CN116842587B - Block chain-based credential transfer method and apparatus, electronic device and storage medium - Google Patents
Block chain-based credential transfer method and apparatus, electronic device and storage medium Download PDFInfo
- Publication number
- CN116842587B CN116842587B CN202311125168.0A CN202311125168A CN116842587B CN 116842587 B CN116842587 B CN 116842587B CN 202311125168 A CN202311125168 A CN 202311125168A CN 116842587 B CN116842587 B CN 116842587B
- Authority
- CN
- China
- Prior art keywords
- credential
- holder
- carrier
- certificate
- verifiable
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012546 transfer Methods 0.000 title claims abstract description 52
- 238000000034 method Methods 0.000 title claims abstract description 45
- 230000004044 response Effects 0.000 claims abstract description 18
- 238000012795 verification Methods 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 17
- 238000004891 communication Methods 0.000 claims description 11
- 238000001514 detection method Methods 0.000 claims description 3
- 238000000605 extraction Methods 0.000 claims description 3
- 238000010200 validation analysis Methods 0.000 claims 1
- 230000009286 beneficial effect Effects 0.000 abstract description 3
- 230000005611 electricity Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000008901 benefit Effects 0.000 description 4
- 239000000284 extract Substances 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000014509 gene expression Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 239000000969 carrier Substances 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000005215 recombination Methods 0.000 description 1
- 230000006798 recombination Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
Abstract
The embodiment of the disclosure discloses a block chain-based credential transfer method and device, an electronic device and a storage medium, wherein the method comprises the following steps: in response to receiving a credential transfer request sent by a credential holder, extracting identity information of the credential holder and identity information of a credential carrier; judging whether the certificate holder and the certificate carrier belong to the same entity object; generating verifiable credentials and binding relationship credentials in response to determining that the verifiable credentials and binding relationship credentials do not belong to the same entity object, and storing the verifiable credentials and binding relationship credentials in a blockchain distributed ledger; the verifiable credential and the binding relationship credential are sent to the credential holder so that the credential holder sends the verifiable credential to the credential carrier. The embodiment of the disclosure can transfer the verifiable certificate when the certificate holder and the certificate carrier do not belong to the same entity object, and can enable the certificate holder to obtain the binding relation with the certificate carrier, thereby being beneficial to verifying the holder of the verifiable certificate.
Description
Technical Field
The disclosure relates to the technical field of blockchains, in particular to a blockchain-based credential transfer method and device, electronic equipment and a storage medium.
Background
Digital identity is a central element of the digital economy industry. Currently, digital identity is developed into self-management identity, which is an identity management mechanism by which a user can control identity information.
The self-management identity mainly comprises a distributed digital identifier (Decentralized identifier, DID) and a verifiable credential (Verifiable Credential), and an identity owner can display own identity information to an authorized verifier through a mechanism, so that the identity information is controlled.
Each DID uniquely corresponds to an entity. The DID itself is a string that does not carry information, and a document is attached to record the technical attributes associated with the identifier, including the public key of the DID, the authentication method, and the like. The DID and documents are stored on the blockchain. As long as the user is authorized by himself, anyone or an organization can verify the identity of the user through the DID on the chain and the document thereof, thereby breaking the barriers among the organizations and realizing the free control of the entity on the identity.
The verifiable credentials are digital credentials that can carry data, providing evidence for the user's identity information, characteristic attributes, etc., thereby ensuring that the user can use certain social services normally. The verifiable credential records the holder's DID, with the issuer's digital signature encrypted with the private key, and the issuer's DID.
For the case where the holder of the verifiable credential and the credential carrier belong to the same physical object, verification may be performed by the same identity of the certificate body in the verifiable credential as the holder of the signed verifiable expression. When the holder of the verifiable credential and the credential carrier do not belong to the same entity object, how to process the verifiable credential, thereby facilitating verification of the holder of the verifiable credential is a problem to be solved urgently.
Disclosure of Invention
The embodiment of the disclosure provides a block chain-based credential transfer method and device, electronic equipment and storage medium, so as to solve the problems.
In a first aspect of embodiments of the present disclosure, there is provided a blockchain-based credential transfer method, including:
in response to receiving a credential transfer request sent by a credential holder, extracting identity information of the credential holder and identity information of a credential carrier from the credential transfer request;
judging whether the credential holder and the credential carrier belong to the same entity object or not based on the identity information of the credential holder and the identity information of the credential carrier;
generating a verifiable credential and a binding relationship credential based on the identity information of the credential holder and the identity information of the credential carrier in response to determining that the credential holder and the credential carrier do not belong to the same entity object, and storing the verifiable credential and the binding relationship credential in a blockchain distributed ledger, wherein the binding relationship credential is used for identifying a binding relationship between the credential holder and the credential carrier;
and sending the verifiable credential and the binding relationship credential to the credential holder so that the credential holder sends the verifiable credential to the credential carrier.
In some embodiments of the disclosure, before the generating the verifiable credential and the binding relationship credential based on the identity information of the credential holder and the identity information of the credential carrier, the method further comprises:
detecting whether a target entity object with a binding relation with the certificate holder exists or not;
in response to detecting that there is a target entity object having a binding relationship with the credential holder, unbinding the binding relationship between the credential holder and the target entity object.
In some embodiments of the disclosure, the unbinding the binding between the credential holder and the target entity object comprises:
establishing an asymmetrically encrypted session channel between the credential holder and the credential server;
the credential holder sends a binding relation release request to the credential server based on the dialogue channel, wherein the binding relation release request comprises identity information of the credential server and identity information of the target entity object;
the credential service side releases the binding relationship between the credential holder and the target entity object based on the binding relationship release request, and feeds back prompt information of successful binding relationship release to the credential holder based on the dialogue channel.
In some embodiments of the present disclosure, after said sending the verifiable credential and the binding credential to the credential holder such that the credential holder sends the verifiable credential to the credential carrier, further comprising:
verifying the verifiable certificate;
and storing the verification result of the verifiable certificate into the blockchain distributed ledger.
In some embodiments of the present disclosure, the credential holder comprises an electricity meter and the credential carrier comprises an electrical card.
In a second aspect of embodiments of the present disclosure, there is provided a blockchain-based credential transfer device comprising:
the extraction module is used for responding to a received credential transfer request sent by a credential holder and extracting the identity information of the credential holder and the identity information of a credential carrier from the credential transfer request;
the judging module is used for judging whether the certificate holder and the certificate carrier belong to the same entity object or not based on the identity information of the certificate holder and the identity information of the certificate carrier;
the credential generation module is used for generating a verifiable credential and a binding relationship credential based on the identity information of the credential holder and the identity information of the credential carrier in response to determining that the credential holder and the credential carrier do not belong to the same entity object, wherein the binding relationship credential is used for identifying the binding relationship between the credential holder and the credential carrier;
the storage module is used for storing the verifiable credentials and the binding relationship credentials into a blockchain distributed account book;
and the communication module is used for sending the verifiable certificate and the binding relation certificate to the certificate holder so that the certificate holder can send the verifiable certificate to the certificate carrier.
In some embodiments of the present disclosure, the blockchain credential transferring device further includes:
the binding relation detection module is used for detecting whether a target entity object with a binding relation with the certificate holder exists or not;
and the binding relation releasing module is used for releasing the binding relation between the certificate holder and the target entity object in response to detecting that the target entity object with the binding relation with the certificate holder exists.
In some embodiments of the disclosure, the binding relationship releasing module is configured to establish an asymmetrically encrypted session channel between the credential holder and the credential server based on the communication module; the binding relation removing module is further configured to send a binding relation removing request to the credential server by the credential holder based on the session channel, where the binding relation removing request includes identity information of the credential server and identity information of the target entity object; the binding relation releasing module is further used for the credential service side to release the binding relation between the credential holder and the target entity object based on the binding relation releasing request, and feeding back prompt information of successful binding relation release to the credential holder based on the dialogue channel.
In some embodiments of the present disclosure, the blockchain credential transferring device further includes:
the certificate verification module is used for verifying the verifiable certificate;
the storage module is further configured to store a verification result of the verifiable credential into the blockchain distributed ledger.
In some embodiments of the present disclosure, the credential holder comprises an electricity meter and the credential carrier comprises an electrical card.
In a third aspect of the disclosed embodiments, there is provided an electronic device, including:
a memory for storing a computer program product;
a processor for executing the computer program product stored in the memory, and when the computer program product is executed, implementing the method according to the first aspect.
A fourth aspect of an embodiment of the present disclosure provides a computer readable storage medium having stored thereon computer program instructions, wherein the computer program instructions, when executed by a processor, implement the method according to the first aspect.
The embodiment of the disclosure relates to a block chain-based credential transfer method and device, electronic equipment and storage medium, wherein when a credential holder detects that no relation binding is performed between the credential holder and a credential carrier, a credential transfer request is sent to a credential sender. After the issuing party extracts the identity information of the credential holder and the identity information of the credential carrier from the credential transfer request, the issuing party judges whether the credential holder and the credential carrier belong to the same entity object. When the credential holder and the credential carrier are judged not to belong to the same entity object, the transfer of the verifiable credential is performed through the credential holder, and the credential holder obtains the binding relation with the credential carrier, thereby being beneficial to verifying the holder of the verifiable credential.
The technical scheme of the present disclosure is described in further detail below through the accompanying drawings and examples.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The disclosure may be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings in which:
FIG. 1 is a flow chart of a blockchain-based credential transfer method in some embodiments of the present disclosure;
FIG. 2 is a block diagram of a blockchain-based credential transfer device in some embodiments of the present disclosure;
fig. 3 is a block diagram of an electronic device in some embodiments of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless it is specifically stated otherwise.
It will be appreciated by those of skill in the art that the terms "first," "second," etc. in embodiments of the present disclosure are used merely to distinguish between different steps, devices or modules, etc., and do not represent any particular technical meaning nor necessarily logical order between them.
It should also be understood that in embodiments of the present disclosure, "plurality" may refer to two or more, and "at least one" may refer to one, two or more.
It should also be appreciated that any component, data, or structure referred to in the presently disclosed embodiments may be generally understood as one or more without explicit limitation or the contrary in the context.
In addition, the term "and/or" in this disclosure is merely an association relationship describing an association object, and indicates that three relationships may exist, for example, a and/or B may indicate: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" in the present disclosure generally indicates that the front and rear association objects are an or relationship.
It should also be understood that the description of the various embodiments of the present disclosure emphasizes the differences between the various embodiments, and that the same or similar features may be referred to each other, and for brevity, will not be described in detail.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but are intended to be part of the specification where appropriate.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further discussion thereof is necessary in subsequent figures.
Embodiments of the present disclosure may be applicable to electronic devices such as terminal devices, computer systems, servers, etc., which may operate with numerous other general purpose or special purpose computing system environments or configurations. Examples of well known terminal devices, computing systems, environments, and/or configurations that may be suitable for use with the terminal device, computer system, server, or other electronic device include, but are not limited to: personal computer systems, server computer systems, thin clients, thick clients, hand-held or laptop devices, microprocessor-based systems, set-top boxes, programmable consumer electronics, network personal computers, small computer systems, mainframe computer systems, and distributed cloud computing technology environments that include any of the foregoing, and the like.
Electronic devices such as terminal devices, computer systems, servers, etc. may be described in the general context of computer system-executable instructions, such as program modules, being executed by a computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, etc., that perform particular tasks or implement particular abstract data types. The computer system/server may be implemented in a distributed cloud computing environment in which tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computing system storage media including memory storage devices.
FIG. 1 is a flow chart of a blockchain-based credential transfer method in some embodiments of the present disclosure. As shown in fig. 1, the blockchain-based credential transfer method includes:
s1: in response to receiving a credential transfer request sent by a credential holder, extracting identity information of the credential holder and identity information of the credential carrier from the credential transfer request.
When the credential holder detects communication with the credential carrier, the credential holder determines that a binding relationship between the credential holder and the credential carrier is stored.
If the binding relation between the credential holder and the credential carrier is stored, the relation binding between the credential holder and the credential carrier is characterized; if the binding relation between the credential holder and the credential carrier is not stored, the relation binding between the credential holder and the credential carrier is not represented.
When no relationship binding is made between the characterizing credential holder and the credential carrier, the credential holder may send a credential transfer request to the issuer of the verifiable credential. Wherein, the credential transfer request includes: the identity information of the credential holder and the identity information of the credential carrier.
After receiving the credential transfer request, the issuer of the verifiable credential extracts the identity information of the credential holder and the identity information of the credential carrier from the credential transfer request.
S2: based on the identity information of the credential holder and the identity information of the credential carrier, it is determined whether the credential holder and the credential carrier belong to the same entity object.
The issuing party of the certificate can be verified, and whether the certificate holder and the certificate carrier belong to the same entity object is judged according to the identity information of the certificate holder and the identity information of the certificate carrier.
In one example of the present disclosure, a issuer of a verifiable credential may determine whether the identity information of the credential holder is the same as the identity information of the credential carrier. If the identity information of the credential holder is the same as the identity information of the credential carrier, characterizing that the credential holder and the credential carrier belong to the same entity object; if the identity information of the credential holder is different from the identity information of the credential carrier, the credential holder and the credential carrier are characterized as not belonging to the same entity object.
S3: and generating a verifiable credential and a binding relationship credential based on the identity information of the credential holder and the identity information of the credential carrier and storing the verifiable credential and the binding relationship credential in a blockchain distributed ledger in response to determining that the credential holder and the credential carrier do not belong to the same entity object. The binding relation certificate is used for identifying the binding relation between the certificate holder and the certificate carrier.
The issuer of the verifiable certificate can use the identity information of the certificate holder or the identity information of the certificate carrier as a search condition, search in a server storing the verifiable certificate sent by the history, and judge whether one verifiable certificate sent by the history exists according to the search result, and record the certificate holder and the certificate carrier at the same time.
If one verifiable credential sent by the history records a credential holder and a credential carrier at the same time, the relation binding between the credential holder and the credential carrier is characterized, and a credential sender of the verifiable credential sends out the verifiable credential aiming at the credential holder and the credential carrier; if there is no verifiable credential sent by the history and the credential holder and the credential carrier are recorded at the same time, the relationship binding between the credential holder and the credential carrier is not represented.
Under the condition that the issuer of the verifiable certificate determines that the relation binding is not performed between the certificate holder and the certificate carrier, the verifiable certificate and the binding relation certificate can be generated according to the identity information of the certificate holder and the identity information of the certificate carrier. The binding relation certificate is used for identifying the binding relation between the certificate holder and the certificate carrier.
S4: the verifiable credential and the binding relationship credential are sent to the credential holder so that the credential holder sends the verifiable credential to the credential carrier.
The issuing party of the verifiable credential sends the verifiable credential and the binding relationship credential to the credential holder. After receiving the verifiable credential and the binding relationship credential, the credential holder stores the binding relationship credential and sends the verifiable credential to the credential carrier. After that, the user can determine who is the legitimate credential holder of the credential carrier through the binding relationship credentials stored in the credential carrier.
In an embodiment, the credential holder sends a credential transfer request to the issuer upon detecting that no relationship binding is made between the credential holder and the credential carrier. After the issuing party extracts the identity information of the credential holder and the identity information of the credential carrier from the credential transfer request, it is determined whether the credential holder and the credential carrier belong to the same entity object. When the credential holder and the credential carrier are judged not to belong to the same entity object, the transfer of the verifiable credential is performed through the credential holder, and the credential holder obtains the binding relation with the credential carrier, thereby being beneficial to verifying the holder of the verifiable credential.
In some embodiments of the present disclosure, before generating the verifiable credential and the binding relationship credential based on the identity information of the credential holder and the identity information of the credential carrier in S3, further comprises:
s3-1: it is detected whether there is a target entity object having a binding relationship with the credential holder.
The issuer of the verifiable credential may use the identity information of the credential holder as a search condition, and search whether a target entity object having a binding relationship with the credential holder exists in a server storing the binding relationship of the server of the verifiable credential. Wherein the target entity object may be other credential carriers.
S3-2: in response to detecting that there is a target entity object having a binding relationship with the credential holder, the binding relationship between the credential holder and the target entity object is released.
When detecting that there is a target entity object having a binding relationship with the credential holder, the server of the credential may verify that the binding relationship between the credential holder and the target entity object is released, so that the credential holder may make a relational binding with the credential carrier.
In this embodiment, before generating the verifiable credential and the binding relationship credential for the credential holder and the credential carrier, it is detected whether a binding relationship has been established for the credential holder and a certain entity object, and if a binding relationship has been established between the credential holder and the entity object, the binding relationship between the credential holder and the entity object is released, so that the credential holder can make a relational binding with the credential carrier.
In some embodiments of the present disclosure, unbinding the binding relationship between the credential holder and the target entity object in S3-2 includes:
s3-2-1: an asymmetrically encrypted session channel is established between the credential holder and the credential server. Wherein an asymmetrically encrypted session channel between the credential holder and the credential server may be established using the public key of the credential holder.
S3-2-2: the credential holder sends a binding release request to the credential server based on the conversation channel. The binding relation release request comprises identity information of the credential service party and identity information of the target entity object.
S3-2-3: the credential service side releases the binding relationship between the credential holder and the target entity object based on the binding relationship release request, and feeds back prompt information of successful binding relationship release to the credential holder based on the dialogue channel. In addition, the credential server can update the relationship credentials of the credential server in its own server.
In this embodiment, the session channel for asymmetric encryption is established to enable the credential holder to perform encrypted communication with the credential server, and the binding relationship between the credential holder and the target entity object is released in the encrypted communication state, so that the information security in the process of releasing the binding relationship can be improved.
In some embodiments of the present disclosure, after S4, further comprising:
s5: the verifiable credential is verified.
The user may send an authentication request to the credential server for the authenticatable credential through the authenticatable credential recorded within the credential carrier. After receiving the verification request, the credential service verifies the validity of the verifiable credential, for example, the legitimate holder of the verifiable credential.
S6: and storing the verification result of the verifiable certificate into the blockchain distributed ledger. The verification process and verification result of the verifiable certificate are recorded based on the characteristic of block chain tamper resistance.
In this embodiment, according to the verifiable credential, it can be quickly determined who is the legal holder of the verifiable credential, and the verification process and verification result of the verifiable credential are recorded by using the characteristic of blockchain tamper resistance, so that the user can know the verification process and verification result of the verifiable credential.
In some embodiments of the present disclosure, the credential holder comprises an electricity meter and the credential carrier comprises an electricity card. Application scenario at this time: when the ammeter detects that the electric card is inserted, if the ammeter and the electric card are not bound in relation, the ammeter can send a certificate transfer request to a certificate sender. After receiving the certificate transfer request, the issuer extracts the identification of the ammeter and the identification of the electric card from the certificate transfer request, and generates a verifiable certificate and a binding relation certificate for the ammeter and the electric card when determining that the ammeter and the electric card do not belong to the same entity object. The verifiable certificate and the binding relation certificate are sent to the electric meter, the electric meter sends the verifiable certificate to the electric card, and the electric meter records the binding relation certificate. The user may then verify who is the legitimate holder of the verifiable credential and record the verification process and verification results by the blockchain distributed ledger.
Fig. 2 is a block diagram of a block chain based credential transfer device in some embodiments of the present disclosure. As shown in fig. 2, the blockchain-based credential transfer device includes:
an extracting module 100, configured to extract, in response to receiving a credential transfer request sent by a credential holder, identity information of the credential holder and identity information of a credential carrier from the credential transfer request;
a judging module 200, configured to judge whether the credential holder and the credential carrier belong to the same entity object based on the identity information of the credential holder and the identity information of the credential carrier;
the credential generation module 300 is configured to generate a verifiable credential and a binding relationship credential based on identity information of the credential holder and identity information of the credential carrier in response to determining that the credential holder and the credential carrier do not belong to the same entity object, where the binding relationship credential is used to identify a binding relationship between the credential holder and the credential carrier;
a storage module 400 for storing the verifiable credentials and the binding relationship credentials into a blockchain distributed ledger;
the communication module 500 is configured to send the verifiable credential and the binding relationship credential to the credential holder, so that the credential holder sends the verifiable credential to the credential carrier.
In some embodiments of the present disclosure, the credential transfer device of the blockchain further includes:
the binding relation detection module is used for detecting whether a target entity object with binding relation with the certificate holder exists or not;
and the binding relation releasing module is used for releasing the binding relation between the certificate holder and the target entity object in response to detecting that the target entity object with the binding relation with the certificate holder exists.
In some embodiments of the present disclosure, the binding relationship releasing module is configured to establish an asymmetrically encrypted session channel between the credential holder and the credential server based on the communication module; the binding relation releasing module is further used for sending a binding relation releasing request to the credential service side by the credential holder based on the dialogue channel, wherein the binding relation releasing request comprises the identity information of the credential service side and the identity information of the target entity object; the binding relation releasing module is also used for releasing the binding relation between the credential holder and the target entity object based on the binding relation releasing request by the credential service side, and feeding back prompt information of successful binding relation release to the credential holder based on the dialogue channel.
In some embodiments of the present disclosure, the credential transfer device of the blockchain further includes:
the certificate verification module is used for verifying the verifiable certificate;
the storage module is also used for storing the verification result of the verifiable certificate into the blockchain distributed account book.
In some embodiments of the present disclosure, the credential holder comprises an electricity meter and the credential carrier comprises an electricity card.
It should be noted that, the detailed implementation of the blockchain-based credential transfer device in the embodiments of the present disclosure is similar to the detailed implementation of the blockchain-based credential transfer method in the embodiments of the present disclosure, and specific reference is made to the description of the blockchain-based credential transfer method section, so that redundancy is reduced and redundant description is omitted.
In addition, the embodiment of the disclosure also provides an electronic device, which comprises:
a memory for storing a computer program;
and a processor, configured to execute a computer program stored in the memory, and when the computer program is executed, implement the blockchain-based credential transfer method according to any of the above embodiments of the present disclosure.
Next, an electronic device according to an embodiment of the present disclosure is described with reference to fig. 3. As shown in fig. 3, the electronic device includes one or more processors and memory.
The processor may be a Central Processing Unit (CPU) or other form of processing unit having data processing and/or instruction execution capabilities, and may control other components in the electronic device to perform the desired functions.
The memory may store one or more computer program products, which may include various forms of computer-readable storage media, such as volatile memory and/or nonvolatile memory. The volatile memory may include, for example, random Access Memory (RAM) and/or cache memory (cache), and the like. The non-volatile memory may include, for example, read Only Memory (ROM), hard disk, flash memory, and the like. One or more computer program products may be stored on the computer readable storage medium that can be run by a processor to implement the blockchain-based credential transfer methods and/or other desired functions of the various embodiments of the present disclosure described above.
In one example, the electronic device may further include: input devices and output devices, which are interconnected by a bus system and/or other forms of connection mechanisms (not shown).
In addition, the input device may include, for example, a keyboard, a mouse, and the like.
The output device may output various information including the determined distance information, direction information, etc., to the outside. The output device may include, for example, a display, speakers, a printer, and a communication network and remote output devices connected thereto, etc.
Of course, only some of the components of the electronic device relevant to the present disclosure are shown in fig. 3 for simplicity, components such as buses, input/output interfaces, etc. being omitted. In addition, the electronic device may include any other suitable components depending on the particular application.
In addition to the methods and apparatus described above, embodiments of the present disclosure may also be a computer program product comprising computer program instructions which, when executed by a processor, cause the processor to perform the steps in the blockchain-based credential transfer method described in the above section of the present disclosure according to various embodiments of the present disclosure.
The computer program product may write program code for performing the operations of embodiments of the present disclosure in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server.
Further, embodiments of the present disclosure may also be a computer-readable storage medium having stored thereon computer program instructions that, when executed by a processor, cause the processor to perform steps in a blockchain-based credential transfer method according to various embodiments of the present disclosure described in the above section of the present description.
The computer readable storage medium may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The basic principles of the present disclosure have been described above in connection with specific embodiments, however, it should be noted that the advantages, benefits, effects, etc. mentioned in the present disclosure are merely examples and not limiting, and these advantages, benefits, effects, etc. are not to be considered as necessarily possessed by the various embodiments of the present disclosure. Furthermore, the specific details disclosed herein are for purposes of illustration and understanding only, and are not intended to be limiting, since the disclosure is not necessarily limited to practice with the specific details described.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different manner from other embodiments, so that the same or similar parts between the embodiments are mutually referred to. For system embodiments, the description is relatively simple as it essentially corresponds to method embodiments, and reference should be made to the description of method embodiments for relevant points.
The block diagrams of the devices, apparatuses, devices, systems referred to in this disclosure are merely illustrative examples and are not intended to require or imply that the connections, arrangements, configurations must be made in the manner shown in the block diagrams. As will be appreciated by one of skill in the art, the devices, apparatuses, devices, systems may be connected, arranged, configured in any manner. Words such as "including," "comprising," "having," and the like are words of openness and mean "including but not limited to," and are used interchangeably therewith. The terms "or" and "as used herein refer to and are used interchangeably with the term" and/or "unless the context clearly indicates otherwise. The term "such as" as used herein refers to, and is used interchangeably with, the phrase "such as, but not limited to.
The methods and apparatus of the present disclosure may be implemented in a number of ways. For example, the methods and apparatus of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, firmware. The above-described sequence of steps for the method is for illustration only, and the steps of the method of the present disclosure are not limited to the sequence specifically described above unless specifically stated otherwise. Furthermore, in some embodiments, the present disclosure may also be implemented as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
It is also noted that in the apparatus, devices and methods of the present disclosure, components or steps may be disassembled and/or assembled. Such decomposition and/or recombination should be considered equivalent to the present disclosure.
The previous description of the disclosed aspects is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these aspects will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other aspects without departing from the scope of the disclosure. Thus, the present disclosure is not intended to be limited to the aspects shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing description has been presented for purposes of illustration and description. Furthermore, this description is not intended to limit the embodiments of the disclosure to the form disclosed herein. Although a number of example aspects and embodiments have been discussed above, a person of ordinary skill in the art will recognize certain variations, modifications, alterations, additions, and subcombinations thereof.
Claims (8)
1. A blockchain-based credential transfer method, comprising:
in response to receiving a credential transfer request sent by a credential holder, extracting identity information of the credential holder and identity information of a credential carrier from the credential transfer request, wherein the credential holder comprises an electric meter and the credential carrier comprises an electric card;
judging whether the credential holder and the credential carrier belong to the same entity object or not based on the identity information of the credential holder and the identity information of the credential carrier;
generating a verifiable credential and a binding relationship credential based on the identity information of the credential holder and the identity information of the credential carrier in response to determining that the credential holder and the credential carrier do not belong to the same entity object, and storing the verifiable credential and the binding relationship credential in a blockchain distributed ledger, wherein the binding relationship credential is used for identifying a binding relationship between the credential holder and the credential carrier;
sending the verifiable credential and the binding relationship credential to the credential holder so that the credential holder sends the verifiable credential to the credential carrier;
verifying the legal holder of the verifiable certificate based on the binding relation certificate stored in the certificate carrier;
before generating the verifiable credential and the binding relationship credential based on the identity information of the credential holder and the identity information of the credential carrier, the method further comprises:
detecting whether a target entity object with a binding relation with the certificate holder exists or not;
in response to detecting that there is a target entity object having a binding relationship with the credential holder, unbinding the binding relationship between the credential holder and the target entity object.
2. The method of claim 1, wherein the unbinding the binding between the credential holder and the target entity object comprises:
establishing an asymmetrically encrypted session channel between the credential holder and the credential server;
the credential holder sends a binding relation release request to the credential server based on the dialogue channel, wherein the binding relation release request comprises identity information of the credential server and identity information of the target entity object;
the credential service side releases the binding relationship between the credential holder and the target entity object based on the binding relationship release request, and feeds back prompt information of successful binding relationship release to the credential holder based on the dialogue channel.
3. The method of claim 1, further comprising, after said verifying the legitimate holder of the verifiable credential:
and storing the verification result of the legal holder of the verifiable certificate into the blockchain distributed account book.
4. A blockchain-based credential transfer device, comprising:
the device comprises an extraction module, a verification module and a verification module, wherein the extraction module is used for responding to a received credential transfer request sent by a credential holder and extracting the identity information of the credential holder and the identity information of a credential carrier from the credential transfer request, wherein the credential holder comprises an ammeter, and the credential carrier comprises an electric card;
the judging module is used for judging whether the certificate holder and the certificate carrier belong to the same entity object or not based on the identity information of the certificate holder and the identity information of the certificate carrier;
the credential generation module is used for generating a verifiable credential and a binding relationship credential based on the identity information of the credential holder and the identity information of the credential carrier in response to determining that the credential holder and the credential carrier do not belong to the same entity object, wherein the binding relationship credential is used for identifying the binding relationship between the credential holder and the credential carrier;
the storage module is used for storing the verifiable credentials and the binding relationship credentials into a blockchain distributed account book;
a communication module for transmitting the verifiable credential and the binding relationship credential to the credential holder so that the credential holder transmits the verifiable credential to the credential carrier;
the certificate verification module is used for verifying a legal holder of the verifiable certificate based on the binding relation certificate stored in the certificate carrier;
the binding relation detection module is used for detecting whether a target entity object with a binding relation with the certificate holder exists or not;
and the binding relation releasing module is used for releasing the binding relation between the certificate holder and the target entity object in response to detecting that the target entity object with the binding relation with the certificate holder exists.
5. The apparatus of claim 4, wherein the binding relationship releasing module is configured to establish an asymmetrically encrypted session channel between the credential holder and credential server based on the communication module; the binding relation removing module is further configured to send a binding relation removing request to the credential server by the credential holder based on the session channel, where the binding relation removing request includes identity information of the credential server and identity information of the target entity object; the binding relation releasing module is further used for the credential service side to release the binding relation between the credential holder and the target entity object based on the binding relation releasing request, and feeding back prompt information of successful binding relation release to the credential holder based on the dialogue channel.
6. The apparatus of claim 4, wherein the storage module is further configured to store the validation results of the legitimate holders of the verifiable credentials in the blockchain distributed ledger.
7. An electronic device, comprising:
a memory for storing a computer program product;
a processor for executing a computer program product stored in said memory, which, when executed, implements the method of any of the preceding claims 1-3.
8. A computer readable storage medium having stored thereon computer program instructions, which when executed by a processor, implement the method of any of the preceding claims 1-3.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311125168.0A CN116842587B (en) | 2023-09-01 | 2023-09-01 | Block chain-based credential transfer method and apparatus, electronic device and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311125168.0A CN116842587B (en) | 2023-09-01 | 2023-09-01 | Block chain-based credential transfer method and apparatus, electronic device and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116842587A CN116842587A (en) | 2023-10-03 |
CN116842587B true CN116842587B (en) | 2023-11-21 |
Family
ID=88163844
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202311125168.0A Active CN116842587B (en) | 2023-09-01 | 2023-09-01 | Block chain-based credential transfer method and apparatus, electronic device and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116842587B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107480964A (en) * | 2017-07-24 | 2017-12-15 | 湖南搜云网络科技股份有限公司 | Orientation assignment method, central server and the storage medium of digital asset |
CN113037493A (en) * | 2021-02-27 | 2021-06-25 | 上海泰砥科技有限公司 | Block chain zero-knowledge proof anonymous credential verification method and system based on DID identity |
CN114757669A (en) * | 2022-04-24 | 2022-07-15 | 北京爱奇艺科技有限公司 | Digital rights management method, system, device, server and storage medium |
CN116484329A (en) * | 2023-04-26 | 2023-07-25 | 中国工商银行股份有限公司 | Data work ownership processing method and device based on blockchain |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11729004B2 (en) * | 2021-06-03 | 2023-08-15 | Unisys Corporation | Certificate-based remote dynamic isolation of IOT devices using distributed ledger technologies |
-
2023
- 2023-09-01 CN CN202311125168.0A patent/CN116842587B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107480964A (en) * | 2017-07-24 | 2017-12-15 | 湖南搜云网络科技股份有限公司 | Orientation assignment method, central server and the storage medium of digital asset |
CN113037493A (en) * | 2021-02-27 | 2021-06-25 | 上海泰砥科技有限公司 | Block chain zero-knowledge proof anonymous credential verification method and system based on DID identity |
CN114757669A (en) * | 2022-04-24 | 2022-07-15 | 北京爱奇艺科技有限公司 | Digital rights management method, system, device, server and storage medium |
CN116484329A (en) * | 2023-04-26 | 2023-07-25 | 中国工商银行股份有限公司 | Data work ownership processing method and device based on blockchain |
Also Published As
Publication number | Publication date |
---|---|
CN116842587A (en) | 2023-10-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107342867B (en) | Signature verification method and device | |
CN105763521B (en) | A kind of device authentication method and device | |
KR101853610B1 (en) | Digital signature authentication system based on biometric information and digital signature authentication method thereof | |
US8984286B2 (en) | Message originator token verification | |
CN112507391B (en) | Block chain-based electronic signature method, system, device and readable storage medium | |
AU2005283167B8 (en) | Method and apparatus for authentication of users and communications received from computer systems | |
CN111133435B (en) | Method and server for validating electronic documents | |
CN108734018B (en) | Authentication method, device, system and computer readable storage medium | |
KR20150036104A (en) | Method, client, server and system of login verification | |
CN107113613B (en) | Server, mobile terminal, network real-name authentication system and method | |
CN110570569B (en) | Activation method of virtual key configuration information, mobile terminal and server | |
CN108833431B (en) | Password resetting method, device, equipment and storage medium | |
CN115361233B (en) | Block chain-based electronic document signing method, device, equipment and medium | |
CN110611647A (en) | Node joining method and device on block chain system | |
CN115460019B (en) | Method, apparatus, device and medium for providing digital identity-based target application | |
CN110826091B (en) | File signature method and device, electronic equipment and readable storage medium | |
CN112165382A (en) | Software authorization method and device, authorization server and terminal equipment | |
CN110909082A (en) | Method and device for generating block chain certificate of works | |
CN111582888B (en) | Verification system for verifying authenticity of electronic deposit | |
KR101890584B1 (en) | Method for providing certificate service based on m of n multiple signatures and server using the same | |
CN111476617A (en) | Data processing method, data processing device, computer equipment and medium | |
US7853793B2 (en) | Trusted signature with key access permissions | |
KR101876672B1 (en) | Digital signature method using block chain and system performing the same | |
CN115550060B (en) | Trusted certificate verification method, device, equipment and medium based on block chain | |
GB2567715A (en) | Authentication system, method and program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |