CN111614687A - Identity verification method, system and related device - Google Patents

Identity verification method, system and related device Download PDF

Info

Publication number
CN111614687A
CN111614687A CN202010456192.2A CN202010456192A CN111614687A CN 111614687 A CN111614687 A CN 111614687A CN 202010456192 A CN202010456192 A CN 202010456192A CN 111614687 A CN111614687 A CN 111614687A
Authority
CN
China
Prior art keywords
identity
personal digital
digital identity
authentication request
personal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010456192.2A
Other languages
Chinese (zh)
Inventor
陈邦道
向梦雅
欧阳定光
雷虹
于川
王伶任
田宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Oxford Hainan Blockchain Research Institute Co ltd
Original Assignee
Oxford Hainan Blockchain Research Institute Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oxford Hainan Blockchain Research Institute Co ltd filed Critical Oxford Hainan Blockchain Research Institute Co ltd
Priority to CN202010456192.2A priority Critical patent/CN111614687A/en
Publication of CN111614687A publication Critical patent/CN111614687A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Theoretical Computer Science (AREA)
  • Power Engineering (AREA)
  • Biomedical Technology (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides an identity authentication method, which comprises the following steps: receiving an identity authentication request; the identity verification request comprises personal information restriction conditions; calling a preset configuration file from a block chain storage node to acquire a personal digital identity corresponding to the identity authentication request; judging whether the personal digital identity meets the personal information limiting condition or not; if so, passing the identity authentication request; if not, rejecting the identity authentication request. The method and the device have the advantages that login anonymity is realized, personal information privacy of the user is effectively guaranteed, meanwhile, the user does not need to repeatedly perform personal identity verification, and the personal digital identity is directly called through the block chain storage node to be used by upper-layer services, so that personal digital identity sharing based on the block chain technology is realized, and the user registration account opening time is reduced. The application also provides an identity authentication system, a computer readable storage medium and an identity authentication terminal, which have the beneficial effects.

Description

Identity verification method, system and related device
Technical Field
The present application relates to the field of information security, and in particular, to an authentication method, an authentication system, and a related apparatus.
Background
The mainstream identity problem solution of the current internet is an account-based identity management mode, and most internet identities are centralized. This means that they are owned and controlled by a single entity organization, such as an e-commerce website or the vast majority of internet identities at society, are centralized. In certain application domains, local identification works well, but it is difficult to meet the rapidly growing demands of today's users for interaction with various online websites and services.
Under an application-centric account management mode, a user does not have a complete digital identity of the user, and the control, update and maintenance of the information can only be developed one by one based on the application and are often repeated and cumbersome. For example, people need to submit the same identity information in various business systems and repeat similar identity authentication processes. Meanwhile, a large amount of authentication cost is generated in the identity authentication.
Therefore, how to reduce the complexity of the authentication process in internet applications is a technical problem that needs to be solved urgently by those skilled in the art.
Disclosure of Invention
The purpose of the application is to provide an identity verification method, an identity verification system, a computer readable storage medium and an identity verification terminal, which can prevent a user from repeatedly performing identity authentication in internet application.
In order to solve the technical problem, the application provides an identity authentication method, which has the following specific technical scheme:
receiving an identity authentication request; the identity verification request comprises personal information restriction conditions;
calling a preset configuration file from a block chain storage node to acquire a personal digital identity corresponding to the identity authentication request;
judging whether the personal digital identity meets the personal information limiting condition or not;
if so, passing the identity authentication request;
if not, rejecting the identity authentication request.
Optionally, before calling a preset configuration file from the blockchain storage node to obtain the personal digital identity corresponding to the authentication request, the method further includes:
registering a personal digital identity;
the registering the personal digital identity includes:
sending an authentication request and identity data to a trusted digital identity platform;
after the trusted digital identity platform passes the identity data verification, receiving a digital certificate returned by the trusted digital identity platform;
creating a digital identity corresponding to the identity data;
and encrypting the digital identity by using the digital certificate to obtain the personal digital identity.
Optionally, after obtaining the personal digital identity, the method further includes:
and storing the personal digital identity to each blockchain storage node in a distributed mode.
Optionally, the distributively storing the personal digital identity to each blockchain storage node includes:
carrying out Hash calculation on the personal digital identity to obtain Hash data corresponding to the personal digital identity;
and storing the hash data to each block chain storage node.
Optionally, the distributively storing the personal digital identity to each blockchain storage node includes:
and storing the personal digital identity to each blockchain storage node in a distributed mode based on an IPFS protocol.
Optionally, the step of calling a preset configuration file from the blockchain storage node to obtain the personal digital identity corresponding to the authentication request includes:
calling a preset configuration file from a block chain storage node to obtain a distributed account book;
and acquiring the personal digital identity corresponding to the identity authentication request from the distributed account book.
Optionally, if the request for modifying the personal digital identity is received, the method further includes:
judging whether the personal digital identity maintained by the distributed account book changes;
if not, rejecting the modification request.
Optionally, encrypting the digital identity by using the digital certificate, and obtaining the personal digital identity further includes:
generating an identifier corresponding to the personal digital identity;
a distributed digital identity wallet is generated from the identifier for storing and modifying the personal digital identity.
The application also provides an identity verification system, and the specific technical scheme is as follows:
the receiving module is used for receiving an identity authentication request; the identity verification request comprises personal information restriction conditions;
the acquisition module is used for calling a preset configuration file from the block chain storage node to acquire the personal digital identity corresponding to the identity authentication request;
the judging module is used for judging whether the personal digital identity meets the personal information limiting condition or not;
the request passing module is used for passing the identity authentication request when the judgment module judges that the identity authentication request is positive;
and the request rejection module is used for rejecting the identity authentication request when the judgment module judges that the identity authentication request is negative.
Optionally, the method includes:
the identity registration module is used for registering the personal digital identity before calling a preset configuration file from the block chain storage node to acquire the personal digital identity corresponding to the identity authentication request;
the identity registration module is specifically used for sending an authentication request and identity data to the trusted digital identity platform; after the trusted digital identity platform passes the identity data verification, receiving a digital certificate returned by the trusted digital identity platform; creating a digital identity corresponding to the identity data; and the digital identity is encrypted by utilizing the digital certificate to obtain a module of the personal digital identity.
The present application also provides a computer-readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method as set forth above.
The present application further provides a server comprising a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of the method described above when calling the computer program in the memory.
The application provides an identity authentication method, which comprises the following steps: receiving an identity authentication request; the identity verification request comprises personal information restriction conditions; calling a preset configuration file from a block chain storage node to acquire a personal digital identity corresponding to the identity authentication request; judging whether the personal digital identity meets the personal information limiting condition or not; if so, passing the identity authentication request; if not, rejecting the identity authentication request.
When the method and the device are used for identity authentication, the user does not need to register personal identity every time, but directly calls the personal digital identity corresponding to the identity authentication request from the storage node of the block chain, meanwhile, the user does not need to input actual personal information of the user, but judges whether the identity authentication party is a legal user by comparing the personal digital identity with the personal information limit condition in the identity authentication request through inputting the limit condition of the personal information. The method and the device have the advantages that login anonymity is realized, personal information privacy of the user is effectively guaranteed, meanwhile, the user does not need to repeatedly perform personal identity verification, and the personal digital identity is directly called through the block chain storage node to be used by upper-layer services, so that personal digital identity sharing based on the block chain technology is realized, and the user registration account opening time is reduced.
The application also provides an identity authentication system, a computer readable storage medium and an identity authentication terminal, which have the beneficial effects and are not repeated herein.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of an identity authentication method according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of an identity verification system according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a flowchart of an identity verification method according to an embodiment of the present application, where the method includes:
s101: receiving an identity authentication request; the identity authentication request comprises a personal information restriction condition;
the authentication request does not need to contain accurate data of personal information, and only needs to contain some limiting conditions. The number and contents of the personal information limitation contained are not particularly limited herein. E.g. the user's actual age is 20 years, it may contain a restriction on the age, e.g. the user does not exceed 22 years, etc. By using the limiting conditions, the user does not need to input personal real identity data, the anonymous processing of the user data is realized, and the data security in the identity verification process is improved. It will be readily understood, of course, that the authentication request should include at least one item of data identifying the identity of the individual, such as a user name. It should be noted that the user name herein does not refer to the real name of the user. Since the application is usually located in the terminal device during registration, the terminal device or the application on the terminal device is used, and thus the user name may be a user name of an application account. Of course, the user name should correspond to the real name. However, even if the terminal device is invaded to obtain the user name, the attacker still cannot determine the real name corresponding to the user name.
S102: calling a preset configuration file from a block chain storage node to acquire a personal digital identity corresponding to the identity authentication request;
this step is intended to obtain a personal digital identity from a storage node of the blockchain. The preset configuration file is not specifically limited, and for example, xml configuration file may be used to perform related authentication service, and an xml keyword of a preset type is configured to instantiate an accessed task service, and call the authentication service according to a configured authentication interface, a configured parameter structure, and the like. This step may mask the underlying service providers, since different applications typically originate from different server providers, and their way of personal authentication for the user is different, which may vary, including the underlying interfaces employed, the type of authentication, the level of authentication, etc. For example, the requirements for the level of personal authentication of the payment system and the login system of a common website are obviously greatly different, and the requirements for the personal authentication of the payment system are higher. In the step, the preset configuration file is called, so that the method can be adapted to different data structures, authentication types and bottom layer interfaces, the bottom layer authentication is directly shielded, the preset configuration file is adopted to obtain the personal digital identity, and at the moment, only the corresponding drive configuration file can be loaded. The drive profile refers to a drive necessary for a third party authentication service, an authentication certificate, or the like.
In other words, the preset configuration file is adopted in the step, the bottom layer authentication service process is unified, and the unification of the authentication type, the authentication parameter, the authentication mode, the authentication interface and the authentication response is realized.
As a preferred embodiment, this step may include the following two steps:
s1021: calling a preset configuration file from a block chain storage node to obtain a distributed account book;
s1022: and acquiring the personal digital identity corresponding to the identity authentication request from the distributed account book.
The present embodiment is intended to establish a distributed digital identity, and no specific limitation is placed on how to establish a distributed personal digital identity, and the present embodiment preferably takes the DPKI technology as an example, so-called DPKI technology, that is, distributed public key infrastructure. The DPKI realizes the non-falsification and the global sharing of the identity ID-vk (verification public key) information of the identity owner based on the distributed account book, so that different entities in regions and organizations can achieve consensus on the content and the state of shared identity data, and distributed trust is formed.
Distributed key management can be achieved by providing an entity with a distributed digital identity wallet application, which supports a user to create an identity by himself, to maintain an identity secret (private) key and to control key usage; while the owner identity identifier and associated verification public key information are registered and published through a non-tamperproof distributed ledger. The DPKI based on the design can work normally even on mobile equipment with limited resources, and can realize the integrity protection of the user identity identifier by providing private key protection.
The aim of realizing point-to-point authentication and secure communication based on the DPKI is to provide a secure and confidential point-to-point trust relationship for users and data. It needs to ensure that data in a peer-to-peer network is not accessed by unauthorized persons; ensuring that the sent data is sent by an authorized peer node, and the data cannot be forged or modified by an unauthorized person; there is also a need to ensure that authorized peers can use network resources properly, but not by unauthorized persons.
The DPKI supports the return of control of the identity ID to the owner himself and eliminates the effects of MITM (Man-in-the-middle-attacks) that plague traditional Public Key Infrastructure (PKI) while ensuring that no single third party can compromise the integrity and security of the overall system.
The basis of the DPKI is a distributed ledger with distributed key-value data storage capability, which serves as a distributed digital identity registry. As long as such registration is in a valid state and ensures that the identity owner retains control of its private key, no third party can have access to the identifier, and the identity holder will not be impersonated and compromised.
The distributed ledger is mainly characterized in that multiple nodes are maintained together to ensure that the records of the public ledger cannot be tampered. In the distributed digital identity architecture, the distributed ledger is mainly used for supporting the release and maintenance of personal digital identity data (ID, public key, communication entry point), so that all entities can perform mutual identity authentication and secure network communication by retrieving the ID and the secret key of an interactive object. In addition, the distributed digital identity book can also be used for recording and publishing the certificate template information and the certificate storage information of the certificate flow.
S103: judging whether the personal digital identity meets the personal information limiting condition or not; if yes, entering S104; if not, entering S105;
s104: passing the identity authentication request;
s105: the authentication request is denied.
After the personal digital identity is obtained, the personal information limiting condition and the personal digital identity are compared and judged so as to confirm that the requested personal digital identity conforms to the personal information limiting condition in the identity verification request. And if any personal information restriction condition is not met, the personal digital identity is considered to be not met with the personal information restriction condition, and the authentication request is rejected. In addition, if the authentication request passes, the acquired personal digital identity is used as the requester identity of the request, and the authentication requester is allowed to access other applications or terminals in the network by using the personal digital identity.
When the identity authentication is carried out, the user does not need to register the personal identity every time, but directly calls the personal digital identity corresponding to the identity authentication request from the storage node of the block chain, meanwhile, the user does not need to input the actual personal information of the user, but judges whether the identity authentication party is a legal user by comparing the personal digital identity with the personal information limit condition in the identity authentication request through inputting the limit condition of the personal information. The method and the device have the advantages that login anonymity is realized, personal information privacy of the user is effectively guaranteed, meanwhile, the user does not need to repeatedly perform personal identity verification, and the personal digital identity is directly called through the block chain storage node to be used by upper-layer services, so that personal digital identity sharing based on the block chain technology is realized, and the user registration account opening time is reduced.
Based on the above embodiment, as a preferred embodiment, if a request for modifying the personal digital identity is received, the following steps may be performed:
judging whether the personal digital identity maintained by the distributed account book changes;
if not, the modification request is refused.
Since the distributed ledger maintains the personal digital identity on each blockchain storage node, that is, the personal digital identity on each storage node should be uniform, once the personal digital identity of any one storage node changes, in fact, for the whole blockchain, the personal digital identity maintained by the distributed ledger on other storage nodes does not change, and since data sharing based on the blockchain technology is realized, the modification request is rejected. In the prior art, an attacker only needs to attack a server corresponding to a certain application to tamper account information or personal identity data of a user, and in this embodiment, the personal digital identities on all storage nodes in the blockchain are unified, so that the attacker is difficult to attack all nodes in the blockchain, and the stability and the security of the personal digital identities are ensured.
On the basis of the above embodiment, it is easy to know that the user only needs to register once on all nodes of the block chain, and the registration process of the personal digital identity is described below:
the first step is as follows: sending an authentication request and identity data to a trusted digital identity platform;
the second step is that: after the trusted digital identity platform passes the identity data verification, receiving a digital certificate returned by the trusted digital identity platform;
the third step: creating a digital identity corresponding to the identity data;
the fourth step: and encrypting the digital identity by using the digital certificate to obtain the personal digital identity.
Firstly, when a user registers, an authentication request and identity data are sent to a trusted digital identity platform, and the trusted digital identity platform is not specifically limited, and is mainly used for requesting a digital certificate for encrypting the identity data from a CA authentication system. In the second embodiment, the identity data is not specifically limited, the identity data may include, but is not limited to, a series of data representing a person or an object, such as an identity card number, DNA, a fingerprint, a pupil, a face, a personal certificate, an enterprise certificate, an identification code, and the like, and the personal identity data may be obtained by digitizing personal physical information and identity data through a network.
The trusted digital identity platform needs to verify the identity data, and is usually forwarded to a third party authentication data source by the trusted digital identity platform for authentication. By third party certification data source is meant a public data source which is used to avoid secondary registration of personal digital identities and to ensure that the registrant is a legitimate natural person, etc. Therefore, all users need to be authenticated by the third-party authentication data source when registering. The trusted digital identity platform may be a different application.
After the identity data passes the verification, the identity data can be encrypted by using the digital certificate to form the personal digital identity. Typically, a digital certificate key is also generated or set by the user.
In addition, when the personal digital identity is obtained, an identifier corresponding to the personal digital identity can be generated. The identifier is used to generate a distributed digital identity wallet for storing and modifying personal digital identities.
The distributed digital identity wallet is used for bearing personal digital identity, and is a basic tool for a user to manage own digital identity. Which typically exists in the form of a terminal device or an application on a terminal device. The user can realize the actions of changing the personal digital identity, authorizing and the like through the distributed digital identity wallet. It should be noted, however, that the identifier is only present in the initially registered device after registration is completed, and the user needs to effect authorization or transfer of the distributed digital identity wallet between the terminals, i.e. to effect authorization or transfer of the identifier, if the user needs to modify the personal digital identity on another terminal device. The authorization may include a temporary authorization or a permanent authorization, and is not particularly limited herein. In other words, terminals corresponding to the distributed digital identity wallet may perform authorization and transfer between wallets through corresponding communication methods, including but not limited to bluetooth, NFC, or other mesh network protocols. It should be noted that an authorized distributed digital identity wallet would not be able to effect a change to the personal digital identity without containing an identifier.
In other words, only the device containing the identifier can implement the modification of the corresponding personal digital identity, and at the time of modification, the distributed ledger is updated by the identifier to implement the update of the personal digital identity. By the method, the safety of the user for managing and controlling the personal digital identity is realized, the information safety of the user is given to the user for management, and the experience of the user in the Internet is improved. Of course, on the basis of this, those skilled in the art can also perform further security maintenance on the identifier or the device containing the identifier, and all that should be considered within the scope of the present application.
In addition, after the personal digital identity is obtained, the personal digital identity can be stored in each blockchain storage node in a distributed mode. It is readily understood that storage is not directly in ciphertext or plaintext at this time. The personal digital identity can be subjected to hash calculation to obtain hash data corresponding to the personal digital identity, and then the hash data is stored in each block chain storage node. As the block chain technology is used as a distributed technology, the block chain technology only has better storage and query services for the structured data, and is not good for the storage and retrieval of the unstructured data of the text type, therefore, the block chain technology adopts text distribution storage and obtains hash data such as corresponding storage paths and the like, and then chains up the hash values to deduce and obtain the text type containing the personal digital identity layer by layer.
It should be noted that, in this embodiment, the personal digital identity is required to be stored in each storage node in the block chain, and when the user performs identity authentication in an application corresponding to any one storage node, the user can directly perform authentication by using the personal digital identity on the storage node without performing personal identity registration again.
When performing distributed storage, the personal digital identity may be stored in a distributed manner to each blockchain storage node based on the IPFS protocol. Of course, those skilled in the art may also adopt other distributed storage schemes, which are not limited herein by way of example.
In the following, an identity authentication system provided by an embodiment of the present application is introduced, and the identity authentication system described below and the identity authentication method described above may be referred to correspondingly.
Referring to fig. 2, fig. 2 is a schematic structural diagram of an authentication system provided in an embodiment of the present application, and the present application further provides an authentication system, including:
a receiving module 100, configured to receive an authentication request; the identity verification request comprises personal information restriction conditions;
an obtaining module 200, configured to call a preset configuration file from a blockchain storage node to obtain a personal digital identity corresponding to the authentication request;
a determining module 300, configured to determine whether the personal digital identity meets the personal information restriction condition;
a request passing module 400, configured to pass the authentication request when the determining module determines that the request is positive;
a request rejecting module 500, configured to reject the authentication request when the determining module determines that the authentication request is negative.
Based on the above embodiment, as a preferred embodiment, the identity verification system may further include:
the identity registration module is used for sending an authentication request and identity data to the trusted digital identity platform; after the trusted digital identity platform passes the identity data verification, receiving a digital certificate returned by the trusted digital identity platform; creating a digital identity corresponding to the identity data; and encrypting the digital identity by using the digital certificate to obtain the personal digital identity.
The present application also provides a computer readable storage medium having stored thereon a computer program which, when executed, may implement the steps provided by the above-described embodiments. The storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The application also provides an identity authentication terminal, which may include a memory and a processor, where the memory stores a computer program, and the processor may implement the steps provided in the above embodiment when calling the computer program in the memory. Of course, the authentication terminal may further include various network interfaces, power supplies, and other components.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system provided by the embodiment, the description is relatively simple because the system corresponds to the method provided by the embodiment, and the relevant points can be referred to the method part for description.
The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

Claims (10)

1. An identity verification method, comprising:
receiving an identity authentication request; the identity verification request comprises personal information restriction conditions;
calling a preset configuration file from a block chain storage node to acquire a personal digital identity corresponding to the identity authentication request;
judging whether the personal digital identity meets the personal information limiting condition or not;
if so, passing the identity authentication request;
if not, rejecting the identity authentication request.
2. The identity authentication method according to claim 1, wherein before calling a preset configuration file from the blockchain storage node to obtain the personal digital identity corresponding to the identity authentication request, the method further comprises:
registering a personal digital identity;
the registering the personal digital identity includes:
sending an authentication request and identity data to a trusted digital identity platform;
after the trusted digital identity platform passes the identity data verification, receiving a digital certificate returned by the trusted digital identity platform;
creating a digital identity corresponding to the identity data;
and encrypting the digital identity by using the digital certificate to obtain the personal digital identity.
3. The method of authenticating identity of claim 2, further comprising, after obtaining the digital identity of the individual:
and storing the personal digital identity to each blockchain storage node in a distributed mode.
4. The identity verification method of claim 3, wherein the distributed storage of the personal digital identity to each blockchain storage node comprises:
carrying out Hash calculation on the personal digital identity to obtain Hash data corresponding to the personal digital identity;
and storing the hash data to each block chain storage node.
5. The identity authentication method of claim 1, wherein the step of calling a preset configuration file from the blockchain storage node to obtain the personal digital identity corresponding to the identity authentication request comprises:
calling a preset configuration file from a block chain storage node to obtain a distributed account book;
and acquiring the personal digital identity corresponding to the identity authentication request from the distributed account book.
6. The method of claim 5, wherein if a request for modification of the personal digital identity is received, further comprising:
judging whether the personal digital identity maintained by the distributed account book changes;
if not, rejecting the modification request.
7. The identity authentication method of claim 2, wherein the encrypting the digital identity by the digital certificate further comprises:
generating an identifier corresponding to the personal digital identity;
a distributed digital identity wallet is generated from the identifier for storing and modifying the personal digital identity.
8. An identity verification system, comprising:
the receiving module is used for receiving an identity authentication request; the identity verification request comprises personal information restriction conditions;
the acquisition module is used for calling a preset configuration file from the block chain storage node to acquire the personal digital identity corresponding to the identity authentication request;
the judging module is used for judging whether the personal digital identity meets the personal information limiting condition or not;
the request passing module is used for passing the identity authentication request when the judgment module judges that the identity authentication request is positive;
and the request rejection module is used for rejecting the identity authentication request when the judgment module judges that the identity authentication request is negative.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 7.
10. An authentication terminal comprising a memory having a computer program stored therein and a processor which, when invoked by the computer program in the memory, carries out the steps of the method according to any one of claims 1 to 7.
CN202010456192.2A 2020-05-26 2020-05-26 Identity verification method, system and related device Pending CN111614687A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010456192.2A CN111614687A (en) 2020-05-26 2020-05-26 Identity verification method, system and related device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010456192.2A CN111614687A (en) 2020-05-26 2020-05-26 Identity verification method, system and related device

Publications (1)

Publication Number Publication Date
CN111614687A true CN111614687A (en) 2020-09-01

Family

ID=72204940

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010456192.2A Pending CN111614687A (en) 2020-05-26 2020-05-26 Identity verification method, system and related device

Country Status (1)

Country Link
CN (1) CN111614687A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112860795A (en) * 2021-02-07 2021-05-28 新大陆(福建)公共服务有限公司 Block chain-based digital identity authentication method and system
CN113660632A (en) * 2021-06-29 2021-11-16 国家计算机网络与信息安全管理中心 V2X identity management method and management system based on block chain

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107026816A (en) * 2016-01-29 2017-08-08 阿里巴巴集团控股有限公司 A kind of identity identifying method and device
CN108881301A (en) * 2018-08-02 2018-11-23 珠海宏桥高科技有限公司 A kind of identity identifying method based on block chain
CN109617692A (en) * 2018-12-13 2019-04-12 郑州师范学院 A kind of anonymous login method and system based on block chain
CN109714174A (en) * 2019-02-18 2019-05-03 中国科学院合肥物质科学研究院 A kind of internet of things equipment digital identity management system and its method based on block chain
CN110049060A (en) * 2019-04-28 2019-07-23 南京理工大学 Distributed trusted identity based on block chain deposits card method and system
WO2020076261A1 (en) * 2018-06-07 2020-04-16 Elektronik Bilgi Guvenligi Anonim Sirketi A personal identification method comprising e-signature and blockchain layers

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107026816A (en) * 2016-01-29 2017-08-08 阿里巴巴集团控股有限公司 A kind of identity identifying method and device
WO2020076261A1 (en) * 2018-06-07 2020-04-16 Elektronik Bilgi Guvenligi Anonim Sirketi A personal identification method comprising e-signature and blockchain layers
CN108881301A (en) * 2018-08-02 2018-11-23 珠海宏桥高科技有限公司 A kind of identity identifying method based on block chain
CN109617692A (en) * 2018-12-13 2019-04-12 郑州师范学院 A kind of anonymous login method and system based on block chain
CN109714174A (en) * 2019-02-18 2019-05-03 中国科学院合肥物质科学研究院 A kind of internet of things equipment digital identity management system and its method based on block chain
CN110049060A (en) * 2019-04-28 2019-07-23 南京理工大学 Distributed trusted identity based on block chain deposits card method and system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112860795A (en) * 2021-02-07 2021-05-28 新大陆(福建)公共服务有限公司 Block chain-based digital identity authentication method and system
CN112860795B (en) * 2021-02-07 2023-02-10 新大陆(福建)公共服务有限公司 Block chain-based digital identity authentication method and system
CN113660632A (en) * 2021-06-29 2021-11-16 国家计算机网络与信息安全管理中心 V2X identity management method and management system based on block chain
CN113660632B (en) * 2021-06-29 2023-10-27 国家计算机网络与信息安全管理中心 V2X identity management method and management system based on blockchain

Similar Documents

Publication Publication Date Title
US11212268B2 (en) Method and system for identity and access management for blockchain interoperability
US10333941B2 (en) Secure identity federation for non-federated systems
KR102571829B1 (en) Core Network Access Provider
US20210073806A1 (en) Data processing system utilising distributed ledger technology
JP6426189B2 (en) System and method for biometric protocol standard
Chadwick Federated identity management
US8387136B2 (en) Role-based access control utilizing token profiles
US8387137B2 (en) Role-based access control utilizing token profiles having predefined roles
US20040054885A1 (en) Peer-to-peer authentication for real-time collaboration
KR20040049272A (en) Methods and systems for authentication of a user for sub-locations of a network location
Ghaffari et al. Authentication and access control based on distributed ledger technology: A survey
CN104184713A (en) Terminal identification method, machine identification code registration method, and corresponding system and equipment
Nacer et al. A distributed authentication model for composite Web services
Chai et al. BHE-AC: A blockchain-based high-efficiency access control framework for Internet of Things
Chae et al. A study on secure user authentication and authorization in OAuth protocol
CN111614687A (en) Identity verification method, system and related device
Fotiou et al. Capability-based access control for multi-tenant systems using OAuth 2.0 and Verifiable Credentials
Durán et al. An architecture for easy onboarding and key life-cycle management in blockchain applications
JP5112153B2 (en) Approver selection method, system, apparatus, and program
CN112000936A (en) Cross-domain attribute heterogeneous identity service method, medium and equipment
CN114424495A (en) Computer-implemented method of providing secure interaction between users in a network
Ahmadi et al. Security Enhancementfor Restful Web Services
Serrano et al. Implementing the Internet of Everything Federation: Towards Cloud-Data Management for Secure AI-Powered Applications in Future Networks
Carrasco et al. CredSSI: Enhancing Security and Privacy with Self-Sovereign Identities Approach
Mirzamohammadi et al. Security and Privacy Threat Analysis for Solid

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200901

RJ01 Rejection of invention patent application after publication