CN111881483B - Resource account binding method, device, equipment and medium based on blockchain - Google Patents
Resource account binding method, device, equipment and medium based on blockchain Download PDFInfo
- Publication number
- CN111881483B CN111881483B CN202010788761.3A CN202010788761A CN111881483B CN 111881483 B CN111881483 B CN 111881483B CN 202010788761 A CN202010788761 A CN 202010788761A CN 111881483 B CN111881483 B CN 111881483B
- Authority
- CN
- China
- Prior art keywords
- resource account
- account
- user
- digital identity
- identity file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 230000007246 mechanism Effects 0.000 claims abstract description 62
- 230000008520 organization Effects 0.000 claims description 59
- 238000012795 verification Methods 0.000 claims description 58
- 238000004590 computer program Methods 0.000 claims description 17
- 230000000977 initiatory effect Effects 0.000 claims description 7
- 238000010586 diagram Methods 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to the technical field of networks and provides a resource account binding method, device, computer equipment and storage medium based on a blockchain. The method and the device can improve the identification efficiency and the access efficiency of the business mechanism to the resource account. The method comprises the following steps: the method comprises the steps of responding to a binding request of a user, acquiring a digital identity file corresponding to the user and a resource account to be bound of the user from the binding request, after verifying the digital identity file, binding the digital identity file and the corresponding resource account, uploading binding information of the digital identity file and the resource account and binding information of the digital identity file and the resource account to a blockchain for storage, and opening access rights of the digital identity file and the resource account stored on the blockchain and the binding information of the digital identity file and the resource account to a plurality of business mechanism servers.
Description
Technical Field
The present disclosure relates to the field of network information technologies, and in particular, to a blockchain-based resource account binding method, device, computer device, and storage medium.
Background
With the development of network information technology, the internet activity frequency of users is greatly improved, users usually open resource accounts of service institutions, and the corresponding service ends of the service institutions manage and control the resource accounts of the users.
In the prior art, a user usually opens corresponding resource accounts in a plurality of service institutions, and account information of the user stored in different service institutions is mutually independent. When managing the resource accounts of users, different service institutions generally need the users to provide originals such as identity certificates and the like to verify the identities of the users, and the efficiency is low.
Disclosure of Invention
Based on this, it is necessary to provide a resource account binding method, device, computer equipment and storage medium based on blockchain aiming at the technical problem that the efficiency of the service organization to the management of the user resource account is low in the prior art.
A blockchain-based resource account binding method, the method comprising:
responding to a binding request of a user, and acquiring a digital identity file corresponding to the user and a resource account to be bound corresponding to the user from the binding request;
verifying the digital identity file;
if the verification is passed, binding the digital identity file with the resource account corresponding to the user;
uploading the digital identity file and the resource account and binding information of the digital identity file and the resource account to a blockchain for storage; and the digital identity file and the binding information of the resource account stored on the blockchain open access rights to service mechanism servers of a plurality of service mechanisms.
In one embodiment, the verifying the digital identity file includes:
and checking the digital identity file according to the DID protocol specification.
In one embodiment, the resource account is an account bound to a base account of the user, the method further comprising:
responding to a resource account opening request of the user, and acquiring opening application information corresponding to the user from the resource account opening request; the opening application information comprises a digital signature of the user and a basic account to be bound;
verifying a digital signature of the user;
if the verification is passed, creating the resource account and the certificate of the user;
after signing the resource account adding mechanism, sending the account identifier of the resource account and the certificate to a resource account server;
and acquiring verification passing information which is sent after the resource account server verifies that the agency signature passes, and binding the resource account and the basic account.
A blockchain-based resource account binding method, the method comprising:
acquiring a digital identity file of a user;
a binding request is initiated to a service mechanism server corresponding to a service mechanism, wherein the binding request carries the digital identity file and a resource account to be bound corresponding to the user; the binding request is used for triggering the service organization server to verify the digital identity file, if the digital identity file passes the verification, the digital identity file is bound with the resource account, binding information of the digital identity file, the resource account and the binding information of the digital identity file and the resource account are uploaded to a blockchain for storage, and the binding information of the digital identity file, the resource account and the binding information of the resource account stored on the blockchain opens access rights to the service organization servers of a plurality of service organizations.
In one embodiment, before the obtaining the digital identity file of the user, the method includes:
acquiring identity information of the user;
acquiring a first key and a second key corresponding to the first key;
signing the identity information of the user according to the first key to obtain the digital identity file containing signature information; the digital identity file accords with the DID protocol specification; the digital identity file also comprises the second key, and the second key is used for verifying the signature information of the digital identity file.
In one embodiment, the resource account is an account bound to a base account of the user, the method further comprising:
acquiring a digital signature of the user opening resource account and a basic account to be bound;
initiating a resource account opening request to the service mechanism server, wherein the resource account opening request carries the digital signature of the user and the basic account to be bound; the resource account opening request is used for triggering the service organization server to verify the digital signature, if the digital signature passes the verification, the resource account and the certificate of the user are created, the resource account is added with the organization signature, then the account identification of the resource account and the certificate are sent to the resource account server, the verification passing information sent after the organization signature passes the verification is obtained by the resource account server, and the resource account and the basic account are bound.
A blockchain-based resource account binding device, the device comprising:
the receiving module is used for responding to a binding request of a user, and acquiring a digital identity file corresponding to the user and a resource account to be bound corresponding to the user from the binding request;
the verification module is used for verifying the digital identity file;
the binding module is used for binding the digital identity file with the resource account corresponding to the user if the verification is passed;
the uplink module is used for uploading the digital identity file, the resource account and the binding information of the digital identity file and the resource account to a blockchain for storage; and the digital identity file and the binding information of the resource account stored on the blockchain open access rights to service mechanism servers of a plurality of service mechanisms.
A blockchain-based resource account binding device, the device comprising:
the identity file acquisition module is used for acquiring a digital identity file of a user;
the sending module is used for initiating a binding request to a service mechanism server corresponding to a service mechanism, wherein the binding request carries the digital identity file and a resource account to be bound corresponding to the user; the binding request is used for triggering the service organization server to verify the digital identity file, if the digital identity file passes the verification, the digital identity file is bound with the resource account, binding information of the digital identity file, the resource account and the binding information of the digital identity file and the resource account are uploaded to a blockchain for storage, and the binding information of the digital identity file, the resource account and the binding information of the resource account stored on the blockchain opens access rights to the service organization servers of a plurality of service organizations.
A computer device comprising a memory storing a computer program and a processor which when executing the computer program performs the steps of:
responding to a binding request of a user, and acquiring a digital identity file corresponding to the user and a resource account to be bound corresponding to the user from the binding request; verifying the digital identity file; if the verification is passed, binding the digital identity file with the resource account corresponding to the user; uploading the digital identity file and the resource account and binding information of the digital identity file and the resource account to a blockchain for storage; and the digital identity file and the binding information of the resource account stored on the blockchain open access rights to service mechanism servers of a plurality of service mechanisms.
A computer device comprising a memory storing a computer program and a processor which when executing the computer program performs the steps of:
acquiring a digital identity file of a user; a binding request is initiated to a service mechanism server corresponding to a service mechanism, wherein the binding request carries the digital identity file and a resource account to be bound corresponding to the user; the binding request is used for triggering the service organization server to verify the digital identity file, if the digital identity file passes the verification, the digital identity file is bound with the resource account, binding information of the digital identity file, the resource account and the binding information of the digital identity file and the resource account are uploaded to a blockchain for storage, and the binding information of the digital identity file, the resource account and the binding information of the resource account stored on the blockchain opens access rights to the service organization servers of a plurality of service organizations.
A computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:
responding to a binding request of a user, and acquiring a digital identity file corresponding to the user and a resource account to be bound corresponding to the user from the binding request; verifying the digital identity file; if the verification is passed, binding the digital identity file with the resource account corresponding to the user; uploading the digital identity file and the resource account and binding information of the digital identity file and the resource account to a blockchain for storage; and the digital identity file and the binding information of the resource account stored on the blockchain open access rights to service mechanism servers of a plurality of service mechanisms.
A computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:
acquiring a digital identity file of a user; a binding request is initiated to a service mechanism server corresponding to a service mechanism, wherein the binding request carries the digital identity file and a resource account to be bound corresponding to the user; the binding request is used for triggering the service organization server to verify the digital identity file, if the digital identity file passes the verification, the digital identity file is bound with the resource account, binding information of the digital identity file, the resource account and the binding information of the digital identity file and the resource account are uploaded to a blockchain for storage, and the binding information of the digital identity file, the resource account and the binding information of the resource account stored on the blockchain opens access rights to the service organization servers of a plurality of service organizations.
According to the blockchain-based resource account binding method, device, computer equipment and storage medium, the digital identity file corresponding to the user and the resource account to be bound of the user are obtained from the binding request by responding to the binding request of the user, after the digital identity file is verified, the digital identity file and the corresponding resource account are bound, and binding information of the digital identity file, the resource account and the binding information of the digital identity file and the binding information of the resource account are uploaded to the blockchain for storage, and the digital identity file, the binding information of the resource account and the binding information of the digital identity file and the binding information of the resource account are stored on the blockchain for opening access rights to a plurality of business mechanism servers, so that the business mechanism can access the user's resource account bound with the user through the digital identity file of the user, and the recognition efficiency and the management efficiency of the business mechanism server on the user's resource account are improved.
Drawings
FIG. 1 is an application environment diagram of a blockchain-based resource account binding method in one embodiment;
FIG. 2 is a flow diagram of a blockchain-based resource account binding method in one embodiment;
FIG. 3 is a flow diagram of a blockchain-based resource account binding method in one embodiment;
FIG. 4 is a flow diagram of a blockchain-based resource account binding method in one embodiment;
FIG. 5 is a flow diagram of a blockchain-based resource account binding method in one embodiment;
FIG. 6 is a block diagram of a resource account binding device based on blockchain in one embodiment;
FIG. 7 is a block diagram of a resource account binding device based on blockchain in one embodiment;
fig. 8 is an internal structural diagram of a computer device in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.
It should be noted that, the term "first\second" related to the embodiment of the present invention is merely to distinguish similar objects, and does not represent a specific order for the objects, it is understood that "first\second" may interchange a specific order or precedence where allowed. It is to be understood that the "first\second" distinguishing aspects may be interchanged where appropriate to enable embodiments of the invention described herein to be implemented in sequences other than those illustrated or described.
The resource account binding method based on the blockchain can be applied to an application environment shown in fig. 1. Wherein the terminal 102 communicates with the service organization server 104 via a network and the service organization server communicates with the resource account server 106 via a network. The service organization server 104 responds to the binding request sent by the terminal 102, acquires the digital identity file corresponding to the user and the resource account with binding from the binding request, and uploads the related information to the blockchain. The service organization server 104 may open the resource account according to the resource account opening request of the terminal 102, and after the service organization server 104 sends the related information to the resource account server 106 and passes the verification, the resource account is bound with the corresponding basic account of the user. The terminal 102 may be, but not limited to, various personal computers, notebook computers, smartphones, tablet computers, and portable wearable devices, and the service organization server 104 and the resource account server 106 may be implemented by independent servers or a server cluster composed of a plurality of servers.
In one embodiment, as shown in fig. 2, a resource account binding method based on a blockchain is provided, and the method is applied to the business mechanism server 104 in fig. 1 for illustration, and includes the following steps:
Step S201, responding to a binding request of a user, and acquiring a digital identity file corresponding to the user and a resource account to be bound corresponding to the user from the binding request.
The digital identity file of the user can be unique, verifiable and distributed according to the distributed digital identity (Decentralized Identifiers, DID) protocol specification, the digital identity identification of the user is generated according to the identity information of the user, and the digital identity file corresponding to the specific identity of the user is independently controllable by the user. The resource account may be an account registered or acquired by the user at the business entity relating to user property, information, resources, etc. The user may be a person, business, corporation, and other physical organization. The business entity may be a bank or the like. The user digital identity file contains the digital identity ID information of the user.
In a specific implementation, the service organization server 104 responds to a binding request of a user, and obtains a digital identity file corresponding to the user and a resource account to be bound corresponding to the user from the binding request.
Step S202, checking the digital identity file.
In particular implementations, business logic server 104 may perform one or more dimensional checks on the digital identity file. For example, business entity server 104 verifies one or more of the authenticity, content, format, or source legitimacy of the digital identity file.
Step S203, if the verification is passed, the digital identity file is bound with the resource account corresponding to the user.
In a specific implementation, the digital identity file is checked to pass through when the digital identity file accords with the corresponding check criterion side. Business logic server 104 may bind the digital identity file with the user's corresponding resource account.
Step S204, the binding information of the digital identity file and the resource account is uploaded to the blockchain storage.
The digital identity files and the resource accounts of the users stored on the blockchain and the binding information of the two open access rights to the business mechanism servers of the business mechanisms. The blockchain may have a plurality of trusted service entity servers on the blockchain as blockchain nodes. Each business entity server can access the digital identity file of the user and the resource account bound with the digital identity file through the digital identity ID information of the user.
In a specific implementation, the service organization server 104 uploads the digital identity file, the resource account, and the binding information of the digital identity file and the resource account to the blockchain, and stores and manages the digital identity file and the resource account through an intelligent contract on the blockchain.
According to the blockchain-based resource account binding method, the digital identity file corresponding to the user and the resource account to be bound of the user are obtained from the binding request by responding to the binding request of the user, after the digital identity file is verified, the digital identity file and the corresponding resource account are bound, binding information of the digital identity file, the resource account and the binding information of the digital identity file and the corresponding resource account are uploaded to the blockchain for storage, and the binding information of the digital identity file, the resource account and the binding information of the digital identity file and the binding information of the resource account stored on the blockchain opens access rights to a plurality of service organization servers, so that the plurality of service organizations can access the resource account of the user bound with the digital identity file of the user through the digital identity file of the user, and recognition and management efficiency of the service organization servers on the resource account of the user is improved.
In one embodiment, the step of verifying the digital identity file determined in step S202 includes:
and checking the digital identity file according to the DID protocol specification.
In this embodiment, the DID distributed digital identity (Decentralized Identifiers, DID) is generated according to a determined algorithm, and a pair of keys is generated, where a first key in the pair of keys is used to sign user identity information, the signature information and the original identity information are combined to obtain a digital identity file, and a second key is used to verify the digital identity file. The user creates and manages his own DID by a program as a user of the DID, and stores information related to the identity in a component, and personal information of the user related to the DID is not linked. In the open source standard of the DID, the DID standard includes a DID specification and a verifiable statement, and the DID specification includes a DID identifier and a DID document. In a specific implementation, the service organization server 104 may perform format verification on the digital identity file of the user according to the format requirement of the DID protocol specification, or may perform verification on the digital identity file according to the public key included in the digital identity file of the user.
In some embodiments, the service organization server 104 may obtain the identity authentication information of the user sent by the terminal 102, and verify the identity of the user according to the identity authentication information. The identity authentication information can be information such as identity document of the user, or can be the identity document of the user issued by other DID issuing party.
According to the scheme of the embodiment, the digital identity file is verified through the DID protocol specification, so that the standardization and the authenticity of the acquired user identity information are improved.
In one embodiment, the resource account is an account bound to a primary account of the user, the method further comprising:
responding to a resource account opening request of a user, and acquiring opening application information corresponding to the user from the resource account opening request; the opening application information comprises a digital signature of a user and a basic account to be bound; verifying the digital signature of the user; if the verification is passed, creating the resource account and the certificate of the user; after signing the resource account adding mechanism, sending the account identifier and the certificate of the resource account to a resource account server; and acquiring verification passing information sent after the signature of the resource account server verification mechanism passes, and binding the resource account and the basic account.
In this embodiment, the basic account is an account opened by the user at the service organization according to the identity certificate or other certificates, and is associated with the actual resource occupation situation of the user. The account identification of the resource account may be an account name or other information that identifies the resource account. In some embodiments, the primary account may be a bank account that the user opens at the bank based on the identity document, associated with the user's actual cash asset occupancy, and the resource account may be a bound to the bank account, associated with the bank account but having a different account in terms of usage rules.
If the user of the terminal 102 needs to obtain the resource account, the user needs to apply for the resource account to the service organization server 104. The service organization server 104 responds to the resource account opening request of the user, and obtains the digital signature of the corresponding user and the basic account to be bound from the resource account opening request. After the service organization server 104 verifies that the digital signature of the user passes, a resource account of the user is created, a certificate is allocated, meanwhile, an organization signature is added to the resource account, and an account identifier and the certificate of the resource account are sent to the resource account server 106. The resource account server 106 verifies the institution signature and, after verification, saves the resource account identification and credential information. The business mechanism server 104 obtains the verification passing information sent back by the resource account server 106, and completes the binding of the resource account and the basic account of the user.
According to the scheme of the embodiment, the business mechanism server 104 establishes the user's resource account and distributes certificates after the user signature is verified by acquiring the user's resource account opening request, adds the mechanism signature to the resource account, submits the account identifier and the certificates of the resource account to the resource account server 106 for verification, binds the user's resource account and the basic account, and improves the safety and compliance of the establishment of the user's resource account.
In one embodiment, as shown in fig. 3, a resource account binding method based on a blockchain is provided, and the method is applied to the terminal 102 in fig. 1 for illustration, and includes the following steps:
step 301, a digital identity file of a user is obtained.
In a specific implementation, the terminal 102 may obtain a digital identity file of the user according to the identity information of the user.
Step 302, a binding request is initiated to a service mechanism server corresponding to a service mechanism, wherein the binding request carries a digital identity file and a resource account to be bound corresponding to a user.
The binding request is used for triggering the service organization server to verify the digital identity file, if the digital identity file passes the verification, the digital identity file and the resource account are bound, binding information of the digital identity file, the resource account and the two are uploaded to the blockchain for storage, and the binding information of the digital identity file, the resource account and the two stored on the blockchain opens access rights to the service organization servers of a plurality of service organizations.
In a specific implementation, the terminal 102 may obtain a resource account to be bound corresponding to a user, and send a binding request carrying a digital identity file and the resource account corresponding to the user to the service organization server 104. The service organization server 104 may bind the digital identity file and the resource account according to the binding request, and upload the binding information of the digital identity file and the resource account and both to the blockchain storage, and the trusted service organization servers of the plurality of service organizations may access the resource account according to the digital identity file.
According to the scheme of the embodiment, the digital identity file of the user is obtained, the binding request carrying the digital identity file and the resource account corresponding to the user is sent to the service organization server 104, so that the service organization server 104 can access the resource account of the user bound with the digital identity file through the digital identity file of the user in response to the binding request of the user, the identification efficiency and the management efficiency of the service organization server on the resource account of the user are improved by verifying the digital identity file, binding the digital identity file with the corresponding resource account, and uploading binding information of the digital identity file, the resource account and the two to a blockchain for storage.
In one embodiment, before the step S301 determines to obtain the digital identity file of the user, the method further includes:
acquiring identity information of a user; acquiring a first key and a second key corresponding to the first key; and signing the identity information of the user according to the first key to obtain the digital identity file.
In this embodiment, the digital identity file conforms to the DID protocol specification, and the digital identity file further includes a second key, where the second key is used to verify a signature of the digital identity file, and the second key corresponds to the first key. The terminal 102 may obtain the identity information corresponding to the user, obtain a key pair including the first key and the second key, and sign the identity information of the user according to the first key to obtain a digital identity file of the user conforming to the DID protocol specification. In some embodiments, the terminal 102 may be a bank APP client or a Web browser, and the terminal 102 may obtain identity information corresponding to a user according to user login information or registration information reserved in a service mechanism. In some embodiments, the terminal 102 may have a key pair generation function, and the terminal 102 may sign the identity information of the user according to the private key.
According to the scheme of the embodiment, the terminal 102 signs the acquired identity information of the user through the first key to obtain the digital identity file of the user, so that the authenticity and the safety of the digital identity file are improved.
In one embodiment, the method further comprises:
the resource account is an account bound with a basic account of a user, and a digital signature of the user opening the resource account and the basic account to be bound are obtained; and initiating a resource account opening request to the service organization server, wherein the resource account opening request carries the digital signature of the user and the basic account to be bound.
In this embodiment, the terminal 102 obtains a digital signature of an open resource account and a basic account with binding, and sends a resource account open request carrying the digital signature of the user and the basic account to be bound to the service organization server 104, the service organization server 104 creates the resource account of the user after the signature passes verification according to the resource account open request, and distributes a certificate, and adds an organization signature in the resource account, and sends an account identifier and a certificate of the resource account to the resource account server 106. The business mechanism server 104 obtains the verification passing information sent back by the resource account server 106, and completes the binding of the resource account and the basic account of the user.
According to the scheme of the embodiment, the terminal 102 sends the resource account opening request carrying the digital signature of the user and the basic account to be bound to the service organization server 104, the service organization 104 performs digital signature verification according to the resource account opening request, creates the resource account of the user and distributes a certificate, adds the organization signature to the resource account, submits the account identifier and the certificate of the resource account to the resource account server 106 for verification, and binds the resource account and the basic account of the user after verification is passed, so that the safety and compliance of the creation of the resource account of the user are improved.
For better understanding of the technical solutions of the present application, the use scenario of the above-mentioned blockchain-based resource account binding method in the terminal 102, the service organization server 104 and the resource account server 106 is further described according to fig. 4 and 5. The business mechanism server 104 may be a bank server or other digital legal system operation mechanism server, the terminal 102 may be a bank APP client or Web browser, the resource account server 106 may be a central digital legal system server, the resource account may be a digital legal system account, and the basic account may be a bank account.
The bank APP client applies for opening the digital legal coin account to the bank server, acquires the registered identity information of the user, submits an identity verification request to the bank server, generates a pair of digital identity keys and creates a digital identity file of the user based on a DID digital identity Document protocol format, and the bank APP client can request the bank server to bind the digital identity Document of the user with the opened digital legal coin account. The bank server verifies the data submitted by the user and then uploads the data to the blockchain.
The bank server is used as a unified business service portal to provide specific services for the client/browser of the digital legal account of the user, and the specific services comprise creation, update, deletion and digital identity verification of the digital identity, binding of the digital identity and the digital legal account and other interfaces of business logic. Ensuring that the digital identity registered to the blockchain is legitimate and unique and that the digital identity on the blockchain is truly valid.
The bank server may apply for a credit for issuing DC/EP to the central bank after acquiring a legal Digital Currency (DC/EP) issue license for the central bank. After the approval is passed, the central bank can return the credit certificate of the issuing credit acquired by the business organization to the bank server, and the digital legal account application and the identity verification of the user also need the central digital legal server to carry out authentication.
The flow of the user creating a digital forensic account is shown in fig. 4. The user needs to establish a digital legal account based on the existing bank account, the user designates the binding relation between the bank account and the digital currency account in the opening process, the bank account can be bound with the digital currency account after the opening is successful, and the user can access the digital currency account through the bank account.
The user creates a digital identity and binds the existing digital coin account flow as shown in fig. 5. The bank server creates a digital identity file of the user according to the user request, the bank server binds a digital legal account of the user according to the digital identity file, and the bank server can complete the operation after the user passes the authentication.
It should be understood that, although the steps in the flowcharts of fig. 2-5 are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in fig. 2-5 may include multiple steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor does the order in which the steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with at least a portion of the steps or stages in other steps or other steps.
In one embodiment, as shown in FIG. 6, there is provided a blockchain-based resource account binding device 600 including:
the receiving module 601 is configured to obtain, from a binding request, a digital identity file corresponding to a user and a resource account to be bound corresponding to the user, in response to the binding request of the user;
the verification module 602 is used for verifying the digital identity file;
A binding module 603, configured to bind the digital identity file and the resource account corresponding to the user if the verification passes;
the uplink module 604 is configured to upload the digital identity file, the resource account, and the binding information of the two to the blockchain storage; the digital identity file and the resource account stored on the blockchain and the binding information of the two open access rights to the business mechanism servers of the business mechanisms.
In one embodiment, the verification module 602 is further configured to verify the digital identity file according to the DID protocol specification.
In one embodiment, the resource account is an account bound to a user's primary account, and the apparatus 600 further includes: the resource account opening module is used for responding to a resource account opening request of a user and acquiring opening application information corresponding to the user from the resource account opening request; the opening application information comprises a digital signature of a user and a basic account to be bound; verifying the digital signature of the user; if the verification is passed, creating the resource account and the certificate of the user; after signing the resource account adding mechanism, sending the account identifier and the certificate of the resource account to a resource account server; and acquiring verification passing information after the signature of the resource account server verification mechanism passes, and binding the resource account and the basic account.
In one embodiment, as shown in FIG. 7, there is provided a blockchain-based resource account binding device 700 including:
an identity file obtaining module 701, configured to obtain a digital identity file of a user;
a sending module 702, configured to initiate a binding request to a service mechanism server corresponding to a service mechanism, where the binding request carries a digital identity file and a resource account to be bound corresponding to a user; the binding request is used for triggering the service organization server to verify the digital identity file, if the digital identity file passes the verification, the digital identity file and the resource account are bound, and binding information of the digital identity file, the resource account and the two are uploaded to the blockchain for storage, and the binding information of the digital identity file, the resource account and the two stored on the blockchain opens access rights to the service organization servers of a plurality of service organizations.
In one embodiment, the apparatus 700 further includes: the identity information signing module is used for acquiring the identity information of the user; acquiring a first key and a second key corresponding to the first key; signing the identity information of the user according to the first secret key to obtain a digital identity file comprising signature information; the digital identity file accords with the DID protocol specification; the digital identity file also comprises a second key, and the second key is used for verifying signature information of the digital identity file.
In one embodiment, the resource account is an account bound to a primary account of the user, and the apparatus 700 further includes: the resource account opening module is used for acquiring a digital signature of a user opening a resource account and a basic account to be bound; initiating a resource account opening request to a service organization server, wherein the resource account opening request carries a digital signature of a user and a basic account to be bound; the resource account opening request is used for triggering the service organization server to verify the digital signature, if the verification is passed, the resource account and the certificate of the user are created, after the resource account is signed by the resource account adding organization, the account identifier and the certificate of the resource account are sent to the resource account server, and verification passing information sent after the signature of the resource account server verification organization is passed is obtained, and the resource account and the basic account are bound.
For specific limitations on the blockchain-based resource account binding device, reference may be made to the above limitations on the blockchain-based resource account binding method, which are not described in detail herein. The various modules in the blockchain-based resource account binding device described above may be implemented in whole or in part in software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 8. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used for storing user resource account data, basic account data and user digital identity files. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements a blockchain-based resource account binding method.
It will be appreciated by those skilled in the art that the structure shown in fig. 8 is merely a block diagram of some of the structures associated with the present application and is not limiting of the computer device to which the present application may be applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory storing a computer program and a processor implementing the steps of the method embodiments described above when the processor executes the computer program.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when executed by a processor, carries out the steps of the method embodiments described above.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, or the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples merely represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the invention. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application is to be determined by the claims appended hereto.
Claims (10)
1. A blockchain-based resource account binding method, the method comprising:
responding to a binding request of a user, and acquiring a digital identity file corresponding to the user and a resource account to be bound corresponding to the user from the binding request; wherein the resource account is an account bound to and related to a basic account of the user, but different in usage rules, the basic account being an account that the user opens at a business institution based on identity credentials or other credentials;
Verifying the digital identity file;
if the verification is passed, binding the digital identity file with the resource account corresponding to the user;
uploading the digital identity file and the resource account and binding information of the digital identity file and the resource account to a blockchain for storage; the digital identity file and the binding information of the resource account stored on the blockchain open access rights to service mechanism servers of a plurality of service mechanisms;
before the responding to the binding request of the user, the method further comprises:
responding to a resource account opening request of the user, and acquiring opening application information corresponding to the user from the resource account opening request; the opening application information comprises a digital signature of the user and a basic account to be bound;
verifying a digital signature of the user;
if the verification is passed, creating the resource account and the certificate of the user;
after signing the resource account adding mechanism, sending the account identifier of the resource account and the certificate to a resource account server;
and acquiring verification passing information which is sent after the resource account server verifies that the agency signature passes, and binding the resource account and the basic account.
2. The method of claim 1, wherein verifying the digital identity file comprises:
and checking the digital identity file according to the DID protocol specification.
3. The method of claim 2, wherein verifying the digital identity file comprises:
verifying one or more of authenticity, content, format or source legitimacy of the digital identity document.
4. A blockchain-based resource account binding method, the method comprising:
acquiring a digital identity file of a user;
a binding request is initiated to a service mechanism server corresponding to a service mechanism, wherein the binding request carries the digital identity file and a resource account to be bound corresponding to the user; the binding request is used for triggering the service mechanism server to verify the digital identity file, if the digital identity file passes the verification, the digital identity file is bound with the resource account, binding information of the digital identity file, the resource account and the binding information of the digital identity file and the resource account are uploaded to a blockchain for storage, and the binding information of the digital identity file, the resource account and the binding information of the digital identity file and the resource account stored on the blockchain opens access rights to the service mechanism servers of a plurality of service mechanisms; wherein the resource account is an account bound to and related to a basic account of the user, but different in usage rules, the basic account being an account that the user opens at a business institution based on identity credentials or other credentials;
Before the digital identity file of the user is obtained, the method further comprises the following steps:
acquiring a digital signature of the user opening resource account and a basic account to be bound;
initiating a resource account opening request to the service mechanism server, wherein the resource account opening request carries the digital signature of the user and the basic account to be bound; the resource account opening request is used for triggering the service organization server to verify the digital signature, if the digital signature passes the verification, the resource account and the certificate of the user are created, the resource account is added with the organization signature, then the account identification of the resource account and the certificate are sent to the resource account server, the verification passing information sent after the organization signature passes the verification is obtained by the resource account server, and the resource account and the basic account are bound.
5. The method of claim 4, wherein prior to the obtaining the digital identity file of the user, the method comprises:
acquiring identity information of the user;
acquiring a first key and a second key corresponding to the first key;
signing the identity information of the user according to the first key to obtain the digital identity file comprising signature information; the digital identity file accords with the DID protocol specification; the digital identity file also comprises the second key, and the second key is used for verifying the signature information of the digital identity file.
6. The method of claim 4, wherein the binding request is used to trigger the business entity server to verify the digital identity file, comprising:
the binding request is used for triggering the business mechanism server to verify one or more of the authenticity, content, format or source legitimacy of the digital identity file.
7. A blockchain-based resource account binding device, the device comprising:
the receiving module is used for responding to a binding request of a user, and acquiring a digital identity file corresponding to the user and a resource account to be bound corresponding to the user from the binding request; wherein the resource account is an account bound to and related to a basic account of the user, but different in usage rules, the basic account being an account that the user opens at a business institution based on identity credentials or other credentials;
the verification module is used for verifying the digital identity file;
the binding module is used for binding the digital identity file with the resource account corresponding to the user if the verification is passed;
The uplink module is used for uploading the digital identity file, the resource account and the binding information of the digital identity file and the resource account to a blockchain for storage; the digital identity file and the binding information of the resource account stored on the blockchain open access rights to service mechanism servers of a plurality of service mechanisms;
the resource account opening module is used for responding to the resource account opening request of the user and acquiring opening application information corresponding to the user from the resource account opening request; the opening application information comprises a digital signature of the user and a basic account to be bound; verifying a digital signature of the user; if the verification is passed, creating the resource account and the certificate of the user; after signing the resource account adding mechanism, sending the account identifier of the resource account and the certificate to a resource account server; and acquiring verification passing information which is sent after the resource account server verifies that the agency signature passes, and binding the resource account and the basic account.
8. A blockchain-based resource account binding device, the device comprising:
the identity file acquisition module is used for acquiring a digital identity file of a user;
The sending module is used for initiating a binding request to a service mechanism server corresponding to a service mechanism, wherein the binding request carries the digital identity file and a resource account to be bound corresponding to the user; the binding request is used for triggering the service mechanism server to verify the digital identity file, if the digital identity file passes the verification, the digital identity file is bound with the resource account, binding information of the digital identity file, the resource account and the binding information of the digital identity file and the resource account are uploaded to a blockchain for storage, and the binding information of the digital identity file, the resource account and the binding information of the digital identity file and the resource account stored on the blockchain opens access rights to the service mechanism servers of a plurality of service mechanisms; wherein the resource account is an account bound to and related to a basic account of the user, but different in usage rules, the basic account being an account that the user opens at a business institution based on identity credentials or other credentials;
the resource account opening module is used for acquiring a digital signature of the user opening a resource account and a basic account to be bound; initiating a resource account opening request to the service mechanism server, wherein the resource account opening request carries the digital signature of the user and the basic account to be bound; the resource account opening request is used for triggering the service organization server to verify the digital signature, if the digital signature passes the verification, the resource account and the certificate of the user are created, the resource account is added with the organization signature, then the account identification of the resource account and the certificate are sent to the resource account server, the verification passing information sent after the organization signature passes the verification is obtained by the resource account server, and the resource account and the basic account are bound.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 6 when the computer program is executed.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010788761.3A CN111881483B (en) | 2020-08-07 | 2020-08-07 | Resource account binding method, device, equipment and medium based on blockchain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010788761.3A CN111881483B (en) | 2020-08-07 | 2020-08-07 | Resource account binding method, device, equipment and medium based on blockchain |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111881483A CN111881483A (en) | 2020-11-03 |
CN111881483B true CN111881483B (en) | 2024-02-23 |
Family
ID=73211045
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010788761.3A Active CN111881483B (en) | 2020-08-07 | 2020-08-07 | Resource account binding method, device, equipment and medium based on blockchain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111881483B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112396409B (en) * | 2020-11-27 | 2024-08-16 | 中国银联股份有限公司 | Digital resource account binding method, device, equipment and medium |
CN113918984A (en) * | 2020-12-11 | 2022-01-11 | 京东科技信息技术有限公司 | Application access method and system based on block chain, storage medium and electronic equipment |
CN112653557B (en) * | 2020-12-25 | 2023-10-13 | 北京天融信网络安全技术有限公司 | Digital identity processing method, digital identity processing device, electronic equipment and readable storage medium |
CN113570373B (en) * | 2021-09-23 | 2022-02-11 | 北京理工大学 | Responsibility pursuing transaction method and system based on block chain |
CN114971607A (en) * | 2022-05-31 | 2022-08-30 | 上海盛付通电子支付服务有限公司 | Method, apparatus, medium, and program product for issuing resources instead |
CN115564438B (en) * | 2022-12-06 | 2023-03-24 | 北京百度网讯科技有限公司 | Block chain-based digital resource processing method, device, equipment and storage medium |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015135399A1 (en) * | 2014-03-13 | 2015-09-17 | Tencent Technology (Shenzhen) Company Limited | Device, system, and method for creating virtual credit card |
CN107392601A (en) * | 2017-06-26 | 2017-11-24 | 中国人民银行数字货币研究所 | The application method and system of digital cash wallet |
CN108764872A (en) * | 2018-06-01 | 2018-11-06 | 杭州复杂美科技有限公司 | A kind of authority to pay method and system, equipment and storage medium |
CN110060037A (en) * | 2019-04-24 | 2019-07-26 | 上海能链众合科技有限公司 | A kind of distributed digital identification system based on block chain |
WO2019191213A1 (en) * | 2018-03-27 | 2019-10-03 | Workday, Inc. | Digital credential authentication |
WO2020024968A1 (en) * | 2018-08-01 | 2020-02-06 | 腾讯科技(深圳)有限公司 | Resource transfer data management method and apparatus, and storage medium |
CN110766579A (en) * | 2019-10-22 | 2020-02-07 | 深圳技术大学 | Online education management verification system and method based on block chain platform |
WO2020098839A2 (en) * | 2020-02-14 | 2020-05-22 | Alipay (Hangzhou) Information Technology Co., Ltd. | Data authorization based on decentralized identifiers |
CN111401871A (en) * | 2020-05-29 | 2020-07-10 | 支付宝(杭州)信息技术有限公司 | Transaction processing method, device, equipment and system |
CN111475845A (en) * | 2020-04-13 | 2020-07-31 | 中国工商银行股份有限公司 | Unstructured data identity authorization access system and method |
CN111489145A (en) * | 2020-06-24 | 2020-08-04 | 支付宝(杭州)信息技术有限公司 | Resource transfer method, device and equipment based on block chain |
CN111901359A (en) * | 2020-08-07 | 2020-11-06 | 广州运通链达金服科技有限公司 | Resource account authorization method, device, system, computer equipment and medium |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8429630B2 (en) * | 2005-09-15 | 2013-04-23 | Ca, Inc. | Globally distributed utility computing cloud |
US9049027B2 (en) * | 2012-05-17 | 2015-06-02 | Zenerji Llc | Non-PKI digital signatures and information notary public in the cloud |
CA2975843C (en) * | 2016-08-10 | 2023-06-13 | Peer Ledger Inc. | Apparatus, system, and methods for a blockchain identity translator |
CA3000340A1 (en) * | 2017-04-06 | 2018-10-06 | Stronghold Labs, Llc | Account platform for a distributed network of nodes |
WO2019204794A1 (en) * | 2018-04-20 | 2019-10-24 | Infonetworks Llc | System for verification of pseudonymous credentials for digital identities with managed access to personal data on trust networks |
US20200026834A1 (en) * | 2018-07-23 | 2020-01-23 | One Kosmos Inc. | Blockchain identity safe and authentication system |
-
2020
- 2020-08-07 CN CN202010788761.3A patent/CN111881483B/en active Active
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015135399A1 (en) * | 2014-03-13 | 2015-09-17 | Tencent Technology (Shenzhen) Company Limited | Device, system, and method for creating virtual credit card |
CN107392601A (en) * | 2017-06-26 | 2017-11-24 | 中国人民银行数字货币研究所 | The application method and system of digital cash wallet |
WO2019191213A1 (en) * | 2018-03-27 | 2019-10-03 | Workday, Inc. | Digital credential authentication |
CN108764872A (en) * | 2018-06-01 | 2018-11-06 | 杭州复杂美科技有限公司 | A kind of authority to pay method and system, equipment and storage medium |
WO2020024968A1 (en) * | 2018-08-01 | 2020-02-06 | 腾讯科技(深圳)有限公司 | Resource transfer data management method and apparatus, and storage medium |
CN110060037A (en) * | 2019-04-24 | 2019-07-26 | 上海能链众合科技有限公司 | A kind of distributed digital identification system based on block chain |
CN110766579A (en) * | 2019-10-22 | 2020-02-07 | 深圳技术大学 | Online education management verification system and method based on block chain platform |
WO2020098839A2 (en) * | 2020-02-14 | 2020-05-22 | Alipay (Hangzhou) Information Technology Co., Ltd. | Data authorization based on decentralized identifiers |
CN111475845A (en) * | 2020-04-13 | 2020-07-31 | 中国工商银行股份有限公司 | Unstructured data identity authorization access system and method |
CN111401871A (en) * | 2020-05-29 | 2020-07-10 | 支付宝(杭州)信息技术有限公司 | Transaction processing method, device, equipment and system |
CN111489145A (en) * | 2020-06-24 | 2020-08-04 | 支付宝(杭州)信息技术有限公司 | Resource transfer method, device and equipment based on block chain |
CN111901359A (en) * | 2020-08-07 | 2020-11-06 | 广州运通链达金服科技有限公司 | Resource account authorization method, device, system, computer equipment and medium |
Also Published As
Publication number | Publication date |
---|---|
CN111881483A (en) | 2020-11-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111881483B (en) | Resource account binding method, device, equipment and medium based on blockchain | |
US10776786B2 (en) | Method for creating, registering, revoking authentication information and server using the same | |
CN108777684B (en) | Identity authentication method, system and computer readable storage medium | |
JP7083892B2 (en) | Mobile authentication interoperability of digital certificates | |
US20200195645A1 (en) | Blockchain-based account management | |
CN109150547B (en) | System and method for real-name registration of digital assets based on block chain | |
CN114008968B (en) | System, method, and storage medium for license authorization in a computing environment | |
US8261336B2 (en) | System and method for making accessible a set of services to users | |
CN110177124B (en) | Identity authentication method based on block chain and related equipment | |
CN102420690A (en) | Fusion and authentication method and system of identity and authority in industrial control system | |
CN110516417B (en) | Authority verification method and device of intelligent contract | |
CN111292174A (en) | Tax payment information processing method and device and computer readable storage medium | |
CN111901359B (en) | Resource account authorization method, device, system, computer equipment and medium | |
CN113255014B (en) | Data processing method based on block chain and related equipment | |
CN114666168B (en) | Decentralized identity certificate verification method and device, and electronic equipment | |
Abraham et al. | Qualified eID derivation into a distributed ledger based IdM system | |
CN111566647A (en) | Identity recognition system based on block chain | |
CN107645474B (en) | Method and device for logging in open platform | |
CN114168922A (en) | User CA certificate generation method and system based on digital certificate | |
Durán et al. | An architecture for easy onboarding and key life-cycle management in blockchain applications | |
US20230016488A1 (en) | Document signing system for mobile devices | |
KR100639992B1 (en) | Security apparatus for distributing client module and method thereof | |
van den Broek et al. | Securely derived identity credentials on smart phones via self-enrolment | |
WO2022193494A1 (en) | Permission control method, server, terminal, storage medium, and computer program | |
KR20190114424A (en) | Method for sso service through blockchain, and terminal and server using the same |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |