CN116962061A - User identity verification method, device and equipment based on blockchain - Google Patents

User identity verification method, device and equipment based on blockchain Download PDF

Info

Publication number
CN116962061A
CN116962061A CN202310964375.9A CN202310964375A CN116962061A CN 116962061 A CN116962061 A CN 116962061A CN 202310964375 A CN202310964375 A CN 202310964375A CN 116962061 A CN116962061 A CN 116962061A
Authority
CN
China
Prior art keywords
user
identity
verification
target user
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310964375.9A
Other languages
Chinese (zh)
Inventor
薛少佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202310964375.9A priority Critical patent/CN116962061A/en
Publication of CN116962061A publication Critical patent/CN116962061A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

The embodiment of the specification discloses a blockchain-based user identity verification method, device and equipment. The scheme may include: after the user identity manager obtains a first identity verification request generated by the service provider aiming at the preset type of identity information of the target user in the service processing process, a second identity verification request aiming at the preset type of identity information of the target user can be generated by utilizing a preset private key of the target user in response to the first identity verification request, and then the second identity verification request is sent to the blockchain network; after determining that the target user grants the identity verification authority by using the preset public key corresponding to the preset private key, the blockchain network can generate and feed back a user identity verification result to the user identity manager based on at least one of the stored ciphertext user identity information and the trusted user identity verification result which pass the trusted verification, so that the user identity verification result can be provided for the service provider.

Description

User identity verification method, device and equipment based on blockchain
Technical Field
The present application relates to the field of blockchain technologies, and in particular, to a blockchain-based user identity verification method, device and equipment.
Background
With the popularization and application of computers and the Internet and the rapid development of communication technology, society gradually enters an information age. Currently, in the process of conveniently acquiring services by using each application program, users often need to provide information reflecting personal identities to each service provider, so that the service provider performs identity verification on the users. The user operation is complicated, inconvenience is brought to the user, and along with the stronger and stronger consciousness of the user on personal data protection, the risk of revealing or misusing the user identity information also becomes the biggest worry of the Internet user.
Based on the above, how to improve the operation convenience and the data security of the verification process for the user identity information becomes a technical problem to be solved urgently.
Disclosure of Invention
According to the user identity verification method, device and equipment based on the blockchain, the operation convenience and the data security of the verification process aiming at the user identity information can be improved.
In order to solve the above technical problems, the embodiments of the present specification are implemented as follows:
the embodiment of the specification provides a user identity verification method based on a blockchain, which comprises the following steps:
Acquiring a first identity verification request generated by a service provider aiming at a target user in a service processing process; the first identity verification request is used for requesting verification of preset types of identity information of the target user;
responding to the first identity verification request, and generating a second identity verification request aiming at the identity information of the preset type of the target user by utilizing a preset private key of the target user for managing the user identity information;
sending the second identity verification request to a blockchain network;
receiving a user identity verification result fed back by the blockchain network; the user identity verification result is generated by the blockchain network based on at least one of ciphertext user identity information and trusted user identity verification result which are stored at the blockchain network and pass trusted verification after determining that the target user grants verification authority for the preset type of identity information;
and sending the user identity verification result to the service provider.
Another blockchain-based user identity verification method provided in the embodiments of the present disclosure includes:
the blockchain network acquires a second identity verification request aiming at the identity information of the preset type of the target user from the user identity management party; the second identity verification request is a request generated by using a preset private key of the target user for managing user identity information in response to the first identity verification request; the first identity verification request is a request generated by a service provider in a service processing process and used for requesting verification of preset types of identity information of the target user;
Responding to the second identity verification request, and after determining that the target user grants verification authority for the identity information of the preset type, generating a user identity verification result for the target user according to at least one of ciphertext user identity information and trusted user identity verification results which are stored in the blockchain network and pass trusted verification;
and sending the user identity verification result to the user identity manager.
The embodiment of the specification provides a user identity verification device based on blockchain, which comprises:
the first acquisition module is used for acquiring a first identity verification request generated by a service provider aiming at a target user in a service processing process; the first identity verification request is used for requesting verification of preset types of identity information of the target user;
the first generation module is used for responding to the first identity verification request and generating a second identity verification request aiming at the identity information of the preset type of the target user by utilizing the preset private key of the target user for managing the user identity information;
the first sending module is used for sending the second identity verification request to a blockchain network;
The receiving module is used for receiving a user identity verification result fed back by the blockchain network; the user identity verification result is generated by the blockchain network based on at least one of ciphertext user identity information and trusted user identity verification result which are stored at the blockchain network and pass trusted verification after determining that the target user grants verification authority for the preset type of identity information;
and the second sending module is used for sending the user identity verification result to the service provider.
Another blockchain-based user identity verification device provided in an embodiment of the present disclosure includes:
the first acquisition module is used for acquiring a second identity verification request of the preset type of identity information of the target user from the user identity management party; the second identity verification request is a request generated by using a preset private key of the target user for managing user identity information in response to the first identity verification request; the first identity verification request is a request generated by a service provider in a service processing process and used for requesting verification of preset types of identity information of the target user;
The generation module is used for responding to the second identity verification request, and after determining that the target user grants verification authority for the identity information of the preset type, the generation module generates a user identity verification result aiming at the target user according to at least one of the ciphertext user identity information and the trusted user identity verification result which are stored in the blockchain network and pass the trusted verification;
and the sending module is used for sending the user identity verification result to the user identity manager.
The embodiment of the specification provides a user identity verification device based on a blockchain, which comprises the following components:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
acquiring a first identity verification request generated by a service provider aiming at a target user in a service processing process; the first identity verification request is used for requesting verification of preset types of identity information of the target user;
responding to the first identity verification request, and generating a second identity verification request aiming at the identity information of the preset type of the target user by utilizing a preset private key of the target user for managing the user identity information;
Sending the second identity verification request to a blockchain network;
receiving a user identity verification result fed back by the blockchain network; the user identity verification result is generated by the blockchain network based on at least one of ciphertext user identity information and trusted user identity verification result which are stored at the blockchain network and pass trusted verification after determining that the target user grants verification authority for the preset type of identity information;
and sending the user identity verification result to the service provider.
Another blockchain-based user identity verification device provided in an embodiment of the present disclosure includes:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
acquiring a second identity verification request of identity information of a preset type aiming at a target user from a user identity management party; the second identity verification request is a request generated by using a preset private key of the target user for managing user identity information in response to the first identity verification request; the first identity verification request is a request generated by a service provider in a service processing process and used for requesting verification of preset types of identity information of the target user;
Responding to the second identity verification request, and after determining that the target user grants verification authority for the identity information of the preset type, generating a user identity verification result for the target user according to at least one of ciphertext user identity information and trusted user identity verification results which are stored in the blockchain network and pass trusted verification;
and sending the user identity verification result to the user identity manager.
At least one embodiment provided in this specification enables the following benefits:
the method comprises the steps that cryptograph user identity information and/or trusted user identity verification results of a target user, which pass trusted verification, are stored in advance in a blockchain network, and the target user can use a preset private key to manage relevant trusted identity data of individuals at the blockchain, so that when a service provider needs to verify the identity information of the target user in a preset type in the service processing process, the target user can use the preset private key to generate and send a corresponding identity verification request to the blockchain network; after determining that the target user grants verification authority for the identity information of the preset category, the blockchain network can generate and feed back a user identity verification result to the target user based on relevant trusted identity data in the blockchain, so that the target user can provide the trusted user identity verification result for the service provider to perform identity verification. In the identity verification process, the user does not need to provide the plaintext identity information of the individual to the blockchain network and each service provider, and the blockchain network needs to obtain the authorization of the target user when using the identity data of the target user, so that the data security of the identity information of the user is guaranteed. And because the blockchain network has the characteristic of non-falsification, when the service provider performs identity verification based on the trusted user identity verification result generated by the blockchain network, the credibility of the identity verification result is also guaranteed. In addition, the user does not need to repeatedly execute the identity information reporting operation at each service provider, so that the convenience of operation of the user is improved.
Drawings
In order to more clearly illustrate the embodiments of the present description or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments described in the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of an application scenario of a blockchain-based user identity verification method according to an embodiment of the present disclosure;
FIG. 2 is a flowchart of a blockchain-based user identity verification method according to an embodiment of the present disclosure;
FIG. 3 is a flowchart of another blockchain-based user identity verification method according to an embodiment of the present disclosure;
FIG. 4 is a schematic illustration of a swim lane flow corresponding to the blockchain-based user identity verification method of FIGS. 2 and 3 provided in the embodiments of the present disclosure;
FIG. 5 is a schematic diagram of a blockchain-based user identity verification device corresponding to FIG. 2 according to an embodiment of the present disclosure;
FIG. 6 is a schematic diagram of another blockchain-based user identity verification device corresponding to FIG. 3 provided in an embodiment of the present disclosure;
FIG. 7 is a schematic diagram of a blockchain-based user identity verification device corresponding to FIG. 2 provided in accordance with an embodiment of the present disclosure;
FIG. 8 is a schematic diagram of another blockchain-based user identity verification device corresponding to FIG. 3 provided in an embodiment of the present disclosure.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of one or more embodiments of the present specification more clear, the technical solutions of one or more embodiments of the present specification will be clearly and completely described below in connection with specific embodiments of the present specification and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present specification. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without undue burden, are intended to be within the scope of one or more embodiments herein.
The following describes in detail the technical solutions provided by the embodiments of the present specification with reference to the accompanying drawings.
In the prior art, in the process of conveniently acquiring services by using each application program, users often need to provide clear text identity information reflecting personal identities for each service provider respectively, so that the service provider performs identity verification on the users, the user operation is complicated, inconvenience is brought to the users, and the users need to provide the personal clear text identity information for each service provider respectively, and the subsequent use condition of the clear text identity information of each service provider for the users cannot be regulated, so that the risk of leakage or abuse of the user identity information is increased.
In order to solve the drawbacks of the prior art, the present solution provides the following embodiments:
fig. 1 is a schematic application scenario diagram of a blockchain-based user identity verification method according to an embodiment of the present disclosure.
As shown in fig. 1, the target user may pre-store ciphertext user identity information and/or trusted user identity verification results of individuals that passed the trusted verification at the blockchain network 101, and the target user may manage relevant trusted identity data of individuals at the blockchain network 101 with a preset private key through the user device 102. Thus, when the service provider needs to verify the preset kind of identity information of the target user during the service processing, a first identity verification request for requesting to verify the preset kind of identity information of the target user may be transmitted to the user equipment 102. After receiving the first identity verification request, the user device 102 may generate a second identity verification request for the identity information of the preset type of the target user by using a preset private key for managing the identity information of the user of the target user, and send the second identity verification request to the blockchain network 101.
After determining that the target user grants verification authority for the identity information of the preset category, the blockchain network 101 may generate and feed back a user identity verification result to the user device 102 based on the relevant trusted identity data stored at the blockchain network 101. After receiving the user identity verification result fed back by the blockchain network 101, the user equipment 102 may send the user identity verification result to the service provider, so that the service provider may perform identity verification on the target user based on the trusted user identity verification result generated by the blockchain network 101, which is beneficial to ensuring the security of the service processing process.
Next, a blockchain-based user identity verification method provided for the embodiment of the specification will be specifically described with reference to the accompanying drawings:
fig. 2 is a flowchart of a blockchain-based user identity verification method according to an embodiment of the present disclosure. From the program perspective, the execution subject of the flow may be the user device, or an application program installed at the user device.
As shown in fig. 2, the process may include the steps of:
step 202: acquiring a first identity verification request generated by a service provider aiming at a target user in a service processing process; the first identity verification request is used for requesting verification of preset types of identity information of the target user.
In the embodiment of the present specification, the service provider may include at least one of a client of a target application providing a service for a target user and a server of the target application. In practical applications, the service provided by the service provider may be a money transfer service, an online purchase service, a recharging service, or other services related to funds transaction, or may be other kinds of services, which are not limited in particular.
In the embodiment of the present specification, the preset kind of identity information of the target user may include: at least one of the user unique identification information, the user biometric information, the user communication address information, the payment account information, the professional qualification certificate information, the membership certificate information, and the identity guarantee information issued by the third party, or may be other kinds of information characterizing a certain identity of the target user, which is not particularly limited. Since the following embodiments in the embodiments of the present disclosure will explain different kinds of identity information in detail, they will not be described herein.
In embodiments of the present disclosure, the service provider may need to verify the identity information of the target user when providing or transacting the relevant service for the target user. Therefore, the service provider can generate a first identity verification request for requesting to verify the preset type of identity information of the target user in the service processing process, and send the first identity verification request to the user equipment of the target user so as to acquire a corresponding user identity verification result, thereby ensuring the safety of the service processing process.
Step 204: and responding to the first identity verification request, and generating a second identity verification request aiming at the identity information of the preset category of the target user by utilizing the preset private key of the target user for managing the user identity information.
In the embodiment of the present disclosure, the target user may obtain the preset public key and the preset private key through a public key infrastructure (Public Key Infrastructure, PKI), or may obtain the preset public key and the preset private key through other manners, which is not limited specifically. The public key infrastructure can be a technology and a specification which can provide a set of security basic platform for electronic commerce development by utilizing public key encryption technology and can generate a public key and a private key for an entity. Public key encryption techniques may be used in blockchain networks to authenticate a user's identity and prove ownership of a user's asset. The public key may be used to identify the owner of the account, the private key may be signed on behalf of the owner, and the signature may convert the user's authorization or permissions information into a signed digital result. Based on the above, after the target user obtains the preset public key and the preset private key in the public-private key pair, the target user can store the preset private key for managing the user identity information by himself and store the preset public key to the blockchain network for managing the user identity information, so that the identity information of the target user can be managed by using the preset private key and the preset public key in a trusted manner.
In the embodiment of the present specification, the execution subject of the method in fig. 2 may be regarded as a user identity manager. Specifically, the execution body (i.e., the user identity manager) of the method in fig. 2 may be any one of a distributed application for managing the preset private key, a first software development kit for managing the preset private key, which is carried at a client of a target application corresponding to a service provider, and a second software development kit for managing the preset private key, which is carried at a client of other applications. Wherein the distributed application, the first software development kit, and the second software development kit each have access to at least a portion of blockchain nodes in the blockchain network.
In the embodiment of the present disclosure, the distributed application (DecentralizedApplication, DApp) may be an application program developed by means of a blockchain technology core, and may provide a user interface for a user to perform an operation through the user interface to interact with the blockchain system, so as to facilitate improvement of user operation convenience. Based on this, the target user can manage its preset private key and identity information using the distributed application.
In the present description embodiment, a software development kit (Software Development Kit, SDK) is a collection of development tools that a software engineer creates application software for a particular software package, software framework, hardware platform, operating system, etc., which may facilitate creation of applications by a compiler, debugger, software framework, etc. Because the software development kit has the characteristic of easy integration, the software development kit corresponding to the distributed application can be developed and is carried in the application program of the user equipment, so that a target user can manage the preset private key and the identity information by using the software development kit carried in the application program.
In practical application, the target user can bind the preset public key corresponding to the preset private key with the blockchain account of the target user. Subsequently, after the distributed application or the software development kit for managing the preset private key at the user equipment receives the first identity verification request sent by the service provider, the preset private key for managing the user identity information of the target user and the corresponding blockchain account can be used to generate a second identity verification request for the preset identity information of the target user, which can be identified and processed by the blockchain network.
In addition, in order to guarantee identity verification willingness of the target user, after receiving the first identity verification request, the distributed application or the software development kit for managing the preset private key at the user equipment can show an information prompt box to the target user to inquire whether the target user needs to verify the identity information of the preset type by using the blockchain network, if the operation instruction of the target user performs verification, a second identity verification request can be generated, otherwise, the second identity verification request needs to be forbidden to be generated; of course, other ways may be used to determine the identity verification intention of the target user, which is not limited in particular.
Step 206: and sending the second identity verification request to a blockchain network.
In the embodiment of the present disclosure, after generating the second identity verification request with the identifying and processing capabilities of the blockchain network, the user equipment may send the second identity verification request to the blockchain network, so as to generate the corresponding user identity verification result by using the blockchain network.
Step 208: receiving a user identity verification result fed back by the blockchain network; the user identity verification result is generated by the blockchain network based on at least one of ciphertext user identity information and trusted user identity verification result which are stored at the blockchain network and pass trusted verification after the blockchain network determines that the target user grants verification authority for the preset type of identity information.
In this embodiment of the present disclosure, a Block chain (Block chain) network may be understood as a data chain network formed by sequentially storing a plurality of blocks, where a Block header of each Block includes a timestamp of the Block, a hash value of previous Block information, and a hash value of the Block information, so as to implement mutual authentication between blocks, and form a non-tamperable Block chain network. In a blockchain network, each block is understood to be a block of data (a unit of stored data). The blockchain network can be used as a decentralised database, and is a series of data blocks which are generated by mutually correlating by using a cryptography method, and each data block can contain information of one network transaction and can be used for verifying the validity (anti-counterfeiting) of the information and generating a next block. The chain formed by connecting blocks end to end is the block chain. In the blockchain network, if the data in the block needs to be modified, the contents of all blocks after the block need to be modified, and the data backed up by all nodes in the blockchain network are modified, so that the blockchain network has the characteristics of difficult tampering and deletion.
In the embodiment of the specification, the ciphertext user identity information and/or the trusted user identity verification result of the target user passing the trusted verification can be stored in advance at the blockchain network. After the blockchain network receives a second identity verification request for the preset type of identity information of the target user sent by the user equipment, authorization information of the target user can be determined based on the information in the second identity verification request, after the target user is determined to grant verification authority for the preset type of identity information, a user identity verification result can be generated based on at least one of ciphertext user identity information and trusted user identity verification results of the target user, which are stored at the blockchain network, and the user identity verification result is fed back to the user equipment. If the blockchain network determines that the target user does not grant the verification authority for the identity information of the preset type, the blockchain network can also refuse to generate a user identity verification result, and can also feed back related information for prompting the target user to grant the verification authority for the identity information of the preset type. Advantageously, the associated trusted user identity data stored at the blockchain network is prevented from being misused.
Step 210: and sending the user identity verification result to the service provider.
In the embodiment of the specification, after receiving the user identity verification result for the target user fed back by the blockchain network, the user equipment can send the user identity verification result to the service provider, so that the service provider can perform identity verification on the target user based on the trusted user identity verification result fed back by the blockchain network. In practical application, the user equipment may send the user identity verification result to the service provider through a network information communication manner, or may send the user identity verification result to the service provider through an interface docking manner, or may also send the user identity verification result to the service provider through other manners, which is not limited specifically.
In the method in fig. 2, during the identity verification process, the user does not need to provide the plaintext identity information of the individual to the blockchain network and each service provider, and the blockchain network needs to obtain the authorization of the target user when using the identity data of the target user, so that the data security of the identity information of the user is guaranteed. And because the blockchain network has the characteristic of non-falsification, when the service provider performs identity verification based on the trusted user identity verification result generated by the blockchain network, the credibility of the identity verification result is also guaranteed. In addition, the user does not need to repeatedly execute the identity information reporting operation at each service provider, so that the convenience of operation of the user is improved.
Based on the method in fig. 2, the examples of the present specification also provide some specific embodiments of the method, as described below.
In the embodiment of the present disclosure, when the blockchain network generates the user identity verification result, at least one of the ciphertext user identity information and the trusted user identity verification result that are pre-stored at the blockchain network and pass the trusted verification needs to be used. Thus, to facilitate blockchain networks to generate user identity verification results reflecting verification passes, the target user needs to perform identity trusted verification at the blockchain network in advance.
Based on this, the method in fig. 2, the blockchain network may store a preset public key corresponding to the preset private key; the method may further comprise:
and acquiring the specified kind of plaintext user identity information of the target user.
And encrypting the plaintext user identity information by using the preset public key to obtain the ciphertext user identity information of the appointed type of the target user.
And carrying out digital signature on the ciphertext user identity information of the specified type by using the preset private key to obtain a first digital signature.
And generating a first identity authentication request aiming at the target user according to the ciphertext user identity information of the specified type and the first digital signature.
Sending the first identity authentication request to the blockchain network; and the blockchain network is used for carrying out trusted verification on the identity information of the ciphertext user of the specified type after the first digital signature is verified by utilizing the preset public key, so as to obtain a trusted user identity verification result of the target user.
In the embodiment of the specification, the target user can input the plaintext user identity information of the specified kind at the user equipment to perform identity trusted authentication. The specified kind of plaintext user identity information may include, but is not limited to: at least one of user unique identification information, user biometric information, user communication address information, payment account information, professional qualification credential information, membership credential information, and identity vouching information by a third party.
The unique user identification information can be information which can uniquely identify a target user in the user identification document; the user biometric information may include fingerprint feature information of the user, facial feature information of the user, and the like. The user communication address information may include information such as mailbox, mobile phone number, address, etc. The payment account information may include bank account information, account information registered at the payment application. Professional qualification credential information may include, among other things, academic information or certificate information issued by other authorities. The membership credential information may include member information registered at a designated facilitator. The identity guarantee information sent by the third party can be the guarantee information sent by other people and used for guaranteeing the identity information of the target user. The method is not particularly limited.
In the embodiment of the specification, the user equipment can encrypt the obtained plaintext user identity information of the target user by using the preset public key of the target user, obtain the ciphertext user identity information of the specified type of the target user, and upload the ciphertext user identity information to the blockchain network, so that the disclosure of the plaintext user identity information can be avoided, and the piracy and abuse of the plaintext user identity information of the target user by lawbreakers can be prevented.
In this embodiment of the present disclosure, the user device may further digitally sign the ciphertext user identity information of the specified type of the target user using a preset private key of the target user, to obtain the first digital signature, and may further generate a first authentication request for the target user according to the ciphertext user identity information of the specified type and the first digital signature.
Correspondingly, after receiving a first authentication request for a target user sent by a user device, the blockchain network can utilize a stored preset public key of the target user to verify the first digital signature contained in the first authentication request, if signature verification is passed, the blockchain network can indicate that the specified type of ciphertext user identity information is not tampered, and can further perform trusted verification on the specified type of ciphertext user identity information contained in the first authentication request to obtain a trusted user identity verification result of the target user. If the signature verification is not passed, the first digital signature may indicate that the identity information of the ciphertext user of the specified type may have been tampered, or the first digital signature is not generated by using a preset private key of the target user, in which case, the blockchain network may directly generate information indicating that the trusted verification of the identity information of the ciphertext user of the specified type of the target user is not passed, so as to ensure the accuracy and the reliability of the related identity data stored at the blockchain network.
In this embodiment of the present disclosure, an intelligent contract for managing user identity information may be pre-deployed at a blockchain network, and based on this, the generating a first identity authentication request for the target user according to the ciphertext user identity information of the specified type and the first digital signature may specifically include:
generating a first blockchain transaction for calling a first intelligent contract deployed at the blockchain network according to the ciphertext user identity information of the specified category and the first digital signature; the contract code of the first intelligent contract is used for sending a second identity authentication request carrying the ciphertext user identity information of the specified type to an under-chain trusted institution by utilizing a prophetic machine when being executed, receiving a trusted user identity authentication result of the target user fed back by the under-chain trusted institution, or is used for carrying out trusted authentication on the ciphertext user identity information of the specified type by utilizing at least one of on-chain data and under-chain data, and generating the trusted user identity authentication result of the target user.
The trusted user identity verification result of the target user may be used to reflect whether the identity information of the specified category of the target user passes the trusted verification, or the trusted user identity verification result of the target user may be used to reflect whether the identity information of the specified category of the target user passes the trusted verification of a target trusted authority.
In the present embodiment, the smart contract is a contract on the blockchain network that can be triggered to execute by a blockchain transaction, and may be defined in the form of a code. The intelligent contracts can be independently executed at each node in the blockchain network in a specified mode, and all execution records and data can be stored on the blockchain network, so that after the execution of the intelligent contracts triggered by blockchain transaction is finished, transaction certificates which cannot be tampered and lost can be stored on the blockchain network, and the operation safety and the credibility of the intelligent contracts are guaranteed.
In the embodiment of the present disclosure, because the types and the amounts of the trusted data stored in the blockchain network are limited, when the first smart contract performs the trusted verification on the ciphertext user identity information of the specified type, the first smart contract may send a second identity authentication request carrying the ciphertext user identity information of the specified type to the under-chain trusted mechanism by using an ORACLE (ORACLE), so that the under-chain trusted mechanism may perform the trusted verification on the ciphertext user identity information of the specified type under the chain by using the under-chain data or the machine learning model; or the first intelligent contract can also acquire the under-chain data sent by the under-chain trusted mechanism through the propulsor, so that the specified type of ciphertext user identity information is trusted and verified on the chain based on the under-chain data. Of course, the first intelligent contract can also perform trusted verification on the ciphertext user identity information of the specified category by utilizing the on-chain data at the blockchain network; this is not particularly limited.
The above-mentioned under-chain trusted mechanism may include, but is not limited to: the institutions with strong public trust such as the household registration management institutions, the statistics bureaus, the banks and the certificate management institutions, or other institutions with the corresponding user identity trusted authentication capability, for example, service providers for providing member services, service providers for payment applications, and the like, are not particularly limited.
In the embodiment of the present disclosure, the service provider may need to obtain an identity verification result that reflects whether the target user has a certain identity, or may need to obtain an identity verification result that reflects whether the user identity information that the service provider has learned by itself is correct. Therefore, the blockchain network can generate a user identity verification result of the target user based on the preset type of ciphertext to-be-verified identity information and/or the preset type of identification information carried in the received second identity verification request so as to meet the actual requirements of the service provider.
Based on this, the method in fig. 2, step 204: generating a second identity verification request for the identity information of the preset type of the target user by using the preset private key of the target user for managing the identity information of the user can specifically include:
Generating a second blockchain transaction for invoking a second intelligent contract deployed at the blockchain network using the preset private key; the second blockchain transaction carries second digital signature generated by using the preset private key and preset type ciphertext to-be-verified identity information of the target user; and the contract code of the second intelligent contract is used for comparing the consistency of the ciphertext user identity information which is stored in the blockchain network and passes through the trusted verification of the target user with the ciphertext identity information to be verified after the target user is determined to grant the verification permission based on the second digital signature when the contract code is executed, so that the user identity verification result is obtained.
Or, using the preset private key, generating a third blockchain transaction for invoking a third intelligent contract deployed at the blockchain network; the third blockchain transaction carries a third digital signature generated by using the preset private key and identification information of the preset type; and the contract code of the third intelligent contract is used for generating the user identity verification result according to the trusted user identity verification result of the target user stored in the blockchain network and the identification information of the preset type after determining that the target user grants the verification authority based on the third digital signature when being executed.
In this embodiment of the present disclosure, the second digital signature generated by using the preset private key may be obtained by performing a digital signature on other data carried in the second blockchain transaction, or may be obtained by performing a digital signature on specified types of data (for example, a random number, ciphertext to-be-verified identity information, current time information, blockchain account information, etc.) carried in the second blockchain transaction, which is not limited in particular. Correspondingly, the blockchain network and/or the second intelligent contract can verify the second digital signature by using a preset public key of the target user, and if the verification is passed, the target user can be indicated to be granted with the verification authority, so that the second intelligent contract can be allowed to be used for generating a user identity verification result. If the verification is not passed, the target user may indicate that the verification authority is not granted, so that the generation of the user identity verification result by using the second intelligent contract may be prohibited. Is convenient and quick.
Similarly, the third digital signature may be obtained by performing a digital signature on other data carried in the third blockchain transaction, or may be obtained by performing a digital signature on specified types of data (for example, a random number, preset types of identification information, current time information, blockchain account information, etc.) carried in the third blockchain transaction, which is not limited in particular. Such that the blockchain network and/or a third smart contract may verify the third digital signature using a preset public key of the target user to determine whether the target user has been granted the verification authority.
In this embodiment of the present disclosure, the predetermined type of ciphertext to-be-verified identity information of the target user may be obtained after the user device encrypts the predetermined type of plaintext to-be-verified identity information of the target user provided by the service provider by using a predetermined public key of the target user. The plaintext identity information to be verified of the preset type of the target user provided by the service provider may be obtained by the service provider when the service provider provides the relevant service for the target user or handles the relevant service, or may be obtained by other modes, which is not limited specifically. The encryption processing is carried out on the plaintext identity information to be verified of the preset type of the target user, so that the plaintext identity information of the target user is prevented from being revealed or abused, and the data security of the user identity information can be ensured.
In this embodiment of the present disclosure, if the second identity verification request carries preset type of ciphertext to-be-verified identity information of the target user, the second intelligent contract at the blockchain network may compare the stored ciphertext user identity information of the target user that has passed the trusted verification with the ciphertext to-be-verified identity information based on a privacy calculation technology, so as to obtain a user identity verification result of the target user. In practical application, if the consistency of the ciphertext user identity information which passes the trusted verification and the ciphertext identity information to be verified reaches a preset threshold, the ciphertext identity information to be verified can be confirmed to pass verification; otherwise, if the consistency of the ciphertext user identity information passing the trusted verification and the ciphertext identity information to be verified does not reach a preset threshold, the ciphertext identity information to be verified can be determined to not pass the verification, wherein the preset threshold can be set according to requirements, for example: the preset threshold may be 80% or 90%, which is not particularly limited.
In this embodiment of the present disclosure, if the second identity verification request carries the preset type of identification information of the target user, when the third intelligence at the blockchain network performs the user identity verification, it may be screened whether the blockchain network stores ciphertext user identity information that passes the trusted verification and carries the preset type of identification information of the target user, and/or whether the blockchain network stores trusted user identity verification results that carry the preset type of identification information and indicate that the trusted verification passes, if so, a user identity verification result indicating that the verification passes may be generated, and if not, a user identity verification result indicating that the verification fails may be generated, which is convenient and fast.
In the embodiment of the present disclosure, if the user identity verification result fed back by the blockchain network indicates that the preset type of identity information of the target user fails verification, the user device may further prompt the target user that the identity information fails verification, and may further show that the target user performs related identity information authentication again, or make the target user supplement the prompt information of related identity information authentication.
Based on this, the method in fig. 2, step 208: after receiving the user identity verification result fed back by the blockchain network, the method can further include:
if the user identity verification result indicates that the identity information of the preset type of the target user does not pass verification, generating identity authentication prompt information; the identity authentication prompt information is used for prompting the trusted verification at the blockchain network by utilizing the preset type of trusted identity information of the target user.
In the embodiment of the present disclosure, the user equipment may determine, before generating the second identity verification request for the preset type of identity information of the target user, whether the preset type of identity information of the target user has previously passed the trusted verification.
Based on this, the method in fig. 2, step 204: before generating the second identity verification request for the identity information of the preset category of the target user by using the preset private key of the target user for managing the identity information of the user, the method may further include:
and generating a query request of identity type information which passes the trusted verification for the target user by utilizing the preset private key.
And sending the query request to the blockchain network.
Receiving identity type information which is fed back by the blockchain network and passes through trusted verification of the target user; the identity type information is generated based on at least one of ciphertext user identity information and trusted user identity verification results stored at the blockchain network after the blockchain network determines that the target user grants the query authority for the identity type information.
Correspondingly, the method in fig. 2, step 204: generating a second identity verification request for the identity information of the preset category of the target user by using the preset private key of the target user for managing the identity information of the user can specifically include:
and if the identity type information of the target user which passes the trusted verification contains the preset type, generating a second identity verification request aiming at the identity information of the preset type of the target user by utilizing the preset private key.
In this embodiment of the present disclosure, after determining that the identity class information that has passed the trusted verification includes a preset class that needs to be verified by the service provider, the target user may generate the second identity verification request by using a preset private key. Thereby being beneficial to reducing invalid verification and improving the identity verification efficiency and success rate of the target user.
The generating, by using the preset private key, a query request for identity type information that passes trusted verification for the target user may specifically include:
generating a fourth blockchain transaction for invoking a fourth intelligent contract deployed at the blockchain network using the preset private key; the fourth blockchain transaction carries a fourth digital signature generated by using the preset private key; and the contract code of the fourth intelligent contract is used for generating the identity type information according to at least one of the cryptograph user identity information which is stored in the blockchain network and passes the trusted verification and the trusted user identity verification result after determining that the target user grants the query authority based on the fourth digital signature when being executed.
In this embodiment of the present disclosure, based on the same generation principle as the third digital signature, the preset private key may be used to generate the fourth digital signature, and if the blockchain network and/or the fourth smart contract verify the fourth digital signature with the preset public key of the target user, it may indicate that the target user grants the query authority, so that the identity information may be allowed to be generated. Otherwise, generation of the identity class information should be prohibited to avoid disclosure and abuse of relevant user identity data at the blockchain network.
In practical application, the blockchain network performs verification on the identity information of the target user by executing the intelligent contract, and all execution records and data of the intelligent contract can be stored on the blockchain network, so that the blockchain network can also be used for storing verification record information reflecting verification conditions of the identity information of the target user. Therefore, when the target user needs to check the verification condition statistical result of the self identity information, the blockchain network can feed back the corresponding statistical result to the user equipment so as to be checked by the target user.
Based on this, the method in fig. 2 may further include:
and generating a verification condition statistical request aiming at the identity information of the target user by utilizing the preset private key.
And sending the verification condition statistical request to the blockchain network.
Receiving verification condition statistical results of the identity information of the target user fed back by the blockchain network; the verification situation statistical result is generated based on the verification record information stored at the blockchain network after the blockchain network determines that the target user grants identity verification situation statistical authority.
In this embodiment of the present disclosure, each time a target user performs verification of identity information, the blockchain network may store verification record information of verification of identity information of the target user at this time, and when it is required to check a verification statistical result of identity information of the target user, the blockchain network may generate a verification statistical result of identity information of the target user based on the stored verification record information after determining that the target user grants identity verification statistical authority.
The generating, by using the preset private key, a verification condition statistics request for identity information of the target user may specifically include:
generating a fifth blockchain transaction for invoking a fifth intelligent contract deployed at the blockchain network using the preset private key; the fifth blockchain transaction carries a fifth digital signature generated by using the preset private key; and the contract code of the fifth intelligent contract is used for generating the verification condition statistical result according to the verification record information of the target user stored at the blockchain network after determining that the target user grants the identity verification condition statistical authority based on the fifth digital signature when being executed.
In this embodiment of the present disclosure, based on the same generation principle as the third digital signature, the preset private key may be used to generate a fifth digital signature, and if the blockchain network and/or the fifth smart contract verify the fifth digital signature by using the preset public key of the target user, it may be indicated that the target user grants the identity verification condition statistical authority, so that a verification condition statistical result of the identity information of the target user may be generated; if the verification is not passed, the verification condition statistics can be refused to be generated so as to avoid the leakage and abuse of the related user identity data at the blockchain network.
FIG. 3 is a flowchart of another blockchain-based user identity verification method according to an embodiment of the present disclosure. From a program perspective, the execution subject of the process may be a blockchain node at a blockchain network, or an application program hosted at a blockchain node. As shown in fig. 3, the process may include the steps of:
step 302: the blockchain network acquires a second identity verification request aiming at the identity information of the preset type of the target user from the user identity management party; the second identity verification request is a request generated by using a preset private key of the target user for managing user identity information in response to the first identity verification request; the first identity verification request is a request generated by a service provider in a service processing process and used for requesting verification of preset types of identity information of the target user.
Step 304: and responding to the second identity verification request, and after determining that the target user grants verification authority for the identity information of the preset type, generating a user identity verification result for the target user according to at least one of the ciphertext user identity information and the trusted user identity verification result which are stored in the blockchain network and pass the trusted verification.
Step 306: and sending the user identity verification result to the user identity manager.
In this embodiment of the present disclosure, the blockchain network, the second identity verification request, the first identity verification request, the preset private key, the service provider, and the user identity verification result may be consistent with the meaning of the words mentioned in the embodiment of the method in fig. 2, and since the foregoing details of the flow of the blockchain-based user identity verification method have been described, the details are not repeated herein.
The user identity manager may be an execution subject of the method in fig. 2, for example, may be any one of a distributed application for managing the preset private key, a first software development kit for managing the preset private key, which is carried at a client of the target application, and a second software development kit for managing the preset private key, which is carried at a client of other applications; the distributed application, the first software development kit and the second software development kit all have authority to access at least part of blockchain nodes in the blockchain network, which is not described in detail.
In the method in fig. 3, during the identity verification process, the user does not need to provide the plaintext identity information of the individual to the blockchain network and each service provider, and the blockchain network needs to obtain the authorization of the target user when using the identity data of the target user, so that the data security of the identity information of the user is guaranteed. And because the blockchain network has the characteristic of non-falsification, when the service provider performs identity verification based on the trusted user identity verification result generated by the blockchain network, the credibility of the identity verification result is also guaranteed. In addition, the user does not need to repeatedly execute the identity information reporting operation at each service provider, so that the convenience of operation of the user is improved.
Based on the method in fig. 3, the examples of the present specification also provide some specific embodiments of the method, as described below.
In this embodiment of the present disclosure, in the method in fig. 3, a preset public key corresponding to the preset private key may be stored in the blockchain network; the method may further comprise:
obtaining a first blockchain transaction for invoking a first smart contract deployed at the blockchain network; the first blockchain transaction carries the specified type of ciphertext user identity information of the target user obtained by encryption by using the preset public key and a first digital signature generated by using the preset private key for the specified type of ciphertext user identity information; the first smart contract is a smart contract for trusted verification of user identity information.
After the first digital signature is verified by the preset public key, the first intelligent contract is utilized to conduct trusted verification on the ciphertext user identity information of the specified type, and a trusted user identity verification result of the target user is obtained.
The contract code of the first intelligent contract can be used for sending an identity authentication request carrying the specific type of ciphertext user identity information to an under-chain trusted authority by using a prophetic machine and receiving a trusted user identity authentication result of the target user fed back by the under-chain trusted authority, or used for performing trusted authentication on the specific type of ciphertext user identity information by using at least one of on-chain data and under-chain data to generate the trusted user identity authentication result of the target user.
In this embodiment of the present disclosure, the first smart contract, the first blockchain transaction, the first digital signature, the cryptograph user identity information of the specified kind of the target user, the trusted user identity verification result of the target user, the prophetic machine, and the under-chain trusted authority may be consistent with the meaning of the words mentioned in the embodiment of the method in fig. 2, and since the foregoing description of the process of invoking the first smart contract by the blockchain network for performing the trusted verification of the user identity information has been omitted herein.
In the present embodiment, the method of fig. 3, step 302: the obtaining a second identity verification request of the preset type of identity information of the target user specifically may include:
obtaining a second blockchain transaction for invoking a second smart contract deployed at the blockchain network; and the second blockchain transaction carries second digital signature generated by using the preset private key and preset type ciphertext to-be-verified identity information of the target user.
Correspondingly, the method in fig. 3, step 304: responding to the second identity verification request, after determining that the target user grants verification authority for the identity information of the preset category, generating a user identity verification result for the target user according to at least one of ciphertext user identity information and trusted user identity verification results stored in the blockchain network, wherein the ciphertext user identity information and the trusted user identity verification results are subjected to trusted verification, and the method specifically comprises the following steps:
operating the contract code of the second intelligent contract to generate a user identity verification result aiming at the target user; and the contract code of the second intelligent contract is used for comparing the consistency of the ciphertext user identity information which is stored in the blockchain network and passes through trusted verification of the target user with the ciphertext identity information to be verified after the target user is determined to grant the verification permission based on the second digital signature when the contract code of the second intelligent contract is executed, so that the user identity verification result is obtained.
Alternatively, the method of FIG. 3, step 302: the obtaining a second identity verification request of the preset type of identity information of the target user specifically may include:
obtaining a third blockchain transaction for invoking a third smart contract deployed at the blockchain network; and the third blockchain transaction carries a third digital signature generated by using the preset private key and the identification information of the preset type.
Correspondingly, the method in fig. 3, step 304: the responding to the second identity verification request, after determining that the target user grants verification authority for the identity information of the preset category, generates a user identity verification result for the target user according to at least one of ciphertext user identity information and trusted user identity verification result stored in the blockchain network, wherein the ciphertext user identity information and the trusted user identity verification result are trusted through trusted verification, and the method specifically comprises the following steps:
operating the contract code of the third intelligent contract to generate a user identity verification result aiming at the target user; and the contract code of the third intelligent contract is used for generating the user identity verification result according to the trusted user identity verification result of the target user stored in the blockchain network and the preset type of identification information after the third digital signature is used for determining that the target user grants the verification authority when being executed.
In this embodiment of the present disclosure, the second smart contract, the second blockchain transaction, the second digital signature, the third smart contract, the third blockchain transaction, and the third digital signature may be consistent with the meaning of the words mentioned in the embodiment of the method in fig. 2, and since the foregoing details of the process of invoking the second smart contract or the third smart contract by the blockchain network to obtain the user identity verification result have been described in detail, the details are not described herein.
In the present embodiment, the method of fig. 3, step 302: before obtaining the second identity verification request of the preset type of identity information of the target user, the method may further include:
obtaining, from the user identity manager, a fourth blockchain transaction for invoking a fourth smart contract deployed at the blockchain network; the fourth blockchain transaction carries a fourth digital signature generated by using the preset private key; the fourth smart contract is a smart contract for querying the identity class of the user that has been trusted by the authentication.
Operating the contract code of the fourth intelligent contract to generate identity type information of the target user which passes the trusted verification; and the contract code of the fourth intelligent contract is used for generating the identity type information according to at least one of the cryptograph user identity information which is stored in the blockchain network and passes the trusted verification and the trusted user identity verification result after determining that the target user grants the trusted identity type inquiry authority based on the fourth digital signature when being executed.
And sending the identity type information of the target user which passes the trusted verification to the user identity manager.
In this embodiment of the present disclosure, the fourth smart contract, the fourth blockchain transaction, and the fourth digital signature may be consistent with the meaning of the terms mentioned in the embodiment of the method in fig. 2, and since the foregoing details of the process of invoking the fourth smart contract by the blockchain network to query the identity class of the user that passes the trusted verification have been described above, the details are not repeated herein.
In the embodiment of the present disclosure, the method in fig. 3, step 304: after generating the user identity verification result for the target user, the method may further include:
and storing verification record information reflecting verification conditions of identity information of the target user to the blockchain network.
Obtaining, from the user identity manager, a fifth blockchain transaction for invoking a fifth smart contract deployed at the blockchain network; the fifth blockchain transaction carries a fifth digital signature generated by using the preset private key; the fifth intelligent contract is an intelligent contract for counting user identity verification conditions.
Operating the contract code of the fifth intelligent contract to generate a verification condition statistical result of the identity information of the target user; and the contract code of the fifth intelligent contract is used for generating the verification condition statistical result according to the verification record information of the target user stored in the blockchain network after determining that the target user grants the identity verification condition statistical authority based on the fifth digital signature when being executed.
And sending the verification condition statistical result of the identity information of the target user to the user identity manager.
In this embodiment of the present disclosure, the verification statistics of the fifth intelligent contract, the fifth blockchain transaction, the fifth digital signature, and the identity information of the target user may be consistent with the meaning of the words mentioned in the embodiment of the method in fig. 2, and since the foregoing details of the process of invoking the fifth intelligent contract by the blockchain network to generate the verification statistics have been described above, the details are not described herein.
FIG. 4 is a schematic illustration of a swim lane flow corresponding to the blockchain-based user identity verification method of FIGS. 2 and 3 provided in the embodiments of the present disclosure. As shown in fig. 4, the blockchain-based user identity verification procedure may involve a business processor, a user identity manager, a blockchain network, etc. executing principals.
In the user identity authentication stage, a user identity manager can acquire plaintext user identity information of a specified type of a target user, encrypt the plaintext user identity information by using a preset public key to obtain ciphertext user identity information of the specified type of the target user, further digitally sign the ciphertext user identity information of the specified type by using a preset private key to obtain a first digital signature, then generate a first identity authentication request aiming at the target user according to the ciphertext user identity information of the specified type and the first digital signature, and send the first identity authentication request to a blockchain network. And the blockchain network can store a preset public key corresponding to a preset private key of the target user, so that after the blockchain network receives the first authentication request, the blockchain network can perform trusted authentication on the specified type of ciphertext user identity information after the first digital signature carried in the first authentication request passes by using the preset public key, obtain a trusted user identity authentication result of the target user, and store the trusted user identity authentication result of the target user and the ciphertext user identity information which passes the trusted authentication.
In the user identity verification stage, the service processor can send a first identity verification request which is generated for a target user in the service processing process and is used for requesting verification of the preset type of identity information of the target user to the user identity manager; after receiving the first identity verification request, a user identity manager can respond to the first identity verification request, generate a second identity verification request aiming at the preset type of identity information of a target user by utilizing a preset private key of the target user for managing the user identity information, and send the second identity verification request to a blockchain network; after the blockchain network receives the second identity verification request, after determining that the target user grants verification authority for the identity information of the preset type, generating a user identity verification result of the target user based on at least one of the stored ciphertext user identity information and trusted user identity verification result of the target user, and feeding back the generated user identity verification result to a user identity manager; after receiving the user identity verification result of the target user fed back by the blockchain network, the user identity manager can further feed back the result to the service processor.
In a user identity verification condition statistics stage, a user identity manager can generate a verification condition statistics request aiming at the identity information of a target user by utilizing a preset private key, and the verification condition statistics request is sent to a blockchain network; after the blockchain network receives the verification condition statistics request, after determining that the identity verification condition statistics permission is granted to the target user, generating verification condition statistics results of the identity information of the target user based on the stored verification record information reflecting the verification condition of the identity information of the target user, and feeding back the verification condition statistics results of the identity information of the target user to the user identity manager; after receiving the verification condition statistical result of the identity information of the target user, the user identity manager can display the result to the user.
Based on the same thought, the embodiment of the specification also provides a device corresponding to the method. Fig. 5 is a schematic structural diagram of a blockchain-based user identity verification device corresponding to fig. 2 according to an embodiment of the present disclosure. As shown in fig. 5, the apparatus may include:
a first obtaining module 502, configured to obtain a first identity verification request generated by a service provider for a target user during a service processing process; the first identity verification request is used for requesting verification of preset types of identity information of the target user.
A first generation module 504, configured to generate, in response to the first identity verification request, a second identity verification request for a preset type of identity information of the target user by using a preset private key for managing user identity information of the target user.
A first sending module 506, configured to send the second identity verification request to a blockchain network.
A receiving module 508, configured to receive a user identity verification result fed back by the blockchain network; the user identity verification result is generated by the blockchain network based on at least one of ciphertext user identity information and trusted user identity verification result which are stored at the blockchain network and pass trusted verification after the blockchain network determines that the target user grants verification authority for the preset type of identity information.
And a second sending module 510, configured to send the user identity verification result to the service provider.
The present description example also provides some specific embodiments of the device based on the device of fig. 5, which is described below.
Optionally, in the apparatus of fig. 5, a preset public key corresponding to the preset private key is stored in the blockchain network; the apparatus may further include:
And the second acquisition module is used for acquiring the specified kind of plaintext user identity information of the target user.
And the encryption module is used for encrypting the plaintext user identity information by using the preset public key to obtain the ciphertext user identity information of the appointed type of the target user.
And the digital signature module is used for carrying out digital signature on the ciphertext user identity information of the specified type by utilizing the preset private key to obtain a first digital signature.
And the second generation module is used for generating a first identity authentication request aiming at the target user according to the specific type of ciphertext user identity information and the first digital signature.
A third sending module, configured to send the first identity authentication request to the blockchain network; and the blockchain network is used for carrying out trusted verification on the identity information of the ciphertext user of the specified type after the first digital signature is verified by utilizing the preset public key, so as to obtain a trusted user identity verification result of the target user.
Correspondingly, the second generating module may specifically include:
the generation unit is used for generating a first blockchain transaction for calling a first intelligent contract deployed at the blockchain network according to the ciphertext user identity information of the specified category and the first digital signature; the contract code of the first intelligent contract is used for sending a second identity authentication request carrying the ciphertext user identity information of the specified type to an under-chain trusted institution by utilizing a prophetic machine when being executed, receiving a trusted user identity authentication result of the target user fed back by the under-chain trusted institution, or is used for carrying out trusted authentication on the ciphertext user identity information of the specified type by utilizing at least one of on-chain data and under-chain data, and generating the trusted user identity authentication result of the target user.
Correspondingly, the plaintext user identity information of the specified category may include: at least one of user unique identification information, user biometric information, user communication address information, payment account information, professional qualification credential information, membership credential information, and identity vouching information by a third party.
The trusted user authentication result of the target user may be used to reflect whether the specified category of identity information of the target user passes the trusted authentication, or the trusted user authentication result of the target user may be used to reflect whether the specified category of identity information of the target user passes the trusted authentication of a target trusted authority.
Optionally, in the apparatus of fig. 5, the first generating module 504 may specifically include:
a generation unit configured to generate a second blockchain transaction for invoking a second intelligent contract deployed at the blockchain network using the preset private key; the second blockchain transaction carries second digital signature generated by using the preset private key and preset type ciphertext to-be-verified identity information of the target user; the contract code of the second intelligent contract is used for comparing the consistency of the ciphertext user identity information which is stored in the blockchain network and passes through trusted verification of the target user with the ciphertext identity information to be verified after the target user is determined to grant the verification permission based on the second digital signature when the contract code of the second intelligent contract is executed, so that the user identity verification result is obtained; or alternatively, the process may be performed,
Generating a third blockchain transaction for invoking a third smart contract deployed at the blockchain network using the preset private key; the third blockchain transaction carries a third digital signature generated by using the preset private key and identification information of the preset type; and the contract code of the third intelligent contract is used for generating the user identity verification result according to the trusted user identity verification result of the target user stored in the blockchain network and the identification information of the preset type after determining that the target user grants the verification authority based on the third digital signature when being executed.
Optionally, the apparatus in fig. 5 may further include:
the identity authentication prompt information generation module is used for generating identity authentication prompt information if the user identity verification result indicates that the identity information of the preset type of the target user does not pass verification; the identity authentication prompt information is used for prompting the trusted verification at the blockchain network by utilizing the preset type of trusted identity information of the target user.
Optionally, the apparatus in fig. 5 may further include:
And the inquiry request generation module is used for generating an inquiry request of identity type information which passes the trusted verification aiming at the target user by utilizing the preset private key.
And the query request sending module is used for sending the query request to the blockchain network.
The identity type information receiving module is used for receiving identity type information which is fed back by the blockchain network and passes the trusted verification of the target user; the identity type information is generated based on at least one of ciphertext user identity information and trusted user identity verification results stored at the blockchain network after the blockchain network determines that the target user grants the query authority for the identity type information.
Correspondingly, in the apparatus of fig. 5, the first generating module 504 may specifically include:
and the generation unit is used for generating a second identity verification request aiming at the identity information of the preset type of the target user by utilizing the preset private key if the identity type information of the target user which passes the trusted verification contains the preset type.
Correspondingly, the query request generation module may specifically include:
A query request generating unit, configured to generate a fourth blockchain transaction for invoking a fourth intelligent contract deployed at the blockchain network using the preset private key; the fourth blockchain transaction carries a fourth digital signature generated by using the preset private key; and the contract code of the fourth intelligent contract is used for generating the identity type information according to at least one of the cryptograph user identity information which is stored in the blockchain network and passes the trusted verification and the trusted user identity verification result after determining that the target user grants the query authority based on the fourth digital signature when being executed.
Optionally, the apparatus in fig. 5, the blockchain network may further be configured to store verification record information reflecting verification of identity information for the target user; the apparatus may further include:
and the statistical request generation module is used for generating a verification condition statistical request aiming at the identity information of the target user by utilizing the preset private key.
And the statistic request sending module is used for sending the verification condition statistic request to the blockchain network.
The statistical result receiving module is used for receiving the verification condition statistical result of the identity information of the target user fed back by the blockchain network; the verification situation statistical result is generated based on the verification record information stored at the blockchain network after the blockchain network determines that the target user grants identity verification situation statistical authority.
Correspondingly, the statistical request generation module may specifically include:
a statistics request generation unit for generating a fifth blockchain transaction for invoking a fifth intelligent contract deployed at the blockchain network using the preset private key; the fifth blockchain transaction carries a fifth digital signature generated by using the preset private key; and the contract code of the fifth intelligent contract is used for generating the verification condition statistical result according to the verification record information of the target user stored at the blockchain network after determining that the target user grants the identity verification condition statistical authority based on the fifth digital signature when being executed.
Optionally, in the apparatus of fig. 5, the service provider may include at least one of a client of the target application and a server of the target application.
The device can be applied to any one of a distributed application for managing the preset private key, a first software development kit which is carried at a client of the target application and is used for managing the preset private key, and a second software development kit which is carried at a client of other applications and is used for managing the preset private key.
Wherein the distributed application, the first software development kit, and the second software development kit may each have access to at least a portion of blockchain nodes in the blockchain network.
FIG. 6 is a schematic diagram of another blockchain-based user identity verification device corresponding to FIG. 3 according to an embodiment of the present disclosure. As shown in fig. 6, the apparatus may include:
a first obtaining module 602, configured to obtain, from a user identity manager, a second identity verification request for identity information of a preset kind of a target user; the second identity verification request is a request generated by using a preset private key of the target user for managing user identity information in response to the first identity verification request; the first identity verification request is a request generated by a service provider in a service processing process and used for requesting verification of preset types of identity information of the target user;
a generating module 604, configured to generate, in response to the second identity verification request, a user identity verification result for the target user according to at least one of ciphertext user identity information and a trusted user identity verification result that are stored at the blockchain network and that pass trusted verification after determining that the target user grants verification rights for the preset kind of identity information;
And a sending module 606, configured to send the user identity verification result to the user identity manager.
The present description example also provides some specific embodiments of the device based on the device of fig. 6, which is described below.
Optionally, in the apparatus of fig. 6, a preset public key corresponding to the preset private key is stored in the blockchain network; the apparatus may further include:
a second acquisition module for acquiring a first blockchain transaction for invoking a first intelligent contract deployed at the blockchain network; the first blockchain transaction carries the specified type of ciphertext user identity information of the target user obtained by encryption by using the preset public key and a first digital signature generated by using the preset private key for the specified type of ciphertext user identity information; the first smart contract is a smart contract for trusted verification of user identity information.
And the trusted verification module is used for performing trusted verification on the specific type of ciphertext user identity information by using the first intelligent contract after the first digital signature is verified by using the preset public key, so as to obtain a trusted user identity verification result of the target user.
The contract code of the first intelligent contract can be used for sending an identity authentication request carrying the specific type of ciphertext user identity information to an under-chain trusted authority by utilizing a prophetic machine and receiving a trusted user identity authentication result of the target user fed back by the under-chain trusted authority, or can be used for carrying out trusted authentication on the specific type of ciphertext user identity information by utilizing at least one of on-chain data and under-chain data to generate the trusted user identity authentication result of the target user.
Optionally, in the apparatus of fig. 6, the first obtaining module 602 may specifically include:
an acquisition unit for acquiring a second blockchain transaction for invoking a second intelligent contract deployed at the blockchain network; and the second blockchain transaction carries second digital signature generated by using the preset private key and preset type ciphertext to-be-verified identity information of the target user.
Correspondingly, in the apparatus of fig. 6, the generating module 604 may specifically include:
the generation unit is used for running the contract code of the second intelligent contract and generating a user identity verification result aiming at the target user; and the contract code of the second intelligent contract is used for comparing the consistency of the ciphertext user identity information which is stored in the blockchain network and passes through trusted verification of the target user with the ciphertext identity information to be verified after the target user is determined to grant the verification permission based on the second digital signature when the contract code of the second intelligent contract is executed, so that the user identity verification result is obtained.
Optionally, in the apparatus of fig. 6, the first obtaining module 602 may specifically include:
an obtaining unit further configured to obtain a third blockchain transaction for invoking a third smart contract deployed at the blockchain network; and the third blockchain transaction carries a third digital signature generated by using the preset private key and the identification information of the preset type.
Correspondingly, in the apparatus of fig. 6, the generating module 604 may specifically include:
the generation unit is also used for running the contract code of the third intelligent contract and generating a user identity verification result aiming at the target user; and the contract code of the third intelligent contract is used for generating the user identity verification result according to the trusted user identity verification result of the target user stored in the blockchain network and the preset type of identification information after the third digital signature is used for determining that the target user grants the verification authority when being executed.
Optionally, the apparatus in fig. 6 may further include:
a third obtaining module for obtaining, from the user identity manager, a fourth blockchain transaction for invoking a fourth smart contract deployed at the blockchain network; the fourth blockchain transaction carries a fourth digital signature generated by using the preset private key; the fourth smart contract is a smart contract for querying the identity class of the user that has been trusted by the authentication.
The identity type information generation module is used for running the contract code of the fourth intelligent contract to generate identity type information of the target user which passes the trusted verification; and the contract code of the fourth intelligent contract is used for generating the identity type information according to at least one of the cryptograph user identity information which is stored in the blockchain network and passes the trusted verification and the trusted user identity verification result after determining that the target user grants the trusted identity type inquiry authority based on the fourth digital signature when being executed.
And the identity type information sending module is used for sending the identity type information of the target user which passes the trusted verification to the user identity manager.
Optionally, the apparatus in fig. 6 may further include:
and the verification record information storage module is used for storing verification record information reflecting verification conditions of the identity information of the target user to the blockchain network.
A fourth obtaining module for obtaining, from the user identity manager, a fifth blockchain transaction for invoking a fifth smart contract deployed at the blockchain network; the fifth blockchain transaction carries a fifth digital signature generated by using the preset private key; the fifth intelligent contract is an intelligent contract for counting user identity verification conditions.
The statistical result generation module is used for running the contract code of the fifth intelligent contract and generating a verification condition statistical result of the identity information of the target user; the contract code of the fifth intelligent contract is used for generating a verification condition statistical result according to the verification record information of the target user stored in the blockchain network after determining that the target user grants identity verification condition statistical authority based on the fifth digital signature when being executed;
and the statistical result sending module is used for sending the verification condition statistical result of the identity information of the target user to the user identity manager.
Optionally, in the apparatus of fig. 6, the service provider may include at least one of a client of the target application and a server of the target application.
The user identity manager may be any one of a distributed application for managing the preset private key, a first software development kit for managing the preset private key carried at a client of the target application, and a second software development kit for managing the preset private key carried at a client of other applications;
Wherein the distributed application, the first software development kit, and the second software development kit may each have access to at least a portion of blockchain nodes in the blockchain network.
Based on the same thought, the embodiment of the specification also provides equipment corresponding to the method.
FIG. 7 is a schematic diagram of a blockchain-based user identity verification device corresponding to FIG. 2 according to an embodiment of the present disclosure. As shown in fig. 7, the apparatus 700 may include:
at least one processor 710; the method comprises the steps of,
a memory 730 communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory 730 stores instructions 720 executable by the at least one processor 710, the instructions being executable by the at least one processor 710 to enable the at least one processor 710 to:
acquiring a first identity verification request generated by a service provider aiming at a target user in a service processing process; the first identity verification request is used for requesting verification of preset types of identity information of the target user.
And responding to the first identity verification request, and generating a second identity verification request aiming at the identity information of the preset category of the target user by utilizing the preset private key of the target user for managing the user identity information.
And sending the second identity verification request to a blockchain network.
Receiving a user identity verification result fed back by the blockchain network; the user identity verification result is generated by the blockchain network based on at least one of ciphertext user identity information and trusted user identity verification result which are stored at the blockchain network and pass trusted verification after the blockchain network determines that the target user grants verification authority for the preset type of identity information.
And sending the user identity verification result to the service provider.
FIG. 8 is a schematic diagram of another blockchain-based user identity verification device corresponding to FIG. 3 provided in an embodiment of the present disclosure. As shown in fig. 8, the device 800 may include:
at least one processor 810; the method comprises the steps of,
a memory 830 communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory 830 stores instructions 820 executable by the at least one processor 810 to enable the at least one processor 810 to:
acquiring a second identity verification request of identity information of a preset type aiming at a target user from a user identity management party; the second identity verification request is a request generated by using a preset private key of the target user for managing user identity information in response to the first identity verification request; the first identity verification request is a request generated by a service provider in a service processing process and used for requesting verification of preset types of identity information of the target user.
And responding to the second identity verification request, and after determining that the target user grants verification authority for the identity information of the preset type, generating a user identity verification result for the target user according to at least one of the ciphertext user identity information and the trusted user identity verification result which are stored in the blockchain network and pass the trusted verification.
And sending the user identity verification result to the user identity manager.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for the apparatus shown in fig. 7 and 8, the description is relatively simple, as it is substantially similar to the method embodiment, with reference to the partial description of the method embodiment being made for relevant reasons.
In the 90 s of the 20 th century, improvements to one technology could clearly be distinguished as improvements in hardware (e.g., improvements to circuit structures such as diodes, transistors, switches, etc.) or software (improvements to the process flow). However, with the development of technology, many improvements of the current method flows can be regarded as direct improvements of hardware circuit structures. Designers almost always obtain corresponding hardware circuit structures by programming improved method flows into hardware circuits. Therefore, an improvement of a method flow cannot be said to be realized by a hardware entity module. For example, a programmable logic device (Programmable Logic Device, PLD) (e.g., field programmable gate array (FieldProgrammable Gate Array, FPGA)) is an integrated circuit whose logic function is determined by the programming of the device by a user. A designer programs to "integrate" a digital system onto a PLD without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Moreover, nowadays, instead of manually manufacturing integrated circuit chips, such programming is mostly implemented by using "logic compiler" software, which is similar to the software compiler used in program development and writing, and the original code before the compiling is also written in a specific programming language, which is called hardware description language (Hardware Description Language, HDL), but not just one of the hdds, but a plurality of kinds, such as ABEL (AdvancedBoolean Expression Language), AHDL (Altera Hardware Description Language), confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (JavaHardware Description Language), lava, lola, myHDL, PALASM, RHDL (Ruby Hardware Description Language), etc., VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog are currently most commonly used. It will also be apparent to those skilled in the art that a hardware circuit implementing the logic method flow can be readily obtained by merely slightly programming the method flow into an integrated circuit using several of the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer readable medium storing computer readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, application specific integrated circuits (Application Specific Integrated Circuit, ASIC), programmable logic controllers, and embedded microcontrollers, examples of which include, but are not limited to, the following microcontrollers: ARC625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic of the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller in a pure computer readable program code, it is well possible to implement the same functionality by logically programming the method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers, etc. Such a controller may thus be regarded as a kind of hardware component, and means for performing various functions included therein may also be regarded as structures within the hardware component. Or even means for achieving the various functions may be regarded as either software modules implementing the methods or structures within hardware components.
The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. One typical implementation is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being functionally divided into various units, respectively. Of course, the functions of each element may be implemented in the same piece or pieces of software and/or hardware when implementing the present application.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and variations of the present application will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the application are to be included in the scope of the claims of the present application.

Claims (24)

1. A blockchain-based user identity verification method, comprising:
acquiring a first identity verification request generated by a service provider aiming at a target user in a service processing process; the first identity verification request is used for requesting verification of preset types of identity information of the target user;
responding to the first identity verification request, and generating a second identity verification request aiming at the identity information of the preset type of the target user by utilizing a preset private key of the target user for managing the user identity information;
sending the second identity verification request to a blockchain network;
receiving a user identity verification result fed back by the blockchain network; the user identity verification result is generated by the blockchain network based on at least one of ciphertext user identity information and trusted user identity verification result which are stored at the blockchain network and pass trusted verification after determining that the target user grants verification authority for the preset type of identity information;
And sending the user identity verification result to the service provider.
2. The method of claim 1, wherein a preset public key corresponding to the preset private key is stored at the blockchain network; the method further comprises the steps of:
acquiring the identity information of a plaintext user of a specified type of the target user;
encrypting the plaintext user identity information by using the preset public key to obtain the ciphertext user identity information of the appointed type of the target user;
carrying out digital signature on the ciphertext user identity information of the specified type by utilizing the preset private key to obtain a first digital signature;
generating a first identity authentication request aiming at the target user according to the ciphertext user identity information of the specified type and the first digital signature;
sending the first identity authentication request to the blockchain network; and the blockchain network is used for carrying out trusted verification on the identity information of the ciphertext user of the specified type after the first digital signature is verified by utilizing the preset public key, so as to obtain a trusted user identity verification result of the target user.
3. The method according to claim 2, wherein the generating a first authentication request for the target user according to the ciphertext user identity information of the specified kind and the first digital signature specifically includes:
Generating a first blockchain transaction for calling a first intelligent contract deployed at the blockchain network according to the ciphertext user identity information of the specified category and the first digital signature; the contract code of the first intelligent contract is used for sending a second identity authentication request carrying the ciphertext user identity information of the specified type to an under-chain trusted institution by utilizing a prophetic machine when being executed, receiving a trusted user identity authentication result of the target user fed back by the under-chain trusted institution, or is used for carrying out trusted authentication on the ciphertext user identity information of the specified type by utilizing at least one of on-chain data and under-chain data, and generating the trusted user identity authentication result of the target user.
4. The method of claim 3, wherein the specified category of plaintext user identity information comprises: at least one of user unique identification information, user biometric information, user communication address information, payment account information, professional qualification voucher information, membership voucher information, and identity vouching information by a third party;
the trusted user authentication result of the target user is used for reflecting whether the identity information of the specified category of the target user passes the trusted authentication, or the trusted user authentication result of the target user is used for reflecting whether the identity information of the specified category of the target user passes the trusted authentication of a target trusted institution.
5. The method according to claim 1, wherein the generating a second identity verification request for the identity information of the preset kind of the target user by using the preset private key of the target user for managing the identity information of the user specifically comprises:
generating a second blockchain transaction for invoking a second intelligent contract deployed at the blockchain network using the preset private key; the second blockchain transaction carries second digital signature generated by using the preset private key and preset type ciphertext to-be-verified identity information of the target user; the contract code of the second intelligent contract is used for comparing the consistency of the ciphertext user identity information which is stored in the blockchain network and passes through trusted verification of the target user with the ciphertext identity information to be verified after the target user is determined to grant the verification permission based on the second digital signature when the contract code of the second intelligent contract is executed, so that the user identity verification result is obtained; or alternatively, the process may be performed,
generating a third blockchain transaction for invoking a third intelligent contract deployed at the blockchain network using the preset private key; the third blockchain transaction carries a third digital signature generated by using the preset private key and identification information of the preset type; and the contract code of the third intelligent contract is used for generating the user identity verification result according to the trusted user identity verification result of the target user stored in the blockchain network and the identification information of the preset type after determining that the target user grants the verification authority based on the third digital signature when being executed.
6. The method of claim 5, after receiving the user identity verification result fed back by the blockchain network, further comprising:
if the user identity verification result indicates that the identity information of the preset type of the target user does not pass verification, generating identity authentication prompt information; the identity authentication prompt information is used for prompting the trusted verification at the blockchain network by utilizing the preset type of trusted identity information of the target user.
7. The method of claim 1, further comprising, prior to generating a second identity verification request for a preset category of identity information of the target user using a preset private key of the target user for managing user identity information:
generating a query request of identity type information which passes the trusted verification for the target user by utilizing the preset private key;
sending the query request to the blockchain network;
receiving identity type information which is fed back by the blockchain network and passes through trusted verification of the target user; the identity type information is generated based on at least one of ciphertext user identity information and trusted user identity verification results stored at the blockchain network after the blockchain network determines that the target user grants the query authority for the identity type information;
The generating a second identity verification request for the identity information of the preset type of the target user by using the preset private key of the target user for managing the identity information of the user specifically includes:
and if the identity type information of the target user which passes the trusted verification contains the preset type, generating a second identity verification request aiming at the identity information of the preset type of the target user by utilizing the preset private key.
8. The method of claim 7, wherein the generating, with the preset private key, the query request of identity information that passes the trusted verification for the target user specifically includes:
generating a fourth blockchain transaction for invoking a fourth intelligent contract deployed at the blockchain network using the preset private key; the fourth blockchain transaction carries a fourth digital signature generated by using the preset private key; and the contract code of the fourth intelligent contract is used for generating the identity type information according to at least one of the cryptograph user identity information which is stored in the blockchain network and passes the trusted verification and the trusted user identity verification result after determining that the target user grants the query authority based on the fourth digital signature when being executed.
9. The method of claim 1, the blockchain network further for storing verification record information reflecting verification of identity information for the target user; the method further comprises the steps of:
generating a verification condition statistical request aiming at the identity information of the target user by utilizing the preset private key;
sending the verification condition statistics request to the blockchain network;
receiving verification condition statistical results of the identity information of the target user fed back by the blockchain network; the verification situation statistical result is generated based on the verification record information stored at the blockchain network after the blockchain network determines that the target user grants identity verification situation statistical authority.
10. The method of claim 9, wherein the generating, with the preset private key, a verification statistics request for the identity information of the target user specifically includes:
generating a fifth blockchain transaction for invoking a fifth intelligent contract deployed at the blockchain network using the preset private key; the fifth blockchain transaction carries a fifth digital signature generated by using the preset private key; and the contract code of the fifth intelligent contract is used for generating the verification condition statistical result according to the verification record information of the target user stored at the blockchain network after determining that the target user grants the identity verification condition statistical authority based on the fifth digital signature when being executed.
11. The method of any of claims 1-10, the service provider comprising at least one of a client of a target application and a server of the target application;
the method is applied to any one of a first software development kit which is carried at a client of the target application and is used for managing the preset private key and a second software development kit which is carried at a client of other applications and is used for managing the preset private key;
wherein the distributed application, the first software development kit, and the second software development kit each have access to at least a portion of blockchain nodes in the blockchain network.
12. A blockchain-based user identity verification method, comprising:
the blockchain network acquires a second identity verification request aiming at the identity information of the preset type of the target user from the user identity management party; the second identity verification request is a request generated by using a preset private key of the target user for managing user identity information in response to the first identity verification request; the first identity verification request is a request generated by a service provider in a service processing process and used for requesting verification of preset types of identity information of the target user;
Responding to the second identity verification request, and after determining that the target user grants verification authority for the identity information of the preset type, generating a user identity verification result for the target user according to at least one of ciphertext user identity information and trusted user identity verification results which are stored in the blockchain network and pass trusted verification;
and sending the user identity verification result to the user identity manager.
13. The method of claim 12, wherein a preset public key corresponding to the preset private key is stored at the blockchain network; the method further comprises the steps of:
obtaining a first blockchain transaction for invoking a first smart contract deployed at the blockchain network; the first blockchain transaction carries the specified type of ciphertext user identity information of the target user obtained by encryption by using the preset public key and a first digital signature generated by using the preset private key for the specified type of ciphertext user identity information; the first intelligent contract is an intelligent contract for performing trusted verification on user identity information;
after the first digital signature is verified by the preset public key, the first intelligent contract is utilized to conduct trusted verification on the ciphertext user identity information of the specified type, and a trusted user identity verification result of the target user is obtained.
14. The method of claim 13, wherein the contract code of the first smart contract, when executed, is configured to send, with a prophetic machine, an authentication request carrying the specified type of ciphertext user identity information to an under-chain trusted authority, and receive a trusted user identity authentication result of the target user fed back by the under-chain trusted authority, or is configured to perform trusted authentication for the specified type of ciphertext user identity information with at least one of on-chain data and under-chain data, to generate a trusted user identity authentication result of the target user.
15. The method according to claim 12, wherein the obtaining the second identity verification request for the identity information of the preset kind of the target user specifically includes:
obtaining a second blockchain transaction for invoking a second smart contract deployed at the blockchain network; the second blockchain transaction carries second digital signature generated by using the preset private key and preset type ciphertext to-be-verified identity information of the target user;
after determining that the target user grants verification authority for the preset type of identity information, the second identity verification request is responded, and then a user identity verification result for the target user is generated according to at least one of ciphertext user identity information and trusted user identity verification results which are stored in the blockchain network and pass trusted verification, wherein the user identity verification result specifically comprises:
Operating the contract code of the second intelligent contract to generate a user identity verification result aiming at the target user; the contract code of the second intelligent contract is used for comparing the consistency of the ciphertext user identity information which is stored in the blockchain network and passes through trusted verification of the target user with the ciphertext identity information to be verified after the target user is determined to grant the verification permission based on the second digital signature when being executed, so that the user identity verification result is obtained; or alternatively, the process may be performed,
the second identity verification request for obtaining the identity information of the preset type aiming at the target user specifically comprises the following steps:
obtaining a third blockchain transaction for invoking a third smart contract deployed at the blockchain network; the third blockchain transaction carries a third digital signature generated by using the preset private key and identification information of the preset type;
after determining that the target user grants verification authority for the preset type of identity information, the second identity verification request is responded, and then a user identity verification result for the target user is generated according to at least one of ciphertext user identity information and trusted user identity verification results which are stored in the blockchain network and pass trusted verification, wherein the user identity verification result specifically comprises:
Operating the contract code of the third intelligent contract to generate a user identity verification result aiming at the target user; and the contract code of the third intelligent contract is used for generating the user identity verification result according to the trusted user identity verification result of the target user stored in the blockchain network and the preset type of identification information after the third digital signature is used for determining that the target user grants the verification authority when being executed.
16. The method of claim 12, further comprising, prior to the second identity verification request for the preset category of identity information of the target user:
obtaining, from the user identity manager, a fourth blockchain transaction for invoking a fourth smart contract deployed at the blockchain network; the fourth blockchain transaction carries a fourth digital signature generated by using the preset private key; the fourth intelligent contract is an intelligent contract for inquiring the identity type of the user which passes the trusted verification;
operating the contract code of the fourth intelligent contract to generate identity type information of the target user which passes the trusted verification; the contract code of the fourth intelligent contract is used for generating the identity type information according to at least one of ciphertext user identity information which is stored in the blockchain network and passes trusted verification and trusted user identity verification results after determining that the target user grants trusted identity type inquiry permission based on the fourth digital signature when being executed;
And sending the identity type information of the target user which passes the trusted verification to the user identity manager.
17. The method of claim 12, further comprising, after generating the user identity verification result for the target user:
storing verification record information reflecting verification conditions of identity information for the target user to the blockchain network;
obtaining, from the user identity manager, a fifth blockchain transaction for invoking a fifth smart contract deployed at the blockchain network; the fifth blockchain transaction carries a fifth digital signature generated by using the preset private key; the fifth intelligent contract is an intelligent contract for counting user identity verification conditions;
operating the contract code of the fifth intelligent contract to generate a verification condition statistical result of the identity information of the target user; the contract code of the fifth intelligent contract is used for generating a verification condition statistical result according to the verification record information of the target user stored in the blockchain network after determining that the target user grants identity verification condition statistical authority based on the fifth digital signature when being executed;
And sending the verification condition statistical result of the identity information of the target user to the user identity manager.
18. The method of any of claims 12-17, the service provider comprising at least one of a client of a target application and a server of the target application;
the user identity management party is any one of a first software development kit which is carried at a client of the target application and is used for managing the preset private key and a second software development kit which is carried at a client of other applications and is used for managing the preset private key;
wherein the distributed application, the first software development kit, and the second software development kit each have access to at least a portion of blockchain nodes in the blockchain network.
19. A blockchain-based user identity verification device, comprising:
the first acquisition module is used for acquiring a first identity verification request generated by a service provider aiming at a target user in a service processing process; the first identity verification request is used for requesting verification of preset types of identity information of the target user;
The first generation module is used for responding to the first identity verification request and generating a second identity verification request aiming at the identity information of the preset type of the target user by utilizing the preset private key of the target user for managing the user identity information;
the first sending module is used for sending the second identity verification request to a blockchain network;
the receiving module is used for receiving a user identity verification result fed back by the blockchain network; the user identity verification result is generated by the blockchain network based on at least one of ciphertext user identity information and trusted user identity verification result which are stored at the blockchain network and pass trusted verification after determining that the target user grants verification authority for the preset type of identity information;
and the second sending module is used for sending the user identity verification result to the service provider.
20. The apparatus of claim 19, wherein a preset public key corresponding to the preset private key is stored at the blockchain network; the apparatus further comprises:
the second acquisition module is used for acquiring the specified type of plaintext user identity information of the target user;
The encryption module is used for encrypting the plaintext user identity information by using the preset public key to obtain the ciphertext user identity information of the appointed type of the target user;
the digital signature module is used for carrying out digital signature on the ciphertext user identity information of the specified type by utilizing the preset private key to obtain a first digital signature;
the second generation module is used for generating a first identity authentication request aiming at the target user according to the specific type of ciphertext user identity information and the first digital signature;
a third sending module, configured to send the first identity authentication request to the blockchain network; the blockchain network is used for carrying out trusted verification on the identity information of the ciphertext user of the specified type after the first digital signature is verified by utilizing the preset public key, so as to obtain a trusted user identity verification result of the target user;
wherein, the plaintext user identity information of the specified category includes: at least one of user unique identification information, user biometric information, user communication address information, payment account information, professional qualification voucher information, membership voucher information, and identity vouching information by a third party;
The trusted user authentication result of the target user is used for reflecting whether the identity information of the specified category of the target user passes the trusted authentication, or the trusted user authentication result of the target user is used for reflecting whether the identity information of the specified category of the target user passes the trusted authentication of a target trusted institution.
21. A blockchain-based user identity verification device, comprising:
the first acquisition module is used for acquiring a second identity verification request of the preset type of identity information of the target user from the user identity management party; the second identity verification request is a request generated by using a preset private key of the target user for managing user identity information in response to the first identity verification request; the first identity verification request is a request generated by a service provider in a service processing process and used for requesting verification of preset types of identity information of the target user;
the generation module is used for responding to the second identity verification request, and after determining that the target user grants verification authority for the identity information of the preset type, the generation module generates a user identity verification result aiming at the target user according to at least one of the ciphertext user identity information and the trusted user identity verification result which are stored in the blockchain network and pass the trusted verification;
And the sending module is used for sending the user identity verification result to the user identity manager.
22. The apparatus of claim 21, wherein a preset public key corresponding to the preset private key is stored at the blockchain network; the apparatus further comprises:
a second acquisition module for acquiring a first blockchain transaction for invoking a first intelligent contract deployed at the blockchain network; the first blockchain transaction carries the specified type of ciphertext user identity information of the target user obtained by encryption by using the preset public key and a first digital signature generated by using the preset private key for the specified type of ciphertext user identity information; the first intelligent contract is an intelligent contract for performing trusted verification on user identity information;
the trusted verification module is used for performing trusted verification on the specific type of ciphertext user identity information by using the first intelligent contract after the first digital signature is verified by using the preset public key, so as to obtain a trusted user identity verification result of the target user;
the contract code of the first intelligent contract is used for sending an identity authentication request carrying the specific type of ciphertext user identity information to an under-chain trusted institution by utilizing a prophetic machine when being executed, receiving a trusted user identity authentication result of the target user fed back by the under-chain trusted institution, or is used for carrying out trusted authentication on the specific type of ciphertext user identity information by utilizing at least one of on-chain data and under-chain data, and generating the trusted user identity authentication result of the target user.
23. A blockchain-based user identity verification device, comprising:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
acquiring a first identity verification request generated by a service provider aiming at a target user in a service processing process; the first identity verification request is used for requesting verification of preset types of identity information of the target user;
responding to the first identity verification request, and generating a second identity verification request aiming at the identity information of the preset type of the target user by utilizing a preset private key of the target user for managing the user identity information;
sending the second identity verification request to a blockchain network;
receiving a user identity verification result fed back by the blockchain network; the user identity verification result is generated by the blockchain network based on at least one of ciphertext user identity information and trusted user identity verification result which are stored at the blockchain network and pass trusted verification after determining that the target user grants verification authority for the preset type of identity information;
And sending the user identity verification result to the service provider.
24. A blockchain-based user identity verification device, comprising:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
acquiring a second identity verification request of identity information of a preset type aiming at a target user from a user identity management party; the second identity verification request is a request generated by using a preset private key of the target user for managing user identity information in response to the first identity verification request; the first identity verification request is a request generated by a service provider in a service processing process and used for requesting verification of preset types of identity information of the target user;
responding to the second identity verification request, and after determining that the target user grants verification authority for the identity information of the preset type, generating a user identity verification result for the target user according to at least one of ciphertext user identity information and trusted user identity verification results which are stored in the blockchain network and pass trusted verification;
And sending the user identity verification result to the user identity manager.
CN202310964375.9A 2023-08-02 2023-08-02 User identity verification method, device and equipment based on blockchain Pending CN116962061A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310964375.9A CN116962061A (en) 2023-08-02 2023-08-02 User identity verification method, device and equipment based on blockchain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310964375.9A CN116962061A (en) 2023-08-02 2023-08-02 User identity verification method, device and equipment based on blockchain

Publications (1)

Publication Number Publication Date
CN116962061A true CN116962061A (en) 2023-10-27

Family

ID=88446157

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310964375.9A Pending CN116962061A (en) 2023-08-02 2023-08-02 User identity verification method, device and equipment based on blockchain

Country Status (1)

Country Link
CN (1) CN116962061A (en)

Similar Documents

Publication Publication Date Title
WO2021239104A1 (en) Blockchain-based service processing
US11228425B2 (en) Data storage method, data query method and apparatuses
TWI736705B (en) Business processing method and device
CN110383757B (en) System and method for secure processing of electronic identities
CN110795501A (en) Method, device, equipment and system for creating verifiable statement based on block chain
CN110768968B (en) Authorization method, device, equipment and system based on verifiable statement
US11386191B2 (en) Trusted hardware-based identity management methods, apparatuses, and devices
CN111931238B (en) Block chain-based data asset transfer method, device and equipment
CN113542288B (en) Service authorization method, device, equipment and system
EP2985969A1 (en) Multi-dimensional framework for defining criteria that indicate when authentication should be revoked
CN114884674B (en) User data circulation method, device and equipment based on block chain
EP3964995B1 (en) Data processing methods, apparatuses, and devices
US11436597B1 (en) Biometrics-based e-signatures for pre-authorization and acceptance transfer
CN116962061A (en) User identity verification method, device and equipment based on blockchain
CN113761496B (en) Identity verification method and device based on blockchain and electronic equipment
CN115758418A (en) Data management method, device and equipment based on block chain network
CN115484065A (en) Identity verification method, device and equipment based on block chain
CN116186655A (en) Identity verification method and equipment based on derivative verifiable statement
CN116155602A (en) Resource data processing method and device
CN116455657A (en) Service providing method, device, equipment and system
CN116432249A (en) Data authorization management method, device and medium based on electronic signature technology
WO2020027879A1 (en) Privacy-preserving assertion system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination