CN113204752A - Identity verification method based on block chain, client and server - Google Patents
Identity verification method based on block chain, client and server Download PDFInfo
- Publication number
- CN113204752A CN113204752A CN202110610855.6A CN202110610855A CN113204752A CN 113204752 A CN113204752 A CN 113204752A CN 202110610855 A CN202110610855 A CN 202110610855A CN 113204752 A CN113204752 A CN 113204752A
- Authority
- CN
- China
- Prior art keywords
- certificate
- list
- client
- local
- certificate list
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 81
- 238000012795 verification Methods 0.000 title description 13
- 238000007726 management method Methods 0.000 claims description 46
- 230000004048 modification Effects 0.000 claims description 15
- 238000012986 modification Methods 0.000 claims description 15
- 238000012550 audit Methods 0.000 claims description 13
- 230000004044 response Effects 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 10
- 238000013475 authorization Methods 0.000 claims description 8
- 238000010586 diagram Methods 0.000 description 22
- 230000008520 organization Effects 0.000 description 13
- 238000007792 addition Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000012790 confirmation Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 3
- 238000005282 brightening Methods 0.000 description 2
- 210000000554 iris Anatomy 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 239000004744 fabric Substances 0.000 description 1
- 210000003128 head Anatomy 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention provides an identity authentication method based on a block chain, a client and a server, wherein the method comprises the following steps: responding to a login operation of a user on a target application server, and sending an access request to the target application server; receiving a required VC certificate list sent by the target application server, and determining whether the required VC certificate list and a local VC certificate list meet a preset relationship; under the condition that the required VC certificate list and a local VC certificate list meet a preset relation, providing the local VC certificate list for a target application server to obtain the use permission of the target application server; the required VC certificate list comprises a form of a VC certificate required currently, the local VC certificate list comprises a form of a VC certificate held locally by a user of the DID client, and different VC certificates are used for describing different characteristic attributes of the user.
Description
Technical Field
The invention relates to the technical field of computers, in particular to an identity verification method based on a block chain, a client and a server.
Background
Most of traditional identity management authority systems are realized in a single sign-on mode, most of privacy information such as names, identity numbers, telephones, mailboxes and the like of users can be collected, and the problem of privacy disclosure can exist. However, DID (distributed identities) distributed identity management achieves authorization management without collecting more private information of users.
The identity management authority system in the prior art has the following defects: identity islanding problem: the identity information is only stored in the corresponding host organization, and the relationship between the identity information and the host organization is weak. And secondly, user identity data in different identity systems are independently stored by each system, so that the cross-domain authentication efficiency is low. Identity privacy and autonomy issues: identity service means providing identity information for a third party, and the current technical means cannot ensure that the provided information is not leaked. Secondly, the data holder cannot really control the data. Identity information authority problem: accurate data is grasped by each competent department. Especially in the case of B-side data, there is no case where an open system is directly connected to a government system. Therefore, most of the enterprise identity checking service data on the market at present lags behind, and authority cannot be guaranteed.
Therefore, how to provide an identity authentication scheme, which can maintain the privacy of identity data while conveniently and authoritatively authenticating the identity, is a technical problem to be solved by those skilled in the art.
Disclosure of Invention
The invention provides an identity authentication method based on a block chain, a client and a server, which can conveniently and authoritatively authenticate identities and simultaneously can keep the privacy of identity data.
In a first aspect, the present invention provides an identity authentication method based on a blockchain, which is applied to a DID client, and the method includes:
responding to a login operation of a user on a target application server, and sending an access request to the target application server;
receiving a required VC certificate (Verifiable statement, veriable Claim) list sent by the target application server, and determining whether the required VC certificate list and a local VC certificate list meet a preset relationship;
under the condition that the required VC certificate list and a local VC certificate list meet a preset relation, providing the local VC certificate list for the target application server to obtain the use permission of the target application server;
the required VC certificate list comprises a form of a VC certificate required currently, the local VC certificate list comprises a form of a VC certificate held locally by a user of the DID client, and different VC certificates are used for describing different characteristic attributes of the user.
Further, still include:
determining a target demand certificate based on the demand VC certificate list and the local VC certificate list under the condition that the demand VC certificate list and the local VC certificate list do not meet a preset relationship;
sending an attestation request including the target demand certificate to a target attestation server to obtain the target demand certificate.
Further, the sending an access request to a target application server in response to a login operation of a user to the target application server comprises:
receiving a login input of a user at the DID client, wherein the login input comprises: an account number and a password;
responding to the login input, and acquiring a local VC certificate list associated with the user from a block chain network;
receiving login operation of a user on a target application server;
and responding to the login operation, and sending an access request to a target application server.
Further, the VC certificate includes: the certificate comprises a certificate body, a gender certificate, an age interval certificate, an identity validity certificate, an issuing authority certificate and an age expiry preset value certificate.
Further, the determining whether the required VC certificate list and the local VC certificate list satisfy a preset relationship includes:
determining a target VC certificate existing in the required VC certificate list and the local VC certificate list at the same time;
acquiring a weighted value corresponding to the target VC certificate, and weighting the target VC certificate to obtain a weighted value;
and under the condition that the weighted value is not less than a preset threshold value, determining that the required VC certificate list and the local VC certificate list meet a preset relationship.
In a second aspect, the present invention provides an identity authentication method based on a blockchain, which is applied to an application server, and the method includes:
receiving an access request sent by a DID client;
determining a required VC certificate list corresponding to the access request;
sending the required VC certificate list to the DID client so that the DID client can determine whether the required VC certificate list and the local VC certificate list meet a preset relationship;
receiving a local VC certificate list sent by the DID client, and providing a use authority for the DID client under the condition that the required VC certificate list and the local VC certificate list meet a preset relationship;
the required VC certificate list comprises a form of a VC certificate required currently, the local VC certificate list comprises a form of a VC certificate held locally by a user of the DID client, and different VC certificates are used for describing different characteristic attributes of the user.
Further, still include:
receiving management input of a user to an application server;
and responding to the management input, and performing addition, modification or query operation on the application side account on the application server.
In a third aspect, the present invention provides an identity authentication method based on a blockchain, which is applied to a certificate issuing server, and the method includes:
receiving a certification request sent by a DID client, wherein the certification request comprises a target certificate and application conditions;
in response to the certification request, auditing the target certificate and application conditions;
and generating and sending a target certificate to the DID client under the condition that the audit is passed.
Further, still include:
receiving a data viewing input of a user;
in response to the data viewing input, displaying at least one of: total number of users, total number of certificates, total number of application servers, total number of certifying servers, total number of historical authorizations, amount of certificate requests, historical transactions, tile height, total run time, number of normal or total nodes, total number of transactions, space occupancy, historical peaks.
Further, still include:
receiving the management input of a user to a certificate issuing server;
and responding to the management input, and performing addition, modification or query operation on the account number of the certificate issuing party of the certificate issuing server.
Further, still include:
receiving the management input of a user to a VC certificate;
and responding to the management input, and performing addition, modification or query operation on the VC certificate.
In a fourth aspect, the present invention provides a DID client, including:
the access request module is used for responding to the login operation of a user on a target application server and sending an access request to the target application server;
the relation judgment module is used for receiving a required VC certificate list sent by the target application server and determining whether the required VC certificate list and a local VC certificate list meet a preset relation or not;
an authority obtaining module, configured to provide the local VC certificate list to the target application server to obtain a usage authority of the target application server when the required VC certificate list and the local VC certificate list satisfy a preset relationship;
the required VC certificate list comprises a form of a VC certificate required currently, the local VC certificate list comprises a form of a VC certificate held locally by a user of the DID client, and different VC certificates are used for describing different characteristic attributes of the user.
In a fifth aspect, the present invention provides an application server, comprising:
the access receiving module is used for receiving an access request sent by the DID client;
the certificate determining module is used for determining a required VC certificate list corresponding to the access request;
the list sending module is used for sending the required VC certificate list to the DID client so that the DID client can determine whether the required VC certificate list and the local VC certificate list meet a preset relation or not;
the list receiving module is used for receiving a local VC certificate list sent by the DID client, and providing the use permission for the DID client under the condition that the required VC certificate list and the local VC certificate list meet a preset relationship;
the required VC certificate list comprises a form of a VC certificate required currently, the local VC certificate list comprises a form of a VC certificate held locally by a user of the DID client, and different VC certificates are used for describing different characteristic attributes of the user.
In a sixth aspect, the present invention provides a certification server, including:
the certification request module is used for receiving a certification request sent by a DID client, wherein the certification request comprises a target certificate and application conditions;
the condition auditing module is used for responding to the certificate issuing request and auditing the target certificate and the application condition;
and the generating and sending module is used for generating and sending the target certificate to the DID client under the condition that the audit is passed.
In a seventh aspect, the present invention further provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the steps of the block chain based identity authentication method as described in any one of the above.
In an eighth aspect, the present invention also provides a non-transitory computer readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, realizes the steps of the blockchain-based authentication method as recited in any one of the above.
The invention provides an identity authentication method based on a block chain, a client and a server, wherein when a user uses a target application server, whether the user can acquire the authority is determined through a VC certificate list, and the use authority of the target application server is acquired under the condition that a required VC certificate list and a local VC certificate list meet a preset relation, so that the identity authentication can be performed by using a VC certificate, the identity can be conveniently and authoritatively authenticated, and the privacy of identity data can be kept.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of an identity authentication method based on a block chain according to an embodiment of the present invention;
fig. 2 is a second schematic flowchart of an identity authentication method based on a block chain according to an embodiment of the present invention;
fig. 3 is a third schematic flowchart of an identity authentication method based on a block chain according to an embodiment of the present invention;
fig. 4 is a three-party interaction diagram of an identity authentication method based on a blockchain according to an embodiment of the present invention;
fig. 5 is a hardware implementation diagram of an identity authentication method based on a blockchain according to an embodiment of the present invention;
fig. 6 is a schematic interface diagram of a data billboard based on a blockchain authentication method according to an embodiment of the present invention;
fig. 7 is a schematic diagram illustrating a process of managing an account of a card issuer of the identity authentication method based on a blockchain according to an embodiment of the present invention;
fig. 8 is a schematic view of an application account management process of the identity verification method based on a blockchain according to an embodiment of the present invention;
fig. 9 is one of schematic interfaces of certificate authority certificate management of an identity authentication method based on a blockchain according to an embodiment of the present invention;
fig. 10 is a second schematic interface diagram of the certificate authority management interface of the identity authentication method based on the blockchain according to the embodiment of the present invention;
fig. 11 is an interface diagram of application-side scene management of the identity verification method based on the blockchain according to the embodiment of the present invention;
fig. 12 is a schematic diagram illustrating a VC certificate in the block chain-based authentication method according to an embodiment of the present invention;
fig. 13 is a schematic composition diagram of a DID client according to an embodiment of the present invention;
fig. 14 is a schematic diagram illustrating an application server according to an embodiment of the present invention;
FIG. 15 is a block diagram of a certificate issuing server according to an embodiment of the present invention;
fig. 16 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
An identity authentication method based on a block chain according to the present invention is described below with reference to fig. 1 to 3
Fig. 1 is a schematic flowchart of an identity authentication method based on a block chain according to an embodiment of the present invention; fig. 2 is a second schematic flowchart of an identity authentication method based on a block chain according to an embodiment of the present invention; fig. 3 is a third flowchart of an identity authentication method based on a block chain according to an embodiment of the present invention.
In a specific implementation manner of the present invention, an embodiment of the present invention provides an identity authentication method based on a blockchain, which is applied to a DID client, where the method includes:
step 110: and responding to the login operation of a user on a target application server, and sending an access request to the target application server.
In the embodiment of the present invention, when a user needs a service for a target application server, the user may first input a password and an account of the user at a DID client, or certainly, other contents capable of proving the identity of the user, such as biological information like a fingerprint and an iris, the DID client receives a login input of the user at the DID client, where the login input includes: an account number and a password; responding to the login input, and acquiring a local VC certificate list associated with the user from a block chain network; receiving login operation of a user on a target application server; and responding to the login operation, and sending an access request to a target application server.
Step 120: and receiving a required VC certificate list sent by the target application server, and determining whether the required VC certificate list and a local VC certificate list meet a preset relation.
In an embodiment, whether a required VC certificate list and a local VC certificate list satisfy a preset relationship may be determined in a weighted manner, specifically, a target VC certificate existing in both the required VC certificate list and the local VC certificate list may be first determined; acquiring a weighted value corresponding to the target VC certificate, and weighting the target VC certificate to obtain a weighted value; and under the condition that the weighted value is not less than a preset threshold value, determining that the required VC certificate list and the local VC certificate list meet a preset relationship.
For example, in practice, the application scenario and the certificate in the scenario may be set with weights, and as long as the sum of the weights of the certificates required by the application party owned by the user is greater than or equal to the weight of the application scenario, the authentication condition of the application scenario may be satisfied. For example, the weight of an application scenario is 3, the weight of a certificate a required by the application scenario is 2, the weight of a certificate B is 2, the weight of a certificate C is 1, and the weight of a certificate D is 1. A user has only B, C, D three certificates. After code scanning is performed by using the DID, the authentication condition of the application scene can be met as long as B + C or B + C + D is authorized.
Certainly, in practice, there may be a case that the required VC certificate list and the local VC certificate list do not satisfy the preset relationship, and at this time, the DID client may determine the target required certificate based on the required VC certificate list and the local VC certificate list, that is, determine the target VC certificate currently lacking in the DID client; and sending an attestation request including the target demand certificate to a target attestation server to obtain the target demand certificate.
In another embodiment of the present invention, an embodiment of the present invention provides an identity authentication method based on a blockchain, which is applied to an application server, and the method includes:
step 210: receiving an access request sent by a DID client;
when a DID client needs a certain service of an application server and needs a service of a target application server, a user may first input a password and an account of the user at the DID client, and certainly, other contents capable of proving the identity of the user, such as biological information like fingerprints and irises, may also be used, and the DID client receives a login input of the user at the DID client, where the login input includes: an account number and a password; responding to the login input, and acquiring a local VC certificate list associated with the user from a block chain network; receiving login operation of a user on a target application server; and responding to the login operation, sending an access request to the target application server, and receiving the access request by the application server.
Step 220: determining a required VC certificate list corresponding to the access request;
since the application server can provide a large number of different types of services, and the VC certificates required by the different services are also different, the correspondence table of the VC certificates required by the different types of services can be preset at the application server, and the required VC certificate list corresponding to the access request can be determined by querying the correspondence table.
Step 230: sending the required VC certificate list to the DID client so that the DID client can determine whether the required VC certificate list and the local VC certificate list meet a preset relationship;
the application server sends the required VC certificate list to the DID client, and the DID client can judge whether the client meets the conditions, for example, if each VC certificate in the required VC certificate list is in the local VC certificate list, the fact that a user of the DID client has the authority of using the server of the application server is indicated, and at the moment, the DID client can send the required VC integer to the application server so that the application server can verify the VC integer.
Step 240: receiving a local VC certificate list sent by the DID client, and providing a use authority for the DID client under the condition that the required VC certificate list and the local VC certificate list meet a preset relationship; the required VC certificate list comprises a form of a VC certificate required currently, the local VC certificate list comprises a form of a VC certificate held locally by a user of the DID client, and different VC certificates are used for describing different characteristic attributes of the user.
The method comprises the steps that an application server provides a use authority for a DID client when receiving a local VC certificate list sent by the DID client, under the condition that a required VC certificate list and the local VC certificate list meet a preset relation, and if the required VC certificate list and the local VC certificate list do not meet the preset relation, the DID client is forbidden to access a target service of the application server.
In a specific embodiment of the invention, in order to realize the management of the application side account on the weapon placement application, the management input of the user to the application server can be received; and responding to the management input, and performing addition, modification or query operation on the application side account on the application server. For example, the application account management page shows the application number, organization name, public key and creation date, and displays are sorted according to the creation date, and each page shows ten records. The application side account can be added, modified and inquired. The public key is used for uniquely identifying each application party and cannot be repeated. The name of the organization can be modified, and the certificate required by the application party is shown on a modification page, and the certificate cannot be edited. After the new application account is created successfully, a chain account and a corresponding public and private key pair are generated.
In another specific embodiment of the present invention, an embodiment of the present invention provides an identity authentication method based on a blockchain, which is applied to a certificate issuing server, and the method includes:
step 310: receiving a certification request sent by a DID client, wherein the certification request comprises a target certificate and application conditions;
step 320: in response to the certification request, auditing the target certificate and application conditions;
step 330: and generating and sending a target certificate to the DID client under the condition that the audit is passed.
When the DID client side has the condition that the required VC certificate list and the local VC certificate list do not meet the preset relationship, the DID client side can determine a target required certificate based on the required VC certificate list and the local VC certificate list, namely determine the target VC certificate which is lacked by the DID client side currently; and sending an attestation request including the target demand certificate to a target attestation server to obtain the target demand certificate. At this time, the DID client sends a certificate issuing request to the certificate issuing server and sends required application conditions together, so that the certificate issuing server performs auditing and certificate issuing.
In an embodiment of the present invention, in order to facilitate data viewing, a data billboard may be further provided, where the first part of the data billboard includes a total number of registered users, a total number of certificates (which refers to a sum of numbers of certificates provided by a certificate issuer in the system), a total number of applications, a total number of certificate issuers, a total number of historical authorizations, and a certificate application amount. The second part of the data billboard includes historical transactions, tile height, total run time, number of normal/total nodes, total number of transactions, space occupancy, historical peak TPS. Specifically, a user may receive a user's data viewing input while in use; in response to the data viewing input, displaying at least one of: total number of users, total number of certificates, total number of application servers, total number of certifying servers, total number of historical authorizations, amount of certificate requests, historical transactions, tile height, total run time, number of normal or total nodes, total number of transactions, space occupancy, historical peaks.
In an embodiment of the present invention, in order to facilitate management of the account number of the issuer, an issuer account management page may be further provided, where the issuer account management page shows the serial number, the institution ID, the institution name, the public key, and the creation date of the issuer, and shows the serial number, the institution ID, the institution name, the public key, and the creation date from near to far according to the creation date, and each page shows ten records. The issuer account may be added, modified and queried. Wherein the organization ID is used to uniquely identify each prover, and is not repeatable. The name of the organization may be modified. After the newly established licensor account is successful, a chain account and a corresponding public and private key pair are generated. Specifically, a user's management input to the certification server may be received; and responding to the management input, and performing addition, modification or query operation on the account number of the certificate issuing party of the certificate issuing server.
In another embodiment of the present invention, the VC integer that has been sent out may also be managed, for example, modified, added, and the like, and specifically, a management input of the VC certificate by the user may be received; and responding to the management input, and performing addition, modification or query operation on the VC certificate.
Referring to fig. 4, fig. 4 is a three-way interaction diagram of an identity authentication method based on a blockchain according to an embodiment of the present invention.
Specifically, the holder is a user, and operates on the DID client, the user is an application server, and the issuer is a certification server. The specific interaction steps are as follows:
1. a user requests the authority of accessing the system from an application person;
2. the application person feeds back a VC certificate list required by providing application service;
3. the identity holder checks its own VC list. If the condition is met, directly entering step 7, and if the condition is not met, entering step 4;
4. selecting a sender, providing related information, applying for more VCs, and collecting the cost for the sender in the process;
5. the sender judges whether to provide related VC certification according to the information provided by the holder;
6. the VC certificate is issued to a holder, and a DID signature of a sender is added before sending;
7. the holder of the identity provides the application with a list of relevant VCs;
8. the signature of the VC list is verified, and if required, the identity holder is allowed to enter the system or be serviced.
Note: VC stands for holder identity characteristic certificate, and one holder can hold multiple VC shares. Each VC represents a different meaning, and a plurality of VCs can only describe the characteristics of the holder and cannot judge the real identity of the holder.
Referring to fig. 5, fig. 5 is a hardware implementation diagram of an identity authentication method based on a block chain according to an embodiment of the present invention.
The hardware system of the identity authentication method based on the block chain is integrally divided into three main levels, namely a basic layer, a service layer and an application layer. After the function expansion, the identity chain is not only used for helping the BaaS networking, but also can be used as an independent system to provide a series of functions and services for the outside. The three layers each play their own role, and each layer has the following main functions:
for the base layer, the base layer is responsible for the base resources of the whole identity chain platform, including the links to the respective cloud resources, and since the identity chain may be deployed to any place, it is required to have a multi-cloud deployment capability consistent with the BaaS platform. At present, Fabric is adopted at the bottom layer of the identity Chain, and switching to JD Chain or forming a cross Chain with JD Chain is considered in the future. Meanwhile, the basic layer has some basic functions of identity and certificate, including identity addition, inquiry and modification, and certificate issuing, inquiry and updating.
For the service layer, the service layer mainly provides various service components of the identity chain system, including an authentication service, an interface service and an identity chain middlebox. The verification service mainly provides identity verification, certificate brightening and login functions, and is convenient for an external system to be docked for use. The interface service is mainly used for interfacing external existing authentication data, so that the external existing authentication data can quickly enter an identity chain environment. The identity chain middle station is used for configuring various functions of an application layer, including configuration of an identity verification page, data fields and the like.
For the application layer, the application layer directly provides service for users, besides basic identity verification, certificate brightening and unified login, the identity chain can be docked into different government applications, and identity series service is provided for scenes such as government affair electronization, compliance audit and emergency supplies. Meanwhile, the identity chain provides a login page, a credit report of an enterprise is provided for a user, and the identity of the IOT equipment can be verified through the page after a hardware identity management function is added.
Referring to fig. 6, fig. 6 is a schematic interface diagram of a data billboard based on a block chain authentication method according to an embodiment of the present invention.
The identity authentication method based on the block chain specifically comprises 3 modules of a data monitoring billboard, account management and certificate management. The account management comprises account management of a certificate issuing party and an application party; certificate management also includes certificates of the issuing party and the applying party.
The first part of the data billboard comprises the total number of registered users, the total number of certificates (which refers to the sum of the numbers of certificates provided by the certificate issuing parties in the system), the total number of application parties, the total number of the certificate issuing parties, the total number of historical authorization and the application amount of the certificates. The second part includes historical transactions, tile height, total run time, number of normal/total nodes, total number of transactions, space occupancy, historical peak TPS.
Referring to fig. 7, fig. 7 is a schematic view illustrating a process of managing an account of a card issuer of the identity authentication method based on a block chain according to an embodiment of the present invention.
In the embodiment of the invention, the account management page of the issuing party displays the number, the organization ID, the organization name, the public key and the creation date of the issuing party, and each page displays ten records according to the creation date from near to far. The issuer account may be added, modified and queried. Wherein the organization ID is used to uniquely identify each prover, and is not repeatable. The name of the organization may be modified. After the newly established licensor account is successful, a chain account and a corresponding public and private key pair are generated.
Referring to fig. 8, fig. 8 is a schematic view illustrating an application account management process of the identity verification method based on a blockchain according to an embodiment of the present invention.
In the embodiment of the invention, the application account management page displays the application number, the organization name, the public key and the creation date, and displays the application number, the organization name, the public key and the creation date in sequence according to the creation date, and each page displays ten records. The application side account can be added, modified and inquired. The public key is used for uniquely identifying each application party and cannot be repeated. The name of the organization can be modified, and the certificate required by the application party is shown on a modification page, and the certificate cannot be edited. After the new application account is created successfully, a chain account and a corresponding public and private key pair are generated.
Referring to fig. 9, fig. 9 is a schematic diagram of an interface of certificate authority certificate management of an identity authentication method based on a block chain according to an embodiment of the present invention; fig. 10 is a second interface diagram of the certificate authority management of the identity authentication method based on the blockchain according to the second embodiment of the present invention.
In an embodiment of the present invention, the prover certificate management page shows the number of the prover certificate, the prover, the certificate name, the creation date, and the validity period. Ten records are presented per page from near to far according to the creation date. Additions, modifications, and queries may be made.
Specifically, when "newly adding a certificate of a certificate issuer" can be clicked, the certificate of the certificate issuer, the name of the certificate, the ID of the certificate and the validity period need to be specified, and a subsequent picture displayed as a head portrait of the certificate in an applet is uploaded, and optional filling items are "description" and "hidden" or not (no for default). The certificate ID is the unique identification of the certificate and can not be repeated. The "hidden or not" field determines that the certificate is only visible to the specified user, if "yes" is selected, the DID of the visible user must be specified. And after the completion of filling and clicking confirmation, secondary confirmation is required in a pop-up window mode, and the user is reminded of whether the check information is correctly filled. Clicking on the "certificate name" can view the certificate details. The < details > page field is identical to the < new issuer certificate > page. Clicking on "modify" may modify the information associated with the certificate, and the name of the issuer and the certificate ID may not be modified.
Referring to fig. 11, fig. 11 is a schematic interface diagram of application-side scenario management of an identity verification method based on a block chain according to an embodiment of the present invention.
In the embodiment of the invention, the application side certificate is managed according to the application scene. The page shows the number of application scenarios, the number of certificates involved, the creation date and the validity period. Ten records are presented per page from near to far according to the creation date. Additions, modifications, and queries may be made.
When clicking the 'new application scene', the name and the validity period of the application scene need to be specified, and then the required certificate can be selected from the certificates provided by the existing certificate issuing parties of the system. And after the completion of filling and clicking confirmation, secondary confirmation is required in a pop-up window mode, and the user is reminded of whether the check information is correctly filled.
And the weight of the VC certificate can also be set, and the specific weight setting logic is as follows: the "weight" is an option, defaults to 1 if not specified. Each application scenario and certificate under that scenario have a weight. As long as the sum of the weights of the certificates required by the application party owned by the user is greater than or equal to the weight of the application scenario, the authentication condition of the application scenario can be satisfied. For example, the weight of an application scenario is 3, the weight of a certificate a required by the application scenario is 2, the weight of a certificate B is 2, the weight of a certificate C is 1, and the weight of a certificate D is 1. A user has only B, C, D three certificates. After the DID is used by the other person to scan the code, the authentication condition of the application scene can be met as long as B + C or B + C + D is authorized. In addition, the expiration date of an application scenario cannot be later than the expiration date of its required certificate.
Referring to fig. 12, fig. 12 is a schematic diagram illustrating a VC certificate in a block chain-based authentication method according to an embodiment of the present invention.
In one embodiment, the VC certificate includes: the certificate comprises a certificate body, a gender certificate, an age interval certificate, an identity validity certificate, an issuing authority certificate and an age expiry preset value certificate. Of course, other VC integers that can prove a characteristic property of a user may be included.
The identity verification method on the block chain based on the block chain provided by the embodiment of the invention ensures the independence of the identity on the participant chain; performing cross-link identity authorization management, and mutually authenticating a certificate issuing party, an application party and a holder to form an identity management closed loop; the identity information on the chain can not be tampered, and the audit node can carry out on-chain audit supervision and authorization, and has the following advantages: (1) the certificate is subdivided, the process of showing evidence is reduced, and the time of obtaining evidence is saved: the user can authorize a plurality of certificates at the same time in a targeted manner according to the scene requirements without disclosing other information; an identity may have a variety of different credentials, but the set of credentials cannot determine a particular person. (2) Mutual authentication between the certificate issuers improves the authority of identity verification and management; (3) the issuing party and the application party mutually authenticate to form a management self-governing closed loop for the identity chain.
The DID client, the application server, and the certificate issuing server provided by the present invention are described below, and the DID client, the application server, and the certificate issuing server described below and the above-described authentication method based on the blockchain may be referred to in correspondence with each other.
Referring to fig. 13, fig. 13 is a schematic diagram illustrating a DID client according to an embodiment of the present invention.
In another embodiment of the present invention, an embodiment of the present invention provides a DID client 1300, including:
an access request module 1310, configured to send an access request to a target application server in response to a login operation of a user to the target application server;
a relationship determining module 1320, configured to receive the required VC certificate list sent by the target application server, and determine whether the required VC certificate list and the local VC certificate list satisfy a preset relationship;
an authority obtaining module 1330, configured to, when the required VC certificate list and the local VC certificate list satisfy a preset relationship, provide the local VC certificate list to the target application server to obtain a usage authority of the target application server;
the required VC certificate list comprises a form of a VC certificate required currently, the local VC certificate list comprises a form of a VC certificate held locally by a user of the DID client, and different VC certificates are used for describing different characteristic attributes of the user.
Referring to fig. 14, fig. 14 is a schematic diagram illustrating an application server according to an embodiment of the present invention.
In another embodiment of the present invention, an application server 1400 includes:
an access receiving module 1410, configured to receive an access request sent by a DID client;
a certificate determining module 1420, configured to determine a required VC certificate list corresponding to the access request;
a list sending module 1430, configured to send the required VC certificate list to the DID client, so that the DID client determines whether the required VC certificate list and the local VC certificate list satisfy a preset relationship;
a list receiving module 1440, configured to receive a local VC certificate list sent by the DID client, and provide a usage right to the DID client when the required VC certificate list and the local VC certificate list satisfy a preset relationship;
the required VC certificate list comprises a form of a VC certificate required currently, the local VC certificate list comprises a form of a VC certificate held locally by a user of the DID client, and different VC certificates are used for describing different characteristic attributes of the user.
Referring to fig. 15, fig. 15 is a schematic diagram illustrating a composition of a certificate issuing server according to an embodiment of the present invention.
In another embodiment of the present invention, an embodiment of the present invention provides a certification server 1500, including:
the certification request module 1510 is configured to receive a certification request sent by a DID client, where the certification request includes a target certificate and an application condition;
a condition auditing module 1520, configured to respond to the certification request, audit the target certificate and the application condition;
and a generating and sending module 1530, configured to generate and send a target certificate to the DID client when the audit is passed.
The embodiment of the invention provides a DID distributed identity authentication DID client, an application server and a certificate issuing server based on a block chain, wherein when a user uses a target application server, whether the user can acquire the authority is determined through a VC certificate list, and the use authority of the target application server is acquired under the condition that the required VC certificate list and a local VC certificate list meet a preset relation, so that the identity authentication can be performed by using a VC certificate, the identity can be conveniently and authoritatively authenticated, and the privacy of identity data can be kept.
Fig. 16 illustrates a physical structure diagram of an electronic device, which may include, as shown in fig. 16: a processor (processor)1610, a communication Interface (Communications Interface)1620, a memory (memory)1630 and a communication bus 1640, wherein the processor 1610, the communication Interface 1620 and the memory 1630 communicate with each other via the communication bus 1640. Processor 1610 may invoke logic instructions in memory 1630 to perform a blockchain-based authentication method comprising:
responding to a login operation of a user on a target application server, and sending an access request to the target application server; receiving a required VC certificate list sent by the target application server, and determining whether the required VC certificate list and a local VC certificate list meet a preset relationship; under the condition that the required VC certificate list and a local VC certificate list meet a preset relation, providing the local VC certificate list for the target application server to obtain the use permission of the target application server; the required VC certificate list comprises a form of a VC certificate required currently, the local VC certificate list comprises a form of a VC certificate held locally by a user of the DID client, and different VC certificates are used for describing different characteristic attributes of the user.
Or receiving an access request sent by a DID client; determining a required VC certificate list corresponding to the access request; sending the required VC certificate list to the DID client so that the DID client can determine whether the required VC certificate list and the local VC certificate list meet a preset relationship; receiving a local VC certificate list sent by the DID client, and providing a use authority for the DID client under the condition that the required VC certificate list and the local VC certificate list meet a preset relationship; the required VC certificate list comprises a form of a VC certificate required currently, the local VC certificate list comprises a form of a VC certificate held locally by a user of the DID client, and different VC certificates are used for describing different characteristic attributes of the user.
Or receiving a certification request sent by a DID client, wherein the certification request comprises a target certificate and application conditions; in response to the certification request, auditing the target certificate and application conditions; and generating and sending a target certificate to the DID client under the condition that the audit is passed.
In addition, the logic instructions in the memory 1630 may be implemented in software functional units and stored in a computer readable storage medium when sold or used as a stand-alone product. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product, which includes a computer program stored on a non-transitory computer-readable storage medium, the computer program including program instructions, when the program instructions are executed by a computer, the computer being capable of executing the block chain based identity authentication method provided by the above methods, the method including:
responding to a login operation of a user on a target application server, and sending an access request to the target application server; receiving a required VC certificate list sent by the target application server, and determining whether the required VC certificate list and a local VC certificate list meet a preset relationship; under the condition that the required VC certificate list and a local VC certificate list meet a preset relation, providing the local VC certificate list for the target application server to obtain the use permission of the target application server; the required VC certificate list comprises a form of a VC certificate required currently, the local VC certificate list comprises a form of a VC certificate held locally by a user of the DID client, and different VC certificates are used for describing different characteristic attributes of the user.
Or receiving an access request sent by a DID client; determining a required VC certificate list corresponding to the access request; sending the required VC certificate list to the DID client so that the DID client can determine whether the required VC certificate list and the local VC certificate list meet a preset relationship; receiving a local VC certificate list sent by the DID client, and providing a use authority for the DID client under the condition that the required VC certificate list and the local VC certificate list meet a preset relationship; the required VC certificate list comprises a form of a VC certificate required currently, the local VC certificate list comprises a form of a VC certificate held locally by a user of the DID client, and different VC certificates are used for describing different characteristic attributes of the user.
Or receiving a certification request sent by a DID client, wherein the certification request comprises a target certificate and application conditions; in response to the certification request, auditing the target certificate and application conditions; and generating and sending a target certificate to the DID client under the condition that the audit is passed.
In yet another aspect, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program that, when executed by a processor, is + implemented to perform the block chain based authentication methods provided above, the method comprising:
responding to a login operation of a user on a target application server, and sending an access request to the target application server; receiving a required VC certificate list sent by the target application server, and determining whether the required VC certificate list and a local VC certificate list meet a preset relationship; under the condition that the required VC certificate list and a local VC certificate list meet a preset relation, providing the local VC certificate list for the target application server to obtain the use permission of the target application server; the required VC certificate list comprises a form of a VC certificate required currently, the local VC certificate list comprises a form of a VC certificate held locally by a user of the DID client, and different VC certificates are used for describing different characteristic attributes of the user.
Or receiving an access request sent by a DID client; determining a required VC certificate list corresponding to the access request; sending the required VC certificate list to the DID client so that the DID client can determine whether the required VC certificate list and the local VC certificate list meet a preset relationship; receiving a local VC certificate list sent by the DID client, and providing a use authority for the DID client under the condition that the required VC certificate list and the local VC certificate list meet a preset relationship; the required VC certificate list comprises a form of a VC certificate required currently, the local VC certificate list comprises a form of a VC certificate held locally by a user of the DID client, and different VC certificates are used for describing different characteristic attributes of the user.
Or receiving a certification request sent by a DID client, wherein the certification request comprises a target certificate and application conditions; in response to the certification request, auditing the target certificate and application conditions; and generating and sending a target certificate to the DID client under the condition that the audit is passed.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (16)
1. An identity authentication method based on a blockchain is applied to a Distributed Identity (DID) client, and the method comprises the following steps:
responding to a login operation of a user on a target application server, and sending an access request to the target application server;
receiving a demand verifiable statement VC certificate list sent by the target application server, and determining whether the demand VC certificate list and a local VC certificate list meet a preset relationship;
under the condition that the required VC certificate list and a local VC certificate list meet a preset relation, providing the local VC certificate list for the target application server to obtain the use permission of the target application server;
the required VC certificate list comprises a form of a VC certificate required currently, the local VC certificate list comprises a form of a VC certificate held locally by a user of the DID client, and different VC certificates are used for describing different characteristic attributes of the user.
2. The blockchain-based identity authentication method according to claim 1, further comprising, after the receiving the list of required VC certificates sent by the target application server:
determining a target demand certificate based on the demand VC certificate list and the local VC certificate list under the condition that the demand VC certificate list and the local VC certificate list do not meet a preset relationship;
sending an attestation request including the target demand certificate to a target attestation server to obtain the target demand certificate.
3. The blockchain-based authentication method according to claim 1,
the sending an access request to a target application server in response to a login operation of a user to the target application server comprises:
receiving a login input of a user at the DID client, wherein the login input comprises: an account number and a password;
responding to the login input, and acquiring a local VC certificate list associated with the user from a block chain network;
receiving login operation of a user on a target application server;
and responding to the login operation, and sending an access request to a target application server.
4. The blockchain-based authentication method according to claim 1, wherein the VC certificate includes: the certificate comprises a certificate body, a gender certificate, an age interval certificate, an identity validity certificate, an issuing authority certificate and an age expiry preset value certificate.
5. The blockchain-based authentication method according to any one of claims 1 to 4,
the determining whether the required VC certificate list and the local VC certificate list meet a preset relationship includes:
determining a target VC certificate existing in the required VC certificate list and the local VC certificate list at the same time;
acquiring a weighted value corresponding to the target VC certificate, and weighting the target VC certificate to obtain a weighted value;
and under the condition that the weighted value is not less than a preset threshold value, determining that the required VC certificate list and the local VC certificate list meet a preset relationship.
6. An identity authentication method based on a blockchain is applied to an application server, and the method comprises the following steps:
receiving an access request sent by a DID client;
determining a required VC certificate list corresponding to the access request;
sending the required VC certificate list to the DID client so that the DID client can determine whether the required VC certificate list and the local VC certificate list meet a preset relationship;
receiving a local VC certificate list sent by the DID client, and providing a use authority for the DID client under the condition that the required VC certificate list and the local VC certificate list meet a preset relationship;
the required VC certificate list comprises a form of a VC certificate required currently, the local VC certificate list comprises a form of a VC certificate held locally by a user of the DID client, and different VC certificates are used for describing different characteristic attributes of the user.
7. The blockchain-based authentication method according to claim 6, further comprising:
receiving management input of a user to an application server;
and responding to the management input, and performing addition, modification or query operation on the application side account on the application server.
8. An identity authentication method based on a blockchain is applied to a certificate issuing server, and the method comprises the following steps:
receiving a certification request sent by a DID client, wherein the certification request comprises a target certificate and application conditions;
in response to the certification request, auditing the target certificate and application conditions;
and generating and sending a target certificate to the DID client under the condition that the audit is passed.
9. The blockchain-based authentication method according to claim 8, further comprising:
receiving a data viewing input of a user;
in response to the data viewing input, displaying at least one of: total number of users, total number of certificates, total number of application servers, total number of certifying servers, total number of historical authorizations, amount of certificate requests, historical transactions, tile height, total run time, number of normal or total nodes, total number of transactions, space occupancy, historical peaks.
10. The blockchain-based authentication method according to claim 8, further comprising:
receiving the management input of a user to a certificate issuing server;
and responding to the management input, and performing addition, modification or query operation on the account number of the certificate issuing party of the certificate issuing server.
11. The blockchain-based authentication method according to claim 8, further comprising:
receiving the management input of a user to a VC certificate;
and responding to the management input, and performing addition, modification or query operation on the VC certificate.
12. A DID client, comprising:
the access request module is used for responding to the login operation of a user on a target application server and sending an access request to the target application server;
the relation judgment module is used for receiving a required VC certificate list sent by the target application server and determining whether the required VC certificate list and a local VC certificate list meet a preset relation or not;
an authority obtaining module, configured to provide the local VC certificate list to the target application server to obtain a usage authority of the target application server when the required VC certificate list and the local VC certificate list satisfy a preset relationship;
the required VC certificate list comprises a form of a VC certificate required currently, the local VC certificate list comprises a form of a VC certificate held locally by a user of the DID client, and different VC certificates are used for describing different characteristic attributes of the user.
13. An application server, comprising:
the access receiving module is used for receiving an access request sent by the DID client;
the certificate determining module is used for determining a required VC certificate list corresponding to the access request;
the list sending module is used for sending the required VC certificate list to the DID client so that the DID client can determine whether the required VC certificate list and the local VC certificate list meet a preset relation or not;
the list receiving module is used for receiving a local VC certificate list sent by the DID client, and providing the use permission for the DID client under the condition that the required VC certificate list and the local VC certificate list meet a preset relationship;
the required VC certificate list comprises a form of a VC certificate required currently, the local VC certificate list comprises a form of a VC certificate held locally by a user of the DID client, and different VC certificates are used for describing different characteristic attributes of the user.
14. A certification server, comprising:
the certification request module is used for receiving a certification request sent by a DID client, wherein the certification request comprises a target certificate and application conditions;
the condition auditing module is used for responding to the certificate issuing request and auditing the target certificate and the application condition;
and the generating and sending module is used for generating and sending the target certificate to the DID client under the condition that the audit is passed.
15. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the block chain based authentication method according to any of claims 1 to 11 are implemented when the processor executes the program.
16. A non-transitory computer readable storage medium, on which a computer program is stored, which, when being executed by a processor, performs the steps of the blockchain-based authentication method according to any one of claims 1 to 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110610855.6A CN113204752A (en) | 2021-06-01 | 2021-06-01 | Identity verification method based on block chain, client and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110610855.6A CN113204752A (en) | 2021-06-01 | 2021-06-01 | Identity verification method based on block chain, client and server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113204752A true CN113204752A (en) | 2021-08-03 |
Family
ID=77024070
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110610855.6A Pending CN113204752A (en) | 2021-06-01 | 2021-06-01 | Identity verification method based on block chain, client and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113204752A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113822636A (en) * | 2021-09-28 | 2021-12-21 | 湖南宸瀚信息科技有限责任公司 | Cargo production management system based on block chain |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2006025162A (en) * | 2004-07-08 | 2006-01-26 | Hitachi Ltd | Certificate verification information managing method based upon transaction |
| CN101547095A (en) * | 2009-02-11 | 2009-09-30 | 广州杰赛科技股份有限公司 | Application service management system and management method based on digital certificate |
| US20120023560A1 (en) * | 2010-07-22 | 2012-01-26 | Brother Kogyo Kabushiki Kaisha | Information processing apparatus |
| US20150106882A1 (en) * | 2012-06-29 | 2015-04-16 | Huawei Technologies Co., Ltd. | Method and device for identity authentication |
| CN109587101A (en) * | 2017-09-29 | 2019-04-05 | 腾讯科技(深圳)有限公司 | A kind of digital certificate management method, device and storage medium |
| CN109670284A (en) * | 2019-02-20 | 2019-04-23 | 中国互联网络信息中心 | User authen method, system, equipment and medium based on block chain and DNSSEC |
| CN109684864A (en) * | 2018-11-05 | 2019-04-26 | 众安信息技术服务有限公司 | A kind of certificate processing method and system based on block chain |
| CN111010372A (en) * | 2019-11-20 | 2020-04-14 | 国家信息中心 | Block chain network identity authentication system, data processing method and gateway equipment |
| CN111066284A (en) * | 2017-10-09 | 2020-04-24 | 华为技术有限公司 | Service certificate management method, terminal and server |
| CN111314085A (en) * | 2020-01-22 | 2020-06-19 | 维沃移动通信有限公司 | Digital certificate verification method and device |
| CN111339518A (en) * | 2020-03-11 | 2020-06-26 | 中电科(天津)网络信息安全有限公司 | Certificate storage method and device, electronic equipment and storage medium |
| US20200274867A1 (en) * | 2015-10-28 | 2020-08-27 | Citrix Systems, Inc. | Systems and methods for policy driven fine grain validation of servers ssl certificate for clientless sslvpn access |
| CN111641615A (en) * | 2020-05-20 | 2020-09-08 | 深圳市今天国际物流技术股份有限公司 | Distributed identity authentication method and system based on certificate |
| CN111884815A (en) * | 2020-08-07 | 2020-11-03 | 上海格尔安全科技有限公司 | Block chain-based distributed digital certificate authentication system |
| CN112700245A (en) * | 2020-12-30 | 2021-04-23 | 标信智链(杭州)科技发展有限公司 | Block chain-based digital mobile certificate application method and device |
-
2021
- 2021-06-01 CN CN202110610855.6A patent/CN113204752A/en active Pending
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2006025162A (en) * | 2004-07-08 | 2006-01-26 | Hitachi Ltd | Certificate verification information managing method based upon transaction |
| CN101547095A (en) * | 2009-02-11 | 2009-09-30 | 广州杰赛科技股份有限公司 | Application service management system and management method based on digital certificate |
| US20120023560A1 (en) * | 2010-07-22 | 2012-01-26 | Brother Kogyo Kabushiki Kaisha | Information processing apparatus |
| US20150106882A1 (en) * | 2012-06-29 | 2015-04-16 | Huawei Technologies Co., Ltd. | Method and device for identity authentication |
| US20200274867A1 (en) * | 2015-10-28 | 2020-08-27 | Citrix Systems, Inc. | Systems and methods for policy driven fine grain validation of servers ssl certificate for clientless sslvpn access |
| CN109587101A (en) * | 2017-09-29 | 2019-04-05 | 腾讯科技(深圳)有限公司 | A kind of digital certificate management method, device and storage medium |
| CN111066284A (en) * | 2017-10-09 | 2020-04-24 | 华为技术有限公司 | Service certificate management method, terminal and server |
| CN109684864A (en) * | 2018-11-05 | 2019-04-26 | 众安信息技术服务有限公司 | A kind of certificate processing method and system based on block chain |
| CN109670284A (en) * | 2019-02-20 | 2019-04-23 | 中国互联网络信息中心 | User authen method, system, equipment and medium based on block chain and DNSSEC |
| CN111010372A (en) * | 2019-11-20 | 2020-04-14 | 国家信息中心 | Block chain network identity authentication system, data processing method and gateway equipment |
| CN111314085A (en) * | 2020-01-22 | 2020-06-19 | 维沃移动通信有限公司 | Digital certificate verification method and device |
| CN111339518A (en) * | 2020-03-11 | 2020-06-26 | 中电科(天津)网络信息安全有限公司 | Certificate storage method and device, electronic equipment and storage medium |
| CN111641615A (en) * | 2020-05-20 | 2020-09-08 | 深圳市今天国际物流技术股份有限公司 | Distributed identity authentication method and system based on certificate |
| CN111884815A (en) * | 2020-08-07 | 2020-11-03 | 上海格尔安全科技有限公司 | Block chain-based distributed digital certificate authentication system |
| CN112700245A (en) * | 2020-12-30 | 2021-04-23 | 标信智链(杭州)科技发展有限公司 | Block chain-based digital mobile certificate application method and device |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113822636A (en) * | 2021-09-28 | 2021-12-21 | 湖南宸瀚信息科技有限责任公司 | Cargo production management system based on block chain |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI717728B (en) | Identity verification and login method, device and computer equipment | |
| CN101120351B (en) | Derivative seeds distribution method | |
| EP2442204A1 (en) | System and method for privilege delegation and control | |
| CN111787530B (en) | Block chain digital identity management method based on SIM card | |
| CN108769230B (en) | Transaction data storage method, device, server and storage medium | |
| CN112000744B (en) | Signature method and related equipment | |
| CN110049048B (en) | Data access method, equipment and readable medium for government affair public service | |
| CN106357629B (en) | Intelligent terminal identity authentication and single sign-on system and method based on digital certificate | |
| CN105554018B (en) | Genuine cyber identification verification method | |
| CN113360862A (en) | Unified identity authentication system, method, electronic device and storage medium | |
| CN105207780A (en) | User authentication method and device | |
| CN103685244A (en) | Differentiated authentication method and differentiated authentication device | |
| CN108900309A (en) | A kind of method for authenticating and right discriminating system | |
| EP3686829A1 (en) | Device control method, and related device for same | |
| CN108881121A (en) | A kind of P2P credit based on mobile Internet mutually sees system and method | |
| CN110020869A (en) | For generating the method, apparatus and system of block chain authorization message | |
| KR20220006234A (en) | Method for creating decentralized identity able to manage user authority and system for managing user authority using the same | |
| CN111541657A (en) | Block chain-based safety position verification method | |
| CN113204752A (en) | Identity verification method based on block chain, client and server | |
| CN109981736A (en) | A kind of dynamic public audit method for supporting user and Cloud Server to trust each other | |
| CN111931230A (en) | Data authorization method and device, storage medium and electronic device | |
| US20230016488A1 (en) | Document signing system for mobile devices | |
| CN113139209B (en) | Verification credential realization method and system based on atomic signature | |
| CN112036884B (en) | Signature method and related equipment | |
| CN109428725A (en) | Information processing equipment, control method and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |