block diagram of a blockchain digital identity processing device in accordance with embodiments of the present application;
FIG. 7 is a third block diagram of a blockchain digital identity processing device in accordance with embodiments of the present application;
FIG. 8 is a fourth block diagram of a blockchain digital identity processing device in an embodiment of the present application;
FIG. 9 is a block diagram of a blockchain digital identity processing system in an embodiment of the present application;
FIG. 10 is a flowchart of a blockchain digital identity processing method in an embodiment of the present application;
FIG. 11 is a schematic diagram of an attribute data structure in a verifiable credential according to one embodiment of the present application;
FIG. 12 is a schematic diagram of an improved verifiable credential in one embodiment of the present application;
FIG. 13 is one of schematic representations of verifiable expressions in an embodiment of the present application;
FIG. 14 is a second schematic diagram of an improved verifiable credential in an embodiment of the present application;
FIG. 15 is a second schematic diagram of a verifiable expression in an embodiment of the present application;
fig. 16 is a schematic structural diagram of an electronic device in an embodiment of the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
The data acquisition, storage, use, processing and the like in the technical scheme meet the relevant regulations of national laws and regulations.
In view of the problems existing in the prior art, the application provides a blockchain digital identity processing method, device and system, which are used for receiving and storing verifiable certificates sent by a certificate issuer in a blockchain network, wherein the verifiable certificates are generated by the certificate issuer after signing and endorsing digital identity attribute data of a user through a merkel tree; sending a service request to a service provider in a blockchain network, and receiving a verification condition returned by the service provider; and determining corresponding disclaimer digital identity attribute data in the verifiable certificate according to the verification condition, and sending the disclaimer digital identity attribute data to the service provider to finish verification operation, so that accuracy of disclosure of the blockchain digital identity attribute information can be effectively improved.
In order to effectively improve accuracy of disclosure of blockchain digital identity attribute information, the present application provides an embodiment of a blockchain digital identity processing method, an execution subject is a user side in a blockchain network, and referring to fig. 1, the blockchain digital identity processing method specifically includes the following contents:
step S101: and receiving and storing a verifiable certificate sent by a certificate issuer in a blockchain network, wherein the verifiable certificate is generated after the certificate issuer signs and endorses digital identity attribute data of the user through a Merkel tree.
Optionally, one verifiable credential VC generally contains multiple attributes, such as Data1 and Data2 in fig. 11, and using a merkel tree, plaintext of all the attributes can be converted into a digital fingerprint hash, and then collected into a root hashtoot, and according to the characteristics of the hash algorithm, any one leaf node in the tree changes in content, which can result in a change in the root, so that as long as the root is unchanged, all the leaf nodes of the tree can be considered unchanged. On the other hand, since the hash algorithm is irreversible, an attacker cannot construct another merkel tree through the current tree root, so when one merkel tree capable of calculating the current tree root exists, the merkel tree can be considered as the only merkel tree capable of constructing the current tree root and cannot be forged.
Therefore, the credential issuer only needs to sign the root hashtoo, and the credential verifier can consider the root hashtoo to be trusted after signing the signature, so that the information on the whole Meeker leaf child node represented by the root hashtoo is also trusted.
Step S102: and sending a service request to a service provider in the blockchain network, and receiving a verification condition returned by the service provider.
Step S103: and determining corresponding disclaimer digital identity attribute data in the verifiable certificate according to the verification condition, and sending the disclaimer digital identity attribute data to the service provider to finish verification operation.
Alternatively, when calculating the merkel tree root, not all leaf node information is needed, for example, in fig. 11, the root hashtoot can be calculated through Hash12 and Hash34, and similarly, hash12 can be calculated through Hash1 and Hash2, and Hash2 can be calculated through Salt2 and Data 2. Therefore, salt2, data2, hash1, hash34 are one calculation path for calculating hashtoot. Thus, when the proving party wishes to provide only Data2 without revealing other attribute (leaf node) information, by providing only hash values in the computation path in this way, the proving party can also compute the root, revealing only Data2 and proving Data2 to be authentic.
In order to avoid that the value field is a finite set attribute, such as gender is only male and female, an attacker can calculate Hash in an exhaustive manner to reversely derive the corresponding attribute value, so that leaf nodes need to be processed in a Salt manner, for example, the Hash1 is calculated by Salt1 and attribute value Data1, so long as Salt1 is a random and unfixed value, the value field of the calculated Hash1 is not a finite set, and the attacker cannot calculate Hash in an exhaustive manner to reversely derive Data1.
By the method, not only can the fact that the attribute of the certificate cannot be forged be guaranteed, the integrity verification can be carried out, but also only part of the attribute in the certificate can be selectively revealed without revealing other attributes, the participation of a certificate issuer in the verification process is not needed, and the verification condition is not needed to be acquired in advance.
Optionally, the digital identity attribute set and single attribute data of the user can be converted into limited set data, digital fingerprint hash conversion and collection are carried out on the set data by utilizing a merkel tree, then digital signature is carried out on the tree root to realize non-falsification of the attribute set data, selective disclosure of the data is realized by utilizing a merkel tree calculation path, a credential issuer is not required to participate in the disclosure process of different verification conditions of different scenes, and the disclosure process can be obtained by real-time calculation of a system, so that the problem that unnecessary information is excessively exposed can be solved, meanwhile, the disclosed information can be effectively verified, and falsification are avoided.
As can be seen from the above description, the blockchain digital identity processing method provided by the embodiments of the present application can receive and store a verifiable credential sent by a credential issuer in a blockchain network, where the verifiable credential is generated by the credential issuer signing and endorsing digital identity attribute data of the user through a merkel tree; sending a service request to a service provider in a blockchain network, and receiving a verification condition returned by the service provider; and determining corresponding disclaimer digital identity attribute data in the verifiable certificate according to the verification condition, and sending the disclaimer digital identity attribute data to the service provider to finish verification operation, so that accuracy of disclosure of the blockchain digital identity attribute information can be effectively improved.
In an embodiment of the blockchain digital identity processing method of the present application, referring to fig. 2, the step S103 may further specifically include the following:
step S201: and determining a corresponding Meacker tree calculation path in the verifiable certificate according to the attribute data to be disclosed in the verification condition.
Step S202: and determining corresponding publicly available digital identity attribute data according to the Merkel tree calculation path.
Alternatively, when calculating the merkel tree root, not all leaf node information is needed, for example, in fig. 11, the root hashtoot can be calculated through Hash12 and Hash34, and similarly, hash12 can be calculated through Hash1 and Hash2, and Hash2 can be calculated through Salt2 and Data 2. Therefore, salt2, data2, hash1, hash34 are one calculation path for calculating hashtoot. Thus, when the proving party wishes to provide only Data2 without revealing other attribute (leaf node) information, by providing only hash values in the computation path in this way, the proving party can also compute the root, revealing only Data2 and proving Data2 to be authentic.
In order to avoid that the value field is a finite set attribute, such as gender is only male and female, an attacker can calculate Hash in an exhaustive manner to reversely derive the corresponding attribute value, so that leaf nodes need to be processed in a Salt manner, for example, the Hash1 is calculated by Salt1 and attribute value Data1, so long as Salt1 is a random and unfixed value, the value field of the calculated Hash1 is not a finite set, and the attacker cannot calculate Hash in an exhaustive manner to reversely derive Data1.
By the method, not only can the fact that the attribute of the certificate cannot be forged be guaranteed, the integrity verification can be carried out, but also only part of the attribute in the certificate can be selectively revealed without revealing other attributes, the participation of a certificate issuer in the verification process is not needed, and the verification condition is not needed to be acquired in advance.
The form of the transformed verifiable credential VC is shown in fig. 12, and the verifiable expression VP presented by the user may only contain part of the information of VC, and the form is shown in fig. 13.
In order to effectively improve accuracy of disclosure of blockchain digital identity attribute information, the present application provides an embodiment of a blockchain digital identity processing method, where an executing entity is a credential issuer in a blockchain network, referring to fig. 3, the blockchain digital identity processing method specifically includes the following contents:
step S301: and signing and endorsing the digital identity attribute data of the user through the Meacker tree to generate a verifiable certificate.
Step S302: and sending the verifiable credentials to a user terminal for storage, so that the user terminal sends a service request to a service provider in a blockchain network, receives verification conditions returned by the service provider, determines corresponding disclaimer digital identity attribute data in the verifiable credentials according to the verification conditions, and sends the disclaimer digital identity attribute data to the service provider to finish verification operation.
As can be seen from the above description, the blockchain digital identity processing method provided by the embodiments of the present application can receive and store a verifiable credential sent by a credential issuer in a blockchain network, where the verifiable credential is generated by the credential issuer signing and endorsing digital identity attribute data of the user through a merkel tree; sending a service request to a service provider in a blockchain network, and receiving a verification condition returned by the service provider; and determining corresponding disclaimer digital identity attribute data in the verifiable certificate according to the verification condition, and sending the disclaimer digital identity attribute data to the service provider to finish verification operation, so that accuracy of disclosure of the blockchain digital identity attribute information can be effectively improved.
In an embodiment of the blockchain digital identity processing method of the present application, referring to fig. 4, the step S301 may further specifically include the following:
step S401: and performing digital fingerprint hash conversion on the digital identity attribute data of the user through the Meckel tree.
Step S402: and collecting the digital identity attribute data subjected to digital fingerprint hash conversion to a single tree root, and signing and endorsing the tree root to generate the verifiable certificate.
Optionally, one verifiable credential VC generally contains multiple attributes, such as Data1 and Data2 in fig. 11, and using a merkel tree, plaintext of all the attributes can be converted into a digital fingerprint hash, and then collected into a root hashtoot, and according to the characteristics of the hash algorithm, any one leaf node in the tree changes in content, which can result in a change in the root, so that as long as the root is unchanged, all the leaf nodes of the tree can be considered unchanged. On the other hand, since the hash algorithm is irreversible, an attacker cannot construct another merkel tree through the current tree root, so when one merkel tree capable of calculating the current tree root exists, the merkel tree can be considered as the only merkel tree capable of constructing the current tree root and cannot be forged.
Therefore, the credential issuer only needs to sign the root hashtoo, and the credential verifier can consider the root hashtoo to be trusted after signing the signature, so that the information on the whole Meeker leaf child node represented by the root hashtoo is also trusted.
In order to effectively improve accuracy of disclosure of blockchain digital identity attribute information, the present application provides an embodiment of a blockchain digital identity processing device for implementing all or part of contents of the blockchain digital identity processing method, referring to fig. 5, the blockchain digital identity processing device specifically includes:
The credential receiving module 10 is configured to receive and store a verifiable credential sent by a credential issuer in a blockchain network, where the verifiable credential is generated after the credential issuer signs and endorses digital identity attribute data of the user through a merkel tree.
And the request sending module 20 is used for sending a service request to a service provider in the blockchain network and receiving a verification condition returned by the service provider.
An information disclosure module 30, configured to determine corresponding public digital identity attribute data in the verifiable credential according to the verification condition, and send the public digital identity attribute data to the service provider to complete the verification operation.
As can be seen from the above description, the blockchain digital identity processing device provided in the embodiments of the present application is capable of receiving and storing a verifiable credential sent by a credential issuer in a blockchain network, where the verifiable credential is generated by the credential issuer signing and endorsing digital identity attribute data of the user through a merkel tree; sending a service request to a service provider in a blockchain network, and receiving a verification condition returned by the service provider; and determining corresponding disclaimer digital identity attribute data in the verifiable certificate according to the verification condition, and sending the disclaimer digital identity attribute data to the service provider to finish verification operation, so that accuracy of disclosure of the blockchain digital identity attribute information can be effectively improved.
In one embodiment of the blockchain digital identity processing device of the present application, referring to fig. 6, the information disclosure module 30 includes:
and a calculation path determining unit 31, configured to determine a corresponding merkel tree calculation path in the verifiable certificate according to the attribute data to be disclosed in the verification condition.
And a corresponding disclosure unit 32, configured to determine corresponding disclosure digital identity attribute data according to the merkel tree calculation path.
In order to effectively improve accuracy of disclosure of blockchain digital identity attribute information, the present application provides an embodiment of a blockchain digital identity processing device for implementing all or part of contents of the blockchain digital identity processing method, referring to fig. 7, the blockchain digital identity processing device specifically includes:
the credential generation module 40 is configured to sign and endorse the digital identity attribute data of the user through a merkel tree to generate a verifiable credential.
The credential sending module 50 is configured to send the verifiable credential to a client for storage, so that the client sends a service request to a service provider in a blockchain network, receives a verification condition returned by the service provider, determines corresponding public digital identity attribute data in the verifiable credential according to the verification condition, and sends the public digital identity attribute data to the service provider to complete a verification operation.
As can be seen from the above description, the blockchain digital identity processing device provided in the embodiments of the present application is capable of receiving and storing a verifiable credential sent by a credential issuer in a blockchain network, where the verifiable credential is generated by the credential issuer signing and endorsing digital identity attribute data of the user through a merkel tree; sending a service request to a service provider in a blockchain network, and receiving a verification condition returned by the service provider; and determining corresponding disclaimer digital identity attribute data in the verifiable certificate according to the verification condition, and sending the disclaimer digital identity attribute data to the service provider to finish verification operation, so that accuracy of disclosure of the blockchain digital identity attribute information can be effectively improved.
In one embodiment of the blockchain digital identity processing device of the present application, referring to fig. 8, the credential generation module 40 includes:
a hash conversion unit 41 for performing digital fingerprint hash conversion on the digital identity attribute data of the user through a merkel tree.
The tree root gathering unit 42 is configured to gather the digital identity attribute data after the digital fingerprint hash conversion to a single tree root and sign and endorse the tree root to generate a verifiable credential.
To further explain the scheme, the present application further provides a system specific application example for implementing the blockchain digital identity processing method by applying the blockchain digital identity processing device, referring to fig. 9, specifically including a credential issuer, a user side and a service provider in a blockchain network.
The credential issuer includes:
the credential generation module 40 is configured to sign and endorse the digital identity attribute data of the user through a merkel tree to generate a verifiable credential.
The credential sending module 50 is configured to send the verifiable credential to the client for storage.
The user terminal comprises:
the credential receiving module 10 is configured to receive and store verifiable credentials sent by a credential issuer in a blockchain network.
And the request sending module 20 is used for sending a service request to a service provider in the blockchain network and receiving a verification condition returned by the service provider.
An information disclosure module 30, configured to determine corresponding public digital identity attribute data in the verifiable credential according to the verification condition, and send the public digital identity attribute data to the service provider to complete the verification operation.
In one embodiment of the present application, referring to fig. 10, entity 1 identity management authority and entity 2 generation issuing payroll, i.e., issuer of the credential, entity 3 user, i.e., holder of the credential, where credential VC, i.e., identification and revenue certification, can be verified, entity 4 loan bank can verify the verifier of the credential, i.e., the provider of the loan service.
The processing flow of the step (1) is the same as that of the step (2), and the credential issuer firstly forms the original data information of the user into a Meeker tree, and signs and endorses the tree root to generate the verifiable credential VC.
And (3) converting the verifiable credential VC into a verifiable expression VP according to service conditions, thereby shielding unnecessary service information in the original VC.
In other embodiments of the present application, it can be seen from the above-described manner of implementing the selective minimum disclosure of attribute sets through a merkel tree that this manner can be used for virtually all limited data sets. Thus, for a single digital attribute, such as year, month, day of birth, annual income amount, etc., only partial information disclosure of a single attribute can be made on the request of the verifier in the same manner as long as a new method of converting into a limited set is devised.
For all values, a two-dimensional array can be constructed, the column is 0-9 total 10 numbers, the row is the possible bit number of the data, each element in the table, 1 represents greater than or equal to the corresponding column coefficient, and 0 represents less than the corresponding column coefficient.
Annual income table, for simple expression, assuming that the income is as accurate as thousands, it is possible to represent not more than millions by setting millions of all digits as the number of this, 1 under one hundred thousand digits 3, 1 under one thousand digits 8, and so on. The form may be present in some form in the verifiable credential, fixed at the time of issuance of the credential, for use in different conditions of verification in different subsequent scenarios.
For example, for the requirement that annual income is greater than 20 ten thousand and less than 100 ten thousand, when knowing the verification condition, only one of millions of bits is shown as "1" and one of hundreds of thousands of bits is shown as "1", it can be proved that annual income is greater than 20 ten thousand and less than 100 ten thousand, and the complete annual income amount is 38.5 ten thousand without revealing the possible scope of guessing cannot be further narrowed by the verifier. The specific algorithm logic is as follows:
(1) For the judgment that the condition is satisfied, firstly, 20 ten thousand of input data are converted into digital 200000, the number is 6, then the 6 th hundred thousand of bits are judged, and if the hundred thousand of bits 3 (20 ten thousand of 2+1) are 1, the condition is satisfied, if the number is greater than or equal to 30 ten thousand.
(2) It follows that disclosing a hundred thousand digits 3 of 1 may prove that annual revenue is greater than 20 ten thousand.
(3) Further optimizing the algorithm, it can continue to judge the 4 to 9 of the hundred thousand bits, and judge whether the 0 element of the millions of bits and above is the right, represent greater than 6 digits, namely greater than 100 ten thousand, come to enrich the data scope that can be revealed, make the verifier unable to guess the possible scope of the actual income annual sum of the user.
(4) For the judgment that the condition is satisfied, firstly 100 ten thousand of input data are converted into digital 1000000, and the total number of the digital 1000000 is 7, and then the symbol in the judgment table appears at the 7 th bit, which represents the number of the digital less than 7 bits, namely the digital less than 100 ten thousand.
(5) It follows that millions of disclosures are this, and that annual revenue can be demonstrated to be less than 100 tens of thousands.
(6) In addition, for the logic equal to that, for example, 30 ten thousand of input data are converted into 300000 data, 6 digits are added, then it is judged whether 7 th digit is 1 or not, whether 4 th digit is 0 or not, and then whether 5 th digit is 0 or not, and it is concluded that 38.5 ten thousand is not equal to 30 ten thousand.
The birth year, month and day table, year is represented by 4 digits, month is represented by 2 digits, and day is represented by 2 digits. Assuming that the birth date is 26 days 7 in 1987, after conversion to 8 digits, the first digit in the year is 1 or less, the second digit in the year is 1 or less, and so on. The form may be present in some form in the verifiable credential, fixed at the time of issuance of the credential, for use in different conditions of verification in different subsequent scenarios.
Assuming that the age is greater than 18 years and less than 40 years, the current date is 2022, 9, i.e. the problem can be converted into birth between 9, 1982 and 9, 2004. For 26, 7 in 1987, after conversion to 19870726, 19870726 was found to be 19820909 or more and 20040909 or less. The calculation logic is similar to the above-mentioned money amount process, and the proving party only needs to show 1 for years 1-1, 0 for years 1-2, 1 for years 2-9, 1 for years 3-8, and 1 for any one of 3 to 7 of year 4. From the above information, the verifier can infer that it was born from 1983 to 1989 or 199X, and falls within the interval. In this way, it is achieved that the date of birth is proven to meet the requirements of being older than 18 years and younger than 40 years without disclosing the complete date of birth.
The VC format with the smallest disclosure of the date field added is shown in fig. 14, and when the date field added is needed to prove age, the verifiable expression VP presented by the user is shown in fig. 15.
With the above matters, the present application can at least achieve the following technical effects:
(1) The realization is simple and easy to understand. The method is friendly to common users and service providers using blockchain digital identities, and reduces the threshold of using blockchains for users.
(2) Safe and efficient. The attribute and the user belonging to the attribute cannot be counterfeited, can perform integrity verification, and can prove that the system has enough security through a Merkel tree and a hash algorithm.
(3) Flexible and universal. The method is applicable to diversified verification conditions under different business scenes, the verification process is disclosed without participation of a credential issuer, the verification conditions are not required to be known in advance, and the method has popularization practicability.
(4) Protecting privacy. The blockchain digital identity attribute, particularly the digital attribute, can realize selective minimum disclosure, and a user can independently select to combine and disclose part of the attribute and part of the information of the single attribute in a plurality of verifiable certificates, so that unnecessary data information is not revealed.
In order to effectively improve accuracy of disclosure of blockchain digital identity attribute information from a hardware level, the application provides an embodiment of an electronic device for implementing all or part of content in the blockchain digital identity processing method, where the electronic device specifically includes:
A processor (processor), a memory (memory), a communication interface (Communications Interface), and a bus; the processor, the memory and the communication interface complete communication with each other through the bus; the communication interface is used for realizing information transmission between the blockchain digital identity processing device and related equipment such as a core service system, a user terminal, a related database and the like; the logic controller may be a desktop computer, a tablet computer, a mobile terminal, etc., and the embodiment is not limited thereto. In this embodiment, the logic controller may refer to an embodiment of the blockchain digital identity processing method and an embodiment of the blockchain digital identity processing device in the embodiments, and the contents thereof are incorporated herein and are not repeated here.
It is understood that the user terminal may include a smart phone, a tablet electronic device, a network set top box, a portable computer, a desktop computer, a Personal Digital Assistant (PDA), a vehicle-mounted device, a smart wearable device, etc. Wherein, intelligent wearing equipment can include intelligent glasses, intelligent wrist-watch, intelligent bracelet etc..
In practical applications, part of the blockchain digital identity processing method may be performed on the electronic device side as described above, or all operations may be performed in the client device. Specifically, the selection may be made according to the processing capability of the client device, and restrictions of the use scenario of the user. The present application is not limited in this regard. If all operations are performed in the client device, the client device may further include a processor.
The client device may have a communication module (i.e. a communication unit) and may be connected to a remote server in a communication manner, so as to implement data transmission with the server. The server may include a server on the side of the task scheduling center, and in other implementations may include a server of an intermediate platform, such as a server of a third party server platform having a communication link with the task scheduling center server. The server may include a single computer device, a server cluster formed by a plurality of servers, or a server structure of a distributed device.
Fig. 16 is a schematic block diagram of a system configuration of an electronic device 9600 of an embodiment of the present application. As shown in fig. 16, the electronic device 9600 may include a central processor 9100 and a memory 9140; the memory 9140 is coupled to the central processor 9100. Notably, this fig. 16 is exemplary; other types of structures may also be used in addition to or in place of the structures to implement telecommunications functions or other functions.
In one embodiment, the blockchain digital identity processing method functions may be integrated into the central processor 9100. The central processor 9100 may be configured to perform the following control:
Step S101: and receiving and storing a verifiable certificate sent by a certificate issuer in a blockchain network, wherein the verifiable certificate is generated after the certificate issuer signs and endorses digital identity attribute data of the user through a Merkel tree.
Step S102: and sending a service request to a service provider in the blockchain network, and receiving a verification condition returned by the service provider.
Step S103: and determining corresponding disclaimer digital identity attribute data in the verifiable certificate according to the verification condition, and sending the disclaimer digital identity attribute data to the service provider to finish verification operation.
As can be seen from the above description, the electronic device provided in the embodiment of the present application receives and stores a verifiable credential sent by a credential issuer in a blockchain network, where the verifiable credential is generated after the credential issuer signs and endorses digital identity attribute data of the user through a merkel tree; sending a service request to a service provider in a blockchain network, and receiving a verification condition returned by the service provider; and determining corresponding disclaimer digital identity attribute data in the verifiable certificate according to the verification condition, and sending the disclaimer digital identity attribute data to the service provider to finish verification operation, so that accuracy of disclosure of the blockchain digital identity attribute information can be effectively improved.
In another embodiment, the blockchain digital identity processing device may be configured separately from the central processor 9100, for example, the blockchain digital identity processing device may be configured as a chip connected to the central processor 9100, and the blockchain digital identity processing method functions are implemented by the control of the central processor.
As shown in fig. 16, the electronic device 9600 may further include: a communication module 9110, an input unit 9120, an audio processor 9130, a display 9160, and a power supply 9170. It is noted that the electronic device 9600 need not include all of the components shown in fig. 16; in addition, the electronic device 9600 may further include components not shown in fig. 16, and reference may be made to the related art.
As shown in fig. 16, the central processor 9100, sometimes also referred to as a controller or operational control, may include a microprocessor or other processor device and/or logic device, which central processor 9100 receives inputs and controls the operation of the various components of the electronic device 9600.
The memory 9140 may be, for example, one or more of a buffer, a flash memory, a hard drive, a removable media, a volatile memory, a non-volatile memory, or other suitable device. The information about failure may be stored, and a program for executing the information may be stored. And the central processor 9100 can execute the program stored in the memory 9140 to realize information storage or processing, and the like.
The input unit 9120 provides input to the central processor 9100. The input unit 9120 is, for example, a key or a touch input device. The power supply 9170 is used to provide power to the electronic device 9600. The display 9160 is used for displaying display objects such as images and characters. The display may be, for example, but not limited to, an LCD display.
The memory 9140 may be a solid state memory such as Read Only Memory (ROM), random Access Memory (RAM), SIM card, etc. But also a memory which holds information even when powered down, can be selectively erased and provided with further data, an example of which is sometimes referred to as EPROM or the like. The memory 9140 may also be some other type of device. The memory 9140 includes a buffer memory 9141 (sometimes referred to as a buffer). The memory 9140 may include an application/function storage portion 9142, the application/function storage portion 9142 storing application programs and function programs or a flow for executing operations of the electronic device 9600 by the central processor 9100.
The memory 9140 may also include a data store 9143, the data store 9143 for storing data, such as contacts, digital data, pictures, sounds, and/or any other data used by an electronic device. The driver storage portion 9144 of the memory 9140 may include various drivers of the electronic device for communication functions and/or for performing other functions of the electronic device (e.g., messaging applications, address book applications, etc.).
The communication module 9110 is a transmitter/receiver 9110 that transmits and receives signals via an antenna 9111. A communication module (transmitter/receiver) 9110 is coupled to the central processor 9100 to provide input signals and receive output signals, as in the case of conventional mobile communication terminals.
Based on different communication technologies, a plurality of communication modules 9110, such as a cellular network module, a bluetooth module, and/or a wireless local area network module, etc., may be provided in the same electronic device. The communication module (transmitter/receiver) 9110 is also coupled to a speaker 9131 and a microphone 9132 via an audio processor 9130 to provide audio output via the speaker 9131 and to receive audio input from the microphone 9132 to implement usual telecommunications functions. The audio processor 9130 can include any suitable buffers, decoders, amplifiers and so forth. In addition, the audio processor 9130 is also coupled to the central processor 9100 so that sound can be recorded locally through the microphone 9132 and sound stored locally can be played through the speaker 9131.
The embodiments of the present application further provide a computer readable storage medium capable of implementing all the steps in the blockchain digital identity processing method in which the execution subject in the above embodiments is a server or a client, where the computer readable storage medium stores a computer program, and when the computer program is executed by a processor, the computer program implements all the steps in the blockchain digital identity processing method in which the execution subject in the above embodiments is a server or a client, for example, the processor implements the following steps when executing the computer program:
Step S101: and receiving and storing a verifiable certificate sent by a certificate issuer in a blockchain network, wherein the verifiable certificate is generated after the certificate issuer signs and endorses digital identity attribute data of the user through a Merkel tree.
Step S102: and sending a service request to a service provider in the blockchain network, and receiving a verification condition returned by the service provider.
Step S103: and determining corresponding disclaimer digital identity attribute data in the verifiable certificate according to the verification condition, and sending the disclaimer digital identity attribute data to the service provider to finish verification operation.
As can be seen from the above description, the computer readable storage medium provided in the embodiments of the present application receives and stores a verifiable credential sent by a credential issuer in a blockchain network, where the verifiable credential is generated by the credential issuer signing and endorsing digital identity attribute data of the user through a merkel tree; sending a service request to a service provider in a blockchain network, and receiving a verification condition returned by the service provider; and determining corresponding disclaimer digital identity attribute data in the verifiable certificate according to the verification condition, and sending the disclaimer digital identity attribute data to the service provider to finish verification operation, so that accuracy of disclosure of the blockchain digital identity attribute information can be effectively improved.
Embodiments of the present application further provide a computer program product capable of implementing all the steps in the blockchain digital identity processing method in which the execution subject in the above embodiments is a server or a client, where the computer program/instructions implement the steps of the blockchain digital identity processing method when executed by a processor, for example, the computer program/instructions implement the steps of:
step S101: and receiving and storing a verifiable certificate sent by a certificate issuer in a blockchain network, wherein the verifiable certificate is generated after the certificate issuer signs and endorses digital identity attribute data of the user through a Merkel tree.
Step S102: and sending a service request to a service provider in the blockchain network, and receiving a verification condition returned by the service provider.
Step S103: and determining corresponding disclaimer digital identity attribute data in the verifiable certificate according to the verification condition, and sending the disclaimer digital identity attribute data to the service provider to finish verification operation.
As can be seen from the above description, the computer program product provided in the embodiments of the present application receives and stores a verifiable credential sent by a credential issuer in a blockchain network, where the verifiable credential is generated by the credential issuer signing and endorsing digital identity attribute data of the user through a merkel tree; sending a service request to a service provider in a blockchain network, and receiving a verification condition returned by the service provider; and determining corresponding disclaimer digital identity attribute data in the verifiable certificate according to the verification condition, and sending the disclaimer digital identity attribute data to the service provider to finish verification operation, so that accuracy of disclosure of the blockchain digital identity attribute information can be effectively improved.
It will be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The principles and embodiments of the present invention have been described in detail with reference to specific examples, which are provided to facilitate understanding of the method and core ideas of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.

Claims (10)

1. A blockchain digital identity processing method, applied to a client in a blockchain network, the method comprising:
receiving and storing a verifiable certificate sent by a certificate issuer in a blockchain network, wherein the verifiable certificate is generated after the certificate issuer signs and endorses digital identity attribute data of the user through a merkel tree;
sending a service request to a service provider in a blockchain network, and receiving a verification condition returned by the service provider;
and determining corresponding disclaimer digital identity attribute data in the verifiable certificate according to the verification condition, and sending the disclaimer digital identity attribute data to the service provider to finish verification operation.
2. The blockchain digital identity processing method of claim 1, wherein the determining the corresponding exposable digital identity attribute data in the verifiable credential according to the verification condition comprises:
determining a corresponding Meeker tree calculation path in the verifiable certificate according to the attribute data to be disclosed in the verification condition;
and determining corresponding publicly available digital identity attribute data according to the Merkel tree calculation path.
3. A blockchain digital identity processing method, applied to a credential issuer in a blockchain network, the method comprising:
signing and endorsing the digital identity attribute data of the user through a Merkel tree to generate a verifiable certificate;
and sending the verifiable credentials to a user terminal for storage, so that the user terminal sends a service request to a service provider in a blockchain network, receives verification conditions returned by the service provider, determines corresponding disclaimer digital identity attribute data in the verifiable credentials according to the verification conditions, and sends the disclaimer digital identity attribute data to the service provider to finish verification operation.
4. A blockchain digital identity processing method as in claim 3 wherein signing the digital identity attribute data of the user through a merkel tree generates verifiable credentials comprising:
performing digital fingerprint hash conversion on the digital identity attribute data of the user through a Merkel tree;
and collecting the digital identity attribute data subjected to digital fingerprint hash conversion to a single tree root, and signing and endorsing the tree root to generate the verifiable certificate.
5. A blockchain digital identity processing device, comprising:
the system comprises a credential receiving module, a verification module and a verification module, wherein the credential receiving module is used for receiving and storing a verifiable credential sent by a credential issuer in a blockchain network, wherein the verifiable credential is generated after the credential issuer signs and endorses digital identity attribute data of a user through a merkel tree;
the request sending module is used for sending a service request to a service provider in the blockchain network and receiving a verification condition returned by the service provider;
and the information disclosure module is used for determining corresponding disclaimer digital identity attribute data in the verifiable certificate according to the verification condition and sending the disclaimer digital identity attribute data to the service provider to finish verification operation.
6. A blockchain digital identity processing device, comprising:
the certificate generation module is used for signing and endorsing the digital identity attribute data of the user through the Meeker tree to generate a verifiable certificate;
and the credential sending module is used for sending the verifiable credential to a user side for storage, so that the user side sends a service request to a service provider in a blockchain network, receives verification conditions returned by the service provider, determines corresponding disclaimer digital identity attribute data in the verifiable credential according to the verification conditions, and sends the disclaimer digital identity attribute data to the service provider to finish verification operation.
7. A block chain digital identity processing system is characterized by comprising a credential issuer, a user side and a service provider in a block chain network;
the credential issuer includes:
the certificate generation module is used for signing and endorsing the digital identity attribute data of the user through the Meeker tree to generate a verifiable certificate;
the certificate sending module is used for sending the verifiable certificate to a user side for storage;
the user terminal comprises:
the certificate receiving module is used for receiving and storing verifiable certificates sent by a certificate issuer in the blockchain network;
the request sending module is used for sending a service request to a service provider in the blockchain network and receiving a verification condition returned by the service provider;
and the information disclosure module is used for determining corresponding disclaimer digital identity attribute data in the verifiable certificate according to the verification condition and sending the disclaimer digital identity attribute data to the service provider to finish verification operation.
8. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor performs the steps of the blockchain digital identity processing method of any of claims 1 to 4 when the program is executed.
9. A computer readable storage medium having stored thereon a computer program, which when executed by a processor, implements the steps of the blockchain digital identity processing method of any of claims 1 to 4.
10. A computer program product comprising computer programs/instructions which when executed by a processor implement the steps of the blockchain digital identity processing method of any of claims 1 to 4.
CN202310287205.1A 2023-03-22 2023-03-22 Block chain digital identity processing method, device and system Pending CN116346355A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310287205.1A CN116346355A (en) 2023-03-22 2023-03-22 Block chain digital identity processing method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310287205.1A CN116346355A (en) 2023-03-22 2023-03-22 Block chain digital identity processing method, device and system

Publications (1)

Publication Number Publication Date
CN116346355A true CN116346355A (en) 2023-06-27

Family

ID=86894386

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310287205.1A Pending CN116346355A (en) 2023-03-22 2023-03-22 Block chain digital identity processing method, device and system

Country Status (1)

Country Link
CN (1) CN116346355A (en)

Similar Documents

Publication Publication Date Title
US11290441B1 (en) Systems and methods for blockchain validation of user identity and authority
CN110419055B (en) Blockchain data protection based on account ticket model with zero knowledge proof
CN110232764B (en) Anonymous electronic voting method and system based on block chain
Çabuk et al. A survey on feasibility and suitability of blockchain techniques for the e-voting systems
Ruffing et al. Liar, liar, coins on fire! Penalizing equivocation by loss of bitcoins
CN106650495B (en) File verification method and device
US11917050B1 (en) Systems and methods for generating a blockchain-based user profile
US20190019366A1 (en) System and method of determining ballots of voters collected with the aid of electronic balloting
CN111133463A (en) Intelligent contract execution using distributed coordination
CN109564663A (en) Dynamic password currency alias uses
CN111476572B (en) Block chain-based data processing method, device, storage medium and equipment
GB2539430A (en) Digital token exchange system
CN111768296A (en) Block chain-based small and micro enterprise loan approval method and device
CN109583893A (en) The traceable digital cash transaction system based on block chain
CN112529101B (en) Classification model training method and device, electronic equipment and storage medium
US20200220723A1 (en) Validation of Blockchain Activities Based on Proof of Hardware
CN112801778A (en) Federated bad asset blockchain
TWI625703B (en) Online voting and ballot counting system based on blockchain and method thereof
US20140337239A1 (en) Method and system for obtaining offers from sellers using privacy-preserving verifiable statements
US11831749B1 (en) Method and system for utilizing the infrastructure of a blockchain to enhance the degree of reliability of another blockchain
CN111222885B (en) Data processing request endorsement method and device, computer equipment and storage medium
CN116346355A (en) Block chain digital identity processing method, device and system
Borkowski et al. Deterministic witnesses for claim-first transactions
CN101101675A (en) Electronic ticket identification method and system
KR102465466B1 (en) The DID-based user authentication system that complements the blockchain's oracle problem

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination