CN113704712A - Identity authentication method, device and system and electronic equipment - Google Patents
Identity authentication method, device and system and electronic equipment Download PDFInfo
- Publication number
- CN113704712A CN113704712A CN202010439564.0A CN202010439564A CN113704712A CN 113704712 A CN113704712 A CN 113704712A CN 202010439564 A CN202010439564 A CN 202010439564A CN 113704712 A CN113704712 A CN 113704712A
- Authority
- CN
- China
- Prior art keywords
- identity
- authenticated
- entity object
- authentication
- blockchain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 95
- 230000004044 response Effects 0.000 claims description 8
- 238000010586 diagram Methods 0.000 description 11
- 230000008520 organization Effects 0.000 description 10
- 230000008569 process Effects 0.000 description 8
- 238000013475 authorization Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 7
- 238000007726 management method Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 238000012544 monitoring process Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- RWSOTUBLDIXVET-UHFFFAOYSA-N Dihydrogen sulfide Chemical compound S RWSOTUBLDIXVET-UHFFFAOYSA-N 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 238000013499 data model Methods 0.000 description 3
- 230000007115 recruitment Effects 0.000 description 3
- 210000004899 c-terminal region Anatomy 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000012797 qualification Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention provides an identity authentication method, an identity authentication device, an identity authentication system and electronic equipment. In the method, the entity object to be authenticated can obtain the authentication result of the entity object to be authenticated recorded on the first block chain and/or the second block chain through the identity authentication service according to the identity identification by performing identity authentication once, so that the coexistence sharing of the identity authentication data in the same group is realized, or the mutual authentication and intercommunication of the identity authentication data among groups are realized, and the identity authentication efficiency is improved.
Description
Technical Field
The present invention relates to the field of block chain technologies, and in particular, to an identity authentication method, apparatus, system, and electronic device.
Background
In the real world, people, things, groups, etc. can all be regarded as entities; there are various kinds of credential data describing the identity of entities or relationships between entities in the real world, such as identification cards, driving licenses, proof of deposit, prescriptions, graduation certificates, property certificates, etc. These credential data of the entity need to be provided when verifying the identity of the entity; the entity needs to provide original identity data once for verifying the identity once, so that the operation is complex, and the risk of data leakage is easily caused.
Disclosure of Invention
In view of the above, the present invention provides an identity authentication method, apparatus, system and electronic device to simplify the identity authentication process and protect data security.
In a first aspect, an embodiment of the present invention provides an identity authentication method, including: acquiring an identity of an entity object to be authenticated; sending an identity authentication request to an identity authentication service according to the identity identifier, wherein the identity authentication request is used for requesting to authenticate the identity of the entity object to be authenticated, the identity authentication service is used for acquiring an authentication result of the entity object to be authenticated recorded on a first block chain and/or a second block chain according to the identity identifier, and the objects of the first block chain and the second block chain are different; and receiving the authentication result sent by the identity authentication service responding to the identity authentication request.
In a second aspect, an embodiment of the present invention provides an identity authentication method, including: acquiring an identity authentication request sent by terminal equipment, wherein the identity authentication request is used for requesting the identity of an entity object to be authenticated; acquiring the identity of the entity object to be authenticated according to the identity authentication request; according to the identity, acquiring an authentication result of the entity object to be authenticated recorded on a first block chain and/or a second block chain, wherein the objects of the first block chain and the second block chain are different; and sending the authentication result to the terminal equipment.
In a third aspect, an embodiment of the present invention provides an identity authentication apparatus, including: the first acquisition module is used for acquiring the identity of the entity object to be authenticated; a first sending module, configured to send an identity authentication request to an identity authentication service according to the identity identifier, where the identity authentication request is used to request authentication of an identity of the entity object to be authenticated, and the identity authentication service is used to obtain, according to the identity identifier, an authentication result recorded on a first blockchain and/or a second blockchain for the entity object to be authenticated, where objects to which the first blockchain and the second blockchain belong are different; and the receiving module is used for receiving the authentication result sent by the identity authentication service responding to the identity authentication request.
In a fourth aspect, an embodiment of the present invention provides an identity authentication apparatus, including: the second obtaining module is used for obtaining an identity authentication request sent by the terminal equipment, wherein the identity authentication request is used for requesting the identity of the entity object to be authenticated; a third obtaining module, configured to obtain, according to the identity authentication request, an identity of the entity object to be authenticated; a fourth obtaining module, configured to obtain, according to the identity, an authentication result that is recorded on the first blockchain and/or the second blockchain and is for the entity object to be authenticated, where objects to which the first blockchain and the second blockchain belong are different; and the second sending module is used for sending the authentication result to the terminal equipment.
In a fifth aspect, an embodiment of the present invention provides an identity authentication system, where the system includes a terminal device, an identity authentication service, a first blockchain, and a second blockchain; the terminal device is configured to: acquiring an identity of an entity object to be authenticated; sending an identity authentication request to an identity authentication service according to the identity identifier, wherein the identity authentication request is used for requesting to authenticate the identity of the entity object to be authenticated; the identity authentication service is to: acquiring an identity authentication request sent by terminal equipment; acquiring the identity of the entity object to be authenticated according to the identity authentication request; according to the identity, acquiring an authentication result of the entity object to be authenticated recorded on a first block chain and/or a second block chain, wherein the objects of the first block chain and the second block chain are different; and sending the authentication result to the terminal equipment.
In a sixth aspect, an embodiment of the present invention provides an electronic device, including a processor and a memory, where the memory stores machine executable instructions capable of being executed by the processor, and the processor executes the machine executable instructions to implement the identity authentication method described in any one of the above.
In a seventh aspect, an embodiment of the present invention provides a machine-readable storage medium storing machine-executable instructions, which when invoked and executed by a processor, cause the processor to implement the identity authentication method according to any one of the first aspect or the second aspect.
According to the identity authentication method, the identity authentication device, the identity authentication system and the electronic equipment, firstly, an identity authentication request is sent to an identity authentication service according to the obtained identity identification of the entity object to be authenticated, wherein the identity authentication request is used for requesting the identity of the entity object to be authenticated, the identity authentication service is used for obtaining the authentication result of the entity object to be authenticated recorded on the first block chain and/or the second block chain according to the identity identification, and then the authentication result sent by the identity authentication service in response to the identity authentication request is received. In the method, the entity object to be authenticated can obtain the authentication result of the entity object to be authenticated recorded on the first block chain and/or the second block chain through the identity authentication service according to the identity identification by performing identity authentication once, so that the coexistence sharing of the identity authentication data in the same group is realized, or the mutual authentication and intercommunication of the identity authentication data among groups are realized, and the identity authentication efficiency is improved.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of an identity authentication method according to an embodiment of the present invention;
fig. 2 is a flowchart of another identity authentication method according to an embodiment of the present invention;
fig. 3 is a flowchart of another identity authentication method according to an embodiment of the present invention;
fig. 4 is a flowchart of another identity authentication method according to an embodiment of the present invention;
fig. 5 is a flowchart of another identity authentication method according to an embodiment of the present invention;
fig. 6 is a flowchart of another identity authentication method according to an embodiment of the present invention;
fig. 7 is a schematic diagram of a system architecture for identity authentication according to an embodiment of the present invention;
fig. 8 is a schematic diagram of a relationship between identity data according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of an identity authentication apparatus according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of another identity authentication apparatus according to an embodiment of the present invention;
fig. 11 is a schematic structural diagram of an identity authentication system according to an embodiment of the present invention;
fig. 12 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the related art, when the identity of an entity is verified, a plurality of related credential data of the entity is generally required to be provided; in the process of collecting, storing, authorizing, using, transmitting or authenticating the certificate data, the data privacy protection risk and the data isolated island problem in each group or alliance exist. The entity identity identification and trusted data solution in the related technology can bear the trusted mapping between the real identity of the entities such as people or objects and the identity on the chain, and realize the safe access authorization and data exchange between the entities. The solution mainly comprises two modules, namely a DID (Decentralized identity identifier) module and a Credential module; the DID module realizes a set of distributed multi-center identity identification protocol which accords with W3C (World Wide Web Consortium) DID specification on a FISCO-BCOS block chain bottom platform, so that the real identities of entities such as people or objects and the like realize the identity identification on the chain; meanwhile, the DID also gives the ability of directly possessing and controlling the identity of the entity such as people or objects; the above-mentioned FISCO BCOS can Be understood as a fully Open-source alliance blockchain underlying technology platform, which is a financial branch of a BCOS (Be credit, Open & Secure, a blockchain technology Open-source platform for enterprise-level application services) Open-source platform.
Credential is a verifiable digital certificate, and various data for describing entity identities and relationships exist in the real world, such as identity cards, driving certificates, deposit certificates, prescriptions, graduation certificates, house certificates and the like. Credential provides a complete set of solutions based on the W3C VC (VC is a software development tool) specification, aiming at standardizing and electronizing this kind of data to generate verifiable and exchangeable certificates (Credential). However, the system is a framework-type technical scheme, and does not provide a specific solution for the aspects of showing and verifying the identity certificate of the client, obtaining and keeping the identity certificate of the user and the like. Based on this, the embodiment of the invention provides an identity authentication method, an identity authentication device, an identity authentication system and electronic equipment, and the technology can be applied to applications requiring identity authentication of entities such as people, things or groups.
To facilitate understanding of the embodiment, first, a detailed description is given of an identity authentication method disclosed in the embodiment of the present invention, as shown in fig. 1, the method includes the following steps:
step S102, obtaining the identity of the entity object to be authenticated.
The entity object can comprise a person, an object or a group; the identity identification can be understood as identification capable of proving the identity of entity objects such as people, objects or groups, and the identity identification of each entity object is generally unique, and can also be understood as one-to-one correspondence between the identity identification and the entity objects; the identity can be in various forms such as a two-dimensional code or a bar code; in actual implementation, the identity of the entity object to be authenticated needs to be obtained first, and the identity may be represented by the DID.
Step S104, according to the identity, sending an identity authentication request to an identity authentication service, wherein the identity authentication request is used for requesting to authenticate the identity of the entity object to be authenticated, the identity authentication service is used for acquiring the authentication result of the entity object to be authenticated recorded on the first block chain and/or the second block chain according to the identity, and the objects of the first block chain and the second block chain are different.
The identity authentication service may be run on a server; the blockchain can be understood as a shared database, and data or information stored in the shared database generally has the characteristics of being unforgeable, having trace in the whole process, being traceable, being publicly transparent, being maintained in a collective mode and the like; the first blockchain may generally include a plurality of node devices; the second blockchain may also include a plurality of node devices; the identity authentication service can be in communication connection with the first blockchain and the second blockchain; in actual implementation, an authentication result of an entity object to be authenticated is generally recorded in the first block chain or the second block chain, or the first block chain and the second block chain, and after an identity of the entity object to be authenticated is obtained, an identity authentication request is sent to the identity authentication service according to the identity, so that the identity authentication service obtains the authentication result of the entity object to be authenticated recorded in the first block chain or the second block chain, or the first block chain and the second block chain according to the identity. It can be understood that, in the embodiment of the present invention, the number of the first blockchain and the number of the second blockchain may be multiple, for example, the first blockchain is a blockchain to which an obtaining party obtaining an identity of an entity object to be authenticated belongs, there may be one or more blockchains belonging to the obtaining party, the second blockchain is a blockchain to which other people or groups than the obtaining party belong, there may be multiple other people or groups than the obtaining party, and there may also be one or more blockchains to which each other people or groups than the obtaining party belongs. The present invention is not limited to specific numbers of the first blockchain and the second blockchain.
Step S106, receiving the authentication result sent by the identity authentication service responding to the identity authentication request.
The authentication result may include that the identity authentication of the entity object to be authenticated passes or that the identity authentication of the entity object to be authenticated fails; when the authentication is passed, the authentication result usually also includes some related data information of the entity object to be authenticated, such as real identity information or an identity profile of the entity object to be authenticated. After sending the identity authentication request to the identity authentication service, receiving an authentication result sent by the identity authentication service in response to the identity authentication request, where the number of the authentication results may be one or more, for example, if the authentication results of the entity object to be authenticated are both recorded on the first blockchain and the second blockchain, the number of the received authentication results is multiple. For another example, the number of the first block chains is 1, the authentication result of the entity object to be authenticated is not recorded thereon, the number of the second block chains is K, and the authentication results of the entity object to be authenticated are recorded on L block chains, then L authentication results are received, where K is greater than or equal to 2, L is less than or equal to K, and K and L are positive integers.
The identity authentication method provided by the embodiment of the invention firstly sends an identity authentication request to an identity authentication service according to an acquired identity of an entity object to be authenticated, wherein the identity authentication request is used for requesting the identity of the entity object to be authenticated, the identity authentication service is used for acquiring an authentication result of the entity object to be authenticated recorded on a first block chain and/or a second block chain according to the identity, and then receiving the authentication result sent by the identity authentication service in response to the identity authentication request. In the method, the entity object to be authenticated can obtain the authentication result of the entity object to be authenticated recorded on the first block chain and/or the second block chain through the identity authentication service according to the identity label by performing identity authentication once, so that the coexistence sharing of the identity authentication data in the same group is realized, or the mutual authentication and intercommunication of the identity authentication data among groups are realized, the identity authentication efficiency is improved, and the original identity data does not need to be provided for many times, so that the safety of the identity authentication data is improved.
The embodiment of the invention also provides another identity authentication method, which is realized on the basis of the method of the embodiment; in the method, under the condition that the identity of the entity object to be authenticated is stored in the first block chain, the identity of the entity object to be authenticated, which is stored in the first block chain, is used to indicate the authentication result that the entity object to be authenticated passes the authentication, wherein the first block chain also stores the identity archive corresponding to the identity of the entity object to be authenticated.
Under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, the identity of the entity object to be authenticated, which is stored in the second blockchain, is used for indicating an authentication result that the entity object to be authenticated passes the authentication, wherein the second blockchain also stores an identity archive corresponding to the identity of the entity object to be authenticated; the identity file is used for providing an access mode of real identity information of an entity object to be authenticated; the authentication result typically includes: and the real identity information and/or the identity profile of the entity object to be authenticated.
The identity archive may be understood as a set of data sets meeting a preset standard for describing corresponding identity characteristics, for example, the identity archive may include an access address of real identity information of an entity object to be authenticated, but does not include the real identity information of the entity object to be authenticated; in practical implementation, the identity profile is typically stored in a distributed storage system; the real identity information can be understood as specific attribute or characteristic data of the entity object to be authenticated, and can also be understood as digital identity key data and original data, such as name, certificate number, contact telephone, picture or original file of the entity object to be authenticated; during actual implementation, if the identity of the entity object to be authenticated is stored in the first blockchain, the first blockchain represents that the authentication result of the entity object to be authenticated, which passes the authentication, is recorded in the first blockchain; if the identity of the entity object to be authenticated is stored in the second blockchain, the second blockchain represents that the authentication result of the entity object to be authenticated is recorded in the second blockchain; the authentication result typically further includes: the real identity information of the entity object to be authenticated, or the identity profile, or both the real identity information and the identity profile of the entity object to be authenticated.
As shown in fig. 2, the method comprises the steps of:
step S202, the identity of the entity object to be authenticated is obtained.
Step S204, an identity authentication request is sent to an identity authentication service according to the identity identifier, wherein the identity authentication request is used for requesting the identity of the entity object to be authenticated, the identity authentication service is used for obtaining the authentication result of the entity object to be authenticated recorded on the first block chain and/or the second block chain according to the identity identifier, and the objects of the first block chain and the second block chain are different.
Step S206, receiving the authentication result sent by the identity authentication service in response to the identity authentication request.
Step S208, sending an authentication result selection instruction to the identity authentication service; the authentication result selection instruction is used for selecting a target authentication result from the authentication results.
The target authentication result may be understood as one selected from one or more authentication results as the target authentication result. In actual implementation, for the same entity object to be authenticated, after sending an identity authentication request to the identity authentication service according to the obtained identity identifier of the entity object to be authenticated, multiple authentication results may be received, for example, the identity identifiers of the entity objects to be authenticated are stored in the first block chain and the second block chain at the same time, and the identity authentication service may obtain multiple authentication results of the entity objects to be authenticated recorded in the first block chain and the second block chain according to the identity identifiers, and at this time, it is usually necessary to send an authentication result selection instruction to the identity authentication service to select one target authentication result from the multiple authentication results.
Step S210, receiving the identity archive and/or the real identity information of the entity object to be authenticated, which is sent by the identity authentication service based on the target authentication result.
In practical implementation, since the target authentication result usually includes the real identity information of the entity object to be authenticated, or the identity profile, or both the real identity information and the identity profile of the entity object to be authenticated, after the target authentication result is determined from the plurality of authentication results, the real identity information of the entity object to be authenticated, or the identity profile, sent by the identity authentication service based on the target authentication result, or both the real identity information and the identity profile of the entity object to be authenticated may be received.
It should be noted that the first blockchain and the second blockchain may respectively correspond to different groups, where each group includes a plurality of entity objects; the group can also be called a alliance, and in practical implementation, the group can be a bank, and each branch of the bank is contained in the group; the first block chain or the second block chain corresponding to the group stores the identity of the registered user of each branch of the bank; the objects of the first blockchain and the second blockchain are usually different, for example, the first blockchain corresponds to bank a, the object of the first blockchain is a user of bank a, the second blockchain corresponds to bank B, the object of the second blockchain is a user of bank B, and the like.
The following description will take the example that the first blockchain corresponds to the bank a, because the first blockchain stores the identity of the registered user of each branch of the bank a, if the user completes registration in one branch of the bank a, when the user needs to transact business in other branches of the bank a, the user does not need to re-register, and the authentication result can be obtained by directly performing identity authentication according to the identity of the user stored in the first blockchain.
Taking an example that the first blockchain corresponds to the bank A, the second blockchain corresponds to the bank B, and both the first blockchain and the second blockchain are in communication connection with the identity authentication service; if the user finishes the registration in the bank A, the first block chain stores the identity of the user, when the user transacts the business in the bank B, the user does not need to register again, the identity of the user is obtained from the first block chain through the identity authentication service, and the identity authentication is directly carried out according to the identity, so that the authentication result can be obtained.
Through the above-mentioned authentication mode, the user does not need to provide the original identity data such as identity card, academic degree card, driving card, etc. many times, so the original identity data of the user can be effectively protected, if the user shows the original identity data many times, the original identity data is easy to leak, the invention adopts the mode that the user only needs to carry out authentication or registration once, the generated corresponding identity is stored in the corresponding first block chain or second block chain, the authentication service obtains the authentication result recorded on the first block chain and/or second block chain to the entity object to be authenticated according to the identity, the coexistence sharing of the identity authentication data in the same group can be realized, or the identity authentication can be completed without carrying out the identity authentication or registration again by the user through the mutual authentication and intercommunication of the identity authentication data among the groups, the original identity data can be prevented from being presented for many times by the user, so that the purpose of protecting the original identity data is achieved.
The other identity authentication method provided by the embodiment of the invention comprises the steps of firstly sending an identity authentication request to an identity authentication service according to the obtained identity identification of the entity object to be authenticated, then receiving an authentication result sent by the identity authentication service in response to the identity authentication request, and finally sending an authentication result selection instruction to the identity authentication service so as to select a target authentication result from the authentication result, and receiving an identity archive and/or real identity information of the entity object to be authenticated, which is sent by the identity authentication service based on the target authentication result. In the method, the entity object to be authenticated can obtain the authentication result of the entity object to be authenticated recorded on the first block chain and/or the second block chain through the identity authentication service according to the identity label by performing identity authentication once, so that the coexistence sharing of the identity authentication data in the same group is realized, or the mutual authentication and intercommunication of the identity authentication data among groups are realized, the identity authentication efficiency is improved, and the original identity data does not need to be provided for many times, so that the safety of the identity authentication data is improved.
The embodiment of the invention also provides another identity authentication method, as shown in fig. 3, the method comprises the following steps:
step S302, an identity authentication request sent by the terminal equipment is obtained, wherein the identity authentication request is used for requesting the identity of the entity object to be authenticated.
The terminal equipment can be a computer or a mobile phone and other terminals; in actual implementation, when identity authentication is required, an identity authentication request that is sent by a terminal such as a computer or a mobile phone and requests to authenticate the identity of an entity object to be authenticated needs to be acquired first.
Step S304, according to the identity authentication request, obtaining the identity of the entity object to be authenticated.
The identity authentication request usually contains authentication materials required for identity authentication; for example, when the entity object to be authenticated is a person, the corresponding identity can be obtained according to the identity number contained in the identity authentication request in consideration that each person has a unique identity number corresponding to each person; in actual implementation, after the identity authentication request sent by the terminal device is obtained, the identity identifier corresponding to the entity object to be authenticated is usually obtained based on the authentication material included in the identity authentication request.
Step S306, according to the identity, obtaining the authentication result of the entity object to be authenticated recorded on the first block chain and/or the second block chain, wherein the objects of the first block chain and the second block chain are different.
Step S308, the authentication result is sent to the terminal equipment.
According to another identity authentication method provided by the embodiment of the invention, firstly, an identity identifier of an entity object to be authenticated is acquired according to an acquired identity authentication request sent by terminal equipment; and then, according to the identity, acquiring an authentication result of the entity object to be authenticated recorded on the first block chain and/or the second block chain, and finally sending the authentication result to the terminal equipment. In the method, the entity object to be authenticated can obtain the authentication result of the entity object to be authenticated recorded on the first block chain and/or the second block chain through the identity authentication service according to the identity label by performing identity authentication once, so that the coexistence sharing of the identity authentication data in the same group is realized, or the mutual authentication and intercommunication of the identity authentication data among groups are realized, the identity authentication efficiency is improved, and the original identity data does not need to be provided for many times, so that the safety of the identity authentication data is improved.
The embodiment of the invention also provides another identity authentication method, which is realized on the basis of the method of the embodiment; the method mainly describes a specific process of obtaining an authentication result of an entity object to be authenticated recorded on a first block chain and/or a second block chain according to an identity, and specifically corresponds to the following steps S406 to S414; as shown in fig. 4, the method includes the steps of:
step S402, an identity authentication request sent by the terminal equipment is obtained, wherein the identity authentication request is used for requesting the identity of the entity object to be authenticated.
Step S404, according to the identity authentication request, obtaining the identity of the entity object to be authenticated.
Step S406, a storage result of the identity is obtained, where the storage result is used to indicate whether the identity of the entity object to be authenticated is stored in the first blockchain and the second blockchain.
In actual implementation, after the identity of the entity object to be authenticated is obtained, whether the identity of the entity object to be authenticated is stored in the first block chain and the second block chain needs to be confirmed; for example, taking the first blockchain corresponding to the bank a and the second blockchain corresponding to the bank B as an example, if the user makes an account in the bank for the first time, the first blockchain corresponding to the bank a and the second blockchain corresponding to the bank B do not store the identity of the entity object to be authenticated; and if the user opens the user at the bank A or the bank B, the identity of the entity object to be authenticated is stored in the first block chain or the second block chain.
Step S408, determining an authentication result of the entity object to be authenticated recorded on the first blockchain and/or the second blockchain according to the storage result, where, in a case where the identity of the entity object to be authenticated is stored in the first blockchain, the identity of the entity object to be authenticated stored in the first blockchain is used to indicate that the first blockchain records an authentication result that the entity object to be authenticated passes the authentication, and in a case where the identity of the entity object to be authenticated is stored in the second blockchain, the identity of the entity object to be authenticated stored in the second blockchain is used to indicate that the second blockchain records an authentication result that the entity object to be authenticated passes the authentication.
After the storage result is obtained, determining a first block chain or a second block chain or the authentication result of the entity object to be authenticated recorded in the first block chain and the second block chain according to the storage result, and if the identity of the entity object to be authenticated is stored in the first block chain, indicating that the first block chain records the authentication result that the entity object to be authenticated passes the authentication; if the identity of the entity object to be authenticated is stored in the second blockchain, the second blockchain represents that the authentication result of the entity object to be authenticated is recorded in the second blockchain; if the identity of the entity object to be authenticated is stored in the first blockchain and the second blockchain at the same time, the first blockchain and the second blockchain simultaneously record the authentication result that the entity object to be authenticated passes the authentication.
Step S410, obtaining an authentication result selection instruction sent by the terminal equipment; the authentication result selection instruction is used for selecting a target authentication result from the authentication results.
In actual implementation, for the same entity object to be authenticated, multiple authentication results of the entity object to be authenticated recorded in the first block chain and the second block chain may be obtained, and at this time, an authentication result selection instruction sent by the terminal device needs to be obtained to select one target authentication result from the multiple authentication results.
Step S412, based on the authentication result selection instruction, determines a target authentication result.
Determining a target authentication result from a plurality of authentication results according to the acquired authentication result selection instruction; for example, when the first blockchain and the second blockchain simultaneously record the authentication results of the entity object to be authenticated, if the authentication result selection instruction indicates to select the authentication result of the entity object to be authenticated recorded in the first blockchain, the authentication result of the entity object to be authenticated recorded in the first blockchain is determined to be the target authentication result according to the authentication result selection instruction.
Step S414, based on the target authentication result, the real identity information of the entity object to be authenticated is authenticated. Specifically, the step S414 can be implemented by the following step one or step two:
step one, under the condition that a target authentication result is recorded by a first block chain, an identity file corresponding to an identity of an entity object to be authenticated is also stored in the first block chain; the identity file is used for providing an access mode of real identity information of the entity object to be authenticated. Inquiring an identity file corresponding to the identity of the entity object to be authenticated from the first block chain; and obtaining an authentication result of the entity object to be authenticated through the inquired identity file.
In practical implementation, if the authentication result of the entity object to be authenticated recorded in the first blockchain is determined as the target authentication result, the identity archive corresponding to the identity identifier of the entity object to be authenticated is queried from the first blockchain, and the identity archive usually provides an access manner of the real identity information of the entity object to be authenticated, for example, information such as an access address of the real identity information of the entity object to be authenticated, and the authentication result of the entity object to be authenticated is obtained according to the queried identity archive.
Step two, under the condition that the target authentication result is recorded by the second block chain, the second block chain also stores an identity file corresponding to the identity of the entity object to be authenticated; the identity file is used for providing an access mode of real identity information of the entity object to be authenticated. Inquiring an identity file corresponding to the identity of the entity object to be authenticated from the second block chain; and obtaining an authentication result of the entity object to be authenticated through the inquired identity file.
In practical implementation, if the authentication result of the entity object to be authenticated recorded in the second blockchain is determined as the target authentication result, the identity archive corresponding to the identity identifier of the entity object to be authenticated is queried from the second blockchain, and the identity archive usually provides an access manner of the real identity information of the entity object to be authenticated, for example, information such as an access address of the real identity information of the entity object to be authenticated, and the authentication result of the entity object to be authenticated is obtained according to the queried identity archive.
Step S416, the authentication result is sent to the terminal device.
According to another identity authentication method provided by the embodiment of the invention, firstly, an identity identifier of an entity object to be authenticated is acquired according to an acquired identity authentication request sent by terminal equipment; and then obtaining a storage result of the identity, determining an authentication result of the entity object to be authenticated recorded on the first block chain and/or the second block chain according to the storage result, and finally sending the authentication result to the terminal equipment. In the method, the entity object to be authenticated can obtain the authentication result of the entity object to be authenticated recorded on the first block chain and/or the second block chain through the identity authentication service according to the identity label by performing identity authentication once, so that the coexistence sharing of the identity authentication data in the same group is realized, or the mutual authentication and intercommunication of the identity authentication data among groups are realized, the identity authentication efficiency is improved, and the original identity data does not need to be provided for many times, so that the safety of the identity authentication data is improved.
The embodiment of the invention also provides another identity authentication method, which is realized on the basis of the method of the embodiment; the method mainly describes a specific process of obtaining an authentication result of an entity object to be authenticated recorded on a first block chain according to an identity, and specifically corresponds to the following steps from S506 to S508, in the method, under the condition that the identity of the entity object to be authenticated is stored in the first block chain, an identity archive corresponding to the identity of the entity object to be authenticated is also stored in the first block chain; the identity file is used for providing an access mode of real identity information of an entity object to be authenticated; as shown in fig. 5, the method includes the steps of:
step S502, an identity authentication request sent by the terminal equipment is obtained, wherein the identity authentication request is used for requesting the identity of the entity object to be authenticated.
Step S504, according to the identity authentication request, obtaining the identity of the entity object to be authenticated.
Step S506, under the condition that the identity of the entity object to be authenticated is stored in the first block chain, querying an identity archive corresponding to the identity of the entity object to be authenticated from the first block chain.
Step S508, obtaining the authentication result of the entity object to be authenticated through the queried identity file.
Step S510, sending the authentication result to the terminal device.
According to another identity authentication method provided by the embodiment of the invention, firstly, an identity identifier of an entity object to be authenticated is acquired according to an acquired identity authentication request sent by terminal equipment; under the condition that the identity of the entity object to be authenticated is stored in the first block chain, the identity archive corresponding to the identity of the entity object to be authenticated is inquired from the first block chain, then the authentication result of the entity object to be authenticated is obtained through the inquired identity archive, and finally the authentication result is sent to the terminal equipment. In the method, the entity object to be authenticated can obtain the authentication result of the entity object to be authenticated recorded on the first block chain and/or the second block chain through the identity authentication service according to the identity label by performing identity authentication once, so that the coexistence sharing of the identity authentication data in the same group is realized, or the mutual authentication and intercommunication of the identity authentication data among groups are realized, the identity authentication efficiency is improved, and the original identity data does not need to be provided for many times, so that the safety of the identity authentication data is improved.
The embodiment of the invention also provides another identity authentication method, which is realized on the basis of the method of the embodiment; the method mainly describes a specific process of obtaining an authentication result of an entity object to be authenticated recorded on a second blockchain according to an identity, and specifically corresponds to the following steps from S606 to S608, in the method, under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, an identity archive corresponding to the identity of the entity object to be authenticated is also stored in the second blockchain; the identity file is used for providing an access mode of real identity information of an entity object to be authenticated; the identity profile generally comprises a hash value of the real identity information of the entity object and an access address of the real identity information of the entity object, but does not contain the real identity information of the entity object; in practical implementation, the identity profile is typically stored in a distributed storage system; the Hash value may be understood as mapping the real identity information of the entity object to shorter data through a certain Hash Algorithm, such as MD5(Message Digest Algorithm 5, fifth version of Message Digest Algorithm), SHA-1(Secure Hash Algorithm 1), and the like, where the segment of the smaller data is the Hash value of the real identity information of the entity object, and once the real identity information of the entity object changes, the corresponding Hash value also changes, that is, there is a one-to-one correspondence between the real identity information of the entity object and the Hash value; the above access address may be understood as an address storing real identity information of an entity object, and in actual implementation, the access address may be represented by a Uniform Resource Identifier (URI); the identity file usually also includes data information such as public key, authentication, service, etc. corresponding to the identity.
The real identity information generally comprises identity certificates of entity objects; the identity certificate is used for proving that the entity object has the specified identity attribute; the identity certificate can be understood as a verifiable electronic certificate provided by the entity object for proving the identity of the entity object; the number of the identity certificates can be multiple, for example, the identity certificates can be a driving license, a social security card or a related qualification certificate of the entity object; the identity attribute may be understood as a specific identity, for example, if the identity document is a driver license, the driver license may prove that the entity object has driving qualification, and the entity object has the corresponding identity attribute of the driver.
As shown in fig. 6, the method includes the steps of:
step S602, an identity authentication request sent by the terminal device is obtained, where the identity authentication request is used to request to authenticate an identity of an entity object to be authenticated.
Step S604, obtaining the identity of the entity object to be authenticated according to the identity authentication request.
Step S606, under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, querying an identity archive corresponding to the identity of the entity object to be authenticated from the second blockchain.
Step S608, obtaining an authentication result of the entity object to be authenticated through the queried identity file.
Specifically, the step S608 can be specifically realized by the following steps three to six:
thirdly, acquiring the real identity information of the entity object to be authenticated through the inquired access address in the identity file; and verifying whether the real identity information of the entity object to be authenticated is tampered or not through the inquired hash value in the identity file.
During actual implementation, the real identity information of the entity object to be authenticated is usually stored in a distributed storage system, and is not directly stored in the block chain, but the access address and the hash value of the real identity information of the entity object to be authenticated are stored in the block chain; when identity authentication is required to be carried out on the entity object to be authenticated, the real identity information of the entity object to be authenticated can be obtained through the access address; because the hash value and the real identity information of the entity object to be authenticated are in one-to-one correspondence, if the inquired hash value changes, the fact that the real identity information of the entity object to be authenticated is tampered can be confirmed; if the inquired hash value is not changed, the fact that the real identity information of the entity object to be authenticated is not tampered can be confirmed.
And step four, if the real identity information of the entity object to be authenticated is not tampered, acquiring the identity certificate of the entity object to be authenticated from the real identity information of the entity object to be authenticated.
If the hash value in the inquired identity file is not changed, that is, the true identity information of the entity object to be authenticated is not tampered, the identity certificate of the entity object to be authenticated can be obtained from the true identity information of the entity object to be authenticated; during actual implementation, in some special application scenarios, it may be necessary to further acquire a relevant identity credential of an entity object to be authenticated and verify the identity credential, for example, in a recruitment scenario, it is not enough for a recruitment company to acquire an identity number of an applicant, and it is also necessary to acquire a related identity credential such as a academic certificate, a academic position certificate, and the like of the applicant; in the traffic management department, a driver's driving license and the like also need to be acquired; at this time, according to different application scenarios, the required related identity credentials need to be acquired from the real identity information of the entity object to be authenticated.
Step five, verifying whether the obtained identity certificate is legal or not; and if the identity certificate is legal, determining that the entity object to be authenticated has the identity attribute corresponding to the identity certificate.
After obtaining the relevant identity credentials of the entity object to be authenticated, it is usually necessary to verify whether the identity credentials are legal, for example, after the recruitment company obtains identity credentials such as a academic certificate, and the like of an applicant, it is necessary to confirm the authenticity of the certificates, and the like; after obtaining the driver's license, the traffic management department needs to verify whether the vehicle type driven by the driver exceeds the range of the quasi-driving vehicle type approved by the driver license, and the like, and if the identity certificate is legal, the entity object to be authenticated can be confirmed to have the identity attribute corresponding to the identity certificate, for example, if the academic certificate and the academic position certificate of the applicant are legal, the applicant is indicated to have corresponding academic calendar and academic position; if the driver's driving certification is legal, it indicates that the driver is permitted to drive the corresponding vehicle.
And step six, determining the real identity information and/or the identity file of the entity object to be authenticated as the authentication result of the entity object to be authenticated.
And if the real identity information of the entity object to be authenticated is not tampered, determining the real identity information of the entity object to be authenticated, or the identity file, or the real identity information and the identity file as the authentication result of the entity object to be authenticated.
Step S610, sending the authentication result to the terminal device.
According to another identity authentication method provided by the embodiment of the invention, firstly, an identity identifier of an entity object to be authenticated is acquired according to an acquired identity authentication request sent by terminal equipment; and under the condition that the identity of the entity object to be authenticated is stored in the second block chain, inquiring the identity archive corresponding to the identity of the entity object to be authenticated from the second block chain, obtaining the authentication result of the entity object to be authenticated through the inquired identity archive, and finally sending the authentication result to the terminal equipment. In the method, the entity object to be authenticated can obtain the authentication result of the entity object to be authenticated recorded on the first block chain and/or the second block chain through the identity authentication service according to the identity label by performing identity authentication once, so that the coexistence sharing of the identity authentication data in the same group is realized, or the mutual authentication and intercommunication of the identity authentication data among groups are realized, the identity authentication efficiency is improved, and the original identity data does not need to be provided for many times, so that the safety of the identity authentication data is improved.
In practical applications, the first blockchain may include a first federation chain; the second blockchain may include a second federation chain; the first alliance chain, the second alliance chain and the identity authentication service can be connected through a preset relay service engine; the federation can be understood as a block chain business group consisting of a plurality of members, and the members of the federation jointly participate in the construction of a block chain network as participants; a federation chain may be understood as a chain of permissive blocks managed by a number of groups together, each group running one or more nodes, where data only allows different groups within the system to read, write, and send transactions, and to record transaction data together; in practical implementation, the first federation chain and the second federation chain may be intra-group federation chains, and an intra-group federation chain may be understood as a federation deployed only inside a group; the identity authentication service can realize the interaction of authorization data among different organizations, groups or groups; the relay service engine may provide a unified data relay bridging service between the first alliance chain, the second alliance chain and the identity authentication service, and in practical implementation, the first alliance chain, the second alliance chain and the identity authentication service generally perform mutual authentication and intercommunication through a unified identity specification, such as a DID specification.
For further understanding of the above embodiments, an identity chain is taken as an example to be described below, the identity chain provides a solution for association, collection, storage, transmission, and authentication between entity attribute features of people, objects, groups, and the like in the real world and identity credential identifiers in the virtual world, the identity chain stores digital identity key data hash values and raw data hash values of entity objects on a block chain, and the digital identity key data and the raw data can be stored in a distributed storage system.
According to the positioning difference of the identity chain functions in different scenes, the identity chain is divided into an intra-group identity chain (corresponding to the first block chain and/or the second block chain) and an open identity chain (corresponding to the identity authentication service), wherein the intra-group identity chain can be understood as an intra-group alliance chain which is deployed inside a specific organization group and manages entity identity data in the group, the intra-group alliance chain is deployed inside groups of different industries, such as banks, insurance, enterprise groups and the like, the storage and the use of the data are required to be supervised by related industry supervision departments, and the requirements of related supervision are required to be met in design. The open identity chain can be understood as an open alliance chain for carrying out entity identity data encryption transmission, authorization use and authenticity authentication among different organization groups, and the requirements of data privacy protection, supervision, data authorization use and the like need to be considered in design. The intra-group identity chain and the open identity chain can be independent products, for example, the open identity chain can be understood as an independent service, the intra-group identity chain is an image product, the open identity chain can provide services to the outside through an interface, and the intra-group identity chain 1, the intra-group identity chain 2 or the intra-group identity chain 3 and the like are connected; only the node devices of the identity chain in the group are required to provide relevant data through the interface. The identity chain and the open identity chain in the group can also be combined into the same product.
In practical implementation, the intra-group identity chain can adopt an intra-group alliance chain for digital certificate data coexistence and sharing, and real-name authentication among node devices in a group is provided; the open identity chain can adopt an open alliance chain and is used for ecological mutual authentication and intercommunication of digital certificate data, and identity authentication of the identity chain in a group across the group is provided; the two are constructed on different alliance chains, namely, an identity chain system adopts a double-chain framework of an intra-group alliance chain and an open alliance chain; the two chains interact with the relay service engine through a unified DID specification. For example, if a group corresponds to a bank, the open identity chain may be used between multiple different banks to authenticate the identity of the entity object to be authenticated.
Explanation is given below to partial terms related to the identity chain, wherein, a group can be understood as a main body for deploying the identity chain in the group, and is an owner of an identity chain platform in the group and also a participant of an open identity chain, a group DID can be understood as a system DID of the identity chain in the group, the group also belongs to a management organization, the management organization can be understood as an organization participating in the operation of the platform, and can maintain and use the identity information of a personal entity and a group entity in the business field, and can perform the issuing and verification of an identity certificate, the management organization can also maintain the authority of a branch group and a group user, the management organization is also a group entity, and the group user is also a personal entity; the personal entity can be understood as a DID registration entity, personal identity information can be maintained through a C-terminal Client, and identity information authorization is carried out, wherein the C-terminal represents a Consumer personal user Consumer; the group entity takes a group as a DID registration entity, and can maintain enterprise or organization identity information and carry out identity information authorization through a Client at a B terminal; here, the B-side represents the Business.
In practical implementation, each group usually has its own supervisor, and the supervisor has the super key of the group; the monitoring party is an industry monitoring unit of the group for deploying the identity chain, has monitoring authority for operation and data of the identity chain in the group, and can perform unlimited query operation on the data in the group system through a monitoring Client.
To further understand the above embodiment, a schematic diagram of a system architecture for identity authentication is provided as shown in fig. 7, where the diagram includes an open identity chain (corresponding to the identity authentication service), a relay service engine, and a plurality of intra-group identity chains (corresponding to the first block chain or the second block chain), where the plurality of intra-group identity chains are an intra-group identity chain 1, an intra-group identity chain 2, and up to an intra-group identity chain M, respectively, the number of intra-group identity chains may be set according to an actual application scenario or a requirement, each intra-group identity chain includes a plurality of nodes, such as a node 1, a node 2, and up to a node N, and the number of nodes included in each intra-group identity chain may also be set according to an actual application scenario or a requirement.
The relay service engine can provide unified data relay bridging service for a plurality of intra-group identity chains and open identity chains, and the intra-group identity chains and the open identity chains are mutually authenticated and intercommunicated through unified DID specifications. For example, the identity of the entity object to be authenticated is stored in the identity chain 1 in the group, and after the entity object to be authenticated in the identity chain 1 in the group sends an identity authentication request to the open identity chain through the terminal device, the identity of the entity object to be authenticated is extracted from the identity authentication request; and inquiring an identity file corresponding to the identity of the entity object to be authenticated from the identity chain 1 in the group according to the identity, and obtaining an authentication result of the entity object to be authenticated according to the inquired identity file, namely realizing coexistence sharing of identity authentication data among all node devices in the identity chain 1 in the group.
Taking the example that the intra-group identity chain 1 and the intra-group identity chain 2 are both in communication connection with the open identity chain, and only the identity of the entity object to be authenticated is stored in the intra-group identity chain 2, when the entity object to be authenticated in the intra-group identity chain 1 sends an identity authentication request to the open identity chain through terminal equipment, extracting the identity of the entity object to be authenticated from the identity authentication request; and inquiring the identity file corresponding to the identity of the entity object to be authenticated from the identity chain 2 in the group according to the identity, and obtaining the authentication result of the entity object to be authenticated according to the inquired identity file, namely realizing mutual authentication and intercommunication of the identity authentication data between the identity chain 1 in the group and the identity chain 2 in the group.
The identity Data of the entity in the real world is mapped to the identity chain, and the attributes usually include elements such as DID (corresponding to the identity identifier), DID Document (corresponding to the identity file), DID Data (corresponding to the identity information), and DID creatives (corresponding to the identity certificate).
In the identity chain system, the DID can be used to represent a unique identification of an Entity (Entity) such as a person, group, thing, etc. Through DID, the related archive data and verification mode of the entity represented by the ID chain system can be found out. In an alternative embodiment of the present invention, the related specifications may be formulated with reference to the W3C Decentralized Identities (DIDs) v1.0 specification and the W3C standardized creatives Data Model 1.0 specification; wherein the W3C Decentralized IDs (DIDs) v1.0 specification is a distributed ID specification promulgated by the W3C organization; the W3C Verifiable Credentials Data Model 1.0 specification is a Verifiable credential Data Model specification promulgated by the W3C organization. It should be understood that the specification of the identity identifier, the identity file, the identity information, the identity certificate, and the like in the embodiment of the present invention is not limited to the above examples, the specification used in the embodiment of the present invention is not limited, and the specification, the execution standard, and the like in the embodiment of the present invention are all exemplified.
The DID Document can also be understood as a DID archive, generally containing a set of Data sets conforming to JSON-LD (JavaScript Object notification for Linked Data) standard for describing DID features, such as including Data information of public keys, certificates, services and the like corresponding to the DID, and a method for representing and transmitting interconnection Data based on JSON, wherein JSON can be understood as a lightweight Data exchange format), and the DID Document does not generally contain specific attributes or feature Data of entities corresponding to the DID, such as names, certificate numbers, contact phones and the like. If identity information such as specific attributes or feature data of an entity needs to be acquired, or other services related to DID need to be acquired from an access address of the identity information of the corresponding entity provided in the DID Document. The DID and DID Document are in a one-to-one relationship, and the DID Document is usually stored on a block chain, rather than a database, or a centralized server, etc.
DID Data can be understood as a Data set conforming to the JSON standard, such as name, certificate number, contact phone, etc., representing detailed attributes or characteristics of the entity to which the DID corresponds. The DID Data does not exist directly on the blockchain, but rather is provided by Data or stored in a clique that exists in its own Data system, which may be a clique-owned distributed storage system to which the blockchain belongs. The URI (corresponding to the access address described above) to obtain DID Data is defined in the DID Document. The DID Data structure is required to conform to the DID Data Schema definition.
The DID Data Schema is equivalent to a DID Data template, and is usually stored in a block chain and completely published, wherein information such as a DID Data type, an attribute definition, a KYC (Know Your Customer) level, and the like is defined.
DID creatials correspond to identity certificates, typically verifiable electronic certificates provided by groups or individuals joining the identity chain system to prove the identity of DID entities. Any number of creatives may be published on a per DID basis, with one creatinal potentially containing several Data items from the DID Data. The publisher of the DID credit may be referred to as an Issuer, the structured Data published by the Issuer according to the DID Data Schema definition may be referred to as a clim, and the structured Data associated with the entity corresponding to the DID may be referred to as a clim. The Verifier for verifying the authenticity of the DID Credential can be called a Verifier; the Holder who has issued the DID credit may be called Holder, and Holder applies for issuing the DID credit to Issuer and provides to Verifier for verification, and generally is an entity represented by DID in the DID credits. The data structures in DID creatials typically need to conform to the DID creative Schema definition.
The DID creative Schema corresponds to a DID identity voucher template, which is a verifiable electronic voucher provided by a group or individual joining the identity chain system for verifying the identity of a DID entity.
To further understand the above embodiment, a relationship diagram of identity Data is provided as shown in fig. 8, where Entity represents an Entity object to be authenticated, DID is an identity used to represent Entity, and DID Document is a DID archive used to explain the characteristics of DID, where the Entity object to be authenticated includes an access address corresponding to DID Data of Entity, the access address points to DID Data, and DID Data is used to specifically describe detailed attributes or characteristics of Entity, and on the basis of each DID, several DID creatives may be issued, and Data items contained in DID creatives generally depend on Data items in DID Data, and several Data items in DID Data may be contained in each DID creatives.
For example, a customer opens an account successfully in a certain bank in mainland China, in the account opening process, when real-name authentication is completed, the bank generates a unique DID corresponding to the customer for the customer, only a basic identity certificate is generated in the account opening process, and other derived identity certificates can be regenerated according to later-stage requirements; for example, if a department of transportation arrives, it may be necessary to generate its corresponding driver's license.
If a user opens an account in the row needing to go to the Singapore, the user needs to submit the real-name authentication material again in the row of the Singapore in the prior mode. After the identity chain system is deployed in the bank, a user only needs to submit real-name authentication materials once in the bank, and can transact business in all the global network points of the bank, which is equivalent to an identity chain application scene in a group, and the scene can be extended to an open identity chain application scene, for example, the bank can be combined with other banks or groups to realize identity chain intercommunication, and real-name authentication materials can be shared under the condition of client authorization, so that the application of the identity chain across the groups or organizations is realized. The identity chain can be tried to be applied by cross-domain mutual authentication of the driving license and the graduation license.
In practical implementation, when a customer transacts business at other websites of the same bank, the customer is usually only required to provide the DID. If the customer needs to transact business from another different bank, the DID document is generally required to be inquired from the identity chain storing the identity of the customer based on the DID, and the DID data is finally acquired according to the access address of the DID data stored in the DID document.
The embodiment of the present invention provides a schematic structural diagram of an identity authentication device, as shown in fig. 9, the device includes: a first obtaining module 90, configured to obtain an identity of an entity object to be authenticated; the first sending module 91 is configured to send an identity authentication request to an identity authentication service according to the identity identifier, where the identity authentication request is used to request authentication of an identity of an entity object to be authenticated, and the identity authentication service is used to obtain an authentication result of the entity object to be authenticated recorded in the first blockchain and/or the second blockchain according to the identity identifier, where objects to which the first blockchain and the second blockchain belong are different; the receiving module 92 is configured to receive an authentication result sent by the identity authentication service in response to the identity authentication request.
The identity authentication device provided by the embodiment of the invention firstly sends an identity authentication request to an identity authentication service according to an acquired identity of an entity object to be authenticated, wherein the identity authentication request is used for requesting the identity of the entity object to be authenticated, the identity authentication service is used for acquiring an authentication result of the entity object to be authenticated recorded on a first block chain and/or a second block chain according to the identity, and then receiving the authentication result sent by the identity authentication service in response to the identity authentication request. In the device, the entity object to be authenticated can acquire the authentication result of the entity object to be authenticated recorded on the first block chain and/or the second block chain through the identity authentication service according to the identity label by performing identity authentication once, so that the coexistence sharing of the identity authentication data in the same group is realized, or the mutual authentication and intercommunication of the identity authentication data among groups are realized, the identity authentication efficiency is improved, and the original identity data does not need to be provided for many times, so that the safety of the identity authentication data is improved.
Further, under the condition that the identity of the entity object to be authenticated is stored in the first blockchain, the identity of the entity object to be authenticated stored in the first blockchain is used for indicating an authentication result that the entity object to be authenticated passes the authentication, wherein the first blockchain also stores an identity profile corresponding to the identity of the entity object to be authenticated; under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, the identity of the entity object to be authenticated, which is stored in the second blockchain, is used for indicating an authentication result that the entity object to be authenticated passes the authentication, wherein the second blockchain also stores an identity archive corresponding to the identity of the entity object to be authenticated; the identity file is used for providing an access mode of real identity information of an entity object to be authenticated; the apparatus is further configured to: sending an authentication result selection instruction to the identity authentication service; the authentication result selection instruction is used for selecting a target authentication result from the authentication results; and receiving the identity file and/or the real identity information of the entity object to be authenticated, which is sent by the identity authentication service based on the target authentication result.
Further, under the condition that the identity of the entity object to be authenticated is stored in the first blockchain, the identity of the entity object to be authenticated stored in the first blockchain is used for indicating an authentication result that the entity object to be authenticated passes the authentication, wherein the first blockchain also stores an identity profile corresponding to the identity of the entity object to be authenticated; under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, the identity of the entity object to be authenticated, which is stored in the second blockchain, is used for indicating an authentication result that the entity object to be authenticated passes the authentication, wherein the second blockchain also stores an identity archive corresponding to the identity of the entity object to be authenticated; the identity file is used for providing an access mode of real identity information of an entity object to be authenticated; the authentication result includes: and the real identity information and/or the identity profile of the entity object to be authenticated.
The implementation principle and the generated technical effect of the identity authentication device provided by the embodiment of the invention are the same as those of the identity authentication method embodiment, and for the sake of brief description, no part of the embodiment of the identity authentication device is mentioned, and reference may be made to the corresponding contents in the identity authentication method embodiment.
An embodiment of the present invention provides a schematic structural diagram of another identity authentication apparatus, as shown in fig. 10, the apparatus includes: a second obtaining module 100, configured to obtain an identity authentication request sent by a terminal device, where the identity authentication request is used to request to authenticate an identity of an entity object to be authenticated; a third obtaining module 101, configured to obtain an identity identifier of an entity object to be authenticated according to the identity authentication request; a fourth obtaining module 102, configured to obtain, according to the identity, an authentication result of an entity object to be authenticated recorded in the first blockchain and/or the second blockchain, where objects to which the first blockchain and the second blockchain belong are different; and a second sending module 103, configured to send the authentication result to the terminal device.
According to another identity authentication device provided by the embodiment of the invention, firstly, an identity identifier of an entity object to be authenticated is acquired according to an acquired identity authentication request sent by terminal equipment; and then, according to the identity, acquiring an authentication result of the entity object to be authenticated recorded on the first block chain and/or the second block chain, and finally sending the authentication result to the terminal equipment. In the device, the entity object to be authenticated can acquire the authentication result of the entity object to be authenticated recorded on the first block chain and/or the second block chain through the identity authentication service according to the identity label by performing identity authentication once, so that the coexistence sharing of the identity authentication data in the same group is realized, or the mutual authentication and intercommunication of the identity authentication data among groups are realized, the identity authentication efficiency is improved, and the original identity data does not need to be provided for many times, so that the safety of the identity authentication data is improved.
Further, the fourth obtaining module 102 is further configured to: acquiring a storage result of the identity, wherein the storage result is used for indicating whether the identity of the entity object to be authenticated is stored in the first block chain and the second block chain; and determining an authentication result of the entity object to be authenticated recorded on the first block chain and/or the second block chain according to the storage result, wherein the identity of the entity object to be authenticated stored in the first block chain is used for indicating that the first block chain records the authentication result that the entity object to be authenticated passes the authentication, and the identity of the entity object to be authenticated stored in the second block chain is used for indicating that the second block chain records the authentication result that the entity object to be authenticated passes the authentication.
Further, the fourth obtaining module 102 is further configured to: acquiring an authentication result selection instruction sent by terminal equipment; the authentication result selection instruction is used for selecting a target authentication result from the authentication results; determining a target authentication result based on the authentication result selection instruction; and authenticating the real identity information of the entity object to be authenticated based on the target authentication result.
Further, the fourth obtaining module 102 is further configured to: under the condition that the target authentication result is recorded by the first block chain, the first block chain also stores an identity file corresponding to the identity of the entity object to be authenticated; the identity file is used for providing an access mode of real identity information of an entity object to be authenticated; inquiring an identity file corresponding to the identity of the entity object to be authenticated from the first block chain; and obtaining an authentication result of the entity object to be authenticated through the inquired identity file.
Further, the fourth obtaining module 102 is further configured to: under the condition that the target authentication result is recorded by the second block chain, the second block chain also stores an identity file corresponding to the identity of the entity object to be authenticated; the identity file is used for providing an access mode of real identity information of an entity object to be authenticated; inquiring an identity file corresponding to the identity of the entity object to be authenticated from the second block chain; and obtaining an authentication result of the entity object to be authenticated through the inquired identity file.
Further, under the condition that the identity of the entity object to be authenticated is stored in the first block chain, the identity archive corresponding to the identity of the entity object to be authenticated is also stored in the first block chain; the identity file is used for providing an access mode of real identity information of an entity object to be authenticated; the fourth obtaining module 102 is further configured to: under the condition that the identity of the entity object to be authenticated is stored in the first block chain, inquiring an identity archive corresponding to the identity of the entity object to be authenticated from the first block chain; and obtaining an authentication result of the entity object to be authenticated through the inquired identity file.
Further, under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, an identity archive corresponding to the identity of the entity object to be authenticated is also stored in the second blockchain; the identity file is used for providing an access mode of real identity information of an entity object to be authenticated; the fourth obtaining module 102 is further configured to: under the condition that the identity of the entity object to be authenticated is stored in the second block chain, inquiring an identity archive corresponding to the identity of the entity object to be authenticated from the second block chain; and obtaining an authentication result of the entity object to be authenticated through the inquired identity file.
Further, the identity file comprises a hash value of the real identity information of the entity object and an access address of the real identity information of the entity object; the fourth obtaining module 102 is further configured to: acquiring real identity information of an entity object to be authenticated through an access address in the inquired identity file; verifying whether the real identity information of the entity object to be authenticated is tampered or not through the inquired hash value in the identity file; and if the real identity information of the entity object to be authenticated is not tampered, determining the real identity information and/or the identity file of the entity object to be authenticated as the authentication result of the entity object to be authenticated.
Further, the real identity information includes an identity certificate of the entity object; the identity voucher is used for proving that the entity object has the specified identity attribute; the fourth obtaining module 102 is further configured to: acquiring an identity certificate of an entity object to be authenticated from real identity information of the entity object to be authenticated; verifying whether the obtained identity certificate is legal or not; and if the identity certificate is legal, determining that the entity object to be authenticated has the identity attribute corresponding to the identity certificate.
The implementation principle and the generated technical effect of the identity authentication device provided by the embodiment of the invention are the same as those of the identity authentication method embodiment, and for the sake of brief description, no part of the embodiment of the identity authentication device is mentioned, and reference may be made to the corresponding contents in the identity authentication method embodiment.
An embodiment of the present invention provides an identity authentication system, as shown in fig. 11, the system includes a terminal device 110, an identity authentication service 111, a first block chain 112, and a second block chain 113;
the terminal device 110 is configured to: acquiring an identity of an entity object to be authenticated; and sending an identity authentication request to the identity authentication service 111 according to the identity identifier, wherein the identity authentication request is used for requesting authentication of the identity of the entity object to be authenticated.
The identity authentication service 111 is used to: acquiring an identity authentication request sent by the terminal device 110; acquiring an identity identifier of an entity object to be authenticated according to the identity authentication request; according to the identity, acquiring an authentication result of an entity object to be authenticated recorded on the first block chain 112 and/or the second block chain 113, wherein the objects to which the first block chain 112 and the second block chain 113 belong are different; and sending the authentication result to the terminal equipment.
Through the identity authentication system, KYC requirements of 'one-time authentication and multiple-time use' in the same group and identity data transmission authentication requirements among groups can be considered, namely, a solution scheme for acquiring and storing digital certificates provided by the application is provided, coexistence and sharing of data in the group are considered, and requirements of mutual authentication and intercommunication of the digital certificates among groups or organizations are considered, data controllability can be realized, and the DID and certificate verification methods can ensure that KYC is realized without exposing privacy data.
An embodiment of the present invention further provides an electronic device, as shown in fig. 12, where the electronic device includes a processor 130 and a memory 131, the memory 131 stores machine executable instructions that can be executed by the processor 130, and the processor 130 executes the machine executable instructions to implement the identity authentication method.
Further, the electronic device shown in fig. 12 further includes a bus 132 and a communication interface 133, and the processor 130, the communication interface 133, and the memory 131 are connected by the bus 132.
The Memory 131 may include a high-speed Random Access Memory (RAM) and may also include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The communication connection between the network element of the system and at least one other network element is realized through at least one communication interface 133 (which may be wired or wireless), and the internet, a wide area network, a local network, a metropolitan area network, and the like can be used. The bus 132 may be an ISA bus, PCI bus, EISA bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 12, but that does not indicate only one bus or one type of bus.
The processor 130 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 130. The Processor 130 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the device can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in the memory 131, and the processor 130 reads the information in the memory 131 and completes the steps of the method of the foregoing embodiment in combination with the hardware thereof.
The embodiment of the present invention further provides a machine-readable storage medium, where the machine-readable storage medium stores machine-executable instructions, and when the machine-executable instructions are called and executed by a processor, the machine-executable instructions cause the processor to implement the identity authentication method.
The identity authentication method, apparatus, system, and computer program product of the electronic device provided in the embodiments of the present invention include a computer-readable storage medium storing a program code, where instructions included in the program code may be used to execute the method described in the foregoing method embodiments, and specific implementations may refer to the method embodiments and are not described herein again.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art will understand that the following embodiments are merely illustrative of the present invention, and not restrictive, and the scope of the present invention is not limited thereto: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (17)
1. An identity authentication method, comprising:
acquiring an identity of an entity object to be authenticated;
sending an identity authentication request to an identity authentication service according to the identity identifier, wherein the identity authentication request is used for requesting to authenticate the identity of the entity object to be authenticated, the identity authentication service is used for acquiring an authentication result of the entity object to be authenticated recorded on a first block chain and/or a second block chain according to the identity identifier, and the objects of the first block chain and the second block chain are different;
and receiving the authentication result sent by the identity authentication service responding to the identity authentication request.
2. The method of claim 1,
under the condition that the identity of the entity object to be authenticated is stored in the first blockchain, the identity of the entity object to be authenticated, which is stored in the first blockchain, is used to indicate an authentication result that the entity object to be authenticated passes authentication, wherein an identity profile corresponding to the identity of the entity object to be authenticated is also stored in the first blockchain;
under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, the identity of the entity object to be authenticated, which is stored in the second blockchain, is used to indicate an authentication result that the entity object to be authenticated passes authentication, wherein an identity profile corresponding to the identity of the entity object to be authenticated is also stored in the second blockchain; the identity archive is used for providing an access mode of real identity information of the entity object to be authenticated;
after the step of receiving the authentication result sent by the identity authentication service in response to the identity authentication request, the method further includes:
sending an authentication result selection instruction to the identity authentication service; the authentication result selection instruction is used for selecting a target authentication result from the authentication results;
and receiving the identity archive and/or the real identity information of the entity object to be authenticated, which is sent by the identity authentication service based on the target authentication result.
3. The method of claim 1,
under the condition that the identity of the entity object to be authenticated is stored in the first blockchain, the identity of the entity object to be authenticated, which is stored in the first blockchain, is used to indicate an authentication result that the entity object to be authenticated passes authentication, wherein an identity profile corresponding to the identity of the entity object to be authenticated is also stored in the first blockchain;
under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, the identity of the entity object to be authenticated, which is stored in the second blockchain, is used to indicate an authentication result that the entity object to be authenticated passes authentication, wherein an identity profile corresponding to the identity of the entity object to be authenticated is also stored in the second blockchain; the identity archive is used for providing an access mode of real identity information of the entity object to be authenticated;
the authentication result includes: and the real identity information and/or the identity file of the entity object to be authenticated.
4. An identity authentication method, comprising:
acquiring an identity authentication request sent by terminal equipment, wherein the identity authentication request is used for requesting the identity of an entity object to be authenticated;
acquiring the identity of the entity object to be authenticated according to the identity authentication request;
according to the identity, acquiring an authentication result of the entity object to be authenticated recorded on a first block chain and/or a second block chain, wherein the objects of the first block chain and the second block chain are different;
and sending the authentication result to the terminal equipment.
5. The method according to claim 4, wherein the step of obtaining the authentication result of the entity object to be authenticated recorded on the first blockchain and/or the second blockchain according to the identity includes: obtaining a storage result of the identity, wherein the storage result is used for indicating whether the first block chain and the second block chain store the identity of the entity object to be authenticated or not;
and determining an authentication result of the entity object to be authenticated recorded on the first block chain and/or the second block chain according to the storage result, wherein the identity of the entity object to be authenticated, which is stored in the first block chain, is used to indicate that the first block chain records an authentication result that the entity object to be authenticated passes the authentication, and the identity of the entity object to be authenticated, which is stored in the second block chain, is used to indicate that the second block chain records an authentication result that the entity object to be authenticated passes the authentication, when the identity of the entity object to be authenticated is stored in the first block chain.
6. The method according to claim 5, wherein after the step of determining the authentication result of the entity object to be authenticated recorded on the first blockchain and/or the second blockchain according to the storage result, the method further comprises:
acquiring an authentication result selection instruction sent by the terminal equipment; the authentication result selection instruction is used for selecting a target authentication result from the authentication results;
determining a target authentication result based on the authentication result selection instruction;
and authenticating the real identity information of the entity object to be authenticated based on the target authentication result.
7. The method according to claim 6, wherein the step of authenticating the true identity information of the entity object to be authenticated based on the target authentication result comprises:
under the condition that the target authentication result is recorded by the first block chain, an identity archive corresponding to the identity of the entity object to be authenticated is also stored in the first block chain; the identity archive is used for providing an access mode of real identity information of the entity object to be authenticated;
inquiring an identity file corresponding to the identity of the entity object to be authenticated from the first block chain; and obtaining an authentication result of the entity object to be authenticated through the inquired identity file.
8. The method according to claim 6, wherein the step of authenticating the true identity information of the entity object to be authenticated based on the target authentication result comprises:
under the condition that the target authentication result is recorded by the second blockchain, an identity archive corresponding to the identity of the entity object to be authenticated is also stored in the second blockchain; the identity archive is used for providing an access mode of real identity information of the entity object to be authenticated;
inquiring an identity file corresponding to the identity of the entity object to be authenticated from the second block chain; and obtaining an authentication result of the entity object to be authenticated through the inquired identity file.
9. The method according to claim 4, wherein, in a case that the identity of the entity object to be authenticated is stored in the first blockchain, an identity profile corresponding to the identity of the entity object to be authenticated is also stored in the first blockchain; the identity archive is used for providing an access mode of real identity information of the entity object to be authenticated;
the step of obtaining the authentication result of the entity object to be authenticated recorded on the first block chain according to the identity includes:
under the condition that the identity of the entity object to be authenticated is stored in the first block chain, inquiring an identity file corresponding to the identity of the entity object to be authenticated from the first block chain;
and obtaining an authentication result of the entity object to be authenticated through the inquired identity file.
10. The method according to claim 4, wherein, in a case that the identity of the entity object to be authenticated is stored in the second blockchain, an identity profile corresponding to the identity of the entity object to be authenticated is also stored in the second blockchain; the identity archive is used for providing an access mode of real identity information of the entity object to be authenticated;
the step of obtaining the authentication result of the entity object to be authenticated recorded on the second block chain according to the identity includes:
under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, inquiring an identity file corresponding to the identity of the entity object to be authenticated from the second blockchain;
and obtaining an authentication result of the entity object to be authenticated through the inquired identity file.
11. The method according to any one of claims 7-10, wherein the identity profile comprises a hash value of the real identity information of the physical object and an access address of the real identity information of the physical object;
the step of obtaining the authentication result of the entity object to be authenticated through the inquired identity profile comprises the following steps:
acquiring real identity information of the entity object to be authenticated through the inquired access address in the identity file; verifying whether the real identity information of the entity object to be authenticated is tampered or not through the inquired hash value in the identity archive;
and if the real identity information of the entity object to be authenticated is not tampered, determining the real identity information and/or the identity profile of the entity object to be authenticated as the authentication result of the entity object to be authenticated.
12. The method according to claim 11, wherein the real identity information comprises an identity credential of the entity object; the identity certificate is used for proving that the entity object has a specified identity attribute;
before the step of determining the real identity information and/or the identity profile of the entity object to be authenticated as the authentication result of the entity object to be authenticated, the method further includes:
acquiring an identity certificate of the entity object to be authenticated from the real identity information of the entity object to be authenticated;
verifying whether the obtained identity voucher is legal or not; and if the identity certificate is legal, determining that the entity object to be authenticated has the identity attribute corresponding to the identity certificate.
13. An identity authentication apparatus, comprising:
the first acquisition module is used for acquiring the identity of the entity object to be authenticated;
a first sending module, configured to send an identity authentication request to an identity authentication service according to the identity identifier, where the identity authentication request is used to request authentication of an identity of the entity object to be authenticated, and the identity authentication service is used to obtain, according to the identity identifier, an authentication result recorded on a first blockchain and/or a second blockchain for the entity object to be authenticated, where objects to which the first blockchain and the second blockchain belong are different;
and the receiving module is used for receiving the authentication result sent by the identity authentication service responding to the identity authentication request.
14. An identity authentication apparatus, comprising:
the second obtaining module is used for obtaining an identity authentication request sent by the terminal equipment, wherein the identity authentication request is used for requesting the identity of the entity object to be authenticated;
a third obtaining module, configured to obtain, according to the identity authentication request, an identity of the entity object to be authenticated;
a fourth obtaining module, configured to obtain, according to the identity, an authentication result that is recorded on the first blockchain and/or the second blockchain and is for the entity object to be authenticated, where objects to which the first blockchain and the second blockchain belong are different;
and the second sending module is used for sending the authentication result to the terminal equipment.
15. An identity authentication system is characterized in that the system comprises a terminal device, an identity authentication service, a first blockchain and a second blockchain;
the terminal device is configured to: acquiring an identity of an entity object to be authenticated; sending an identity authentication request to an identity authentication service according to the identity identifier, wherein the identity authentication request is used for requesting to authenticate the identity of the entity object to be authenticated;
the identity authentication service is to: acquiring an identity authentication request sent by terminal equipment; acquiring the identity of the entity object to be authenticated according to the identity authentication request; according to the identity, acquiring an authentication result of the entity object to be authenticated recorded on a first block chain and/or a second block chain, wherein the objects of the first block chain and the second block chain are different; and sending the authentication result to the terminal equipment.
16. An electronic device comprising a processor and a memory, the memory storing machine executable instructions executable by the processor, the processor executing the machine executable instructions to implement the identity authentication method of any one of claims 1 to 12.
17. A machine-readable storage medium having stored thereon machine-executable instructions which, when invoked and executed by a processor, cause the processor to carry out the method of identity authentication of any one of claims 1 to 12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010439564.0A CN113704712A (en) | 2020-05-21 | 2020-05-21 | Identity authentication method, device and system and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010439564.0A CN113704712A (en) | 2020-05-21 | 2020-05-21 | Identity authentication method, device and system and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113704712A true CN113704712A (en) | 2021-11-26 |
Family
ID=78646073
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010439564.0A Pending CN113704712A (en) | 2020-05-21 | 2020-05-21 | Identity authentication method, device and system and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113704712A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114978668A (en) * | 2022-05-19 | 2022-08-30 | 中国人民大学 | Cross-link data entity identity management and authentication method and system |
| CN115801269A (en) * | 2022-10-31 | 2023-03-14 | 云南电网有限责任公司 | Heterogeneous fusion networking equipment authentication method based on block chain |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109327314A (en) * | 2018-11-08 | 2019-02-12 | 阿里巴巴集团控股有限公司 | Access method, device, electronic equipment and the system of business datum |
| CN109327312A (en) * | 2018-10-26 | 2019-02-12 | 阿里巴巴集团控股有限公司 | Authentication method and device, electronic equipment |
| WO2019196834A1 (en) * | 2018-04-11 | 2019-10-17 | 深圳技术大学 | Blockchain platform-based autonomous and supervisable digital identity authentication system |
-
2020
- 2020-05-21 CN CN202010439564.0A patent/CN113704712A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019196834A1 (en) * | 2018-04-11 | 2019-10-17 | 深圳技术大学 | Blockchain platform-based autonomous and supervisable digital identity authentication system |
| CN109327312A (en) * | 2018-10-26 | 2019-02-12 | 阿里巴巴集团控股有限公司 | Authentication method and device, electronic equipment |
| CN109327314A (en) * | 2018-11-08 | 2019-02-12 | 阿里巴巴集团控股有限公司 | Access method, device, electronic equipment and the system of business datum |
Non-Patent Citations (1)
| Title |
|---|
| 李嶒;: "基于区块链3.0架构的身份认证系统", 宿州学院学报, no. 11, 15 November 2019 (2019-11-15) * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114978668A (en) * | 2022-05-19 | 2022-08-30 | 中国人民大学 | Cross-link data entity identity management and authentication method and system |
| CN114978668B (en) * | 2022-05-19 | 2023-05-02 | 中国人民大学 | Cross-chain data entity identity management and authentication method and system |
| CN115801269A (en) * | 2022-10-31 | 2023-03-14 | 云南电网有限责任公司 | Heterogeneous fusion networking equipment authentication method based on block chain |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11645632B2 (en) | System and method for a decentralized portable information container supporting privacy protected digital information credentialing, remote administration, local validation, access control and remote instruction signaling utilizing blockchain distributed ledger and container wallet technologies | |
| CN112215608B (en) | Data processing method and device | |
| CN109886026B (en) | Data storage query method, device, computer system and readable storage medium | |
| CN110599266B (en) | Electronic bill data processing method and device, computer equipment and storage medium | |
| CN110414270B (en) | Personal data protection system and method based on block chain | |
| CN110800254A (en) | System and method for generating digital indicia | |
| CN112700251B (en) | Identity confirmation method, device and system in financial scene | |
| CN111177172A (en) | Electronic deposit certificate system based on block chain | |
| CN112862589B (en) | Authentication method, device and system in financial scene | |
| Brunner et al. | SPROOF: A Platform for Issuing and Verifying Documents in a Public Blockchain. | |
| Kwame et al. | V-chain: A blockchain-based car lease platform | |
| CN111880919A (en) | Data scheduling method, system and computer equipment | |
| CN114519206A (en) | Method for anonymously signing electronic contract and signature system | |
| CN113704712A (en) | Identity authentication method, device and system and electronic equipment | |
| CN113886883A (en) | Internet of things data management method and device | |
| Kiruthika et al. | Fusion of IoT, blockchain and artificial intelligence for developing smart cities | |
| CN112700327B (en) | User confirmation method, device and system in financial scene | |
| CN115708119A (en) | Cross-chain transaction system, method, device and storage medium | |
| CN112884484A (en) | Enterprise identity authentication method and system based on block chain | |
| Das et al. | Design of a trust-based authentication scheme for blockchain-enabled iov system | |
| CN109495246B (en) | Method for verifying federated link node | |
| CN113393234A (en) | Off-chain asset right determining method based on block chain | |
| CN115941282A (en) | NFT-based block chain cross-chain interaction system and method | |
| CN111866009B (en) | Vehicle information updating method and device | |
| CN114444130A (en) | Electronic certificate mutual trust and mutual authentication platform based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |