CN111147432B - KYC data sharing system with confidentiality and method thereof - Google Patents
KYC data sharing system with confidentiality and method thereof Download PDFInfo
- Publication number
- CN111147432B CN111147432B CN201811315195.3A CN201811315195A CN111147432B CN 111147432 B CN111147432 B CN 111147432B CN 201811315195 A CN201811315195 A CN 201811315195A CN 111147432 B CN111147432 B CN 111147432B
- Authority
- CN
- China
- Prior art keywords
- data
- kyc
- contract
- client
- registration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Business, Economics & Management (AREA)
- Finance (AREA)
- Computing Systems (AREA)
- Accounting & Taxation (AREA)
- Power Engineering (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Strategic Management (AREA)
- Technology Law (AREA)
- General Business, Economics & Management (AREA)
- Storage Device Security (AREA)
Abstract
A KYC data sharing system with confidentiality and a method thereof are disclosed, KYC data are provided to a right duty end through a client to be encrypted, signed and issued to a block chain network, and an intelligent contract is executed on the block chain network, so that the client, the right duty end and a financial end can execute functions of the intelligent contract and detect events of the intelligent contract, so that when the financial end requests to inquire the KYC data, the client can set authorization authorities for different data items, then the financial end directly receives the authorized data items through the client, and then whether the data items are authenticated by the right duty end to determine whether to review or not is verified, and the technical effects of improving the confidentiality, the usability and the content uniformity of the KYC data are improved.
Description
Technical Field
The invention relates to a data sharing system and a method thereof, in particular to a secret KYC data sharing system and a secret KYC data sharing method.
Background
In recent years, with the popularization and vigorous development of financial technologies, various applications based on financial technologies appear like bamboo shoots in spring after rain, however, in order to provide suitable financial products to customers and even avoid money laundering, financial institutions require customers to fill in a piece of data for "Knowing Your Customer (KYC)".
Generally speaking, the financial institution can know the bearing capacity of the client to the investment risk according to the KYC data, so as to provide suitable financial commodities and realize the verification of the client identity authentication, background and credit record. However, since each financial institution requires to fill out KYC data, when there are a large number of financial institutions to and from, repeatedly filling out KYC data with the same content will cause trouble and inconvenience to customers, and since only one piece of KYC data cannot be filled out for all financial institutions, usability of KYC data is not good. In addition, the content of the KYC data filled at different time points may be different, which causes a problem of poor content uniformity.
In view of the above, manufacturers have proposed a technical means for storing KYC data in the client, so as to provide the client with the capability of opening an account in a financial institution. However, this approach requires the financial institution to be willing to coordinate and also fails to address the problem of KYC data at different points in time, which may not be identical in content. In addition, it is also proposed that the KYC data is stored in the cloud for the financial institutions to share, however, the KYC data stored in the cloud is easily tampered, so that how to make each financial institution trust the KYC data stored in the cloud is a big problem, and the KYC data stored in the cloud is also easily subject to privacy leakage.
In summary, it is known that the problems of poor confidentiality, usability and content uniformity of KYC data exist in the prior art for a long time, and therefore, it is necessary to provide improved technical means to solve the problems.
Disclosure of Invention
The invention discloses a KYC data sharing system with confidentiality and a method thereof.
First, the present invention discloses a secret KYC data sharing system, which is applied to a block chain network for executing an intelligent contract, and the system comprises: the system comprises a right charge end, a client and a financial end. Wherein the authority end comprises: the device comprises an initial module, a verification module and a registration module. The initial module is used for issuing a KYC data registration contract through a block chain transaction to provide registration and update KYC data contracts and issuing a KYC data request registration contract through the block chain transaction to provide registration and record KYC data request contracts in the initial process, wherein the KYC data registration contract comprises a data registration event and a data update event, and the KYC data request registration contract comprises a request registration event and an authorization response event; the verification module is used for receiving KYC data for verification, the KYC data comprises a plurality of data items, each data item in the verified KYC data is encrypted according to a client public key to generate corresponding first encrypted content, and then the hash value of each data item is signed according to a authority end private key to generate a corresponding hash signature value; the registration module is used for issuing a KYC data contract containing an account address, first encrypted content of each data item and a Hash seal value of each data item through block chain transaction, obtaining a corresponding KYC data contract address, and registering the KYC data contract address in a KYC data registration contract to trigger a data registration event to generate a registration completion notice.
Then, the client includes: the device comprises a generating module, a detecting module and an encrypting and decrypting module. The generation module is used for generating KYC data and transmitting the KYC data to the authority end; the detection module is used for continuously detecting the data request notification, when the data request notification is detected and the account address contained in the data request notification is consistent with one of the clients, the consistent client reads a KYC data contract corresponding to the client from the block chain network to obtain the account address, the first encrypted content of each data item and the hash signature value of each data item, and the authorization authority of each data item is allowed to be set; the encryption and decryption module is used for decrypting the obtained first encrypted content of each data item according to the authorization authority and the client private key, generating a group of keys to encrypt each decrypted data item to generate corresponding second encrypted content, encrypting the group of keys by using the financial end public key to generate a group of encryption keys, and transmitting the second encrypted content of each data item, the hash signature value of each data item and the group of encryption keys to trigger an authorization response event to generate an authorization response notice.
As for the financial terminal, it includes: a request module, a receiving module, and a review module. The client-side data request contract management system comprises a request module, a block chain transaction module and a data request registration module, wherein the request module is used for issuing a KYC data request contract corresponding to the client-side through a block chain transaction when KYC data of the client-side are requested, and registering the KYC data request contract in a KYC data request registration contract to trigger a request registration event to generate a data request notification; the receiving module is used for continuously detecting an authorization response event of the KYC data request registration contract, receiving the second encrypted content of each data item, the hash signature value of each data item and the group of encryption keys after the authorization response event is triggered to generate an authorization response notice, decrypting the group of encryption keys by using the financial end private key to obtain a group of keys, and decrypting the second encrypted content of each data item by using the group of keys; the review module is used for verifying the hash value and the signature of each decrypted data item according to the public key of the authority end and the hash signature value of each data item, and reviewing each decrypted data item when the verification is passed and the hash signature value is confirmed to be generated by the authority end.
In addition, the invention discloses a secret KYC data sharing method, which is applied to a block chain network for executing an intelligent contract and comprises the following steps: the method comprises the following steps that a liability end issues a KYC data registration contract through a block chain transaction to provide registration and update KYC data contracts and issues a KYC data request registration contract through the block chain transaction to provide registration and record KYC data request contracts at the initial time, wherein the KYC data registration contract comprises a data registration event and a data update event, and the KYC data request registration contract comprises a request registration event and an authorization response event; the client generates corresponding KYC data and transmits the KYC data to the accountability end, wherein the KYC data comprises a plurality of data items; the authority terminal verifies the received KYC data, encrypts each data item in the verified KYC data respectively according to a client public key to generate corresponding first encrypted content, and then signs the hash value of each data item according to the authority terminal private key to generate a corresponding hash signature value; the authority terminal issues a KYC data contract containing an account address, first encrypted content of each data item and a Hash seal value of each data item through block chain transaction, obtains a corresponding KYC data contract address, and registers the KYC data contract address in a KYC data registration contract to trigger a data registration event to generate a registration completion notice; when the financial terminal requests KYC data of the client, a KYC data request contract corresponding to the client is issued through block chain transaction, and the KYC data request contract is registered in the KYC data request registration contract and used for triggering a request registration event to generate a data request notification; after a client detects a data request notification and an account address contained in the data request notification is consistent with one of the clients, the consistent client reads a KYC data contract corresponding to the client from a block chain network to obtain the account address, first encrypted content of each data item and a hash signature value of each data item, and allows setting of an authorization authority of each data item; the client decrypts the obtained first encrypted content of each data item according to the authorization authority and the client private key, generates a group of keys to encrypt each decrypted data item to generate corresponding second encrypted content, encrypts the group of keys by the financial public key to generate a group of encrypted keys, and transmits the second encrypted content of each data item, the hash signature value of each data item and the group of encrypted keys to trigger an authorization response event to generate an authorization response notice; the financial terminal continuously detects an authorization response event of KYC data request registration contract, receives the second encrypted content of each data item, the hash signature value of each data item and the group of encryption keys after the authorization response event is triggered to generate an authorization response notice, decrypts the group of encryption keys by using the financial terminal private key to obtain a group of keys, and then decrypts the second encrypted content of each data item by using the group of keys; the financial terminal verifies the hash value and the signature of each decrypted data item according to the public key of the authority terminal and the hash signature value of each data item, and reviews each decrypted data item when the verification is passed and the hash signature value is confirmed to be generated by the authority terminal.
The system and method disclosed by the present invention are different from the prior art in that the client provides KYC data to the authority terminal for encryption, signature and distribution to the blockchain network, and executes the intelligent contract on the blockchain network, so that the client, the authority terminal and the financial terminal can execute the function of the intelligent contract and detect the event of the intelligent contract, so that when the financial terminal requests to query the KYC data, the client can set the authorization authority for different data items, and then the financial terminal directly receives the authorized data items through the client, and then verifies whether the data items are authenticated by the authority terminal to determine whether to review.
Through the technical means, the invention can achieve the technical effects of improving the confidentiality, the usability and the content uniformity of KYC data.
Drawings
Fig. 1 is a system block diagram of the KYC data sharing system with confidentiality according to the present invention.
Fig. 2A to fig. 2C are flowcharts of a method for sharing KYC data with confidentiality according to the present invention.
Fig. 3 is a schematic diagram of uploading KYC data by applying the present invention.
FIG. 4 is a diagram illustrating encryption and signature of data items at the accountability end according to the present invention.
Fig. 5 is a schematic diagram of encryption and decryption performed at a client by applying the present invention.
[ List of reference numerals ]
10 blockchain network
100 authority terminal
101 initial module
102 authentication module
103 register module
104 update module
110 client
111 generating module
112 detection module
113 encryption and decryption module
120 finance end
121 request module
122 receiving module
123 review module
300 edit window
310 data input block
311 editing component
312 storage component
313 transfer assembly
400 KYC data
410 first encrypted content
420 hash value
430 hash signature value
500 decrypted content
510 second encrypted content
230, the accountability end verifies the received KYC data, encrypts each data item in the verified KYC data according to a client public key to generate a corresponding first encrypted content, and signs the hash value of each data item according to a accountability end private key to generate a corresponding hash signature value
240, the authority terminal issues the KYC data contract containing an account address, the first encrypted content of each data item and the hash signature value of each data item through a blockchain transaction, obtains a corresponding KYC data contract address, and registers the KYC data contract address in the KYC data contract registration contract to trigger the data registration event to generate a registration completion notification
In step 290, the financial terminal performs hash value and signature verification on each decrypted data item according to a public key of a accountability terminal and the hash signature value of each data item, and reviews each decrypted data item when the verification is passed and the hash signature value is confirmed to be generated by the accountability terminal
The accountability end issues a KYC execution registration contract for recording the execution result of at least one KYC data execution contract at the beginning of the step 291, wherein the KYC data execution contract records each data item reviewed by the financial end and its signature
292, the accountability end issues an account number link contract through a block link transaction at the beginning to store at least one account number address corresponding to each client, so that the account number addresses correspond to the same KYC data, and the account number addresses are allowed to be added or deleted, and after the financial end verifies the account number addresses, the financial end is allowed to receive the same KYC data by using different account number addresses
Detailed Description
The following detailed description of the embodiments of the present invention will be provided in conjunction with the accompanying drawings and examples, so that how to implement the technical means for solving the technical problems and achieving the technical effects of the present invention can be fully understood and implemented.
Before describing the disclosed KYC data sharing system with confidentiality and the method thereof, the present invention is applied to a Blockchain network executing an intelligent contract, and all the computer devices in the Blockchain network can be regarded as Blockchain nodes which are connected in a point-to-point (Peer) manner and are used for processing Blockchain Transactions (Blockchain Transactions). In practical implementations, the computer device can be a server, a host computer, a notebook computer, a tablet computer, etc. for executing computer program instructions, such as: the blockchain program "Ethereum". In addition, the intelligent contract is a computer program that drives instructions according to predetermined conditions and transmitted information, and in actual implementation, the intelligent contract is implemented by a programming language, such as: the intelligent contracts are compiled to obtain Binary codes and Application Binary Interfaces (ABIs) so as to broadcast the intelligent contracts to the blockchain network, and a Miner (Miner) waits for putting the intelligent contracts on the blockchain and obtaining corresponding addresses, so that the intelligent contracts are completed. Then, the node of the block chain network can execute the corresponding intelligent contract according to the address, and the state of the intelligent contract on the block chain can be changed by different instructions. It should be particularly noted that the contracts such as "KYC data registration contract", "KYC data request registration contract", "KYC data request contract", "KYC evaluation registration contract", "KYC execution registration contract", "KYC data execution contract", and "account number connection contract" are all intelligent contracts, and the "registration" mentioned in the text refers to establishing address correspondence between different intelligent contracts by executing functions in the intelligent contracts, and the following briefly describes each intelligent contract:
the utility model provides a, KYC data contract for record customer's KYC data, in actual implementation, each data item of KYC data can pass through client public key respectively and encrypt, and still can calculate corresponding hash value through hash algorithm, then, store after signing the calculated hash value with the authority's end private key, that is to say, KYC data contract does not store the plain code of KYC data, but stores encrypted data item, and the value after hash and signature, actually, KYC data contract still contains customer's account number address, like: a public key. In practical implementation, the KYC data contract contains functions such as: "setData ()", and parameters to bring in "the code of the data item of KYC data", "the first encrypted content of each data item", "the hash value of each data item", and "the hash signature value of each data item", etc.
And a KYC data contract which is used for registering the KYC data contract and providing related events (namely data registration events and data updating events). In practical implementation, the KYC evaluation contract can be generated by a function while registering the KYC data contract, and is registered in the KYC evaluation registration contract, so that an authorized financial terminal can evaluate and mark risks of corresponding clients. The KYC data registry contract contains functions such as: "register kycdata ()", "update kycdata ()", both of which are brought into the address and account address of the KYC data contract, and the execution of which triggers corresponding events, such as: "KYCDataDidRegister" and "KYCDataDidUpdate" are triggered when KYC data contract registration is performed, and triggered when KYC data contract update is performed.
Third, a KYC data request contract is used for the financial terminal to initiate a request to the client so as to obtain the authorization right for reviewing KYC data from the client, that is, the client also replies the authorization right through the KYC data request contract. In practical implementation, the KYC data request contract contains functions such as: "addRequest ()", "addSignature ()", "isprovived ()", "objectrequest ()", "revokeRequest ()", and the like, which are respectively used for executing the cases of "financial terminal adding data items to be reviewed", "financial terminal setting signature for client to verify financial terminal source", "checking whether the financial terminal has authorization authority to review specified data items", "client authorizes request to review specified data items", "client refuses request to review specified data items", and "client cancels authorization authority authorized to review specified data items".
And fourthly, registering the KYC data request contract for registering and recording the request of the financial terminal for reviewing the KYC data of the client, providing corresponding events to inform the client of the reviewing request and inform the financial terminal of the response or update of the authorization state. In practical implementation, KYC data requests a registration contract to contain functions such as: the "requestKYCData ()" and the "responseKYCDataRequest ()" are respectively used for providing the financial terminal registration KYC data request contract and informing that the contract has been responded after the client replies or updates the authorization state of the KYC data request contract. In addition, executing these two functions triggers corresponding events, such as: the client side comprises a KYCDataDidRequest and a KYCDataRequestDidResponse, wherein the KYCDataDidRequest is triggered when a new KYC data request contract is registered to inform the client side of the contract, and the KYCDataRequest is triggered when the authorization state of the KYC data request contract is changed to inform the financial side of the change of the authorization state.
And fifthly, carrying out a KYC data execution contract for recording the KYC processing executed by the financial terminal, wherein the KYC data execution contract comprises functions such as: "executeKyc ()" for signing after the finance end reviews the designated data item of the KYC data, each data item needs to be signed independently.
Sixthly, recording execution results of the KYC data execution contract by using a KYC execution registration contract, wherein the KYC execution registration contract comprises functions such as: "register KYCExecution ()".
Seventh, KYC evaluation contracts, which are used for the financial end to record client evaluation and risk marks, and include functions such as: "addnucleotides ()", "addFlag ()" and "addRat ()" are used to "note of the newly added financial end to the client", "risk mark of the newly added financial end to the client" and "evaluation of the newly added financial end to the client", respectively.
Eight, KYC evaluation and other registration contracts used for providing registration KYC evaluation and other contracts, which comprise functions such as: "register ()" that completes registration of KYC-rated contracts by bringing in the address of the KYC-rated contracts.
Ninth, account linking contracts are used for binding multiple account addresses for clients to achieve privacy, and the stored account addresses are encrypted by using signatures, which may include functions such as: "addAssociation ()", "removeAssociation ()" and "getAssociation ()" are used to perform the processing of "signature for newly adding binding", "signature for removing binding", and "inquiring the account address bound by a signature", respectively.
Referring to fig. 1, fig. 1 is a block diagram of a KYC data sharing system with confidentiality according to the present invention, which is applied to a block chain network 10 for executing an intelligent contract, and the system includes: the accountability end 100, the client 110 and the finance end 120. In which, the authority terminal 100 may be a government authority or a government legal authority, and the purpose of the authority terminal 100 is to provide KYC data service for verifying natural people or organizations (e.g. verifying whether the materials are correctly attached), in fact, the authority terminal 100 is connected to the blockchain network 10 as a blockchain link, and the authority terminal 100 includes: an initialization module 101, an authentication module 102, and a registration module 103. The initialization module 101 is configured to issue a KYC data registration contract through a blockchain transaction to provide registration and update KYC data contracts at initialization, and issue a KYC data request registration contract through a blockchain transaction to provide registration and record a KYC data request contract, where the KYC data registration contract includes a data registration event and a data update event, and the KYC data request registration contract includes a request registration event and an authorization response event. When a registration function of a KYC data contract is executed to register the KYC data contract, the registration function triggers a data registration event, namely, when a new KYC data contract is registered, the data registration event is triggered; when an update function of the KYC data registry contract is executed to update the KYC data contract, the update function triggers a data update event, that is, when the existing KYC data contract is updated, the data update event is triggered.
In practical implementation, the data stored in the KYC data contract includes "account address of the customer", "encrypted content (i.e. first encrypted content) of each data item", and "hash signature value subjected to hash and signature processing", where the account address of the customer may be presented in the form of a public key; the encrypted content is generated by encrypting a client public key; the signature is realized by the authority end private key. In addition, the initial module 101 may also issue KYC execution registration contracts through blockchain transactions to record execution results of KYC data execution contracts that record each data item and its signature reviewed by the financial terminal 120. Therefore, which finance end 120 has reviewed the KYC data can be known later by verifying the signature. In addition, the liability terminal 100 may issue an account linking contract through a block chain transaction at the beginning to store all account addresses corresponding to each client terminal 110, so that all account addresses correspond to the same KYC data, and the account addresses are allowed to be added or deleted, so that after the financial terminal 120 verifies the account addresses and confirms that the account addresses are generated by the client terminals 110, the financial terminal may be allowed to receive the same KYC data at different account addresses. In other words, the client 110 can use different account addresses to let the finance client 120 perform KYC processing, even to avoid knowing the identity of the client 110 through the account addresses.
The validation module 102 is configured to receive KYC data for validation, the KYC data including a plurality of data items, for example: name, identification card word number, gender and the like, and according to the client public key, respectively encrypting each data item in the verified KYC data to generate corresponding first encrypted content, and then according to the authority end private key, signing the hash value of each data item to generate a corresponding hash signature value. In practical implementation, each data item has a corresponding code, such as: the ID card word is coded as "ID", and the property certificate is coded as "WEALTH _ PROOF", etc. In addition, the public key (e.g., client public key) and the private key (e.g., authority private key) mentioned herein can be provided by a certificate issued by a third party public trust certificate authority (e.g., taiwan network authentication center).
The registration module 103 is configured to issue a KYC data contract including an account address, first encrypted content of each data item, and a hash signature value of each data item through a blockchain transaction, obtain a corresponding KYC data contract address, and register the KYC data contract address in a KYC data registration contract to trigger a data registration event to generate a registration completion notification. In practical implementation, when a new KYC data contract is registered, a KYC evaluation contract corresponding to the client 110 may be issued through a blockchain transaction, and a KYC evaluation contract address of the KYC evaluation contract is registered in a KYC evaluation registration contract issued in advance by the initial module 101, so as to allow the financial terminal 120 obtaining the authorization authority to evaluate and mark risks of the KYC data of the corresponding client 110. For example, their rating may be a credit rating; the risk flag may then note whether or not the account is an alert account.
In practical implementation, the authority terminal 100 may further include an update module 104 for obtaining a KYC data contract corresponding to the KYC data according to the KYC data registration contract after the KYC data is updated, and triggering the data update event to generate the update completion notification. That is, when existing KYC data in a blockchain is updated, a data update event of a KYC data registration contract may be triggered to notify a blockchain link point in the blockchain network 10.
On the part of the client 110, the client 110 may provide the blockchain node service itself or through a third party (e.g., the authoritative end 100, the financial end 120, or any service provider with authority to connect to the blockchain node), in other words, the client 110 may directly or indirectly connect to the blockchain network 10 using the blockchain node to detect the smart contract event, where "directly" means that the client 110 itself is a blockchain node within the blockchain network 10 that connects to the blockchain network 10 using a blockchain client program; by "indirect" is meant using a third party integration service, such as a financial institution providing wallet services based on blockchain nodes. Supposing that the client 110 is a block chain node, directly monitoring a 'registration request event' of a 'KYC data request registration contract', when the registration request event is triggered, checking whether a KYC data request contract is initiated for the client 110, and if so, notifying the client to process; assuming that the client 110 is a block link point service provided by a third party, a monitoring address needs to be provided in order to monitor the request registration event of the KYC data request registration contract, and when the registered KYC data request contract is for the client of the service, the client is notified to process the KYC data request contract, which may be accomplished by a mobile application, e-mail, telephone, etc.
As mentioned above, each client 110 includes: a generating module 111, a detecting module 112 and an encrypting/decrypting module 113. The generating module 111 is configured to generate KYC data, for example, provide a Graphical User Interface (GUI) for a client to input and serve as KYC data, and transmit the KYC data to the accountability terminal 100, so that the accountability terminal 100 encrypts and signs and issues a corresponding KYC data contract to the blockchain network 10.
The detecting module 112 is configured to continuously detect a data request notification, and when the data request notification is detected and the account address included in the data request notification matches one of the clients, the matching client 110 reads the KYC data contract of the corresponding client 110 from the blockchain network 10 to obtain the account address, the first encrypted content of each data item, and the hash signature value of each data item, and allows setting the authorization authority of each data item. In practical implementation, the setting of the authorization right refers to setting a corresponding authorization right for each data item, such as: allow, deny, cancel, etc.
The encryption and decryption module 113 is configured to decrypt the obtained first encrypted content of each data item according to the authorization authority and the client private key, generate a set of keys to encrypt each decrypted data item to generate corresponding second encrypted content, encrypt the set of keys with the financial public key to generate a set of encryption keys, and transmit the second encrypted content of each data item, the hash signature value of each data item, and the set of encryption keys to trigger an authorization response event to generate an authorization response notification. In practical implementation, the way of generating a set of keys can be generated by using a Symmetric Encryption (Symmetric Encryption) algorithm and used for Encryption and decryption at the same time, which can improve the Encryption and decryption processing efficiency of each data item compared to using an Asymmetric Encryption (Asymmetric Encryption) algorithm to generate keys. In fact, the first encrypted content differs from the second encrypted content only in that the former is encrypted by the client public key, while the latter is encrypted by the key. It should be noted that the purpose of additionally generating a set of keys to encrypt the data item instead of directly using the client private key is to provide the data item to the designated financial end 120, so as to avoid that other blockchain nodes that also possess the client public key can decrypt the data item.
Then, at the part of the finance end 120, the finance end 120 must be connected with the authority end 100 and also connected with the blockchain network 10 as the blockchain link, and each finance end 120 includes: a request module 121, a receiving module 122, and a review module 123. The request module 121 is configured to issue a KYC data request contract corresponding to the client 110 through a blockchain transaction when KYC data of the client 110 is requested, and register the KYC data request contract in a KYC data request registration contract to trigger a request registration event to generate a data request notification. Therefore, the client 110 can know whether the finance end 120 requests KYC data by detecting whether the registration request event is triggered. In actual implementation, the data request notification may include: the account address of the client 110, the code of the data item, and the signature of the financial terminal 120.
The receiving module 122 is configured to continuously detect an authorization response event of the KYC data request registration contract, receive the second encrypted content of each data item, the hash signature value of each data item, and the set of encryption keys when the authorization response event is triggered to generate an authorization response notification, decrypt the set of encryption keys with the financial end private key to obtain a set of keys, and decrypt the second encrypted content of each data item with the set of keys. Since the encryption key can only be decrypted by the financial end private key, only the blockchain node (i.e., the designated financial end 120) having the financial end private key can obtain the set of keys through decryption, and then decrypt the second encrypted content by using the set of keys to obtain the unencrypted data item, so that the confidentiality of the data item can be ensured.
The review module 123 is configured to perform verification of the hash value and the signature on each decrypted data item according to the public key of the responsible party and the hash signature value of each data item, and review each decrypted data item when the verification is passed and the hash signature value is confirmed to be generated by the responsible party 100. In practical implementation, since the "hash signature value" is generated by signing the "hash value" with the "authority end private key", the financial end 120 may calculate the "authority end public key" by using the "hash value" calculated according to the data item in conjunction with the "hash signature value" when verifying the "hash signature value", and then compare the calculated "authority end public key" with the known "authority end public key", if the comparison result is the same, it means that the data is not tampered, and it is determined that the "hash signature value" is generated by the authority end 100, so the hash value and the signature thereof pass verification, whereas if the "authority end public key" is different, it means that the data is tampered or the hash signature value is not generated by the authority end 100, so the hash value and the signature thereof do not pass verification.
Referring to fig. 2A to fig. 2C, fig. 2A to fig. 2C are flow charts of a method of KYC data sharing with confidentiality according to the present invention, which is applied to a blockchain network 10 for executing an intelligent contract, and the steps of the method include: the accountability terminal 100 issues a KYC data registration contract through the blockchain transaction to provide registration and update of the KYC data contract, and issues a KYC data request registration contract through the blockchain transaction to provide registration and record of the KYC data request contract, wherein the KYC data registration contract includes a data registration event and a data update event, and the KYC data request registration contract includes a request registration event and an authorization response event (step 210); the client 110 generates corresponding KYC data and transmits the KYC data to the accountability terminal 100, wherein the KYC data contains a plurality of data items (step 220); the accountability end 100 verifies the received KYC data, encrypts each data item in the verified KYC data according to the client public key to generate corresponding first encrypted content, and then signs the hash value of each data item according to the accountability end private key to generate a corresponding hash signature value (step 230); the authority terminal 100 issues a KYC data contract containing an account address, first encrypted content of each data item and a hash signature value of each data item through a blockchain transaction, obtains a corresponding KYC data contract address, and registers the KYC data contract address in a KYC data registration contract to trigger a data registration event to generate a registration completion notification (step 240); the financial terminal 120 issues a KYC data request contract corresponding to the client terminal 110 through a blockchain transaction when requesting KYC data of the client terminal 110, and registers the KYC data request contract in the KYC data request registration contract for triggering a request registration event generation data request notification (step 250); after the client 110 detects the data request notification and the account address included in the data request notification matches one of the clients 110, the matching client 110 reads the KYC data contract corresponding to the client 110 from the blockchain network 10 to obtain the account address, the first encrypted content of each data item and the hash signature value of each data item, and allows setting the authorization authority of each data item (step 260); the client 110 decrypts the obtained first encrypted content of each data item according to the authorization authority and the client private key, generates a group of keys to encrypt each decrypted data item to generate a corresponding second encrypted content, encrypts the group of keys with the financial public key to generate a group of encryption keys, and transmits the second encrypted content of each data item, the hash signature value of each data item and the group of encryption keys to trigger an authorization response event to generate an authorization response notification (step 270); the finance end 120 continuously detects an authorization response event of the KYC data request registration contract, receives the second encrypted content of each data item, the hash signature value of each data item and the set of encryption keys after the authorization response event is triggered to generate an authorization response notification, decrypts the set of encryption keys by the finance end private key to obtain a set of keys, and decrypts the second encrypted content of each data item by the set of keys (step 280); the finance side 120 performs verification of the hash value and the signature for each decrypted data item according to the authority side public key and the hash signature value of each data item, and reviews each decrypted data item when the verification is passed and the hash signature value is confirmed to be generated by the authority side 100 (step 290). Through the above steps, KYC data can be provided to the accountability end 100 through the client 110 for encryption, signature and distribution to the blockchain network 10, and an intelligent contract is executed on the blockchain network 10, so that the client 110, the accountability end 100 and the financial end 120 can execute functions of the intelligent contract and detect events of the intelligent contract, so that when the financial end requests to query KYC data, the client 110 can set authorization authority for different data items, and then the financial end 120 directly receives the authorized data items through the client 110, and then verifies whether the data items are authenticated by the accountability end 100 to determine whether to perform review.
It should be noted that after step 240, after the KYC data update is completed, a KYC data contract corresponding to the KYC data is obtained according to the KYC data registration contract, and a data update event is triggered to generate an update completion notification (step 241), so that all nodes of the blockchain network 10 can know that the KYC data has been updated by detecting the update completion notification. Then, after step 290, if the authority terminal 100 is at the beginning, KYC execution registration contract is issued through the blockchain transaction to record the execution result of KYC data execution contract, which records each data item and its signature reviewed by the financial terminal 120 (step 291). In addition, the liability terminal 100 may also issue an account linking contract through a block chain transaction at the beginning, so as to store all account addresses corresponding to each client terminal 110, make all account addresses correspond to the same KYC data, allow the account addresses to be added or deleted, and allow the same KYC data to be received with different account addresses after the financial terminal 120 verifies the account addresses (step 292). Therefore, the client can bind a plurality of account addresses, the probability of identifying the client through the account addresses is reduced, and the privacy is improved.
Referring to fig. 3, fig. 3 is a schematic diagram illustrating how KYC data is uploaded according to the present invention. Assuming that client 110 is to upload KYC data, a client at client 110 may open edit window 300 and type in the data input block 310 the client's own KYC data, for example: name, identification card number, etc., and the storage component 312 is clicked to store the KYC data, if the stored KYC data is to be modified, the editing component 311 may be clicked to edit the data. Next, the stored KYC data may be transmitted to the accountability terminal 100 through the click transmission component 313, so that the accountability terminal 100 issues a corresponding KYC data contract through a blockchain transaction according to the KYC data.
FIG. 4 is a schematic diagram of an encryption and signature data item applied to the authority end according to the present invention. When the authoritative terminal 100 receives the KYC data 400 transmitted by the client 110, the authoritative terminal 100 encrypts each data item by using the client public key to generate the corresponding first encrypted content 410, and further uses a hash algorithm, such as: MD5, SHA-1, SHA-256, etc., perform a hash calculation on each data item to obtain a corresponding hash value 420, and sign the hash values 420 with the authority-side private key to generate a hash-signed value 430. The authority 100 may then issue a KYC data contract containing the account address (e.g., the client public key), the first encrypted content 410, and the hash signature value 430 via a blockchain transaction. In this way, after the transaction verification is completed for a period of time, all blockchain nodes in the blockchain network 10 have the KYC data contract for their own blockchain, and obtain the KYC data contract address corresponding to the contract. And then, registering the KYC data contract address in the KYC data registration contract, namely triggering a data registration event to generate a registration completion notice. And finishing the issuing and registering of the KYC data contract.
As shown in fig. 5, fig. 5 is a schematic diagram illustrating the encryption and decryption performed by the client according to the present invention. When the client 110 detects that the financial terminal 120 triggers a registration request event, it is assumed that the client 110 compares the account address and finds that the account address is the same as the account address of the client, which means that the financial terminal 120 wants to request KYC data from the client, so the client 110 reads a corresponding KYC data contract to obtain the account address, the first encrypted content 410 of each data item, and the hash signature value 430 of each data item. Then, the client is allowed to set the authorization authority of each data item, such as: for example, if the customer wants to authorize the allowed financial terminal 120 to review the name in its KYC data, the customer may be set to "allowed" through the gui, otherwise, if the customer is denied, the customer may be set to "denied", or if the customer wants to cancel the original authorization, the customer may be set to "cancel".
Next, the client 110 may decrypt the first encrypted content 410 according to the authorization authority and the client private key to obtain the decrypted content 500, and then generate a set of keys by using a symmetric encryption algorithm, so as to encrypt the decrypted content 500 by using the set of keys to generate the second encrypted content 510, and the hash signature value 430 remains unchanged. The set of keys is then encrypted using the public key of the requesting financial end 120 to generate a corresponding encrypted key, so as to ensure that only the requesting financial end 120 can decrypt using its private key to obtain the set of keys, i.e., to ensure that only the requesting financial end 120 can decrypt using the set of keys. Finally, the client 110 transmits the second encrypted content 510, the hash signature value 430, and the encryption key to trigger an authorization response event to generate an authorization response notification. After detecting the authorization response notification, the financial terminal 120 knows that the request has been responded by the client terminal 110, and then after receiving the second encrypted content 510, the hash signature value 430 and the encryption key, decrypts the encryption key by using the financial terminal private key to obtain a set of keys, and decrypts the second encrypted content 510 by using the set of keys to obtain KYC data of the client.
Then, in order to ensure the correctness of the KYC data and ensure that the KYC data is not tampered with, the financial terminal 120 calculates a hash value of each data item of the KYC data obtained by decrypting the second encrypted content 510, and calculates an authority public key in a backward pushing manner by using the hash value and the hash value signature 430, and if the calculated authority public key is a known authority public key, the representative: first, the hash signature 430 is generated by the responsible end 100. Secondly, the hash signature value 430 is generated by signature of the hash value of the KYC data, i.e. it represents that the KYC data is not tampered. That is, assuming that the computed hash value and the hash signature value can be computed by using a push-back method to compute the authority public key, i.e. the KYC data is authenticated by the authority 100, the finance end 120 will review each decrypted data item.
In summary, it can be seen that the difference between the present invention and the prior art is that KYC data is provided to the liability terminal 100 through the client terminal 110 for encryption, signature and distribution to the blockchain network 10, and an intelligent contract is executed on the blockchain network 10, so that the client terminal 110, the liability terminal 100 and the financial terminal 120 can execute functions of the intelligent contract and detect events of the intelligent contract, so that when the financial terminal requests to query KYC data, the client terminal 110 can set authorization rights for different data items, and then the financial terminal 120 directly receives the authorized data items through the client terminal 110, and then verifies whether the data items are authenticated by the liability terminal 100 to determine whether to review.
Although the present invention has been described with reference to the foregoing embodiments, it should be understood that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. A KYC data sharing system with confidentiality, which is applied to a block chain network for executing intelligent contracts, and is characterized by comprising:
the authority end, the authority end includes:
the system comprises an initial module, a first module and a second module, wherein the initial module is used for issuing a KYC (Key group customer) data registration contract through a block chain transaction to provide registration and update at least one KYC data contract and issuing a KYC data request registration contract through the block chain transaction to provide registration and record at least one KYC data request contract, the KYC data registration contract comprises a data registration event and a data update event, and the KYC data request registration contract comprises a request registration event and an authorization response event;
the verification module is used for receiving KYC data for verification, the KYC data comprises a plurality of data items, each data item in the verified KYC data is encrypted according to a client public key to generate corresponding first encrypted content, and then the hash value of each data item is signed according to a authority end private key to generate a corresponding hash signature value; and
the registration module is used for issuing the KYC data contract containing an account number address, the first encrypted content of each data item and the Hash seal value of each data item through block chain transaction, obtaining a corresponding KYC data contract address, and registering the KYC data contract address in the KYC data registration contract to trigger the data registration event to generate a registration completion notice;
at least one client, each client comprising:
the generation module is used for generating the KYC data and transmitting the KYC data to the authority terminal;
the detection module is used for continuously detecting a data request notification, when the data request notification is detected and the account address contained in the data request notification is consistent with one of the clients, the consistent client reads the KYC data contract corresponding to the client from the block chain network to obtain the account address, the first encrypted content of each data item and the hash signature value of each data item, and the authorization authority of each data item is allowed to be set; and
the encryption and decryption module is used for decrypting the first encrypted content of each acquired data item according to the authorization authority and a client private key, generating a group key for encrypting each decrypted data item to generate corresponding second encrypted content, encrypting the group key by using a financial end public key to generate a group encryption key, and transmitting the second encrypted content of each data item, the hash signature value of each data item and the group encryption key to trigger the authorization response event to generate an authorization response notice; and
at least one finance end, each finance end includes:
the request module is used for issuing the KYC data request contract corresponding to the client through a blockchain transaction when the KYC data of the client is requested, and registering the KYC data request contract in the KYC data request registration contract to trigger the request registration event to generate the data request notification;
a receiving module, configured to continuously detect the authorization response event of the KYC data request registration contract, receive the second encrypted content of each data item, the hash signature value of each data item, and the group encryption key after the authorization response event is triggered to generate the authorization response notification, decrypt the group encryption key with a financial end private key to obtain the group key, and decrypt the second encrypted content of each data item with the group key; and
and the review module is used for verifying the hash value and the signature of each decrypted data item according to the public key of the authority end and the hash signature value of each data item, and reviewing each decrypted data item when the verification is passed and the hash signature value is confirmed to be generated by the authority end.
2. The KYC data sharing system with confidentiality of claim 1, wherein said accountability end further comprises an updating module for obtaining said KYC data contract corresponding to said KYC data according to said KYC data registration contract after completion of updating of said KYC data, and triggering said data updating event to generate an update completion notification.
3. The KYC data sharing system with confidentiality according to claim 1, wherein said authority terminal issues a KYC evaluation contract at the same time as registering said KYC data contract, and registers a KYC evaluation contract address of said KYC evaluation contract with a KYC evaluation registration contract issued in advance, for allowing said financial terminal obtaining said authorization authority to evaluate and risk-mark said KYC data of said client terminal.
4. The KYC data sharing system with confidentiality of claim 1, wherein said initial module of said accountability end further issues KYC execution registration contract through blockchain transaction for recording execution result of at least one KYC data execution contract, said KYC data execution contract recording each data item and its signature reviewed by said financial end.
5. The KYC data sharing system with confidentiality of claim 1, wherein the initial module of the accountability end further issues an account linking contract through a block chain transaction, so as to store at least one account address corresponding to each client, enable the account addresses to correspond to the same KYC data, allow addition or deletion of the account addresses, and allow receiving of the same KYC data with different account addresses after the account addresses are verified by the financial end.
6. A KYC data sharing method with confidentiality is applied to a block chain network executing an intelligent contract, and is characterized by comprising the following steps:
the method comprises the following steps that a liability terminal issues a KYC (Key raw customer) data registration contract through a blockchain transaction to provide registration and update at least a KYC data contract and issues a KYC data request registration contract through the blockchain transaction to provide registration and record at least one KYC data request contract at the beginning, wherein the KYC data registration contract comprises a data registration event and a data update event, and the KYC data request registration contract comprises a request registration event and an authorization response event;
at least one client generates corresponding KYC data and transmits the KYC data to the accountability terminal, wherein the KYC data comprises a plurality of data items;
the authority terminal verifies the received KYC data, encrypts each data item in the KYC data passing the verification respectively according to a client public key to generate corresponding first encrypted content, and then signs the hash value of each data item according to a private key of the authority terminal to generate a corresponding hash signature value;
the authority terminal issues the KYC data contract containing an account number address, the first encrypted content of each data item and the Hash seal value of each data item through blockchain transaction, obtains a corresponding KYC data contract address, and registers the KYC data contract address in the KYC data registration contract to trigger the data registration event to generate a registration completion notice;
when the client requests the KYC data, the financial terminal issues the KYC data request contract corresponding to the client through a blockchain transaction and registers the KYC data request contract in the KYC data request registration contract to trigger the registration request event to generate a data request notification;
after the client detects the data request notification and the account address contained in the data request notification is consistent with one of the clients, the consistent client reads the KYC data contract corresponding to the client from the blockchain network to obtain the account address, the first encrypted content of each data item and the hash signature value of each data item, and allows setting of authorization authority of each data item;
the client decrypts the obtained first encrypted content of each data item according to the authorization authority and a client private key, generates a group of keys to encrypt each decrypted data item to generate corresponding second encrypted content, encrypts the group of keys by a financial end public key to generate a group of encryption keys, and transmits the second encrypted content of each data item, the hash signature value of each data item and the group of encryption keys to trigger the authorization response event to generate an authorization response notice;
the financial terminal continuously detects the authorization response event of the KYC data request registration contract, receives the second encrypted content of each data item, the hash signature value of each data item and the group encryption key after the authorization response event is triggered to generate the authorization response notification, decrypts the group encryption key by using a financial terminal private key to obtain the group key, and then decrypts the second encrypted content of each data item by using the group key; and
the financial terminal performs verification of a hash value and a signature on each decrypted data item according to a public key of the authority terminal and the hash signature value of each data item, and reviews each decrypted data item when the verification is passed and the hash signature value is confirmed to be generated by the authority terminal.
7. The KYC data sharing method with confidentiality of claim 6, further comprising the step of obtaining said KYC data contract corresponding to said KYC data according to said KYC data registry contract after completion of updating of said KYC data, and triggering said data update event generation update completion notification.
8. The KYC data sharing method with confidentiality according to claim 6, wherein said authority terminal issues KYC evaluation contracts while registering said KYC data contracts, and registers KYC evaluation contract addresses of said KYC evaluation contracts to a pre-issued KYC evaluation registration contract for allowing said financial terminal obtaining said authorization authority to evaluate and risk-mark said KYC data of said client.
9. The KYC data sharing method with confidentiality of claim 6, further comprising the step of said accountability end issuing KYC execution registration contract through blockchain transaction at initial time for recording the execution result of at least one KYC data execution contract, said KYC data execution contract recording each data item and its signature reviewed by said financial end.
10. The KYC data sharing method with the confidentiality of claim 6, further comprising the steps of issuing an account linking contract through a block chain transaction at an initial time by the liability terminal to store at least one account address corresponding to each client, enabling the account addresses to correspond to the same KYC data, allowing the account addresses to be added or deleted, and allowing the same KYC data to be received by different account addresses after the account addresses are verified by the financial terminal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811315195.3A CN111147432B (en) | 2018-11-06 | 2018-11-06 | KYC data sharing system with confidentiality and method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811315195.3A CN111147432B (en) | 2018-11-06 | 2018-11-06 | KYC data sharing system with confidentiality and method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111147432A CN111147432A (en) | 2020-05-12 |
CN111147432B true CN111147432B (en) | 2021-10-26 |
Family
ID=70516447
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811315195.3A Active CN111147432B (en) | 2018-11-06 | 2018-11-06 | KYC data sharing system with confidentiality and method thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111147432B (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113743914A (en) * | 2020-05-27 | 2021-12-03 | 北京金山云网络技术有限公司 | Client identity authentication method, device, equipment and storage medium |
CN111626735B (en) * | 2020-05-28 | 2020-12-22 | 上海逐鲨智能科技有限公司 | Data interaction system, method and module |
CN111770201B (en) * | 2020-08-31 | 2020-12-04 | 支付宝(杭州)信息技术有限公司 | Data verification method, device and equipment |
CN111767578B (en) | 2020-08-31 | 2021-06-04 | 支付宝(杭州)信息技术有限公司 | Data inspection method, device and equipment |
CN111770112B (en) | 2020-08-31 | 2020-11-17 | 支付宝(杭州)信息技术有限公司 | Information sharing method, device and equipment |
CN112700852A (en) * | 2021-01-07 | 2021-04-23 | 福州数据技术研究院有限公司 | Method for issuing and managing medical data assets based on block chain intelligent contracts and storage device |
CN112784307A (en) * | 2021-02-04 | 2021-05-11 | 南京区盟链信息科技有限公司 | KYC compliance supervision method based on block chain |
CN112861085A (en) * | 2021-02-18 | 2021-05-28 | 北京通付盾人工智能技术有限公司 | KYC security service system and method |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108200028A (en) * | 2017-12-27 | 2018-06-22 | 飞天诚信科技股份有限公司 | A kind of block chain obtains safely the method and system of server trust data |
TWI629658B (en) * | 2017-05-08 | 2018-07-11 | 富邦金融控股股份有限公司 | Know your customer (kyc) data sharing system based on smart contract on blockchain and method thereof |
TWI636415B (en) * | 2017-08-22 | 2018-09-21 | 台新金融控股股份有限公司 | Decentralization know your customer (kyc) system based on blockchain smart contract and method thereof |
CN108632284A (en) * | 2018-05-10 | 2018-10-09 | 网易(杭州)网络有限公司 | User data authorization method, medium, device and computing device based on block chain |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3440823B1 (en) * | 2016-04-05 | 2020-09-02 | Zamna Technologies Limited | Method and system for managing personal information within independent computer systems and digital networks |
US10356102B2 (en) * | 2017-02-24 | 2019-07-16 | Verizon Patent And Licensing Inc. | Permissions using blockchain |
-
2018
- 2018-11-06 CN CN201811315195.3A patent/CN111147432B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI629658B (en) * | 2017-05-08 | 2018-07-11 | 富邦金融控股股份有限公司 | Know your customer (kyc) data sharing system based on smart contract on blockchain and method thereof |
TWI636415B (en) * | 2017-08-22 | 2018-09-21 | 台新金融控股股份有限公司 | Decentralization know your customer (kyc) system based on blockchain smart contract and method thereof |
CN108200028A (en) * | 2017-12-27 | 2018-06-22 | 飞天诚信科技股份有限公司 | A kind of block chain obtains safely the method and system of server trust data |
CN108632284A (en) * | 2018-05-10 | 2018-10-09 | 网易(杭州)网络有限公司 | User data authorization method, medium, device and computing device based on block chain |
Also Published As
Publication number | Publication date |
---|---|
CN111147432A (en) | 2020-05-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111147432B (en) | KYC data sharing system with confidentiality and method thereof | |
CN109862041B (en) | Digital identity authentication method, equipment, device, system and storage medium | |
CN109951489B (en) | Digital identity authentication method, equipment, device, system and storage medium | |
EP3665857B1 (en) | Blockchain architecture with record security | |
US20210004454A1 (en) | Proof of affinity to a secure event for frictionless credential management | |
CN110535833B (en) | Data sharing control method based on block chain | |
EP3701668B1 (en) | Methods for recording and sharing a digital identity of a user using distributed ledgers | |
CN117579281A (en) | Method and system for ownership verification using blockchain | |
US8495383B2 (en) | Method for the secure storing of program state data in an electronic device | |
CN108768933B (en) | Autonomous supervision digital identity authentication system on block chain platform | |
US11831753B2 (en) | Secure distributed key management system | |
CN108965228B (en) | Dispute relief system with KYC data mark of multiple keys and method thereof | |
TWI644556B (en) | Know your customer (kyc) data sharing system with privacy and method thereof | |
CN110599270B (en) | Electronic bill generation method and device and computer equipment | |
TW201843635A (en) | Know your customer (kyc) data sharing system based on smart contract on blockchain and method thereof | |
CN113015991A (en) | Secure digital wallet processing system | |
CN104484628B (en) | It is a kind of that there is the multi-application smart card of encrypting and decrypting | |
US20100031045A1 (en) | Methods and system and computer medium for loading a set of keys | |
CN109951294B (en) | Information updating management method in electronic label system and related equipment | |
CN111079190A (en) | Block chain supply chain transaction hiding dynamic supervision system and method | |
TW201907346A (en) | System for issuing and verifying certificates based on blockchain and method thereof | |
CN113706261A (en) | Block chain-based power transaction method, device and system | |
CN110610416A (en) | KYC data sharing system and method based on block chain intelligent contract | |
TWM585941U (en) | Account data processing system | |
CN116992470B (en) | Collaborative authorization protocol signing method, device, computer equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40018348 Country of ref document: HK |
|
GR01 | Patent grant | ||
GR01 | Patent grant |