CN113326535B

CN113326535B - Information verification method and device

Info

Publication number: CN113326535B
Application number: CN202110609105.7A
Authority: CN
Inventors: 赵文强; 李艳鹏; 陆旭明; 林渝淇
Original assignee: Alipay Hangzhou Information Technology Co Ltd; Ant Blockchain Technology Shanghai Co Ltd
Current assignee: Alipay Hangzhou Information Technology Co Ltd; Ant Blockchain Technology Shanghai Co Ltd
Priority date: 2021-06-01
Filing date: 2021-06-01
Publication date: 2022-05-17
Anticipated expiration: 2041-06-01
Also published as: CN113326535A

Abstract

The application provides an information verification method and device, and the method comprises the following steps: a user initiates a service request through a client, wherein the service request at least comprises a data abstract of user privacy data; the trusted data verification system performs trusted data verification on the user private data based on the data abstract, and generates a first zero knowledge proof that the user private data is trusted data based on a preset first zero knowledge proof algorithm when the user private data passes the trusted data verification; and the third-party service system verifies the first zero-knowledge proof based on a first zero-knowledge proof algorithm and executes further service processing corresponding to the service request when the verification is passed. Based on the technical scheme, the abstract of the user privacy data replaces the plaintext of the user privacy data, so that the privacy data can be prevented from being leaked in the information transmission process, and the verification of the privacy data is not influenced; by introducing zero-knowledge proof, the trust problem of a third-party service system on a trusted data verification system is solved.

Description

Information verification method and device

Technical Field

The present application relates to the field of information security technologies, and in particular, to an information verification method and apparatus.

Background

Currently, in a service processing system, a user may send a service request to a data management platform through a client, and then the data management platform sends the service request to a third-party service system, so that the third-party service system performs corresponding service processing.

Often, third party business systems want the information carried in the business request to be truly valid. Therefore, the data management platform can be connected with an external trusted data verification system, the trusted data verification system can be used for carrying out trusted verification on the information carried by the service request, and the service request and the trusted verification result are returned to the third-party service system, so that the third-party service system can carry out corresponding service processing according to the verification result of the trusted data verification system.

Disclosure of Invention

In view of this, the present application provides an information verification method and apparatus, so as to complete trusted data verification on the premise of guaranteeing privacy, and enable a third-party service system to verify the authenticity of data through zero-knowledge proof.

Specifically, the method is realized through the following technical scheme:

in a first aspect, the present application provides an information verification method, which is applied to a data management platform, where the data management platform interfaces a client, a trusted data verification system, and a third-party service system; the method comprises the following steps:

receiving a service request initiated by a user through a client; the service request at least comprises a data summary of user private data uploaded by the user;

the service request is sent to a trusted data verification system, so that the trusted data verification system performs trusted data verification on the user privacy data based on the data abstract, and when the user privacy data passes the trusted data verification, a first zero knowledge proof that the user privacy data is trusted data is generated based on a preset first zero knowledge proof algorithm;

and receiving the first zero knowledge proof returned by the trusted data verification system, sending the service request and the first zero knowledge proof to the third-party service system, verifying the first zero knowledge proof by the third-party service system based on the first zero knowledge proof algorithm, and executing further service processing corresponding to the service request when the verification is passed.

In a second aspect, the present application further provides an information verification method, which is applied to a third-party service system, where the third-party service system is docked with a data management platform, and the data management platform is docked with a client and a trusted data verification system; the method comprises the following steps:

receiving a service request sent by a data management platform through a client and a first zero knowledge proof; the service request at least comprises a data summary of user privacy data uploaded by the user; the first zero-knowledge proof comprises that a trusted data verification system carries out trusted data verification on the user private data based on the data abstract, and when the user private data passes the trusted data verification, a first zero-knowledge proof that the user private data is trusted data is generated based on a preset first zero-knowledge proof algorithm;

and verifying the first zero knowledge proof based on the first zero knowledge proof algorithm, and executing further business processing corresponding to the business request when the verification is passed.

In a third aspect, the present application further provides an information verification apparatus, which is applied to a data management platform, where the data management platform interfaces a client, a trusted data verification system, and a third-party service system; the device includes:

the first receiving unit is used for receiving a service request initiated by a user through a client; the service request at least comprises a data summary of user privacy data uploaded by the user;

the first sending unit is used for sending the service request to a trusted data verification system, so that the trusted data verification system performs trusted data verification on the user private data based on the data abstract, and when the user private data passes the trusted data verification, a first zero knowledge proof that the user private data is trusted data is generated based on a preset first zero knowledge proof algorithm;

the second receiving unit is used for receiving the first zero-knowledge proof returned by the trusted data verification system;

and the second sending unit is used for sending the service request and the first zero knowledge proof to the third-party service system, so that the third-party service system verifies the first zero knowledge proof based on the first zero knowledge proof algorithm, and executes further service processing corresponding to the service request when the verification is passed.

In a fourth aspect, the present application further provides an information verification apparatus, which is applied to a third-party service system, where the third-party service system is docked with a data management platform, and the data management platform is docked with a client and a trusted data verification system; the device comprises:

the receiving unit is used for receiving a service request sent by a data management platform through a client and a first zero knowledge proof; the service request at least comprises a data summary of user privacy data uploaded by the user; the first zero-knowledge proof comprises that a trusted data verification system carries out trusted data verification on the user privacy data based on the data abstract, and when the user privacy data passes the trusted data verification, a first zero-knowledge proof that the user privacy data is trusted data is generated based on a preset first zero-knowledge proof algorithm;

and the verification unit is used for verifying the first zero knowledge proof based on the first zero knowledge proof algorithm and executing further business processing corresponding to the business request when the verification is passed.

The technical scheme provided by the embodiment of the application can have the following beneficial effects:

on one hand, the abstract of the user privacy data replaces the plaintext of the user privacy data, so that the privacy data can be prevented from being leaked in the information transmission process, and the verification of the privacy data is not influenced; on the other hand, the trust problem of the third-party service system to the trusted data verification system is solved by introducing zero-knowledge proof.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

FIG. 1 is a schematic diagram illustrating a data processing flow according to an exemplary embodiment of the present application;

FIG. 2 is a flow chart of a method of information verification shown in an exemplary embodiment of the present application;

FIG. 3 is a flow chart illustrating a verification of a second zero knowledge proof according to an exemplary embodiment of the present application;

FIG. 4 is a flow chart illustrating another method of information verification according to an exemplary embodiment of the present application;

FIG. 5 is a schematic diagram of a method of information verification shown in an exemplary embodiment of the present application;

fig. 6 is a hardware configuration diagram of an electronic device in which an information verification apparatus according to an exemplary embodiment of the present application is installed;

FIG. 7 is a block diagram of an information verification device shown in an exemplary embodiment of the present application;

fig. 8 is a block diagram of another information authentication apparatus according to an exemplary embodiment of the present application.

Detailed Description

Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the application, as detailed in the appended claims.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.

It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.

Currently, in a service processing system, a user initiates a service request through a client, and then the data management platform sends the service request to a third-party service system, so that the third-party service system performs corresponding service processing.

However, there may be unreal information in the information carried in the service request initiated by the user, and the third-party service system cannot distinguish the forged information.

Therefore, the data management platform can be connected with an external trusted data verification system, and the trusted data verification system can be used for performing trusted verification on the information carried by the service request, so that the third-party service system can perform corresponding service processing according to the verification result of the trusted data verification system.

Referring to fig. 1, fig. 1 is a schematic diagram illustrating a data processing flow according to an exemplary embodiment of the present application; as shown in fig. 1, the following steps may be included:

a user uploads user privacy data to a data management platform through a client;

the data management platform forwards the user private data to a trusted data verification system;

the trusted data verification system verifies the user privacy data;

the trusted data verification system returns a verification result to the data management platform;

and the data management platform sends the verification result to a third-party service system.

In the process, on one hand, the user privacy data are transmitted in multiple links by using plaintext, so that the user privacy data have great leakage risk; on the other hand, even if the third-party service system acquires the verification result of the trusted data verification system, the authenticity of the verification result cannot be determined, and the verification result cannot be completely trusted.

In view of this, the present application provides a technical solution for verifying the trusted data of the user private data based on the data digest of the user private data, and generating a zero-knowledge proof that the user private data is the trusted data, so that the zero-knowledge proof is verified by the third-party service system.

During implementation, the data management platform receives a service request initiated by a user through a client;

the service request at least comprises a data summary of user privacy data uploaded by the user;

For example, when a transport driver initiates a transport service settlement request, the data abstract of the license plate number can be generated without revealing the license plate number of the transport driver; the credible data verification system searches whether a license plate number matched with the locally stored license plate number exists in the locally stored license plate numbers, and if yes, a first zero knowledge proof of the license plate number is generated; and the third-party service system verifies the first zero-knowledge proof, and if the verification is passed, the third-party service system processes the transportation service settlement request.

In the technical scheme, on one hand, the abstract of the user privacy data replaces the plaintext of the user privacy data, so that the privacy data can be prevented from being leaked in the information transmission process, and the verification of the privacy data is not influenced; on the other hand, the trust problem of the third-party service system to the trusted data verification system is solved by introducing zero-knowledge proof.

Next, examples of the present application will be described in detail.

Referring to fig. 2, fig. 2 is a flowchart illustrating an information verification method according to an exemplary embodiment of the present application, and as shown in fig. 2, the method is applied to a data management platform and includes the following steps:

step 201: receiving a service request initiated by a user through a client; the service request at least comprises a data summary of user privacy data uploaded by the user;

step 202: the service request is sent to a trusted data verification system, so that the trusted data verification system performs trusted data verification on the user privacy data based on the data abstract, and when the user privacy data passes the trusted data verification, a first zero knowledge proof that the user privacy data is trusted data is generated based on a preset first zero knowledge proof algorithm;

step 203: and receiving the first zero knowledge proof returned by the trusted data verification system, sending the service request and the first zero knowledge proof to the third-party service system, verifying the first zero knowledge proof by the third-party service system based on the first zero knowledge proof algorithm, and executing further service processing corresponding to the service request when the verification is passed.

The data management platform is in butt joint with a client, a trusted data verification system and a third-party service system;

in this embodiment, a user initiates a service request through a client, and sends the service request to a data management platform.

The service request at least comprises a data summary of the user privacy data uploaded by the user.

For example, the client may calculate a hash value of the user privacy data based on a specific hash algorithm, and add the hash value to the service request and send the service request to the data management platform.

The service request may include any type of service request, for example, a transport service request;

accordingly, the service request may carry related service data, for example, still taking the transport service request as an example, the service data may include a transport company, a transport route, a type of transport goods, and the like.

In one illustrated embodiment, the service request comprises a transportation service request, the third party service system comprises a transportation settlement system, and the user privacy data comprises a license plate number.

The client may include an APP client running on the terminal device.

In one embodiment shown, the data management platform has access to a blockchain; and the data management platform at least issues the data abstract of the user privacy data to the block chain for data storage.

The data is stored in the blockchain, which means that the data is stored in the blockchain as an evidence in a persistent manner.

The block chain may specifically include a private chain, a common chain, a federation chain, and the like, and is not particularly limited in this specification.

For example, in one scenario, the block chain may specifically be a federation chain formed by a server of a third-party service system, a server of a trusted data verification system, a server of a data management platform, and several user node devices as member devices. An operator of the federation chain may rely on the federation chain to deploy online services such as federation chain-based transfers, asset transfers, and the like online.

The terminal device may include any terminal device capable of being used as a node device to join a block chain and storing collected data on the block chain;

for example, in practical applications, the terminal device may specifically include a vehicle-mounted computer, an intelligent portable device, and the like. The vehicle-mounted computer and the intelligent portable device can be used as nodes to be added into the block chain, and collected vehicle running routes, vehicle state data and the like are stored on the block chain.

In this embodiment, the data management platform responds to a service request initiated by a user, and forwards the service request to the trusted data verification system;

and the credible data verification system carries out credible data verification on the user privacy data based on the data abstract of the user privacy data carried in the service request, and generates a first zero-knowledge proof that the user privacy data is credible data based on a preset first zero-knowledge proof algorithm when the user privacy data passes the credible data verification.

Specifically, the trusted data verification system may search, in a data digest list of the locally stored user private data, whether a data digest matching the received data digest of the user private data exists, and if so, may determine that the user private data passes the trusted data verification.

It should be noted that the hash algorithm used by the client to calculate the data digest of the user private data is consistent with the hash algorithm used by the trusted data verification system to calculate the data digest of the locally stored user private data, and details are not repeated in the following.

For example, the trusted data verification system generates a corresponding hash value for the locally stored user privacy data, creates a hash list, and when receiving the hash value sent by the data management platform, can search whether a consistent hash value exists in the hash list, and if so, it indicates that the locally stored user privacy data of the trusted data verification system is completely consistent with the user privacy data owned by the user, and the user really owns the real user privacy data.

Further, when the user privacy data passes the trusted verification, the trusted data verification system may generate, based on a preset first zero-knowledge proof algorithm, a first zero-knowledge proof that the user privacy data is the trusted data.

The Zero-Knowledge Proof (Zero-Knowledge Proof) is a probability-based verification method, which means that the prover lets the verifier believe that an assertion is true, and the whole process does not reveal any Knowledge beyond "assertion is true".

That is, a zero knowledge proof means that the prover can convince the verifier that some argument is correct by providing publicable information without providing the verifier with any useful knowledge. As the name implies, zero knowledge proof can prove that the conclusion is correct, and no knowledge is revealed, namely, the knowledge provided for the outside world is zero.

In practical applications, a developer can obtain, through a zero-knowledge proof development tool, a proof generation program for a prover to generate a proof, and a proof verification program for a verifier to verify the proof.

In this embodiment, the trusted data verification system generates a first zero knowledge proof based on a proof generation program corresponding to a preset first zero knowledge proof algorithm and returns the first zero knowledge proof to the data management platform; the data management platform sends the service request and the first zero knowledge certificate to a third-party service system;

and the third-party service system verifies the first zero-knowledge proof based on a proof verification program corresponding to a preset first zero-knowledge proof algorithm, and executes further service processing corresponding to the service request when the verification is passed.

For example, the trusted data verification system serves as a prover, the third-party service system serves as a verifier, and the trusted data verification system needs to provide publicable information without revealing any knowledge, so that the third-party service system can trust the result of trusted data verification of the user privacy data by the trusted data verification system through information verification zero-knowledge proof.

Similarly, when the trusted data verification system performs trusted data verification on the user private data, although whether the corresponding user private data is locally stored in the trusted data verification system can be verified based on the data digest, it cannot be determined whether the user really owns the user private data.

Thus, zero-knowledge proof may be utilized for proving that the user does have the user privacy data.

In an embodiment shown, the data management platform may receive a second zero-knowledge proof that the user owns the user private data, which is generated by the user through a preset second zero-knowledge proof algorithm, and send the second zero-knowledge proof to the trusted data verification system, so that the trusted data verification system verifies the second zero-knowledge proof based on the second zero-knowledge proof algorithm.

For example, the user generates a second zero knowledge proof based on a proof generating program corresponding to a preset second zero knowledge proof algorithm and returns the second zero knowledge proof to the data management platform; the data management platform sends the second zero-knowledge proof to the trusted data verification system; and the credible data verification system verifies the second zero-knowledge certificate based on a certificate verification program corresponding to a preset second zero-knowledge certificate algorithm, and trusts that the user has the user private data when the verification is passed, so that credible data verification is further performed on the user private data.

In one illustrated embodiment, the second zero-knowledge proof algorithm includes:

calculating a data summary of the user privacy data;

signing the data abstract of the user privacy data based on a user private key corresponding to the user to obtain a user information signature;

and verifying the user information signature based on the user public key corresponding to the user, and determining the data abstract of the user privacy data.

Specifically, when the second zero-knowledge proof is generated, the input parameters may be a private parameter and a public parameter:

private parameters: a user private key;

the common parameters are as follows: the data abstract of the user privacy data, the user information signature, the user privacy data and the user public key;

the computational logic of the preset second zero knowledge proof algorithm may be:

calculating a data abstract of the user private data according to a specific hash algorithm;

signing the data abstract of the user privacy data based on a user private key owned by the user to obtain a user information signature;

and verifying the user information signature based on the user public key corresponding to the user private key to obtain the data abstract of the user private data.

Further, based on the preset second zero-knowledge proof algorithm, a proof generation program for a user to generate a proof and a proof verification program for a trusted data verification system to verify the proof can be obtained through a zero-knowledge proof development tool.

Wherein, after the user inputs the input parameters into the proof generating program, a second zero knowledge proof can be generated; the trusted data verification system can verify the second zero-knowledge proof by acquiring the public parameters and inputting the public parameters into the proof verification program, and determines whether the user has the user privacy data according to the verification result; if the verification is passed, the conclusion that the user owns the user private data is true, and if the verification is not passed, the conclusion that the user owns the user private data is false.

Because the trusted data verification system needs to acquire the public parameters as input when verifying the second zero-knowledge proof, in order to further improve the security, the trusted data verification system can acquire the user public key corresponding to the user private key by acquiring the digital certificate issued by a special certificate certification authority.

In an embodiment shown, the user applies for a user certificate corresponding to the user from a certificate authority, where the user certificate includes a user public key corresponding to the user.

For example, a user may apply for a user certificate corresponding to the user from a certificate authority, where the certificate includes a public key and related information in a public-private key pair owned by the user;

after verifying the identity of the user and confirming that the public key is correct, the certificate certification authority signs the public key and the related information of the user by using the private key of the certificate certification authority to generate a user certificate corresponding to the user;

when the trusted data verification system obtains the user certificate, the user certificate can be verified according to the public key of the certificate certification authority, so that the user public key is obtained.

Further, the trusted data verification system can further determine the public parameters by acquiring a user certificate and a user information signature.

In one illustrated embodiment, the service request further includes the user certificate and the user information signature;

the trusted data verification system verifies the second zero-knowledge proof based on the second zero-knowledge proof algorithm, including:

the trusted data verification system receives the user certificate and the user information signature;

the trusted data verification system determines a user public key corresponding to the user according to the user certificate;

verifying the user information signature based on a user public key corresponding to the user, and determining a data summary of the user privacy data;

according to the determined data abstract of the user privacy data, matching a data abstract list locally stored by the trusted data verification system, and determining the user privacy data locally stored by the trusted data verification system;

and verifying the second zero knowledge proof according to the data digest of the user privacy data, the user information signature, the user privacy data and the user public key.

Referring to fig. 3, fig. 3 is a flow chart illustrating a verification of the second zero knowledge proof according to an exemplary embodiment of the present application, and the method shown in fig. 3 includes the following steps:

step 301: the trusted data verification system can acquire a user certificate and a user information signature through a service request forwarded by the data management platform; the user certificate and the user information signature can be added to service data carried by the service request;

step 302: the trusted data verification system acquires a user public key corresponding to a user in a user certificate by using a public key provided by a certificate certification authority;

step 303: verifying the user information signature by using a user public key corresponding to the user to determine a data abstract of the user private data;

step 304: according to the determined data abstract of the user privacy data, matching a data abstract list locally stored by the trusted data verification system, and determining the user privacy data locally stored by the trusted data verification system;

through the

step

301 and 304, the trusted data verification system obtains the data summary of the user private data, the user information signature, the user private data and the user public key, that is, the public parameter input when the second zero knowledge proof is generated;

step 305: the trusted data verification system verifies the second zero-knowledge proof based on the obtained public parameters.

After the trusted data verification system verifies the second zero-knowledge proof, the trusted data verification system may determine that the user possesses the user privacy data.

In addition, in the verification process, by comparing the data digests of the user privacy data with the data digests of the user privacy data locally stored in the trusted data verification system in step 304, when the comparison results of the two data digests are consistent, it can be determined that the user privacy data owned by the user is consistent with the user privacy data locally stored in the trusted data verification system, that is, the authenticity of the user privacy data owned by the user can be demonstrated.

Further, the trusted data verification system may determine the following two points: firstly, the user really has the user privacy data, and secondly, the user privacy data owned by the user is verified by the trusted data verification system to be authentic and trusted;

based on the two points, the trusted data verification system can generate the first zero-knowledge proof that the user privacy data is the trusted data based on a preset first zero-knowledge proof algorithm.

In one illustrated embodiment, the first zero-knowledge proof algorithm comprises:

calculating a trusted data abstract corresponding to a trusted data verification system according to the data abstract of the user privacy data, the user information signature, the user privacy data and the user public key;

signing the trusted data abstract based on a trusted private key corresponding to the trusted data verification system to obtain a trusted information signature;

and verifying the trusted information signature based on a trusted public key corresponding to the trusted data verification system, and determining the trusted data abstract.

Specifically, when the first zero-knowledge proof is generated, the input parameters may be a private parameter and a public parameter:

private parameters: the system comprises a trusted private key, a user information signature, a trusted data summary, a trusted information signature and user privacy data;

the common parameters are as follows: the data abstract of the user privacy data, a user public key and a credible public key;

the computational logic of the preset first zero knowledge proof algorithm may be:

calculating a user information signature, a data abstract of user privacy data, a user public key and a credible data abstract of sensitive information according to a specific Hash algorithm;

and verifying the trusted information signature based on the trusted public key corresponding to the trusted private key to obtain the trusted data abstract.

Further, based on the preset first zero knowledge proof algorithm, a proof generation program for generating a proof by the trusted verification system and a proof verification program for verifying the proof by the third-party service system can be obtained through the zero knowledge proof development tool.

After the input parameters are input into the certification generating program, the trusted verification system can generate a first zero-knowledge certification; the third-party service system can verify the first zero-knowledge certificate by acquiring the public parameters and inputting the public parameters into the certificate verification program, and determines whether the user privacy data owned by the user is true and credible according to the verification result; if the verification is passed, the true and credible conclusion of the user privacy data owned by the user is true, and if the verification is not passed, the true and credible conclusion of the user privacy data owned by the user is false.

Since the third-party service system needs to acquire the public parameter as input when verifying the first zero-knowledge proof, in order to further improve the security, the third-party service system can acquire the trusted public key corresponding to the trusted private key by acquiring the digital certificate issued by a special certificate certification authority.

In an embodiment shown in the figure, the trusted data verification system applies for a trusted certificate corresponding to the trusted data verification system to the certificate authority, where the trusted certificate includes a trusted public key corresponding to the trusted data verification system.

For example, the trusted data verification system applies a trusted certificate corresponding to the trusted data verification system to a certificate certification authority, where the certificate includes a public key and related information in a public-private key pair owned by the trusted data verification system;

after verifying the identity of the trusted data verification system and confirming that the public key is correct, the certificate certification authority signs the public key and related information of the trusted data verification system by using the private key of the certificate certification authority to generate a trusted certificate corresponding to the trusted data verification system;

when the third-party service system obtains the trusted certificate, the user certificate can be checked according to the public key of the certificate certification authority, so that the trusted public key is obtained.

Further, the third-party service system may determine the trusted public key by acquiring the trusted certificate, and may also determine the user public key by acquiring the user certificate. In addition, the third-party service system can determine the data summary of the user privacy data based on the service request.

Through the process, the third-party service system can determine the public parameters proved by the first zero knowledge: and verifying the first zero knowledge certificate based on the public parameters.

In one embodiment, the third-party service system verifies the first zero-knowledge proof based on the first zero-knowledge proof algorithm, and the method includes:

the third-party service system receives the user certificate, the data summary of the user privacy data and the trusted certificate returned to the data management platform by the trusted data verification system;

determining a trusted public key corresponding to the trusted data source according to the trusted certificate, and determining a user public key corresponding to the user according to the user certificate;

and verifying the first zero knowledge proof according to the data abstract of the user privacy data, the credible public key and the user public key.

Referring to fig. 4, fig. 4 is a flowchart illustrating another information verification method according to an exemplary embodiment of the present application, and as shown in fig. 4, the method is applied to a third-party service system, and includes the following steps:

step 401: receiving a service request sent by a data management platform through a client and a first zero knowledge proof; the service request at least comprises a data summary of user privacy data uploaded by the user; the first zero-knowledge proof comprises that a trusted data verification system carries out trusted data verification on the user privacy data based on the data abstract, and when the user privacy data passes the trusted data verification, a first zero-knowledge proof that the user privacy data is trusted data is generated based on a preset first zero-knowledge proof algorithm;

step 402: and verifying the first zero knowledge proof based on the first zero knowledge proof algorithm, and executing further business processing corresponding to the business request when the verification is passed.

The third-party service system is connected with a data management platform, and the data management platform is connected with a client and a trusted data verification system.

In this embodiment, before sending the service request initiated by the user through the client and the first zero knowledge proof to the third-party service system, the data management platform needs to receive the service request initiated by the user through the client and the first zero knowledge proof sent by the trusted data verification system.

Specifically, the trusted data verification system performs trusted data verification on the user private data based on the data abstract, and generates a first zero knowledge proof that the user private data is trusted data based on a preset first zero knowledge proof algorithm when the user private data passes the trusted data verification.

In this embodiment, the third-party service system verifies the first zero-knowledge proof based on the first zero-knowledge proof algorithm, and executes further service processing corresponding to the service request when the verification passes.

In an embodiment shown, the trusted data verification system may receive a second zero-knowledge proof that the user possesses the user private data, which is sent by the data management platform and generated by the user through a preset second zero-knowledge proof algorithm, and verify the second zero-knowledge proof based on the second zero-knowledge proof algorithm.

calculating a data summary of the user privacy data;

verifying the second zero knowledge proof based on the second zero knowledge proof algorithm, comprising:

and verifying the second zero knowledge proof according to the data digest of the user privacy data, the user information signature, the user privacy data and the user public key verification.

In one illustrated embodiment, verifying the first zero-knowledge proof based on the first zero-knowledge proof algorithm includes:

and verifying the correctness of the first zero knowledge proof according to the data abstract of the user privacy data, the credible public key and the user public key.

For the specific processes of the above embodiments, reference may be made to the foregoing method embodiments, which are not described herein again.

Referring to fig. 5, fig. 5 is a schematic diagram of an information verification method according to an exemplary embodiment of the present application. As shown in fig. 5, the data management platform interfaces a client, a trusted data verification system, and a third-party service system, and the method may include the following steps:

step 1.1: the user initiates a service request through the client.

The service request at least comprises a data summary of user privacy data uploaded by the user; service data associated with the service request may also be included.

Step 1.2: and generating a second zero knowledge proof of the user with the user privacy data by the user through a proof generating program corresponding to a preset second zero knowledge proof algorithm.

Wherein, the preset second zero knowledge proof algorithm comprises:

calculating a data summary of the user privacy data;

Further, when generating the second zero-knowledge proof, the parameters input to the generating program may include two parts, namely a private parameter and a public parameter:

the private parameters may include a user private key;

the public parameters can comprise a data summary of the user privacy data, a user information signature, the user privacy data and a user public key;

Step 1.3: the user applies for the user certificate corresponding to the user from the certificate certification authority.

Wherein the user certificate includes a user public key corresponding to the user.

Step 1.4: and the user sends the service request and the second zero-knowledge proof to the data management platform.

Wherein, the service request also includes the user certificate and user information signature in the above steps;

in the above process, the user hopes to respond the service request initiated by the user by the third-party service system through the trusted verification of the trusted data verification system on the premise of not revealing the private data of the user, so as to perform corresponding service processing.

Step 2: and the data management platform forwards the received service request and the second zero-knowledge proof to the trusted data verification system.

In addition, the data management platform can access the block chain and at least release the data abstract of the user privacy data to the block chain for data storage.

Step 3.1: and the trusted data verification system determines a user public key corresponding to the user according to the user certificate.

Step 3.2: the trusted data verification system verifies the user information signature based on the user public key corresponding to the user and determines the data abstract of the user private data.

Step 3.3: and the trusted data verification system matches the data abstract list locally stored by the trusted data verification system according to the determined data abstract of the user privacy data, and determines the user privacy data locally stored by the trusted data verification system.

Step 3.4: and the trusted data verification system verifies the second zero knowledge proof based on a proof verification program corresponding to the second zero knowledge proof algorithm.

Specifically, the trusted data verification system can verify the trusted data by obtaining the public parameters: inputting the data abstract of the user privacy data, the user information signature, the user privacy data and the user public key into a certification verification program, verifying the second zero-knowledge certification, and determining whether the user has the user privacy data according to a verification result; if the verification is passed, the conclusion that the user owns the user private data is true, and if the verification is not passed, the conclusion that the user owns the user private data is false.

Step 3.5: when the second zero-knowledge proof passes the verification, the trusted data verification system generates a first zero-knowledge proof with the user privacy data as the trusted data based on a generating program corresponding to a preset first zero-knowledge proof algorithm.

Wherein, the preset first zero knowledge proof algorithm comprises:

Further, when generating the first zero-knowledge proof, the parameters input to the generating program may include two parts, namely a private parameter and a public parameter:

the private parameters may include a trusted private key, a user information signature, a trusted data digest, a trusted information signature, and user privacy data;

the public parameters may include a data digest of the user privacy data, a user public key, and a trusted public key;

Step 3.6: and the trusted data verification system applies a trusted certificate corresponding to the trusted data verification system to a certificate certification authority.

And the trusted certificate comprises a trusted public key corresponding to the trusted data verification system.

Step 3.7: and the trusted data verification system sends the first zero-knowledge proof and the trusted certificate to the data management platform.

Wherein, the data management platform can add the trusted certificate to the service request.

And 4, step 4: and the data management platform sends the service request and the first zero-knowledge proof to a third-party service system.

Step 5.1: and the third-party service system determines the user certificate, the data abstract of the user privacy data and the credible certificate according to the service request.

Step 5.2: and the third-party service system determines a trusted public key corresponding to the trusted data source according to the trusted certificate and determines a user public key corresponding to the user according to the user certificate.

Step 5.3: and the third-party service system verifies the first zero-knowledge proof based on a proof verification program corresponding to the first zero-knowledge proof algorithm.

Specifically, the third-party service system may obtain the public parameters: and inputting the data abstract, the credible public key and the user public key of the user privacy data into a certification verification program to verify the first zero knowledge certification.

Step 5.4: and when the first zero knowledge proof passes the verification, the third-party service system executes further service processing corresponding to the service request.

In the technical scheme, on one hand, the abstract of the user privacy data replaces the plaintext of the user privacy data, so that the privacy data can be prevented from being leaked in the information transmission process, and meanwhile, the verification of the privacy data is not influenced; on the other hand, the trust problem of the third-party service system to the trusted data verification system is solved by introducing zero-knowledge proof.

Next, an information verification method provided in the embodiment of the present application is described again with reference to a scenario of a transportation logistics settlement service.

In this embodiment, the data management platform interfaces the client, the trusted data verification system, and the third-party service system; the third-party service system may include a transportation settlement system, and the user privacy data may include a license plate number.

It should be noted that, in order to improve the verification efficiency, some non-private data, such as a carrier, a transportation route, etc., which are also stored in the trusted data verification system, may be added to the service request as auxiliary information.

The following steps are described from three aspects of the client, the trusted data verification system and the transportation settlement system:

a client:

step 1.1: after the driver arrives at the destination, the driver can initiate a transportation settlement request through a terminal device provided with a client, such as an on-board computer, an intelligent portable device and the like.

The transportation settlement request can carry the hash value of the license plate number corresponding to the vehicle driven by the driver and auxiliary information: the driver belongs to the transportation company and the transportation route of the trip.

Step 1.2: and the client generates a second zero-knowledge proof of the user with the user privacy data through a proof generating program corresponding to a preset second zero-knowledge proof algorithm.

Wherein, the preset second zero knowledge proof algorithm comprises:

calculating the hash value of the license plate number;

signing the hash value of the license plate number based on a private key of the driver to obtain a digital signature of the driver;

and verifying the digital signature of the driver based on the public key of the driver, and determining the hash value of the license plate number.

the private parameters may include a driver private key;

public parameters can comprise a hash value of a license plate number, a driver digital signature, the license plate number and a driver public key;

calculating the hash value of the license plate number according to a specific hash algorithm;

and verifying the digital signature of the driver based on the public driver key corresponding to the private driver key to obtain the hash value of the license plate number.

Step 1.3: and the client sends the transportation settlement request and the second zero-knowledge proof to the data management platform.

The transportation settlement request comprises a driver digital signature and a driver digital certificate corresponding to the driver, which is applied to a certificate certification authority in advance, wherein the driver digital certificate comprises a driver public key corresponding to the driver.

Trusted data verification system:

step 2.1: and receiving the transportation settlement request and the second zero-knowledge proof forwarded by the data management platform.

Step 2.2: and determining a driver public key corresponding to the driver according to the driver digital certificate carried in the transportation settlement request.

Step 2.3: and verifying the digital signature of the driver based on the public key of the driver, and determining the hash value of the license plate number.

Step 2.4: and matching the hash list locally stored by the trusted data verification system and the auxiliary information database according to the determined hash value and the auxiliary information of the license plate number, and determining whether the hash value and the auxiliary information of the license plate number locally stored by the trusted data verification system are consistent.

Step 2.5: and verifying the second zero knowledge proof based on a proof verification program corresponding to the second zero knowledge proof algorithm.

The trusted data verification system can obtain the following public parameters: and inputting the hash value of the license plate number, the digital signature of the driver, the license plate number and the public key of the driver into a certification verification program, verifying the second zero-knowledge certification, and determining whether the driver has the corresponding license plate number according to a verification result.

Step 2.6: when the second zero-knowledge proof passes the verification, the trusted data verification system generates a first zero-knowledge proof with the user privacy data as the trusted data based on a generating program corresponding to a preset first zero-knowledge proof algorithm.

Wherein, the preset first zero knowledge proof algorithm comprises:

calculating a credible data abstract corresponding to the credible data verification system according to the hash value of the license plate number, the digital signature of the driver, the license plate number, the auxiliary information and the public key of the driver;

the private parameters can comprise a trusted private key, a driver digital signature, a trusted data summary, a trusted information signature and a license plate number;

the public parameters can comprise a hash value of the license plate number, a driver public key, auxiliary information and a credible public key;

calculating a hash value of the license plate number, a digital signature of a driver, the license plate number, auxiliary information and a credible data abstract of a public key of the driver according to a specific hash algorithm;

signing the trusted data summary based on a trusted private key corresponding to the trusted data verification system to obtain a trusted information signature;

Step 2.7: and the trusted data verification system sends the first zero-knowledge proof and the trusted certificate to the data management platform.

Wherein the data management platform can add the trusted certificate to the transport settlement request.

A transportation settlement system:

step 3.1: and receiving a transportation settlement request and a first zero knowledge proof sent by the data management platform.

Step 3.2: and the transportation settlement system determines the driver digital certificate, the hash value of the license plate number, the auxiliary information and the credible certificate according to the transportation settlement request.

Step 3.3: and determining a trusted public key corresponding to the trusted data source according to the trusted certificate, and determining a driver public key corresponding to the driver according to the driver digital certificate.

Step 3.4: and verifying the first zero knowledge proof based on a proof verification program corresponding to the first zero knowledge proof algorithm.

Specifically, the transportation settlement system can obtain the public parameters: and inputting the hash value of the license plate number, the auxiliary information, the credible public key and the driver public key into a certification verification program to verify the first zero knowledge certification.

Step 4.4: when the first zero knowledge proof of knowledge is verified, the transport settlement system performs a settlement operation corresponding to the transport settlement request.

In the technical scheme, on one hand, the hash value of the license plate number replaces the plaintext of the license plate number of the driver, so that the privacy data can be prevented from being leaked in the information transmission process, and the verification of the privacy data is not influenced; on the other hand, the trust problem of the transportation settlement system to the trusted data verification system is solved by introducing zero knowledge proof.

Corresponding to the method embodiment, the application also provides an embodiment of the device.

Corresponding to the method embodiment, the application also provides an embodiment of an information verification device. The embodiment of the information verification device can be applied to electronic equipment. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. Taking a software implementation as an example, as a logical device, the device is formed by reading, by a processor of the electronic device where the device is located, a corresponding computer program instruction in the nonvolatile memory into the memory for operation. In terms of hardware, as shown in fig. 6, a hardware structure diagram of an electronic device where an information verification apparatus is shown in an exemplary embodiment of the present application is shown, except for the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 6, the electronic device where the apparatus is located in the embodiment may also include other hardware according to an actual function of the electronic device, which is not described again.

Referring to fig. 7, fig. 7 is a block diagram of an information verification apparatus according to an exemplary embodiment of the present application, and as shown in fig. 7, the information verification apparatus 700 may be applied to the electronic device shown in fig. 6, and includes:

a first receiving unit 701, configured to receive a service request initiated by a user through a client; the service request at least comprises a data summary of user privacy data uploaded by the user;

a first sending unit 702, configured to send the service request to a trusted data verification system, so that the trusted data verification system performs trusted data verification on the user private data based on the data digest, and when the user private data passes the trusted data verification, generates a first zero knowledge proof that the user private data is trusted data based on a preset first zero knowledge proof algorithm;

a second receiving unit 703, configured to receive the first zero-knowledge proof returned by the trusted data verification system;

a second sending unit 704, configured to send the service request and the first zero knowledge proof to the third-party service system, so that the third-party service system verifies the first zero knowledge proof based on the first zero knowledge proof algorithm, and executes further service processing corresponding to the service request when the verification passes.

In one embodiment, the first sending unit 702 includes:

the third receiving unit is used for receiving a second zero knowledge proof that the user owns the user private data and generated by the user through a preset second zero knowledge proof algorithm, and sending the second zero knowledge proof to the trusted data verification system so that the trusted data verification system verifies the second zero knowledge proof based on the second zero knowledge proof algorithm.

In one embodiment, the second zero knowledge proof of knowledge algorithm comprises:

calculating a data summary of the user privacy data;

In an embodiment, the apparatus 700 further comprises:

and the user certificate application unit is used for applying a user certificate corresponding to the user to a certificate certification authority, wherein the user certificate comprises a user public key corresponding to the user.

In an embodiment, the service request further includes the user certificate and the user information signature;

the third receiving unit includes:

In one embodiment, the first zero knowledge proof of knowledge algorithm comprises:

In an embodiment, the apparatus 700 further comprises:

and the trusted certificate application unit is used for applying a trusted certificate corresponding to the trusted data verification system to the certificate certification authority, wherein the trusted certificate comprises a trusted public key corresponding to the trusted data verification system.

In an embodiment, the second sending unit 704 includes:

In one embodiment, the data management platform has access to a blockchain;

the apparatus 700 further comprises:

and an issuing unit. And the data summarization module is used for at least releasing the data summarization of the user privacy data to the block chain for data storage.

In one embodiment, the service request comprises a transportation service request, the third-party service system comprises a transportation settlement system, and the user privacy data comprises a license plate number.

Referring to fig. 8, fig. 8 is a block diagram of another information verification apparatus according to an exemplary embodiment of the present application, and as shown in fig. 8, the information verification apparatus 800 may be applied to the electronic device shown in fig. 6, and includes:

a receiving unit 801, configured to receive a service request sent by a data management platform through a client and a first zero knowledge proof; the service request at least comprises a data summary of user private data uploaded by the user; the first zero-knowledge proof comprises that a trusted data verification system carries out trusted data verification on the user privacy data based on the data abstract, and when the user privacy data passes the trusted data verification, a first zero-knowledge proof that the user privacy data is trusted data is generated based on a preset first zero-knowledge proof algorithm;

a verifying unit 802, configured to verify the first zero knowledge proof based on the first zero knowledge proof algorithm, and execute further service processing corresponding to the service request when the verification passes.

In one embodiment, the receiving unit 801 includes:

and the receiving subunit is configured to receive a second zero knowledge proof that the user owns the user privacy data, which is sent by the data management platform and generated by the user through a preset second zero knowledge proof algorithm, and verify the second zero knowledge proof based on the second zero knowledge proof algorithm.

calculating a data summary of the user privacy data;

In one embodiment, the apparatus 800 further comprises:

the receiving subunit includes:

In one embodiment, the apparatus 800 further comprises:

In one embodiment, the receiving unit 801 includes:

The embodiments in the present application are described in a progressive manner, and the same/similar parts in the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. Especially, for the embodiments of the client device and the apparatus, since they are substantially similar to the embodiments of the method, the description is simple, and for the relevant points, refer to the partial description of the embodiments of the method.

For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, wherein the modules described as separate parts may or may not be physically separate, and the parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.

The apparatuses, modules or modules illustrated in the above embodiments may be implemented by a computer chip or an entity, or by an article with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.

Corresponding to the method embodiment, the present specification also provides an embodiment of an electronic device. The electronic device includes: a processor and a memory for storing machine executable instructions; wherein the processor and the memory are typically interconnected by an internal bus. In other possible implementations, the device may also include an external interface to enable communication with other devices or components.

In this embodiment, the processor is caused to:

receiving a service request initiated by a user through a client; the service request at least comprises a data summary of user privacy data uploaded by the user;

The present specification also provides another embodiment of an electronic device, corresponding to the above-described method embodiment. The electronic device includes: a processor and a memory for storing machine executable instructions; wherein the processor and the memory are typically interconnected by an internal bus. In other possible implementations, the device may also include an external interface to enable communication with other devices or components.

In this embodiment, the processor is caused to:

receiving a service request sent by a data management platform through a client and a first zero knowledge proof; the service request at least comprises a data summary of user privacy data uploaded by the user; the first zero-knowledge proof comprises that a trusted data verification system carries out trusted data verification on the user privacy data based on the data abstract, and when the user privacy data passes the trusted data verification, a first zero-knowledge proof that the user privacy data is trusted data is generated based on a preset first zero-knowledge proof algorithm;

Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.

It will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.

The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.

Claims

1. An information verification method is applied to a data management platform, and the data management platform is in butt joint with a client, a trusted data verification system and a third-party service system; the method comprises the following steps:

2. The method of claim 1, the trusted data verification system to perform trusted data verification on the user privacy data based on the data digest, comprising:

receiving a second zero-knowledge proof that the user owns the user private data, which is generated by the user through a preset second zero-knowledge proof algorithm, and sending the second zero-knowledge proof to the trusted data verification system so that the trusted data verification system verifies the second zero-knowledge proof based on the second zero-knowledge proof algorithm.

3. The method of claim 2, the second zero-knowledge proof algorithm comprising:

calculating a data summary of the user privacy data;

4. The method of claim 3, further comprising:

the user applies for a user certificate corresponding to the user from a certificate certification authority, wherein the user certificate comprises a user public key corresponding to the user.

5. The method of claim 4, the service request further comprising the user certificate and the user information signature;

the trusted data verification system verifies the second zero-knowledge proof based on the second zero-knowledge proof algorithm, and the verification method comprises the following steps:

6. The method of claim 5, the first zero knowledge proof of knowledge algorithm comprising:

calculating a trusted data abstract corresponding to a trusted data verification system according to the data abstract of the user private data, the user information signature, the user private data and the user public key;

7. The method of claim 6, further comprising:

the trusted data verification system applies for a trusted certificate corresponding to the trusted data verification system to the certificate certification authority, wherein the trusted certificate comprises a trusted public key corresponding to the trusted data verification system.

8. The method of claim 7, wherein the third party business system verifies the first zero knowledge proof based on the first zero knowledge proof algorithm, comprising:

9. The method of claim 1, the data management platform having access to a blockchain;

the method further comprises the following steps:

and the data management platform at least issues the data abstract of the user privacy data to the block chain for data storage.

10. The method of claim 1, the service request comprising a transport service request, the third party service system comprising a transport settlement system, the user privacy data comprising a license plate number.

11. An information verification method is applied to a third-party service system, the third-party service system is connected with a data management platform, and the data management platform is connected with a client and a trusted data verification system; the method comprises the following steps:

12. The method of claim 11, the trusted data verification system to perform trusted data verification on the user privacy data based on the data digest, comprising:

the trusted data verification system receives a second zero knowledge proof that the user owns the user privacy data, which is sent by the data management platform and generated by the user through a preset second zero knowledge proof algorithm, and verifies the second zero knowledge proof based on the second zero knowledge proof algorithm.

13. The method of claim 12, the second zero knowledge proof of knowledge algorithm comprising:

calculating a data summary of the user privacy data;

14. The method of claim 13, further comprising:

15. The method of claim 14, the service request further comprising the user certificate and the user information signature;

verifying the user information signature based on a user public key corresponding to the user, and determining a data summary of the user private data;

16. The method of claim 15, the first zero knowledge proof of knowledge algorithm comprising:

17. The method of claim 16, further comprising:

18. The method of claim 17, validating the first zero knowledge proof based on the first zero knowledge proof algorithm, comprising:

19. The method of claim 11, the service request comprising a transport service request, the third party service system comprising a transport settlement system, the user privacy data comprising a license plate number.

20. An information verification device is applied to a data management platform, and the data management platform is in butt joint with a client, a trusted data verification system and a third-party service system; the device comprises:

21. An information verification device is applied to a third-party service system, the third-party service system is in butt joint with a data management platform, and the data management platform is in butt joint with a client and a trusted data verification system; the device comprises: