CN112950356B - Personal loan processing method, system, equipment and medium based on digital identity - Google Patents
Personal loan processing method, system, equipment and medium based on digital identity Download PDFInfo
- Publication number
- CN112950356B CN112950356B CN202110278603.8A CN202110278603A CN112950356B CN 112950356 B CN112950356 B CN 112950356B CN 202110278603 A CN202110278603 A CN 202110278603A CN 112950356 B CN112950356 B CN 112950356B
- Authority
- CN
- China
- Prior art keywords
- node
- bank
- loan
- loan applicant
- applicant
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title description 9
- 239000000463 material Substances 0.000 claims abstract description 57
- 238000000034 method Methods 0.000 claims abstract description 53
- 230000008569 process Effects 0.000 claims abstract description 38
- 238000012545 processing Methods 0.000 claims abstract description 14
- 238000007726 management method Methods 0.000 claims abstract description 11
- 238000004891 communication Methods 0.000 claims description 23
- 230000007246 mechanism Effects 0.000 claims description 13
- 238000012795 verification Methods 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 12
- 238000003860 storage Methods 0.000 claims description 9
- YSCNMFDFYJUPEF-OWOJBTEDSA-N 4,4'-diisothiocyano-trans-stilbene-2,2'-disulfonic acid Chemical compound OS(=O)(=O)C1=CC(N=C=S)=CC=C1\C=C\C1=CC=C(N=C=S)C=C1S(O)(=O)=O YSCNMFDFYJUPEF-OWOJBTEDSA-N 0.000 claims description 8
- 238000012550 audit Methods 0.000 claims description 6
- 238000004422 calculation algorithm Methods 0.000 claims description 6
- 238000004364 calculation method Methods 0.000 claims description 4
- 238000013480 data collection Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 10
- 230000005540 biological transmission Effects 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 238000007689 inspection Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000008520 organization Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000008439 repair process Effects 0.000 description 2
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 239000011365 complex material Substances 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004904 shortening Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/03—Credit; Loans; Processing thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
- G06Q10/103—Workflow collaboration or project management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/10—Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
- G06Q20/102—Bill distribution or payments
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- General Physics & Mathematics (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- Software Systems (AREA)
- Economics (AREA)
- General Engineering & Computer Science (AREA)
- General Business, Economics & Management (AREA)
- Computer Hardware Design (AREA)
- Human Resources & Organizations (AREA)
- Development Economics (AREA)
- Marketing (AREA)
- Entrepreneurship & Innovation (AREA)
- Tourism & Hospitality (AREA)
- Quality & Reliability (AREA)
- Operations Research (AREA)
- Technology Law (AREA)
- Data Mining & Analysis (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method, a system, equipment and a medium for processing a personal loan based on digital identity, which combine the contents of a distributed account book technology, a cryptography principle, a DID identifier and the like, simplify the process of proving material development and the process of checking materials by banks, improve the efficiency of the personal loan, and ensure the authenticity and the effectiveness of the applied materials. Meanwhile, a novel identity management method is provided based on the DID identifier, so that the problems that identity data are associated, identity privacy is revealed and the like are avoided.
Description
Technical Field
The present invention relates to the technical field of processing personal loans, and in particular, to a method, a system, a device, and a computer-readable storage medium for processing a personal loan based on a digital identity.
Background
The personal loan refers to a bank or other financial institution that issues a home and foreign money loan for personal consumption, production, etc. to a natural person who meets the loan conditions. The existing personal loan processing flow is as follows: the loan applicant puts forward a loan application to a bank; the loan applicant prepares application data, which needs to include the personal information of the loan applicant and the repayment capability thereof, such as work proof, identity proof, income source proof and the like; the loan applicant submits application data to the bank; the bank examines the submitted application data; and issuing a loan by the bank after the examination passes.
In the traditional personal loan processing process, the application data submitted by the loan applicant contains the proof materials issued by different institutions, the applicant needs to register information on websites appointed by different institutions, the process is complicated, and the user name and password management is difficult. In addition, paper application data has the possibility of counterfeiting, and the counterfeiting identification difficulty is high, so that the smooth proceeding of the bank inspection process is not facilitated. Meanwhile, the paper application data is not easy to store, and once lost, important privacy information can be revealed, and the repair proving process is complex and the time cost is high. Moreover, the application process requires the provision of a complete certificate, wherein certain important, unnecessary information in the verification process may be revealed, increasing the risk of privacy disclosure. In the loan process, the bank needs to audit the application materials submitted by the loan applicant, and as the bank and the proving and issuing institution are not directly connected, the verification process is low in efficiency, and the waste of resources such as manpower, material resources and the like is serious.
Disclosure of Invention
The invention provides a personal loan processing method, a system, equipment and a computer readable storage medium based on digital identity, which are used for solving the technical problems of complex material application flow, easy counterfeiting of data, easy disclosure of personal privacy and low auditing efficiency of the traditional personal loan processing mode.
According to one aspect of the present invention, there is provided a method of processing a person loan based on a digital identity, comprising the steps of:
step S1: the node of the loan applicant inquires the proving material required by applying for the loan on the blockchain, and generates application data according to a loan application data template provided by a banking node after applying for the proving material from each node on the blockchain;
step S2: the bank node and the loan applicant node establish a secure communication channel based on the DID;
step S3: the bank node checks the application data submitted by the loan applicant node;
step S4: after the verification is passed, the bank node provides a lendable proof to the loan applicant node.
Further, the step S1 includes the steps of:
step S11: the loan applicant node inquires the public account book about the application materials required by applying for the loan, and the public account book returns the inquired contents of the loan applicant node;
step S12: the loan applicant node applies for proving materials to each corresponding node according to the returned content;
step S13: and the loan applicant node generates application data according to various applied proof materials and loan application data templates provided by the banking node.
Further, the step S2 includes the steps of:
step S21: the loan applicant node inquires a DID document of the bank node from the public account book, and the public account book returns the DID document inquired by the loan applicant node, wherein the document comprises a DID public key of the bank node;
step S22: the loan applicant node sends a message to be loaned to a bank node based on the DID document;
step S23: the bank node sends connection establishment invitation to the loan applicant node for establishing a secure communication channel;
step S24: the loan applicant node creates a new DID which is used only to exchange information with the banking node;
step S25: the loan applicant node receives the invitation request of the bank node and sends a connection establishment request to the bank node, wherein the request comprises the DID newly created by the loan applicant node and a corresponding DID document, and meanwhile, the request needs to be encrypted when being sent and can be decrypted only by using the public key of the bank node;
step S26: the bank node creates a pair of DIDs only for connection with the loan applicant node;
step S27: the bank node sends a message for agreeing to establish connection to the loan applicant node, wherein the message comprises the DID newly created by the bank node and the corresponding DID document, and meanwhile, the message needs to be encrypted when being sent, and decryption can be performed only by using the DID public key newly created by the loan applicant node.
Further, the step S3 includes the steps of:
step S31: the loan applicant node sends application data to the bank node through the secure communication channel;
step S32: the bank node submits a query application to the public account book, wherein the query content is DID documents of an identity proof signing mechanism, a work proof signing mechanism and a repayment capability proof signing mechanism in the application data;
step S33: the public account book returns the DID document queried by the public account book to the bank node, and the bank node judges whether each signing authority is an authority or not according to the information returned by the public account book, and if so, the public account book passes the audit.
Further, the step S4 includes the steps of:
step S41: the bank node sends definition of lendable evidence and request link to the loan applicant node;
step S42: the loan applicant node downloads the definition of the lendable evidence on the public account book to confirm the type and the content of the lendable evidence, and the public account book returns the definition of the lendable evidence inquired by the loan applicant node;
step S43: the loan applicant node receives the request sent by the bank node and sends a lendable proof application link to the request;
step S44: the bank node sends data attributes required for generating the lendable proof to the loan applicant node, and the loan applicant node provides corresponding attributes to the bank node;
step S45: the bank node generates a lendable certificate belonging to the loan applicant node according to the corresponding attribute provided by the loan applicant node, and stores Ha Xitou of the lendable certificate issuing record on a public account book;
step S46: the bank node sends a lendable certificate to the loan applicant node, and all the attributes of the lendable certificate have a public key DID signature of the bank node so as to prove that the bank node endorses the data in the lendable certificate;
step S47: after receiving the lendable certificate, the loan applicant node puts it into the key management system.
Further, the process of generating the lending certificate in the step S45 includes the following:
step S451: generating a pair of keys through RSA algorithm;
step S452: inputting relevant attribute of loan applicant node and bank information;
step S453: performing Hash calculation on the content generated in the previous step to obtain a Hash value;
step S454: RSA signature is carried out on the Hash value by using a private key of a bank node;
step S455: the lending certificate is generated by linking the contents obtained in step S452 and step S454 into one file.
Further, in the step S46, the bank node sends the lending certificate encryption to the loan applicant node, and the lending applicant node decrypts the lending certificate to obtain the lending certificate, and the encryption and decryption process includes the following steps:
encryption process: the bank node selects a non-repeated random number N Bank Current time t Bank Sign information ID of loan applicant applicant Other content C that needs to be encrypted Bank It is formed into plaintext information m Bank ={N Bank ,t Bank ,ID applicant ,C Bank And represent the plain text information as a field elementThen at [1, n-1 ]]Randomly selecting a random number k and loan applicant's public key information Pb applicant =(E(F q ),G,n,Q applicant ) Calculation points(x 1 ,y 1 ) =kg, dot (x 2 ,y 2 )=kQ applicant The following ciphertext is generated: />Wherein, if (x) 2 ,y 2 ) =0, then the random number k needs to be selected again;
decryption: the loan applicant node decrypts the ciphertext by using the private key of the applicant node to obtain the content of the plaintext, and verifies whether the applicant node is a message receiver or not through the mark information.
In addition, the invention also provides a personal loan processing system based on the digital identity, which comprises
The application data collection module is used for the loan applicant to inquire the certification materials required by applying for the loan and generate loan application data after inputting each certification material;
the secure communication module is used for establishing a secure communication channel based on DID by the bank node and the loan applicant node;
the data auditing module is used for the bank node to audit the application data submitted by the loan applicant node;
and the lending evidence generation module is used for providing lending evidence for the loan applicant node by the bank node.
In addition, the invention also provides a device comprising a processor and a memory, the memory having stored therein a computer program for executing the steps of the method as described above by invoking the computer program stored in the memory.
In addition, the present invention also provides a computer readable storage medium storing a computer program for performing a personal loan process based on a digital identity, which computer program, when run on a computer, performs the steps of the method as described above.
The invention has the following effects:
the personal loan processing method based on the digital identity combines the contents of the distributed account book technology, the cryptography principle, the DID identifier and the like, simplifies the material issuing proving process and the material checking process of banks, improves the personal loan efficiency, and ensures the authenticity and the effectiveness of the application materials. Meanwhile, a novel identity management method is provided based on the DID identifier, so that the problems that identity data are associated, identity privacy is revealed and the like are avoided.
In addition, the digital identity-based personal loan processing system, apparatus, computer-readable storage medium of the invention also have the advantages described above.
In addition to the objects, features and advantages described above, the present invention has other objects, features and advantages. The present invention will be described in further detail with reference to the drawings.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention. In the drawings:
FIG. 1 is a flow chart of a digital identity based personal loan processing method, in accordance with a preferred embodiment of the invention.
Fig. 2 is a schematic sub-flow chart of step S1 in fig. 1.
Fig. 3 is a schematic flow chart of step S2 in fig. 1.
Fig. 4 is a schematic flow chart of step S3 in fig. 1.
Fig. 5 is a schematic view of the sub-flow of step S4 in fig. 1.
Fig. 6 is a schematic flow chart showing a sub-process of generating a lendable certificate in step S45 in fig. 5.
FIG. 7 is a block diagram of a digital identity-based personal loan processing system, in accordance with another embodiment of the invention.
Detailed Description
Embodiments of the invention are described in detail below with reference to the attached drawing figures, but the invention can be practiced in a number of different ways, as defined and covered below.
As shown in FIG. 1, the preferred embodiment of the present invention provides a digital identity-based personal loan processing method, comprising the steps of:
step S1: the node of the loan applicant inquires the proving material required by applying for the loan on the blockchain, and generates application data according to a loan application data template provided by a banking node after applying for the proving material from each node on the blockchain;
step S2: the bank node and the loan applicant node establish a secure communication channel based on the DID;
step S3: the bank node checks the application data submitted by the loan applicant node;
step S4: after the verification is passed, the bank node provides a lendable proof to the loan applicant node.
It can be understood that the personal loan processing method based on digital identity of the embodiment combines the contents of distributed account book technology, cryptography principle, DID identifier and the like, simplifies the material issuing proving process and the material checking process of banks, improves the personal loan efficiency, and ensures the authenticity and the effectiveness of the application materials. Meanwhile, a novel identity management method is provided based on the DID identifier, so that the problems that identity data are associated, identity privacy is revealed and the like are avoided.
It is appreciated that in this embodiment, the blockchain may be connected to the credential subsystem, the client subsystem, and the DID subsystem. The certificate subsystem is used for storing the data structure definition of the verifiable certificate issued by the public institution, hash heads of the verifiable certificate and other contents, and the contents stored in the certificate subsystem have the characteristics of traceability, non-falsification, sharability and the like and can be queried by all people in the system. The core component of the client subsystem is provided with a communication interface and a DID interface, wherein the communication interface is responsible for establishing connection, sending and receiving messages among different DID users, and the DID interface provides an interface for interaction with the DID subsystem, and has the functions of downloading DID documents of public institutions, inquiring DID public keys of public institutions and the like. The DID subsystem is used for storing public DIDs and DID documents corresponding to the public DIDs, and a user can analyze an effective DID through the DID subsystem. The DID identifier is a character string with a specific format and is used for representing the digital identity of an entity, is independent of any centralized registry, identity provider or certificate authority, and has the characteristics of global uniqueness, resolvable property, high availability and encryption verification. Each DID identity corresponds to a DID document, which is a set of JSON strings, and typically contains the contents of the DID principal, public key, authentication, authorization, service endpoint, timestamp, etc. Wherein the DID principal is the DID identifier itself, i.e., the DID described by the DID document. The entity public key is used for digital signature and other operations, the operations are the basis for realizing the purposes of identity verification, establishing secure communication with a service endpoint and the like, and the DID private key is held by an entity controlling the DID and is not contained in the DID document. Authentication is the process by which DID principals prove in encrypted form that they are associated with DID; authorization refers to the fact that others perform operations on behalf of the DID principal, the primary role of which is to help recover keys by authorized DID when they are lost. A service endpoint may represent any type of service that a principal wishes to advertise, including establishing a connection, identity interactions, authorization, etc.; the time stamp is used to record the creation of the document and the time of each update.
The DID identifiers may be divided into public DID and private DID according to usage purposes. Public DID can be queried and parsed by anyone, through which DID owners can be contacted, and public institutions such as government authorities, businesses, etc. need to use public DID to have certificates with corresponding effectiveness when issuing verifiable certificates. The private DID is used for establishing connection between two entities, sending informal messages and the like, and the private DID cannot be stored in the blockchain, and cannot be seen or analyzed by anyone except a related party.
It will be appreciated that, as shown in fig. 2, the step S1 specifically includes the following steps:
step S11: the loan applicant node inquires the public account book about the application materials required by applying for the loan, and the public account book returns the inquired contents of the loan applicant node.
Step S12: and the loan applicant node applies the certification materials to each corresponding node according to the returned contents. For example, the loan applicant node sends an identification request to the public security bureau node, and the public security bureau node returns corresponding identification according to the public key of the loan applicant node; or the loan applicant node sends a work proof application to the work unit node, and the work unit node returns corresponding work proof according to the public key of the loan applicant node; or the loan applicant node sends a repayment capability proving application to a third party agency node, and the third party agency node returns corresponding repayment capability proving according to the public key of the loan applicant node. It can be understood that the public security bureau node, the working unit node and the third party organization node can upload the issued proving material to the public account book for storage, so that the subsequent banking node can check and verify the application material submitted by the loan applicant node.
Step S13: and the loan applicant node generates application data according to various applied proof materials and loan application data templates provided by the banking node.
In the step S1, the loan applicant can query the application materials required for applying for the loan through the public account book, so as to avoid missing the application required proof materials and needing subsequent repair, in addition, after the loan applicant node applies for the proof materials to each corresponding organization node on the blockchain, the proof materials generated by each organization node can be uploaded to the public account book for storage so as to be convenient for the subsequent bank node to verify, meanwhile, the loan applicant can automatically generate the application materials by providing the relevant proof materials according to the loan application data template stored in the public account book, thereby greatly shortening the issuing flow of the proof materials and the data auditing flow of the subsequent bank node, improving the loan efficiency, and stopping the possibility of data counterfeiting through the distributed account book technology.
It will be appreciated that, as shown in fig. 3, the step S2 includes the steps of:
step S21: the loan applicant node inquires a DID document of the bank node from the public account book, and the public account book returns the DID document inquired by the loan applicant node, wherein the document comprises a DID public key of the bank node;
step S22: the loan applicant node sends a message to be loaned to a bank node based on the DID document;
step S23: the bank node sends connection establishment invitation to the loan applicant node for establishing a secure communication channel;
step S24: the loan applicant node creates a new DID which is used only to exchange information with the banking node;
step S25: the loan applicant node receives the invitation request of the bank node and sends a connection establishment request to the bank node, wherein the request comprises the DID newly created by the loan applicant node and a corresponding DID document, and meanwhile, the request needs to be encrypted when being sent and can be decrypted only by using the public key of the bank node;
step S26: the bank node creates a pair of DIDs only for connection with the loan applicant node;
step S27: the bank node sends a message for agreeing to establish connection to the loan applicant node, wherein the message comprises the DID newly created by the bank node and the corresponding DID document, and meanwhile, the message needs to be encrypted when being sent, and decryption can be performed only by using the DID public key newly created by the loan applicant node.
It will be appreciated that most of the identifiers currently in use are created and managed by institutions, while the DID identifiers used in the present invention are created and kept private keys by individuals, thereby enabling autonomous control of the identifiers. In addition, identifiers commonly used today are associated with electronic mailboxes or telephone numbers, these attributes being stored in the database of the institution, with the risk of being attacked maliciously. The DID used by the invention is associated with the public key/private key, the DID public key is stored in the public account book, so that data leakage is avoided, and the private key is stored in the key management system instead of the centralized database, so that the DID public key is difficult to be maliciously acquired by other people. In addition, the telephone information or mailbox information of the user is required to be left on various websites visited by the user, so that the websites can confirm the identity of the user and send the information, the websites can share the user information by associating the telephone/mailbox information, and the risk of privacy disclosure of the user is increased; the use and sharing of the DIDs are determined by the users, and the users can use different DIDs to manage different identity domains, so that the problem of personal information association is solved. Therefore, the invention provides a secure communication method, the DID document comprises a public key and a service endpoint for controlling the DID entity, which provides a basis for secure communication, and by giving a DID and a corresponding DID document, the entity can encrypt a message by using public key information in the DID document and send the message to the designated service endpoint, and at the moment, the ciphertext can be decrypted only by using the corresponding private key, so that the security of information transmission is improved.
In addition, in the digital identity system, one entity can have a plurality of identity domains, each identity domain can be managed by using a different DID, so that data association is avoided, and each DID contains a plurality of interaction records. Taking loan application as an example, the application materials submitted by the loan applicant need to include personal identity certification, repayment capability certification, work certification and other certification, and the loan applicant can establish different DIDs in different identity domains.
It will be appreciated that, as shown in fig. 4, the step S3 includes the steps of:
step S31: the loan applicant node sends application data to the bank node through the secure communication channel;
step S32: the bank node submits a query application to the public account book, wherein the query content is DID documents of an identity proof signing mechanism, a work proof signing mechanism and a repayment capability proof signing mechanism in the application data;
step S33: the public account book returns the DID document queried by the public account book to the bank node, and the bank node judges whether each signing authority is an authority according to the information returned by the public account book, and if the signing authority is the authority, the verification passes. For example, verifying whether the identification signing authority is a public security bureau, if so means that the identification verification passes.
In the step S3, the banking node queries the DID document of each signing authority based on the public ledger to determine whether each signing authority is an authority, so as to accurately evaluate whether the loan applicant meets the loan requirement, greatly shorten the auditing process, and ensure the authenticity and validity of the application data provided by the loan applicant.
For example, the process by which the banking node verifies its identity based on the identification material provided by the loan applicant node is specifically:
and acquiring a DID document of the node of the loan applicant from the blockchain according to the DID of the node of the loan applicant, acquiring a corresponding public key from the DID document, comparing the public key acquired from the public account book with the DID public key contained in the application material, and if the public key is consistent, proving that the identification material belongs to the loan applicant, namely that the loan applicant submits the identification material of the person.
Acquiring a public key DID of a signer of the identification material, downloading a DID document corresponding to the DID from a DID management system, verifying authority of an issuing mechanism according to document content, if the issuing mechanism is a public security bureau, the issuing mechanism is trusted, otherwise, the issuing mechanism is not trusted;
and verifying the position index, the random number seed and the merck root of the disclosed attribute in the identification material, so as to ensure that the disclosed field is completely authenticated by the public security bureau and is not changed.
Through the inspection of the steps, the bank can confirm the identity of the loan applicant, and the identity is authenticated by the public security institution and has authority.
In addition, in the step S3, the banking node may perform a data inspection stage to inspect the authenticity and validity of the job-proven material and the repayment capability-proven material. The verification process of the authenticity is the same as the verification process of the identity authentication, and is not repeated; while verification of validity mainly involves applying for whether the material is within a validity period and proving whether the material is revoked (wherein authentication does not need to verify validity since the authentication cannot be revoked). Verification of revocation may utilize cryptographic accumulator principles for authentication:
let s=x be the set of certificates held by the loan applicant 1 ,x 2 ...x n By usingAs an accumulator of the set S, where n=p×q, p, q are prime numbers with large values, and g is a generator on modulo N. When the certificates x in the set S are revoked 1 At this time, the state of the accumulator is updated to +.>At this time, x is unknown according to the Pei Shu theorem 1 In the case of the specific content of (a), the entity cannot prove x 1 ∈S。
It will be appreciated that unlike conventional white-name certificate revocation systems, cryptographic accumulators can achieve anonymous revocation without disclosing the identifier of the certificate, and are easy to verify. Cryptographic accumulators allow a set of elements to be aggregated into a fixed-size accumulator value, with a corresponding value for each element in the accumulator, known as evidence, by which it can be verified whether the corresponding element is contained in the accumulator, and if evidence is not present in the corresponding accumulator, the verifiable certificate to which the evidence corresponds is considered to have been revoked.
It will be appreciated that, as shown in fig. 5, the step S4 includes the steps of:
step S41: the bank node sends definition of lendable evidence and request link to the loan applicant node;
step S42: the loan applicant node downloads the definition of the lendable evidence on the public account book to confirm the type and the content of the lendable evidence, and the public account book returns the definition of the lendable evidence inquired by the loan applicant node;
step S43: the loan applicant node receives the request sent by the bank node and sends a lendable proof application link to the request;
step S44: the bank node sends data attributes required for generating the lendable proof to the loan applicant node, and the loan applicant node provides corresponding attributes to the bank node;
step S45: the bank node generates a lendable certificate belonging to the loan applicant node according to the corresponding attribute provided by the loan applicant node, and stores Ha Xitou of the lendable certificate issuing record on a public account book;
step S46: the bank node sends a lendable certificate to the loan applicant node, and all the attributes of the lendable certificate have a public key DID signature of the bank node so as to prove that the bank node endorses the data in the lendable certificate;
step S47: after receiving the lendable certificate, the loan applicant node puts it into the key management system.
In the step S4, the lending process is performed on the blockchain, and the Ha Xitou of the lending issuing record is stored on the public ledger, so that the subsequent tracing is facilitated, and the data leakage is prevented. And, loan applicant deposits the lendable evidence in the key management system, is difficult to be maliciously obtained by other people, and has higher security and privacy.
It will be understood that, as shown in fig. 6, the process of generating the lendable certificate in step S45 includes the following:
step S451: generating a pair of keys by RSA algorithm, in particular, randomly selecting two unequal prime numbers p and q, calculating Euler functions of n=p×q and nRandomly select and +.>Integer of mutual massCalculating e for->Is a modulo inverse element d of (c) to obtain a pair of keys:
Key=(Pub_k,Pri_k)=((n,e),(n,d))
step S452: inputting relevant attribute of loan applicant node and bank information (raw_data);
step S453: performing Hash calculation on the content generated in the previous step to obtain a Hash value:
H=hash_function(raw_data);
step S454: RSA signature is carried out on the Hash value by using a private key of a bank node;
step S455: the lending certificate is generated by linking the contents obtained in step S452 and step S454 into one file.
It can be appreciated that the generation process of the lendable certificate is encrypted based on the key generated by the RSA algorithm, so that the security is further ensured.
In addition, in the step S46, the bank node needs to send the lending certificate to the loan applicant node, and the lending applicant node decrypts the lending certificate to obtain the lending certificate, where the encrypting and decrypting process specifically includes the following steps:
encryption process: the bank node selects a non-repeated random number N Bank Current time t Bank Sign information ID of loan applicant applicant Other content C that needs to be encrypted Bank It is formed into plaintext information m Bank ={N Bank ,t Bank ,ID applicant ,C Bank And represent the plain text information as a field elementF q Representing the selected finite field,/->Representing a field element in the finite field and then in [1, n-1 ]]Randomly selecting a random number k in the memory and loan applicant's public key information Pb applicant =(E(F q ),G,n,Q applicant ),E(F q ) Is an elliptic curve, G is the base point of the elliptic curve, i.e. the generator, n is the order, Q applicant For loan applicant's public key, calculate the point (x 1 ,y 1 ) =kg, dot (x 2 ,y 2 )=kQ applicant The following ciphertext is generated: />Wherein, if (x) 2 ,y 2 ) =0, then the random number k needs to be reselected. It will be appreciated that the encryption process employs an elliptic encryption algorithm.
Decryption: the loan applicant node uses its own private key d applicant Decrypting the ciphertext:
the node of the loan applicant can obtain the plaintext m after decryption Bank At the same time by the content of the tag information ID applicant Verifying whether itself is the message recipient.
It can be understood that the personal loan processing method based on digital identity, disclosed by the invention, combines the DID technology to design a personal identity data management method based on blockchain, ensures personal privacy, designs a digital certificate based on blockchain by utilizing the technologies of asymmetric encryption, hash algorithm, digital signature and the like, and simplifies the data issuing, submitting and verifying processes in loan business. Moreover, the distributed account book technology is utilized to break the information island, realize data sharing and solve the problem that multiple pairs of user names/passwords of the applicant are difficult to manage. Meanwhile, the technology based on zero knowledge proof is utilized to controllably share sensitive data, and privacy of borrowing applicants is protected to the greatest extent on the basis of guaranteeing smooth progress of loan business. In addition, the block chain technology is utilized to standardize the registration flow and structure of various certificates, and the problems of high bank auditing cost, great difficulty and the like are solved.
In addition, as shown in FIG. 7, the invention also provides a personal loan processing system based on digital identity, preferably adopting the personal loan processing method based on digital identity of the embodiment, the system comprises
The application data collection module is used for the loan applicant to inquire the certification materials required by applying for the loan and generate loan application data after inputting each certification material;
the secure communication module is used for establishing a secure communication channel based on DID by the bank node and the loan applicant node;
the data auditing module is used for the bank node to audit the application data submitted by the loan applicant node;
and the lending evidence generation module is used for providing lending evidence for the loan applicant node by the bank node.
It can be understood that the working process and working principle of each module in the system correspond to each step of the above method embodiment, so that a detailed description is omitted herein.
It can be understood that the personal loan processing system based on digital identity of the embodiment combines the contents of distributed account book technology, cryptography principle, DID identifier and the like, simplifies the material issuing proving process and the material checking process of banks, improves the personal loan efficiency, and ensures the authenticity and the effectiveness of the application materials. Meanwhile, a novel identity management method is provided based on the DID identifier, so that the problems that identity data are associated, identity privacy is revealed and the like are avoided.
In addition, the invention also provides a device comprising a processor and a memory, the memory having stored therein a computer program for executing the steps of the method as described above by invoking the computer program stored in the memory.
In addition, the present invention also provides a computer readable storage medium storing a computer program for performing a personal loan process based on a digital identity, which computer program, when run on a computer, performs the steps of the method as described above.
Forms of general computer-readable media include: a floppy disk (floppy disk), a flexible disk (flexible disk), hard disk, magnetic tape, any other magnetic medium, a CD-ROM, any other optical medium, punch cards, paper tape, any other physical medium with patterns of holes, a Random Access Memory (RAM), a programmable read-only memory (PROM), an erasable programmable read-only memory (EPROM), a FLASH erasable programmable read-only memory (FLASH-EPROM), any other memory chip or cartridge, or any other medium from which a computer can read. The instructions may further be transmitted or received over a transmission medium. The term transmission medium may include any tangible or intangible medium that may be used to store, encode, or carry instructions for execution by a machine, and includes digital or analog communications signals or their communications with intangible medium that facilitate communication of such instructions. Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise a bus for transmitting a computer data signal.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (4)
1. A method of processing a person loan based on a digital identity, comprising the steps of:
step S1: the node of the loan applicant inquires the proving material required by applying for the loan on the blockchain, and generates application data according to a loan application data template provided by a banking node after applying for the proving material from each node on the blockchain;
step S2: the bank node and the loan applicant node establish a secure communication channel based on the DID;
step S3: the bank node checks the application data submitted by the loan applicant node;
step S4: after the verification is passed, the bank node provides a lendable proof for the loan applicant node;
the step S2 includes the steps of:
step S21: the loan applicant node inquires a DID document of the bank node from the public account book, and the public account book returns the DID document inquired by the loan applicant node, wherein the document comprises a DID public key of the bank node;
step S22: the loan applicant node sends a message to be loaned to a bank node based on the DID document;
step S23: the bank node sends connection establishment invitation to the loan applicant node for establishing a secure communication channel;
step S24: the loan applicant node creates a new DID which is used only to exchange information with the banking node;
step S25: the loan applicant node receives the invitation request of the bank node and sends a connection establishment request to the bank node, wherein the request comprises the DID newly created by the loan applicant node and a corresponding DID document, and meanwhile, the request needs to be encrypted when being sent and can be decrypted only by using the public key of the bank node;
step S26: the bank node creates a pair of DIDs only for connection with the loan applicant node;
step S27: the bank node sends a message for agreeing to establish connection to the loan applicant node, wherein the message comprises the DID newly created by the bank node and a corresponding DID document, encryption is needed when the message is sent, and decryption can be performed only by using the DID public key newly created by the loan applicant node;
the step S1 includes the steps of:
step S11: the loan applicant node inquires the public account book about the application materials required by applying for the loan, and the public account book returns the inquired contents of the loan applicant node;
step S12: the loan applicant node applies for the evidence material to each corresponding node according to the returned content, and each corresponding node uploads the issued evidence material to the public account book for storage;
step S13: the loan applicant node generates application data according to the loan application data template provided by the banking node for various applied evidence materials;
the step S3 includes the steps of:
step S31: the loan applicant node sends application data to the bank node through the secure communication channel;
step S32: the bank node submits a query application to the public account book, wherein the query content is DID documents of an identity proof signing mechanism, a work proof signing mechanism and a repayment capability proof signing mechanism in the application data;
step S33: the public account book returns the DID document inquired by the public account book to the bank node, and the bank node judges whether each signing authority is an authority according to the information returned by the public account book, if so, the public account book passes the audit;
the step S4 includes the steps of:
step S41: the bank node sends definition of lendable evidence and request link to the loan applicant node;
step S42: the loan applicant node downloads the definition of the lendable evidence on the public account book to confirm the type and the content of the lendable evidence, and the public account book returns the definition of the lendable evidence inquired by the loan applicant node;
step S43: the loan applicant node receives the request sent by the bank node and sends a lendable proof application link to the request;
step S44: the bank node sends data attributes required for generating the lendable proof to the loan applicant node, and the loan applicant node provides corresponding attributes to the bank node;
step S45: the bank node generates a lendable certificate belonging to the loan applicant node according to the corresponding attribute provided by the loan applicant node, and stores Ha Xitou of the lendable certificate issuing record on a public account book;
step S46: the bank node sends a lendable certificate to the loan applicant node, and all the attributes of the lendable certificate have a public key DID signature of the bank node so as to prove that the bank node endorses the data in the lendable certificate;
step S47: after receiving the lendable evidence, the loan applicant node puts the lendable evidence into a key management system;
the process of generating the lendable certificate in step S45 includes the following:
step S451: generating a pair of keys through RSA algorithm;
step S452: inputting relevant attribute of loan applicant node and bank information;
step S453: performing Hash calculation on the content generated in the previous step to obtain a Hash value;
step S454: RSA signature is carried out on the Hash value by using a private key of a bank node;
step S455: the lendable proof is generated by connecting the contents obtained in step S452 and step S454 into one file;
in the step S46, the bank node sends the lending certificate to the loan applicant node, and the loan applicant node decrypts the lending certificate to obtain the lending certificate, and the encrypting and decrypting process includes the following steps:
encryption process: the bank node selects a non-repeated random number N Bank Current time t Bank Sign information ID of loan applicant applicant Other content C that needs to be encrypted Bank It is formed into plaintext information m Bank ={N Bank ,t Bank ,ID applicant ,C Bank And represent the plain text information as a field elementF q Representing the selected finite field,/->Representing a field element in the finite field and then in [1, n-1 ]]Randomly selecting a random number k and loan applicant's public key information Pb applicant =(E(F q ),G,n,Q applicant ),E(F q ) Is an elliptic curve, G is the base point of the elliptic curve, i.e. the generator, n is the order, Q applicant For loan applicant's public key, calculate the point (x 1 ,y 1 ) =kg, dot (x 2 ,y 2 )=kQ applicant The following ciphertext is generated: />Wherein, if (x) 2 ,y 2 ) =0, then the random number k needs to be selected again;
decryption: the loan applicant node decrypts the ciphertext by using the private key of the applicant node to obtain the content of the plaintext, and verifies whether the applicant node is a message receiver or not through the mark information.
2. A digital identity based personal loan processing system employing the method of claim 1, comprising
The application data collection module is used for the loan applicant to inquire the certification materials required by applying for the loan and generate loan application data after inputting each certification material;
the secure communication module is used for establishing a secure communication channel based on DID by the bank node and the loan applicant node;
the data auditing module is used for the bank node to audit the application data submitted by the loan applicant node;
and the lending evidence generation module is used for providing lending evidence for the loan applicant node by the bank node.
3. An electronic device comprising a processor and a memory, the memory having stored therein a computer program for executing the steps of the method of claim 1 by invoking the computer program stored in the memory.
4. A computer readable storage medium storing a computer program for performing a person loan process based on a digital identity, wherein the computer program when run on a computer performs the steps of the method of claim 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110278603.8A CN112950356B (en) | 2021-03-16 | 2021-03-16 | Personal loan processing method, system, equipment and medium based on digital identity |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110278603.8A CN112950356B (en) | 2021-03-16 | 2021-03-16 | Personal loan processing method, system, equipment and medium based on digital identity |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112950356A CN112950356A (en) | 2021-06-11 |
| CN112950356B true CN112950356B (en) | 2024-04-09 |
Family
ID=76230011
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110278603.8A Active CN112950356B (en) | 2021-03-16 | 2021-03-16 | Personal loan processing method, system, equipment and medium based on digital identity |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112950356B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116502275B (en) * | 2023-06-27 | 2023-10-03 | 中国电信股份有限公司 | Off-center avatar authentication method, device, equipment and medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5699527A (en) * | 1995-05-01 | 1997-12-16 | Davidson; David Edward | Method and system for processing loan |
| WO2007103203A2 (en) * | 2006-03-01 | 2007-09-13 | Sheffield Financial Llc | Systems, methods and computer-readable media for automated loan processing |
| CN106600400A (en) * | 2016-12-05 | 2017-04-26 | 深圳前海微众银行股份有限公司 | Loan transaction processing method, device, and system |
| CN109523374A (en) * | 2018-12-15 | 2019-03-26 | 深圳壹账通智能科技有限公司 | A kind of intelligent method, system, computer equipment and storage medium of providing a loan |
| CN110084602A (en) * | 2019-04-30 | 2019-08-02 | 杭州复杂美科技有限公司 | A kind of shielded debt-credit method and system of privacy information, equipment and storage medium |
| CN110148054A (en) * | 2019-05-15 | 2019-08-20 | 湖南大学 | Financing by accounts receivable loan method, equipment, medium and system based on block chain |
| CN110503547A (en) * | 2019-08-28 | 2019-11-26 | 上海天地汇供应链科技有限公司 | Loan administration method and system, financial institution's node based on block chain |
| CN110912892A (en) * | 2019-11-22 | 2020-03-24 | 腾讯科技(深圳)有限公司 | Certificate management method and device, electronic equipment and storage medium |
| US10637665B1 (en) * | 2016-07-29 | 2020-04-28 | Workday, Inc. | Blockchain-based digital identity management (DIM) system |
| CN111260459A (en) * | 2020-01-13 | 2020-06-09 | 湖南大学 | Method for packaging loan based on block chain and computer readable storage medium |
-
2021
- 2021-03-16 CN CN202110278603.8A patent/CN112950356B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5699527A (en) * | 1995-05-01 | 1997-12-16 | Davidson; David Edward | Method and system for processing loan |
| WO2007103203A2 (en) * | 2006-03-01 | 2007-09-13 | Sheffield Financial Llc | Systems, methods and computer-readable media for automated loan processing |
| US10637665B1 (en) * | 2016-07-29 | 2020-04-28 | Workday, Inc. | Blockchain-based digital identity management (DIM) system |
| CN106600400A (en) * | 2016-12-05 | 2017-04-26 | 深圳前海微众银行股份有限公司 | Loan transaction processing method, device, and system |
| CN109523374A (en) * | 2018-12-15 | 2019-03-26 | 深圳壹账通智能科技有限公司 | A kind of intelligent method, system, computer equipment and storage medium of providing a loan |
| CN110084602A (en) * | 2019-04-30 | 2019-08-02 | 杭州复杂美科技有限公司 | A kind of shielded debt-credit method and system of privacy information, equipment and storage medium |
| CN110148054A (en) * | 2019-05-15 | 2019-08-20 | 湖南大学 | Financing by accounts receivable loan method, equipment, medium and system based on block chain |
| CN110503547A (en) * | 2019-08-28 | 2019-11-26 | 上海天地汇供应链科技有限公司 | Loan administration method and system, financial institution's node based on block chain |
| CN110912892A (en) * | 2019-11-22 | 2020-03-24 | 腾讯科技(深圳)有限公司 | Certificate management method and device, electronic equipment and storage medium |
| CN111260459A (en) * | 2020-01-13 | 2020-06-09 | 湖南大学 | Method for packaging loan based on block chain and computer readable storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 基于区块链的数字身份认证构建方法分析;刘可心;刘婷;田亮;;电脑知识与技术(第18期);全文 * |
| 银行业专业人员职业资格考试辅导丛书编委会.银行业专业人员职业资格考试应试辅导及考点预测银行业专业实务个人贷款.立信会计出版社,2016,第69-88页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112950356A (en) | 2021-06-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113014392B (en) | Block chain-based digital certificate management method, system, equipment and storage medium | |
| CN112637278B (en) | Data sharing method and system based on block chain and attribute-based encryption and computer readable storage medium | |
| TWI760149B (en) | Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys | |
| US7028180B1 (en) | System and method for usage of a role certificate in encryption and as a seal, digital stamp, and signature | |
| CN109450843B (en) | SSL certificate management method and system based on block chain | |
| US20190295069A1 (en) | Systems and methods for integrating cryptocurrency wallet identifiers with digital certificates | |
| CN107832632B (en) | Asset certification authorization query method, system, electronic device and computer readable storage medium | |
| US20040165728A1 (en) | Limiting service provision to group members | |
| US8806206B2 (en) | Cooperation method and system of hardware secure units, and application device | |
| CN108022194A (en) | Law-enforcing recorder and its data safety processing method, server and system | |
| Win et al. | Privacy enabled digital rights management without trusted third party assumption | |
| Gulati et al. | Self-sovereign dynamic digital identities based on blockchain technology | |
| CN116830523A (en) | threshold key exchange | |
| TW202318833A (en) | Threshold signature scheme | |
| CN112950356B (en) | Personal loan processing method, system, equipment and medium based on digital identity | |
| Zhang et al. | Data security in cloud storage | |
| CN115208656B (en) | Supply chain data sharing method and system based on blockchain and authority management | |
| Patel et al. | The study of digital signature authentication process | |
| JP2023540739A (en) | A method for secure, traceable, and privacy-preserving digital currency transfers with anonymity revocation on a distributed ledger | |
| Sangeetha et al. | Development of novel blockchain technology for certificate management system using cognitive image steganography techniques | |
| Aravind et al. | Combined Digital Signature with SHA Hashing Technique-based Secure System: An Application of Blockchain using IoT | |
| KR100718687B1 (en) | Id-based threshold signature scheme from bilinear pairings | |
| Divya et al. | A combined data storage with encryption and keyword based data retrieval using SCDS-TM model in cloud | |
| Goodrich et al. | Notarized federated ID management and authentication | |
| WO2023026343A1 (en) | Data management program, data management method, data management device, and data management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |