CN116842587B - Block chain-based credential transfer method and apparatus, electronic device and storage medium - Google Patents

Block chain-based credential transfer method and apparatus, electronic device and storage medium Download PDF

Info

Publication number
CN116842587B
CN116842587B CN202311125168.0A CN202311125168A CN116842587B CN 116842587 B CN116842587 B CN 116842587B CN 202311125168 A CN202311125168 A CN 202311125168A CN 116842587 B CN116842587 B CN 116842587B
Authority
CN
China
Prior art keywords
credential
holder
carrier
certificate
verifiable
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311125168.0A
Other languages
Chinese (zh)
Other versions
CN116842587A (en
Inventor
张钰雯
刘阳
池程
田娟
马宝罗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Academy of Information and Communications Technology CAICT
Original Assignee
China Academy of Information and Communications Technology CAICT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Academy of Information and Communications Technology CAICT filed Critical China Academy of Information and Communications Technology CAICT
Priority to CN202311125168.0A priority Critical patent/CN116842587B/en
Publication of CN116842587A publication Critical patent/CN116842587A/en
Application granted granted Critical
Publication of CN116842587B publication Critical patent/CN116842587B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor

Abstract

The embodiment of the disclosure discloses a block chain-based credential transfer method and device, an electronic device and a storage medium, wherein the method comprises the following steps: in response to receiving a credential transfer request sent by a credential holder, extracting identity information of the credential holder and identity information of a credential carrier; judging whether the certificate holder and the certificate carrier belong to the same entity object; generating verifiable credentials and binding relationship credentials in response to determining that the verifiable credentials and binding relationship credentials do not belong to the same entity object, and storing the verifiable credentials and binding relationship credentials in a blockchain distributed ledger; the verifiable credential and the binding relationship credential are sent to the credential holder so that the credential holder sends the verifiable credential to the credential carrier. The embodiment of the disclosure can transfer the verifiable certificate when the certificate holder and the certificate carrier do not belong to the same entity object, and can enable the certificate holder to obtain the binding relation with the certificate carrier, thereby being beneficial to verifying the holder of the verifiable certificate.

Description

Block chain-based credential transfer method and apparatus, electronic device and storage medium
Technical Field
The disclosure relates to the technical field of blockchains, in particular to a blockchain-based credential transfer method and device, electronic equipment and a storage medium.
Background
Digital identity is a central element of the digital economy industry. Currently, digital identity is developed into self-management identity, which is an identity management mechanism by which a user can control identity information.
The self-management identity mainly comprises a distributed digital identifier (Decentralized identifier, DID) and a verifiable credential (Verifiable Credential), and an identity owner can display own identity information to an authorized verifier through a mechanism, so that the identity information is controlled.
Each DID uniquely corresponds to an entity. The DID itself is a string that does not carry information, and a document is attached to record the technical attributes associated with the identifier, including the public key of the DID, the authentication method, and the like. The DID and documents are stored on the blockchain. As long as the user is authorized by himself, anyone or an organization can verify the identity of the user through the DID on the chain and the document thereof, thereby breaking the barriers among the organizations and realizing the free control of the entity on the identity.
The verifiable credentials are digital credentials that can carry data, providing evidence for the user's identity information, characteristic attributes, etc., thereby ensuring that the user can use certain social services normally. The verifiable credential records the holder's DID, with the issuer's digital signature encrypted with the private key, and the issuer's DID.
For the case where the holder of the verifiable credential and the credential carrier belong to the same physical object, verification may be performed by the same identity of the certificate body in the verifiable credential as the holder of the signed verifiable expression. When the holder of the verifiable credential and the credential carrier do not belong to the same entity object, how to process the verifiable credential, thereby facilitating verification of the holder of the verifiable credential is a problem to be solved urgently.
Disclosure of Invention
The embodiment of the disclosure provides a block chain-based credential transfer method and device, electronic equipment and storage medium, so as to solve the problems.
In a first aspect of embodiments of the present disclosure, there is provided a blockchain-based credential transfer method, including:
in response to receiving a credential transfer request sent by a credential holder, extracting identity information of the credential holder and identity information of a credential carrier from the credential transfer request;
judging whether the credential holder and the credential carrier belong to the same entity object or not based on the identity information of the credential holder and the identity information of the credential carrier;
generating a verifiable credential and a binding relationship credential based on the identity information of the credential holder and the identity information of the credential carrier in response to determining that the credential holder and the credential carrier do not belong to the same entity object, and storing the verifiable credential and the binding relationship credential in a blockchain distributed ledger, wherein the binding relationship credential is used for identifying a binding relationship between the credential holder and the credential carrier;
and sending the verifiable credential and the binding relationship credential to the credential holder so that the credential holder sends the verifiable credential to the credential carrier.
In some embodiments of the disclosure, before the generating the verifiable credential and the binding relationship credential based on the identity information of the credential holder and the identity information of the credential carrier, the method further comprises:
detecting whether a target entity object with a binding relation with the certificate holder exists or not;
in response to detecting that there is a target entity object having a binding relationship with the credential holder, unbinding the binding relationship between the credential holder and the target entity object.
In some embodiments of the disclosure, the unbinding the binding between the credential holder and the target entity object comprises:
establishing an asymmetrically encrypted session channel between the credential holder and the credential server;
the credential holder sends a binding relation release request to the credential server based on the dialogue channel, wherein the binding relation release request comprises identity information of the credential server and identity information of the target entity object;
the credential service side releases the binding relationship between the credential holder and the target entity object based on the binding relationship release request, and feeds back prompt information of successful binding relationship release to the credential holder based on the dialogue channel.
In some embodiments of the present disclosure, after said sending the verifiable credential and the binding credential to the credential holder such that the credential holder sends the verifiable credential to the credential carrier, further comprising:
verifying the verifiable certificate;
and storing the verification result of the verifiable certificate into the blockchain distributed ledger.
In some embodiments of the present disclosure, the credential holder comprises an electricity meter and the credential carrier comprises an electrical card.
In a second aspect of embodiments of the present disclosure, there is provided a blockchain-based credential transfer device comprising:
the extraction module is used for responding to a received credential transfer request sent by a credential holder and extracting the identity information of the credential holder and the identity information of a credential carrier from the credential transfer request;
the judging module is used for judging whether the certificate holder and the certificate carrier belong to the same entity object or not based on the identity information of the certificate holder and the identity information of the certificate carrier;
the credential generation module is used for generating a verifiable credential and a binding relationship credential based on the identity information of the credential holder and the identity information of the credential carrier in response to determining that the credential holder and the credential carrier do not belong to the same entity object, wherein the binding relationship credential is used for identifying the binding relationship between the credential holder and the credential carrier;
the storage module is used for storing the verifiable credentials and the binding relationship credentials into a blockchain distributed account book;
and the communication module is used for sending the verifiable certificate and the binding relation certificate to the certificate holder so that the certificate holder can send the verifiable certificate to the certificate carrier.
In some embodiments of the present disclosure, the blockchain credential transferring device further includes:
the binding relation detection module is used for detecting whether a target entity object with a binding relation with the certificate holder exists or not;
and the binding relation releasing module is used for releasing the binding relation between the certificate holder and the target entity object in response to detecting that the target entity object with the binding relation with the certificate holder exists.
In some embodiments of the disclosure, the binding relationship releasing module is configured to establish an asymmetrically encrypted session channel between the credential holder and the credential server based on the communication module; the binding relation removing module is further configured to send a binding relation removing request to the credential server by the credential holder based on the session channel, where the binding relation removing request includes identity information of the credential server and identity information of the target entity object; the binding relation releasing module is further used for the credential service side to release the binding relation between the credential holder and the target entity object based on the binding relation releasing request, and feeding back prompt information of successful binding relation release to the credential holder based on the dialogue channel.
In some embodiments of the present disclosure, the blockchain credential transferring device further includes:
the certificate verification module is used for verifying the verifiable certificate;
the storage module is further configured to store a verification result of the verifiable credential into the blockchain distributed ledger.
In some embodiments of the present disclosure, the credential holder comprises an electricity meter and the credential carrier comprises an electrical card.
In a third aspect of the disclosed embodiments, there is provided an electronic device, including:
a memory for storing a computer program product;
a processor for executing the computer program product stored in the memory, and when the computer program product is executed, implementing the method according to the first aspect.
A fourth aspect of an embodiment of the present disclosure provides a computer readable storage medium having stored thereon computer program instructions, wherein the computer program instructions, when executed by a processor, implement the method according to the first aspect.
The embodiment of the disclosure relates to a block chain-based credential transfer method and device, electronic equipment and storage medium, wherein when a credential holder detects that no relation binding is performed between the credential holder and a credential carrier, a credential transfer request is sent to a credential sender. After the issuing party extracts the identity information of the credential holder and the identity information of the credential carrier from the credential transfer request, the issuing party judges whether the credential holder and the credential carrier belong to the same entity object. When the credential holder and the credential carrier are judged not to belong to the same entity object, the transfer of the verifiable credential is performed through the credential holder, and the credential holder obtains the binding relation with the credential carrier, thereby being beneficial to verifying the holder of the verifiable credential.
The technical scheme of the present disclosure is described in further detail below through the accompanying drawings and examples.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The disclosure may be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings in which:
FIG. 1 is a flow chart of a blockchain-based credential transfer method in some embodiments of the present disclosure;
FIG. 2 is a block diagram of a blockchain-based credential transfer device in some embodiments of the present disclosure;
fig. 3 is a block diagram of an electronic device in some embodiments of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless it is specifically stated otherwise.
It will be appreciated by those of skill in the art that the terms "first," "second," etc. in embodiments of the present disclosure are used merely to distinguish between different steps, devices or modules, etc., and do not represent any particular technical meaning nor necessarily logical order between them.
It should also be understood that in embodiments of the present disclosure, "plurality" may refer to two or more, and "at least one" may refer to one, two or more.
It should also be appreciated that any component, data, or structure referred to in the presently disclosed embodiments may be generally understood as one or more without explicit limitation or the contrary in the context.
In addition, the term "and/or" in this disclosure is merely an association relationship describing an association object, and indicates that three relationships may exist, for example, a and/or B may indicate: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" in the present disclosure generally indicates that the front and rear association objects are an or relationship.
It should also be understood that the description of the various embodiments of the present disclosure emphasizes the differences between the various embodiments, and that the same or similar features may be referred to each other, and for brevity, will not be described in detail.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but are intended to be part of the specification where appropriate.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further discussion thereof is necessary in subsequent figures.
Embodiments of the present disclosure may be applicable to electronic devices such as terminal devices, computer systems, servers, etc., which may operate with numerous other general purpose or special purpose computing system environments or configurations. Examples of well known terminal devices, computing systems, environments, and/or configurations that may be suitable for use with the terminal device, computer system, server, or other electronic device include, but are not limited to: personal computer systems, server computer systems, thin clients, thick clients, hand-held or laptop devices, microprocessor-based systems, set-top boxes, programmable consumer electronics, network personal computers, small computer systems, mainframe computer systems, and distributed cloud computing technology environments that include any of the foregoing, and the like.
Electronic devices such as terminal devices, computer systems, servers, etc. may be described in the general context of computer system-executable instructions, such as program modules, being executed by a computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, etc., that perform particular tasks or implement particular abstract data types. The computer system/server may be implemented in a distributed cloud computing environment in which tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computing system storage media including memory storage devices.
FIG. 1 is a flow chart of a blockchain-based credential transfer method in some embodiments of the present disclosure. As shown in fig. 1, the blockchain-based credential transfer method includes:
s1: in response to receiving a credential transfer request sent by a credential holder, extracting identity information of the credential holder and identity information of the credential carrier from the credential transfer request.
When the credential holder detects communication with the credential carrier, the credential holder determines that a binding relationship between the credential holder and the credential carrier is stored.
If the binding relation between the credential holder and the credential carrier is stored, the relation binding between the credential holder and the credential carrier is characterized; if the binding relation between the credential holder and the credential carrier is not stored, the relation binding between the credential holder and the credential carrier is not represented.
When no relationship binding is made between the characterizing credential holder and the credential carrier, the credential holder may send a credential transfer request to the issuer of the verifiable credential. Wherein, the credential transfer request includes: the identity information of the credential holder and the identity information of the credential carrier.
After receiving the credential transfer request, the issuer of the verifiable credential extracts the identity information of the credential holder and the identity information of the credential carrier from the credential transfer request.
S2: based on the identity information of the credential holder and the identity information of the credential carrier, it is determined whether the credential holder and the credential carrier belong to the same entity object.
The issuing party of the certificate can be verified, and whether the certificate holder and the certificate carrier belong to the same entity object is judged according to the identity information of the certificate holder and the identity information of the certificate carrier.
In one example of the present disclosure, a issuer of a verifiable credential may determine whether the identity information of the credential holder is the same as the identity information of the credential carrier. If the identity information of the credential holder is the same as the identity information of the credential carrier, characterizing that the credential holder and the credential carrier belong to the same entity object; if the identity information of the credential holder is different from the identity information of the credential carrier, the credential holder and the credential carrier are characterized as not belonging to the same entity object.
S3: and generating a verifiable credential and a binding relationship credential based on the identity information of the credential holder and the identity information of the credential carrier and storing the verifiable credential and the binding relationship credential in a blockchain distributed ledger in response to determining that the credential holder and the credential carrier do not belong to the same entity object. The binding relation certificate is used for identifying the binding relation between the certificate holder and the certificate carrier.
The issuer of the verifiable certificate can use the identity information of the certificate holder or the identity information of the certificate carrier as a search condition, search in a server storing the verifiable certificate sent by the history, and judge whether one verifiable certificate sent by the history exists according to the search result, and record the certificate holder and the certificate carrier at the same time.
If one verifiable credential sent by the history records a credential holder and a credential carrier at the same time, the relation binding between the credential holder and the credential carrier is characterized, and a credential sender of the verifiable credential sends out the verifiable credential aiming at the credential holder and the credential carrier; if there is no verifiable credential sent by the history and the credential holder and the credential carrier are recorded at the same time, the relationship binding between the credential holder and the credential carrier is not represented.
Under the condition that the issuer of the verifiable certificate determines that the relation binding is not performed between the certificate holder and the certificate carrier, the verifiable certificate and the binding relation certificate can be generated according to the identity information of the certificate holder and the identity information of the certificate carrier. The binding relation certificate is used for identifying the binding relation between the certificate holder and the certificate carrier.
S4: the verifiable credential and the binding relationship credential are sent to the credential holder so that the credential holder sends the verifiable credential to the credential carrier.
The issuing party of the verifiable credential sends the verifiable credential and the binding relationship credential to the credential holder. After receiving the verifiable credential and the binding relationship credential, the credential holder stores the binding relationship credential and sends the verifiable credential to the credential carrier. After that, the user can determine who is the legitimate credential holder of the credential carrier through the binding relationship credentials stored in the credential carrier.
In an embodiment, the credential holder sends a credential transfer request to the issuer upon detecting that no relationship binding is made between the credential holder and the credential carrier. After the issuing party extracts the identity information of the credential holder and the identity information of the credential carrier from the credential transfer request, it is determined whether the credential holder and the credential carrier belong to the same entity object. When the credential holder and the credential carrier are judged not to belong to the same entity object, the transfer of the verifiable credential is performed through the credential holder, and the credential holder obtains the binding relation with the credential carrier, thereby being beneficial to verifying the holder of the verifiable credential.
In some embodiments of the present disclosure, before generating the verifiable credential and the binding relationship credential based on the identity information of the credential holder and the identity information of the credential carrier in S3, further comprises:
s3-1: it is detected whether there is a target entity object having a binding relationship with the credential holder.
The issuer of the verifiable credential may use the identity information of the credential holder as a search condition, and search whether a target entity object having a binding relationship with the credential holder exists in a server storing the binding relationship of the server of the verifiable credential. Wherein the target entity object may be other credential carriers.
S3-2: in response to detecting that there is a target entity object having a binding relationship with the credential holder, the binding relationship between the credential holder and the target entity object is released.
When detecting that there is a target entity object having a binding relationship with the credential holder, the server of the credential may verify that the binding relationship between the credential holder and the target entity object is released, so that the credential holder may make a relational binding with the credential carrier.
In this embodiment, before generating the verifiable credential and the binding relationship credential for the credential holder and the credential carrier, it is detected whether a binding relationship has been established for the credential holder and a certain entity object, and if a binding relationship has been established between the credential holder and the entity object, the binding relationship between the credential holder and the entity object is released, so that the credential holder can make a relational binding with the credential carrier.
In some embodiments of the present disclosure, unbinding the binding relationship between the credential holder and the target entity object in S3-2 includes:
s3-2-1: an asymmetrically encrypted session channel is established between the credential holder and the credential server. Wherein an asymmetrically encrypted session channel between the credential holder and the credential server may be established using the public key of the credential holder.
S3-2-2: the credential holder sends a binding release request to the credential server based on the conversation channel. The binding relation release request comprises identity information of the credential service party and identity information of the target entity object.
S3-2-3: the credential service side releases the binding relationship between the credential holder and the target entity object based on the binding relationship release request, and feeds back prompt information of successful binding relationship release to the credential holder based on the dialogue channel. In addition, the credential server can update the relationship credentials of the credential server in its own server.
In this embodiment, the session channel for asymmetric encryption is established to enable the credential holder to perform encrypted communication with the credential server, and the binding relationship between the credential holder and the target entity object is released in the encrypted communication state, so that the information security in the process of releasing the binding relationship can be improved.
In some embodiments of the present disclosure, after S4, further comprising:
s5: the verifiable credential is verified.
The user may send an authentication request to the credential server for the authenticatable credential through the authenticatable credential recorded within the credential carrier. After receiving the verification request, the credential service verifies the validity of the verifiable credential, for example, the legitimate holder of the verifiable credential.
S6: and storing the verification result of the verifiable certificate into the blockchain distributed ledger. The verification process and verification result of the verifiable certificate are recorded based on the characteristic of block chain tamper resistance.
In this embodiment, according to the verifiable credential, it can be quickly determined who is the legal holder of the verifiable credential, and the verification process and verification result of the verifiable credential are recorded by using the characteristic of blockchain tamper resistance, so that the user can know the verification process and verification result of the verifiable credential.
In some embodiments of the present disclosure, the credential holder comprises an electricity meter and the credential carrier comprises an electricity card. Application scenario at this time: when the ammeter detects that the electric card is inserted, if the ammeter and the electric card are not bound in relation, the ammeter can send a certificate transfer request to a certificate sender. After receiving the certificate transfer request, the issuer extracts the identification of the ammeter and the identification of the electric card from the certificate transfer request, and generates a verifiable certificate and a binding relation certificate for the ammeter and the electric card when determining that the ammeter and the electric card do not belong to the same entity object. The verifiable certificate and the binding relation certificate are sent to the electric meter, the electric meter sends the verifiable certificate to the electric card, and the electric meter records the binding relation certificate. The user may then verify who is the legitimate holder of the verifiable credential and record the verification process and verification results by the blockchain distributed ledger.
Fig. 2 is a block diagram of a block chain based credential transfer device in some embodiments of the present disclosure. As shown in fig. 2, the blockchain-based credential transfer device includes:
an extracting module 100, configured to extract, in response to receiving a credential transfer request sent by a credential holder, identity information of the credential holder and identity information of a credential carrier from the credential transfer request;
a judging module 200, configured to judge whether the credential holder and the credential carrier belong to the same entity object based on the identity information of the credential holder and the identity information of the credential carrier;
the credential generation module 300 is configured to generate a verifiable credential and a binding relationship credential based on identity information of the credential holder and identity information of the credential carrier in response to determining that the credential holder and the credential carrier do not belong to the same entity object, where the binding relationship credential is used to identify a binding relationship between the credential holder and the credential carrier;
a storage module 400 for storing the verifiable credentials and the binding relationship credentials into a blockchain distributed ledger;
the communication module 500 is configured to send the verifiable credential and the binding relationship credential to the credential holder, so that the credential holder sends the verifiable credential to the credential carrier.
In some embodiments of the present disclosure, the credential transfer device of the blockchain further includes:
the binding relation detection module is used for detecting whether a target entity object with binding relation with the certificate holder exists or not;
and the binding relation releasing module is used for releasing the binding relation between the certificate holder and the target entity object in response to detecting that the target entity object with the binding relation with the certificate holder exists.
In some embodiments of the present disclosure, the binding relationship releasing module is configured to establish an asymmetrically encrypted session channel between the credential holder and the credential server based on the communication module; the binding relation releasing module is further used for sending a binding relation releasing request to the credential service side by the credential holder based on the dialogue channel, wherein the binding relation releasing request comprises the identity information of the credential service side and the identity information of the target entity object; the binding relation releasing module is also used for releasing the binding relation between the credential holder and the target entity object based on the binding relation releasing request by the credential service side, and feeding back prompt information of successful binding relation release to the credential holder based on the dialogue channel.
In some embodiments of the present disclosure, the credential transfer device of the blockchain further includes:
the certificate verification module is used for verifying the verifiable certificate;
the storage module is also used for storing the verification result of the verifiable certificate into the blockchain distributed account book.
In some embodiments of the present disclosure, the credential holder comprises an electricity meter and the credential carrier comprises an electricity card.
It should be noted that, the detailed implementation of the blockchain-based credential transfer device in the embodiments of the present disclosure is similar to the detailed implementation of the blockchain-based credential transfer method in the embodiments of the present disclosure, and specific reference is made to the description of the blockchain-based credential transfer method section, so that redundancy is reduced and redundant description is omitted.
In addition, the embodiment of the disclosure also provides an electronic device, which comprises:
a memory for storing a computer program;
and a processor, configured to execute a computer program stored in the memory, and when the computer program is executed, implement the blockchain-based credential transfer method according to any of the above embodiments of the present disclosure.
Next, an electronic device according to an embodiment of the present disclosure is described with reference to fig. 3. As shown in fig. 3, the electronic device includes one or more processors and memory.
The processor may be a Central Processing Unit (CPU) or other form of processing unit having data processing and/or instruction execution capabilities, and may control other components in the electronic device to perform the desired functions.
The memory may store one or more computer program products, which may include various forms of computer-readable storage media, such as volatile memory and/or nonvolatile memory. The volatile memory may include, for example, random Access Memory (RAM) and/or cache memory (cache), and the like. The non-volatile memory may include, for example, read Only Memory (ROM), hard disk, flash memory, and the like. One or more computer program products may be stored on the computer readable storage medium that can be run by a processor to implement the blockchain-based credential transfer methods and/or other desired functions of the various embodiments of the present disclosure described above.
In one example, the electronic device may further include: input devices and output devices, which are interconnected by a bus system and/or other forms of connection mechanisms (not shown).
In addition, the input device may include, for example, a keyboard, a mouse, and the like.
The output device may output various information including the determined distance information, direction information, etc., to the outside. The output device may include, for example, a display, speakers, a printer, and a communication network and remote output devices connected thereto, etc.
Of course, only some of the components of the electronic device relevant to the present disclosure are shown in fig. 3 for simplicity, components such as buses, input/output interfaces, etc. being omitted. In addition, the electronic device may include any other suitable components depending on the particular application.
In addition to the methods and apparatus described above, embodiments of the present disclosure may also be a computer program product comprising computer program instructions which, when executed by a processor, cause the processor to perform the steps in the blockchain-based credential transfer method described in the above section of the present disclosure according to various embodiments of the present disclosure.
The computer program product may write program code for performing the operations of embodiments of the present disclosure in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server.
Further, embodiments of the present disclosure may also be a computer-readable storage medium having stored thereon computer program instructions that, when executed by a processor, cause the processor to perform steps in a blockchain-based credential transfer method according to various embodiments of the present disclosure described in the above section of the present description.
The computer readable storage medium may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The basic principles of the present disclosure have been described above in connection with specific embodiments, however, it should be noted that the advantages, benefits, effects, etc. mentioned in the present disclosure are merely examples and not limiting, and these advantages, benefits, effects, etc. are not to be considered as necessarily possessed by the various embodiments of the present disclosure. Furthermore, the specific details disclosed herein are for purposes of illustration and understanding only, and are not intended to be limiting, since the disclosure is not necessarily limited to practice with the specific details described.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different manner from other embodiments, so that the same or similar parts between the embodiments are mutually referred to. For system embodiments, the description is relatively simple as it essentially corresponds to method embodiments, and reference should be made to the description of method embodiments for relevant points.
The block diagrams of the devices, apparatuses, devices, systems referred to in this disclosure are merely illustrative examples and are not intended to require or imply that the connections, arrangements, configurations must be made in the manner shown in the block diagrams. As will be appreciated by one of skill in the art, the devices, apparatuses, devices, systems may be connected, arranged, configured in any manner. Words such as "including," "comprising," "having," and the like are words of openness and mean "including but not limited to," and are used interchangeably therewith. The terms "or" and "as used herein refer to and are used interchangeably with the term" and/or "unless the context clearly indicates otherwise. The term "such as" as used herein refers to, and is used interchangeably with, the phrase "such as, but not limited to.
The methods and apparatus of the present disclosure may be implemented in a number of ways. For example, the methods and apparatus of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, firmware. The above-described sequence of steps for the method is for illustration only, and the steps of the method of the present disclosure are not limited to the sequence specifically described above unless specifically stated otherwise. Furthermore, in some embodiments, the present disclosure may also be implemented as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
It is also noted that in the apparatus, devices and methods of the present disclosure, components or steps may be disassembled and/or assembled. Such decomposition and/or recombination should be considered equivalent to the present disclosure.
The previous description of the disclosed aspects is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these aspects will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other aspects without departing from the scope of the disclosure. Thus, the present disclosure is not intended to be limited to the aspects shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing description has been presented for purposes of illustration and description. Furthermore, this description is not intended to limit the embodiments of the disclosure to the form disclosed herein. Although a number of example aspects and embodiments have been discussed above, a person of ordinary skill in the art will recognize certain variations, modifications, alterations, additions, and subcombinations thereof.

Claims (8)

1. A blockchain-based credential transfer method, comprising:
in response to receiving a credential transfer request sent by a credential holder, extracting identity information of the credential holder and identity information of a credential carrier from the credential transfer request, wherein the credential holder comprises an electric meter and the credential carrier comprises an electric card;
judging whether the credential holder and the credential carrier belong to the same entity object or not based on the identity information of the credential holder and the identity information of the credential carrier;
generating a verifiable credential and a binding relationship credential based on the identity information of the credential holder and the identity information of the credential carrier in response to determining that the credential holder and the credential carrier do not belong to the same entity object, and storing the verifiable credential and the binding relationship credential in a blockchain distributed ledger, wherein the binding relationship credential is used for identifying a binding relationship between the credential holder and the credential carrier;
sending the verifiable credential and the binding relationship credential to the credential holder so that the credential holder sends the verifiable credential to the credential carrier;
verifying the legal holder of the verifiable certificate based on the binding relation certificate stored in the certificate carrier;
before generating the verifiable credential and the binding relationship credential based on the identity information of the credential holder and the identity information of the credential carrier, the method further comprises:
detecting whether a target entity object with a binding relation with the certificate holder exists or not;
in response to detecting that there is a target entity object having a binding relationship with the credential holder, unbinding the binding relationship between the credential holder and the target entity object.
2. The method of claim 1, wherein the unbinding the binding between the credential holder and the target entity object comprises:
establishing an asymmetrically encrypted session channel between the credential holder and the credential server;
the credential holder sends a binding relation release request to the credential server based on the dialogue channel, wherein the binding relation release request comprises identity information of the credential server and identity information of the target entity object;
the credential service side releases the binding relationship between the credential holder and the target entity object based on the binding relationship release request, and feeds back prompt information of successful binding relationship release to the credential holder based on the dialogue channel.
3. The method of claim 1, further comprising, after said verifying the legitimate holder of the verifiable credential:
and storing the verification result of the legal holder of the verifiable certificate into the blockchain distributed account book.
4. A blockchain-based credential transfer device, comprising:
the device comprises an extraction module, a verification module and a verification module, wherein the extraction module is used for responding to a received credential transfer request sent by a credential holder and extracting the identity information of the credential holder and the identity information of a credential carrier from the credential transfer request, wherein the credential holder comprises an ammeter, and the credential carrier comprises an electric card;
the judging module is used for judging whether the certificate holder and the certificate carrier belong to the same entity object or not based on the identity information of the certificate holder and the identity information of the certificate carrier;
the credential generation module is used for generating a verifiable credential and a binding relationship credential based on the identity information of the credential holder and the identity information of the credential carrier in response to determining that the credential holder and the credential carrier do not belong to the same entity object, wherein the binding relationship credential is used for identifying the binding relationship between the credential holder and the credential carrier;
the storage module is used for storing the verifiable credentials and the binding relationship credentials into a blockchain distributed account book;
a communication module for transmitting the verifiable credential and the binding relationship credential to the credential holder so that the credential holder transmits the verifiable credential to the credential carrier;
the certificate verification module is used for verifying a legal holder of the verifiable certificate based on the binding relation certificate stored in the certificate carrier;
the binding relation detection module is used for detecting whether a target entity object with a binding relation with the certificate holder exists or not;
and the binding relation releasing module is used for releasing the binding relation between the certificate holder and the target entity object in response to detecting that the target entity object with the binding relation with the certificate holder exists.
5. The apparatus of claim 4, wherein the binding relationship releasing module is configured to establish an asymmetrically encrypted session channel between the credential holder and credential server based on the communication module; the binding relation removing module is further configured to send a binding relation removing request to the credential server by the credential holder based on the session channel, where the binding relation removing request includes identity information of the credential server and identity information of the target entity object; the binding relation releasing module is further used for the credential service side to release the binding relation between the credential holder and the target entity object based on the binding relation releasing request, and feeding back prompt information of successful binding relation release to the credential holder based on the dialogue channel.
6. The apparatus of claim 4, wherein the storage module is further configured to store the validation results of the legitimate holders of the verifiable credentials in the blockchain distributed ledger.
7. An electronic device, comprising:
a memory for storing a computer program product;
a processor for executing a computer program product stored in said memory, which, when executed, implements the method of any of the preceding claims 1-3.
8. A computer readable storage medium having stored thereon computer program instructions, which when executed by a processor, implement the method of any of the preceding claims 1-3.
CN202311125168.0A 2023-09-01 2023-09-01 Block chain-based credential transfer method and apparatus, electronic device and storage medium Active CN116842587B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311125168.0A CN116842587B (en) 2023-09-01 2023-09-01 Block chain-based credential transfer method and apparatus, electronic device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311125168.0A CN116842587B (en) 2023-09-01 2023-09-01 Block chain-based credential transfer method and apparatus, electronic device and storage medium

Publications (2)

Publication Number Publication Date
CN116842587A CN116842587A (en) 2023-10-03
CN116842587B true CN116842587B (en) 2023-11-21

Family

ID=88163844

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311125168.0A Active CN116842587B (en) 2023-09-01 2023-09-01 Block chain-based credential transfer method and apparatus, electronic device and storage medium

Country Status (1)

Country Link
CN (1) CN116842587B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107480964A (en) * 2017-07-24 2017-12-15 湖南搜云网络科技股份有限公司 Orientation assignment method, central server and the storage medium of digital asset
CN113037493A (en) * 2021-02-27 2021-06-25 上海泰砥科技有限公司 Block chain zero-knowledge proof anonymous credential verification method and system based on DID identity
CN114757669A (en) * 2022-04-24 2022-07-15 北京爱奇艺科技有限公司 Digital rights management method, system, device, server and storage medium
CN116484329A (en) * 2023-04-26 2023-07-25 中国工商银行股份有限公司 Data work ownership processing method and device based on blockchain

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11729004B2 (en) * 2021-06-03 2023-08-15 Unisys Corporation Certificate-based remote dynamic isolation of IOT devices using distributed ledger technologies

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107480964A (en) * 2017-07-24 2017-12-15 湖南搜云网络科技股份有限公司 Orientation assignment method, central server and the storage medium of digital asset
CN113037493A (en) * 2021-02-27 2021-06-25 上海泰砥科技有限公司 Block chain zero-knowledge proof anonymous credential verification method and system based on DID identity
CN114757669A (en) * 2022-04-24 2022-07-15 北京爱奇艺科技有限公司 Digital rights management method, system, device, server and storage medium
CN116484329A (en) * 2023-04-26 2023-07-25 中国工商银行股份有限公司 Data work ownership processing method and device based on blockchain

Also Published As

Publication number Publication date
CN116842587A (en) 2023-10-03

Similar Documents

Publication Publication Date Title
CN107342867B (en) Signature verification method and device
CN105763521B (en) A kind of device authentication method and device
KR101853610B1 (en) Digital signature authentication system based on biometric information and digital signature authentication method thereof
US8984286B2 (en) Message originator token verification
CN112507391B (en) Block chain-based electronic signature method, system, device and readable storage medium
AU2005283167B8 (en) Method and apparatus for authentication of users and communications received from computer systems
CN111133435B (en) Method and server for validating electronic documents
CN108734018B (en) Authentication method, device, system and computer readable storage medium
KR20150036104A (en) Method, client, server and system of login verification
CN107113613B (en) Server, mobile terminal, network real-name authentication system and method
CN110570569B (en) Activation method of virtual key configuration information, mobile terminal and server
CN108833431B (en) Password resetting method, device, equipment and storage medium
CN115361233B (en) Block chain-based electronic document signing method, device, equipment and medium
CN110611647A (en) Node joining method and device on block chain system
CN115460019B (en) Method, apparatus, device and medium for providing digital identity-based target application
CN110826091B (en) File signature method and device, electronic equipment and readable storage medium
CN112165382A (en) Software authorization method and device, authorization server and terminal equipment
CN110909082A (en) Method and device for generating block chain certificate of works
CN111582888B (en) Verification system for verifying authenticity of electronic deposit
KR101890584B1 (en) Method for providing certificate service based on m of n multiple signatures and server using the same
CN111476617A (en) Data processing method, data processing device, computer equipment and medium
US7853793B2 (en) Trusted signature with key access permissions
KR101876672B1 (en) Digital signature method using block chain and system performing the same
CN115550060B (en) Trusted certificate verification method, device, equipment and medium based on block chain
GB2567715A (en) Authentication system, method and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant