CN113704723B - Block chain-based digital identity verification method and device and storage medium - Google Patents
Block chain-based digital identity verification method and device and storage medium Download PDFInfo
- Publication number
- CN113704723B CN113704723B CN202111256587.9A CN202111256587A CN113704723B CN 113704723 B CN113704723 B CN 113704723B CN 202111256587 A CN202111256587 A CN 202111256587A CN 113704723 B CN113704723 B CN 113704723B
- Authority
- CN
- China
- Prior art keywords
- authentication request
- user
- authorization
- identity
- party
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/901—Indexing; Data structures therefor; Storage structures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The present disclosure provides a block chain-based digital identity verification method, apparatus, and storage medium, and relates to the field of block chain technology, and in particular, to a block chain-based digital identity verification method, apparatus, and storage medium. The specific implementation scheme is as follows: receiving a first authentication request sent by a first user; receiving a second authentication request sent by a second user; and sending identity authentication information according to the first authentication request and the second authentication request. The embodiment of the disclosure realizes digital identity verification by sending identity authentication information through the first authentication request and the second authentication request of the user. The embodiment of the disclosure can ensure the awareness of both parties to the identity verification and improve the safety of the digital identity verification.
Description
Technical Field
The present disclosure relates to the field of blockchains, and in particular, to a method and an apparatus for verifying a digital identity based on a blockchain, and a storage medium.
Background
With the development of computer technology, data in computers are more and more complex, and various data verification modes appear in order to ensure the security of the data in the computers. For example, a digital identity may be verified, which refers to a public key that condenses the true information into a digital code, which can be queried and identified over a network, associated devices, etc. The existing digital identity verification can be that a unified identity information base is established by an authentication center, and a verification service of digital identity is provided through verification modes such as physical certificates or digital passwords. However, the existing digital authentication has low security.
Disclosure of Invention
The disclosure provides a block chain-based digital identity verification method, a block chain-based digital identity verification device and a storage medium. The technical scheme of the disclosure is as follows:
according to a first aspect of the embodiments of the present disclosure, there is provided a block chain-based digital identity verification method, including:
receiving a first authentication request sent by a first user;
receiving a second authentication request sent by a second user;
and sending identity authentication information according to the first authentication request and the second authentication request.
Optionally, the first user is a party to be verified, the second user is a party to be verified, the first authentication request is an authorization authentication request, and the second authentication request is an on-chain authentication request.
Optionally, the first user is a verifier, the second user is a party to be verified, the first authentication request is an on-chain authentication request, and the second authentication request is an authorization authentication request.
Optionally, the parameter of the on-chain authentication request includes at least one of the following:
the digital identity index of the party to be verified;
and verifying the category.
Optionally, the parameter of the authorization authentication request includes at least one of the following:
a digital identity index of the verifying party;
and verifying the category.
Optionally, the parameter of the authorization authentication request includes at least one of the following:
a digital identity index of the verifying party;
the authentication authorization request index.
Optionally, the sending identity authentication information according to the authorization authentication request and the on-chain authentication request includes:
acquiring the corresponding authorization authentication request according to the on-chain authentication request;
and sending the identity authentication information corresponding to the authorization authentication request to the second user, wherein the identity authentication information is identity credential information of the first user.
Optionally, the sending identity authentication information according to the authorization authentication request and the on-chain authentication request includes:
determining the corresponding on-chain authentication request as a successful authorization authentication request according to the authorization authentication request;
acquiring the corresponding authorization authentication request according to the authentication request on the secondary chain sent by the first user;
and sending the identity authentication information corresponding to the on-chain authentication request to the first user, wherein the identity authentication information is identity credential information of the second user.
According to a second aspect of the embodiments of the present disclosure, there is provided a block chain-based digital identity verification apparatus, including:
the first receiving module is used for receiving a first authentication request sent by a first user;
the second receiving module is used for receiving a second authentication request sent by a second user;
and the authentication module is used for sending identity authentication information according to the first authentication request and the second authentication request.
Optionally, the first user is a party to be verified, the second user is a party to be verified, the first authentication request is an authorization authentication request, and the second authentication request is an on-chain authentication request.
Optionally, the first user is a verifier, the second user is a party to be verified, the first authentication request is an on-chain authentication request, and the second authentication request is an authorization authentication request.
Optionally, the parameter of the authorization authentication request includes at least one of the following:
the digital identity index of the party to be verified;
and verifying the category.
Optionally, the parameter of the on-chain authentication request includes at least one of the following:
a digital identity index of the verifying party;
and verifying the category.
Optionally, the parameter of the on-chain authentication request includes at least one of the following:
a digital identity index of the verifying party;
the authentication authorization request index.
Optionally, the authentication module includes:
the first matching sub-module is used for acquiring the corresponding authorization authentication request according to the on-chain authentication request;
and the first certificate sending submodule is used for sending the identity authentication information corresponding to the authorization authentication request to the second user, wherein the identity authentication information is the identity certificate information of the first user.
Optionally, the authentication module includes:
the processing submodule is used for determining the corresponding on-chain authentication request as a successful authorization authentication request according to the authorization authentication request;
the second matching sub-module is used for acquiring the corresponding authorization authentication request according to the authentication request on the secondary chain sent by the first user;
and the second certificate sending submodule is used for sending the identity authentication information corresponding to the on-chain authentication request to the first user, wherein the identity authentication information is the identity certificate information of the second user.
According to a third aspect of the embodiments of the present disclosure, there is provided a block chain-based digital identity verification apparatus, including:
a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the blockchain-based digital identity verification method according to any one of the first aspect.
According to a fourth aspect of embodiments of the present disclosure, there is provided a non-transitory computer-readable storage medium, wherein instructions in the storage medium, when executed by a processor of a blockchain-based digital identity verification apparatus, enable the blockchain-based digital identity verification apparatus to perform the blockchain-based digital identity verification method according to any one of the first aspects.
The technical scheme provided by the embodiment of the disclosure at least brings the following beneficial effects:
through the first user and the second user jointly participate in the identity verification, the awareness of the two parties to the identity verification is ensured, and the safety of the digital identity verification is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and, together with the description, serve to explain the principles of the disclosure and are not to be construed as limiting the disclosure.
Fig. 1 is a flow chart illustrating a block chain based digital identity verification method according to an exemplary embodiment.
Fig. 2 is a flow chart illustrating a block chain based digital identity verification method according to an example embodiment.
Fig. 3 is a flow chart illustrating a block chain based digital identity verification method according to an example embodiment.
Fig. 4 is a block diagram illustrating a block chain based digital identity verification apparatus according to an example embodiment.
Fig. 5 is a block diagram illustrating a block chain based digital identity verification apparatus according to an example embodiment.
Fig. 6 is a block diagram illustrating a block chain based digital identity verification apparatus according to an example embodiment.
Fig. 7 is a block diagram illustrating a block chain based digital identity verification system in accordance with an exemplary embodiment.
Fig. 8 is a block diagram illustrating a block chain based digital identity verification system in accordance with an exemplary embodiment.
FIG. 9 is a block diagram illustrating an electronic device in accordance with an example embodiment.
Detailed Description
In order to make the technical solutions of the present disclosure better understood by those of ordinary skill in the art, the technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings.
It should be noted that the terms "first," "second," and the like in the description and claims of the present disclosure and in the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the disclosure described herein are capable of operation in sequences other than those illustrated or otherwise described herein. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
A blockchain network is a carrier and organization of the operation blockchain technology. The Blockchain Technique (BT) is a distributed, decentralized public ledger. The blockchain technology is a brand new distributed infrastructure and computing mode that uses blockchain data structures to verify and store data, uses distributed node consensus algorithms to generate and update data, uses cryptography to secure data transmission and access, and uses intelligent contracts composed of automated script codes to program and manipulate data. The blockchain technology has the characteristics of decentralization, public transparency and the like, and each user can participate in the records of the database. The blockchain system may be comprised of a data layer, a network layer, a consensus layer, a stimulus layer, a contract layer, and an application layer.
The digital authentication certificate is a public key which is an encryption technology taking a digital certificate as a core, concentrates real information into digital codes and can be inquired and identified through a network, related equipment and the like. The digital identity of the pin may be used to distinguish between different users, and the digital identity of the pin may be a digital code corresponding to the pin. The digital authentication certificate can encrypt and decrypt, digitally sign and verify information transmitted on the network, so that the safety and the integrity of the information transmitted on the network are ensured. Under the condition of using the digital certificate, even if the information sent by the user is intercepted by others on the internet, even if the user loses information such as personal account, password and the like, the account and fund security of the user can still be ensured.
In the related art, a verifier and a party to be verified exist in a digital identity authentication process, the verifier needs to provide an identity verification request to a blockchain in order to verify digital identity information of the party to be verified, and the blockchain receives the request and then judges whether to authorize the request of the verifier. And if the authorization is successful, the block chain sends the digital identity information requested in the identity verification request of the party to be verified to the verifier. However, in the execution process of the method, the party to be verified is in an unknown state, the authorization lacks the permission of the party to be verified, namely the user, and the security is low.
Fig. 1 is a flow chart illustrating a block chain based digital identity verification method according to an exemplary embodiment, as shown in fig. 1, the method including the steps of:
In the embodiment of the present disclosure, the authorization and authentication request may be initiated by a verifier or a non-verifier.
In a possible embodiment, the authorization and authentication request is initiated by a party to be verified, i.e. the first user is the party to be verified and the second user is the party to be verified. The party to be verified needs to make sure the identity credential information of the party to be verified due to business requirements. And the party to be verified actively initiates an authorization authentication request to the blockchain node, and after the verification request information of the blockchain network is legal, the identity certificate authorization information is stored in the blockchain network.
In a possible embodiment, the authorization authentication request is initiated by a verifier, i.e. the first user is the verifier and the second user is the party to be verified. The verifying party needs to make clear the identity certificate information of the party to be verified due to business requirements, actively initiates a chain authentication request to a block chain node, and stores the identity certificate authorization information into a block chain network after the block chain network verifies that the request information is legal.
And 103, sending identity authentication information according to the authorization authentication request and the on-chain authentication request.
In the embodiment of the present disclosure, the trusted authority stores the identity authentication information of the user in the blockchain network on time, and the blockchain network may be deployed in a manner of a federation chain.
In one possible embodiment, the first user is a party to be authenticated and the second user is an authenticator. And after receiving the authorization authentication request sent by the first user, the block chain network generates and stores the identity certificate authorization information. After the second user initiates the on-chain authentication request, the blockchain network retrieves the stored authorization authentication request, and if the identity credential authorization information corresponding to the authorization authentication request sent by the first user exists, the blockchain network sends the identity authentication information of the first user to the second user.
In one possible embodiment, the first user is an authenticator and the second user is a party to be authenticated. And after receiving the on-chain authentication request sent by the first user, the blockchain network retrieves the authorization authentication request stored in the blockchain, and if the authorization authentication request sent by the second user exists, the on-chain authentication request is a successful authorization authentication request. And after the first user sends the on-chain authentication request again, the block chain network sends the identity authentication information of the second user to the first user.
The embodiment of the disclosure sends the identity authentication information through the first authentication request and the second authentication request of the user, thereby realizing digital identity verification. The method can ensure the awareness of both parties to the identity verification and improve the safety of the digital identity verification.
Optionally, the first user is a party to be verified, the second user is a party to be verified, the first authentication request is an authorization authentication request, and the second authentication request is an on-chain authentication request.
In a possible embodiment, the authorization and authentication request is initiated by a party to be verified, i.e. the first user is the party to be verified and the second user is the party to be verified. The party to be verified needs to make sure the identity credential information of the party to be verified due to business requirements. And the party to be verified actively initiates an authorization authentication request to the blockchain node, and after the verification request information of the blockchain network is legal, the identity certificate authorization information is stored in the blockchain network.
Optionally, the first user is a verifier, the second user is a party to be verified, the first authentication request is an on-chain authentication request, and the second authentication request is an authorization authentication request.
In a possible embodiment, the authorization authentication request is initiated by a verifier, i.e. the first user is the verifier and the second user is the party to be verified. The verifying party needs to make clear the identity certificate information of the party to be verified due to business requirements, actively initiates a chain authentication request to a block chain node, and stores the identity certificate authorization information into a block chain network after the block chain network verifies that the request information is legal.
Optionally, the parameter of the on-chain authentication request includes at least one of the following:
the digital identity index of the party to be verified;
and verifying the category.
In the embodiment of the present disclosure, the parameters of the on-chain authentication request include, but are not limited to, a digital identity index of the party to be verified, and a verification category. The digital identity index id of the party to be verified comprises an address of the party to be verified, the type of the authorized identity certificate, the address of the authorized verifying party and the signature of the information request of the party to be verified.
Optionally, the parameter of the authorization authentication request includes at least one of the following:
a digital identity index of the verifying party;
and verifying the category.
In the embodiment of the present disclosure, the parameter of the authorization and authentication request includes, but is not limited to, a digital identity index, a verification category of the party to be verified. The digital identity index id of the party to be verified comprises an address of the party to be verified, the type of the authorized identity certificate, the address of the authorized verifying party and the signature of the information request of the party to be verified.
Optionally, the parameter of the authorization authentication request includes at least one of the following:
a digital identity index of the verifying party;
the authentication authorization request index.
In the embodiment of the present disclosure, the parameter of the authorization and authentication request includes, but is not limited to, a digital identity index id of the party to be verified, and an authentication and authorization request index id. The digital identity index id of the party to be verified comprises an address of the party to be verified, the type of the authorized identity certificate, the address of the authorized verifying party and the signature of the information request of the party to be verified.
Fig. 2 is a flowchart illustrating a block chain based digital identity verification method according to an exemplary embodiment, where, as shown in fig. 2, step 103 in fig. 1 further includes the following steps:
in this embodiment of the present disclosure, the first user is a party to be authenticated, and the second user is an authenticator, and the first user needs the second user to specify the identity credential information of the first user due to a service requirement. And the first user actively initiates an authorization authentication request to the block chain node, and generates and stores the identity certificate authorization information after the block chain network verifies that the request information is legal.
In this embodiment of the present disclosure, after the second user initiates the on-chain authentication request, the blockchain network retrieves the stored authorization authentication request, and if the identity credential authorization information corresponding to the authorization authentication request sent by the first user exists, the blockchain network sends the identity authentication information of the first user to the second user.
The embodiment of the invention sends the identity authentication information through the on-chain authentication request and the authorization authentication request of the user, realizes the digital identity verification, can ensure the awareness of both parties to the identity verification, and improves the safety of the digital identity verification.
Fig. 3 is a flowchart illustrating a block chain based digital identity verification method according to an exemplary embodiment, where, as shown in fig. 3, step 103 in fig. 1 further includes the following steps:
in this embodiment of the present disclosure, the authorization and authentication request is initiated by a verifier, that is, the first user is a verifier and the second user is a party to be verified. The first user needs to make clear the identity certificate information of the second user due to business requirements, actively initiates an on-link authentication request to a blockchain node, stores the identity certificate authorization information into a blockchain network after the blockchain network verifies that the request information is legal, and sends the on-link authentication request to the second user. And then the second user initiates an authorization authentication request to the blockchain network, the blockchain network receives the authorization authentication request of the second user, and after the authority verification is successful, the application authorization information initiated by the first user is modified to be authorized, namely a successful authorization authentication request is generated.
in the embodiment of the present disclosure, the blockchain network retrieves an authorization and authentication request stored in a blockchain, and if there is an authorization and authentication request sent by the second user, the on-chain authentication request is a successful authorization and authentication request.
In this embodiment of the present disclosure, after the first user sends the on-chain authentication request again, the blockchain network sends the identity authentication information of the second user to the first user.
The embodiment of the invention sends the identity authentication information through the on-chain authentication request and the authorization authentication request of the user, realizes the digital identity verification, can ensure the awareness of both parties to the identity verification, and improves the safety of the digital identity verification.
Fig. 4 is a block diagram illustrating a block chain based digital identity verification apparatus 400 according to an example embodiment. Referring to fig. 4, the apparatus includes a first receiving module 410, a second receiving module 420, and an authentication module 430.
A first receiving module 410, configured to receive a first authentication request sent by a first user;
in the embodiment of the present disclosure, the authorization and authentication request may be initiated by a verifier or a non-verifier.
A second receiving module 420, configured to receive a second authentication request sent by a second user;
in a possible embodiment, the authorization and authentication request is initiated by a party to be verified, i.e. the first user is the party to be verified and the second user is the party to be verified. The party to be verified needs to make sure the identity credential information of the party to be verified due to business requirements. And the party to be verified actively initiates an authorization authentication request to the blockchain node, and after the verification request information of the blockchain network is legal, the identity certificate authorization information is stored in the blockchain network.
In a possible embodiment, the authorization authentication request is initiated by a verifier, i.e. the first user is the verifier and the second user is the party to be verified. The verifying party needs to make clear the identity certificate information of the party to be verified due to business requirements, actively initiates a chain authentication request to a block chain node, and stores the identity certificate authorization information into a block chain network after the block chain network verifies that the request information is legal.
And an authentication module 430, configured to send identity authentication information according to the first authentication request and the second authentication request.
In the embodiment of the present disclosure, the trusted authority stores the identity authentication information of the user in the blockchain network on time, and the blockchain network may be deployed in a manner of a federation chain.
In one possible embodiment, the first user is a party to be authenticated and the second user is an authenticator. And after receiving the authorization authentication request sent by the first user, the block chain network generates and stores the identity certificate authorization information. After the second user initiates the on-chain authentication request, the blockchain network retrieves the stored authorization authentication request, and if the identity credential authorization information corresponding to the authorization authentication request sent by the first user exists, the blockchain network sends the identity authentication information of the first user to the second user.
In one possible embodiment, the first user is an authenticator and the second user is a party to be authenticated. And after receiving the on-chain authentication request sent by the first user, the blockchain network retrieves the authorization authentication request stored in the blockchain, and if the authorization authentication request sent by the second user exists, the on-chain authentication request is a successful authorization authentication request. And after the first user sends the on-chain authentication request again, the block chain network sends the identity authentication information of the second user to the first user.
The embodiment of the disclosure sends the identity authentication information through the first authentication request and the second authentication request of the user, thereby realizing digital identity verification. The method can ensure the awareness of both parties to the identity verification and improve the safety of the digital identity verification.
Optionally, the first user is a party to be verified, the second user is a party to be verified, the first authentication request is an authorization authentication request, and the second authentication request is an on-chain authentication request.
In a possible embodiment, the authorization and authentication request is initiated by a party to be verified, i.e. the first user is the party to be verified and the second user is the party to be verified. The party to be verified needs to make sure the identity credential information of the party to be verified due to business requirements. And the party to be verified actively initiates an authorization authentication request to the blockchain node, and after the verification request information of the blockchain network is legal, the identity certificate authorization information is stored in the blockchain network.
Optionally, the first user is a verifier, the second user is a party to be verified, the first authentication request is an on-chain authentication request, and the second authentication request is an authorization authentication request.
In a possible embodiment, the authorization authentication request is initiated by a verifier, i.e. the first user is the verifier and the second user is the party to be verified. The verifying party needs to make clear the identity certificate information of the party to be verified due to business requirements, actively initiates a chain authentication request to a block chain node, and stores the identity certificate authorization information into a block chain network after the block chain network verifies that the request information is legal.
Optionally, the parameter of the on-chain authentication request includes at least one of the following:
the digital identity index of the party to be verified;
and verifying the category.
In the embodiment of the present disclosure, the parameters of the on-chain authentication request include, but are not limited to, a digital identity index of the party to be verified, and a verification category. The digital identity index id of the party to be verified comprises an address of the party to be verified, the type of the authorized identity certificate, the address of the authorized verifying party and the signature of the information request of the party to be verified.
Optionally, the parameter of the authorization authentication request includes at least one of the following:
a digital identity index of the verifying party;
and verifying the category.
In the embodiment of the present disclosure, the parameter of the authorization and authentication request includes, but is not limited to, a digital identity index, a verification category of the party to be verified. The digital identity index id of the party to be verified comprises an address of the party to be verified, the type of the authorized identity certificate, the address of the authorized verifying party and the signature of the information request of the party to be verified.
Optionally, the parameter of the authorization authentication request includes at least one of the following:
a digital identity index of the verifying party;
the authentication authorization request index.
In the embodiment of the present disclosure, the parameter of the authorization and authentication request includes, but is not limited to, a digital identity index id of the party to be verified, and an authentication and authorization request index id. The digital identity index id of the party to be verified comprises an address of the party to be verified, the type of the authorized identity certificate, the address of the authorized verifying party and the signature of the information request of the party to be verified.
Fig. 5 is a block diagram illustrating a block chain based digital identity verification apparatus 500 according to an example embodiment. Referring to fig. 5, the authentication module 430 includes:
a first matching sub-module 510, configured to obtain the corresponding authorization and authentication request according to the on-chain authentication request;
in this embodiment of the present disclosure, the first user is a party to be authenticated, and the second user is an authenticator, and the first user needs the second user to specify the identity credential information of the first user due to a service requirement. And the first user actively initiates an authorization authentication request to the block chain node, and generates and stores the identity certificate authorization information after the block chain network verifies that the request information is legal.
The first credential sending sub-module 520 is configured to send the identity authentication information corresponding to the authorization authentication request to the second user, where the identity authentication information is identity credential information of the first user.
In this embodiment of the present disclosure, after the second user initiates the on-chain authentication request, the blockchain network retrieves the stored authorization authentication request, and if the identity credential authorization information corresponding to the authorization authentication request sent by the first user exists, the blockchain network sends the identity authentication information of the first user to the second user.
The embodiment of the invention sends the identity authentication information through the on-chain authentication request and the authorization authentication request of the user, realizes the digital identity verification, can ensure the awareness of both parties to the identity verification, and improves the safety of the digital identity verification.
Fig. 6 is a block diagram illustrating a block chain based digital identity verification apparatus 600 according to an example embodiment. Referring to fig. 6, the authentication module 430 includes:
the processing sub-module 610 is configured to determine, according to the authorization and authentication request, that the corresponding on-chain authentication request is a successful authorization and authentication request;
in this embodiment of the present disclosure, the authorization and authentication request is initiated by a verifier, that is, the first user is a verifier and the second user is a party to be verified. The first user needs to make clear the identity certificate information of the second user due to business requirements, actively initiates an on-link authentication request to a blockchain node, stores the identity certificate authorization information into a blockchain network after the blockchain network verifies that the request information is legal, and sends the on-link authentication request to the second user. And then the second user initiates an authorization authentication request to the blockchain network, the blockchain network receives the authorization authentication request of the second user, and after the authority verification is successful, the application authorization information initiated by the first user is modified to be authorized, namely a successful authorization authentication request is generated.
A second matching sub-module 620, configured to obtain the corresponding authorization and authentication request according to the authentication request on the secondary chain sent by the first user;
in the embodiment of the present disclosure, the blockchain network retrieves an authorization and authentication request stored in a blockchain, and if there is an authorization and authentication request sent by the second user, the on-chain authentication request is a successful authorization and authentication request.
The second credential sending sub-module 630 is configured to send the identity authentication information corresponding to the on-chain authentication request to the first user, where the identity authentication information is identity credential information of the second user.
In this embodiment of the present disclosure, after the first user sends the on-chain authentication request again, the blockchain network sends the identity authentication information of the second user to the first user.
The embodiment of the invention sends the identity authentication information through the on-chain authentication request and the authorization authentication request of the user, realizes the digital identity verification, can ensure the awareness of both parties to the identity verification, and improves the safety of the digital identity verification.
Fig. 7 is a block diagram illustrating a block chain based digital identity verification system in accordance with an exemplary embodiment.
As shown in fig. 7, four subjects in the system are the party to be verified, the verifier, the trusted certificate authority, and the blockchain network, respectively.
In the mode of active authorization of the party to be verified, the trusted authentication mechanism stores the identity credential information of the party to be verified into a blockchain network on time as required, the blockchain network can be deployed in a manner of a federation chain, the trusted authentication mechanism and the verifying party both maintain blockchain nodes in a federation system, and the party to be verified performs service interaction with external public nodes.
The party to be verified can transact the business by determining the related identity certificate information of the party to be verified according to the business transaction requirement. The method comprises the steps that a party to be verified initiatively initiates authorization information to a public block chain node, wherein the authorization information comprises but is not limited to an address of the party to be verified, an authorized identity certificate type, an authorized verifier address and a signature of an information request of the party to be verified, and after the information of the block chain network verification request is legal, the identity certificate authorization information is stored in a block chain network;
the verification direction initiates a verification request for the identity certificate of the verification party through a block chain node, the block chain network carries out access information authorization matching, and the identity certificate access authority of the verification party authorized by the to-be-verified party is matched, so that the identity certificate information of the to-be-verified party can be obtained.
Fig. 8 is a block diagram illustrating a block chain based digital identity verification system in accordance with an exemplary embodiment.
The four main bodies involved in the scheme are a party to be verified, a verifying party, a trusted certification authority and a block chain network respectively.
In a passive authorization mode of a to-be-verified party, a trusted certification authority stores identity credential information of the to-be-verified party into a blockchain network on time as required, the blockchain network can be deployed in a manner of an alliance chain, the trusted certification authority and the to-be-verified party maintain blockchain nodes in an alliance system, and the to-be-verified party performs service interaction with external public nodes.
The verifying party needs to make sure the information of the identity voucher related to the party to be verified to handle due to the business handling requirement of the verifying party. The verifying party initiatively sends an application authorization message to the blockchain node, the authorization message includes but is not limited to the address of the party to be verified, the authorized identity certificate type and the signature of the verifying party information request, and the identity certificate authorization message is stored in the blockchain network after the blockchain network verifies that the request information is legal.
The method comprises the steps that an approval request for an identity certificate application of a verifier is initiated by a to-be-verified direction through a block chain link, the content of the approval request includes but is not limited to a verifier address, an authorized identity certificate type and an information signature of the verifier, the block chain network receives approval authorization of the verifier, and after authority verification is successful, application authorization information initiated by the verifier is modified into authorization.
The verifier carries out authorization matching of access information through the block chain network, and the identity certificate access authority of the verifier authorized by the verifier to be verified is matched, so that the identity certificate information of the verifier can be obtained.
The present disclosure also provides an electronic device, a readable storage medium, and a computer program product according to embodiments of the present disclosure.
FIG. 9 illustrates a schematic block diagram of an example electronic device 900 that can be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 9, the apparatus 900 includes a computing unit 901, which can perform various appropriate actions and processes in accordance with a computer program stored in a Read Only Memory (ROM) 902 or a computer program loaded from a storage unit 908 into a Random Access Memory (RAM) 903. In the RAM 903, various programs and data required for the operation of the device 900 can also be stored. The calculation unit 901, ROM 902, and RAM 903 are connected to each other via a bus 904. An input/output (I/O) interface 905 is also connected to bus 904.
A number of components in the device 900 are connected to the I/O interface 905, including: an input unit 906 such as a keyboard, a mouse, and the like; an output unit 907 such as various types of displays, speakers, and the like; a storage unit 908 such as a magnetic disk, optical disk, or the like; and a communication unit 909 such as a network card, a modem, a wireless communication transceiver, and the like. The communication unit 909 allows the device 900 to exchange information/data with other devices through a computer network such as the internet and/or various telecommunication networks.
The computing unit 901 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of the computing unit 901 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and so forth. The calculation unit 901 performs the various methods and processes described above, such as the blockchain-based digital identity verification method. For example, in some embodiments, the blockchain-based digital identity verification method may be implemented as a computer software program tangibly embodied in a machine-readable medium, such as storage unit 908. In some embodiments, part or all of the computer program may be loaded and/or installed onto device 900 via ROM 902 and/or communications unit 909. When loaded into RAM 903 and executed by computing unit 901, may perform one or more of the steps of the above-described blockchain-based digital identity verification method. Alternatively, in other embodiments, the computing unit 901 may be configured to perform the block chain based digital identity verification method by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), the internet, and blockchain networks.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The Server can be a cloud Server, also called a cloud computing Server or a cloud host, and is a host product in a cloud computing service system, so as to solve the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service ("Virtual Private Server", or simply "VPS"). The server may also be a server of a distributed system, or a server incorporating a blockchain.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (14)
1. A block chain-based digital identity verification method is characterized by comprising the following steps:
receiving a first authentication request sent by a first user;
receiving a second authentication request sent by a second user;
sending identity authentication information according to the first authentication request and the second authentication request;
the first user is a party to be verified, the second user is a party to be verified, the first authentication request is an authorization authentication request, and the second authentication request is an on-chain authentication request;
the sending identity authentication information according to the authorization authentication request and the on-chain authentication request includes:
acquiring the corresponding authorization authentication request according to the on-chain authentication request;
and sending the identity authentication information corresponding to the authorization authentication request to the second user, wherein the identity authentication information is identity credential information of the first user.
2. The method of claim 1, wherein the first user is a verifier, the second user is a party to be verified, the first authentication request is an on-chain authentication request, and the second authentication request is an authorization authentication request.
3. Method according to claim 1 or 2, wherein the parameters of the on-chain authentication request comprise at least one of:
the digital identity index of the party to be verified;
and verifying the category.
4. The method of claim 1, wherein the parameters of the authorization authentication request comprise at least one of:
a digital identity index of the verifying party;
and verifying the category.
5. The method of claim 2, wherein the parameters of the authorization authentication request comprise at least one of:
a digital identity index of the verifying party;
the authentication authorization request index.
6. The method of claim 2, wherein sending identity authentication information according to the authorization authentication request and the on-chain authentication request comprises:
determining the corresponding on-chain authentication request as a successful authorization authentication request according to the authorization authentication request;
acquiring the corresponding authorization authentication request according to the authentication request on the secondary chain sent by the first user;
and sending the identity authentication information corresponding to the on-chain authentication request to the first user, wherein the identity authentication information is identity credential information of the second user.
7. A block chain based digital identity verification device, comprising:
the first receiving module is used for receiving a first authentication request sent by a first user;
the second receiving module is used for receiving a second authentication request sent by a second user;
the authentication module is used for sending identity authentication information according to the first authentication request and the second authentication request;
the first user is a party to be verified, the second user is a party to be verified, the first authentication request is an authorization authentication request, and the second authentication request is an on-chain authentication request;
the authentication module includes:
the first matching sub-module is used for acquiring the corresponding authorization authentication request according to the on-chain authentication request;
and the first certificate sending submodule is used for sending the identity authentication information corresponding to the authorization authentication request to the second user, wherein the identity authentication information is the identity certificate information of the first user.
8. The apparatus of claim 7, wherein the first user is a verifier, the second user is a party to be verified, the first authentication request is an on-chain authentication request, and the second authentication request is an authorization authentication request.
9. The apparatus according to claim 7 or 8, wherein the parameter of the authorization authentication request comprises at least one of:
the digital identity index of the party to be verified;
and verifying the category.
10. The apparatus of claim 7, wherein the parameters of the on-chain authentication request comprise at least one of:
a digital identity index of the verifying party;
and verifying the category.
11. The apparatus of claim 8, wherein the parameters of the on-chain authentication request comprise at least one of:
a digital identity index of the verifying party;
the authentication authorization request index.
12. The apparatus of claim 8, wherein the authentication module comprises:
the processing submodule is used for determining the corresponding on-chain authentication request as a successful authorization authentication request according to the authorization authentication request;
the second matching sub-module is used for acquiring the corresponding authorization authentication request according to the authentication request on the secondary chain sent by the first user;
and the second certificate sending submodule is used for sending the identity authentication information corresponding to the on-chain authentication request to the first user, wherein the identity authentication information is the identity certificate information of the second user.
13. A block chain based digital identity verification device, comprising:
a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the blockchain-based digital identity verification method of any one of claims 1 to 6.
14. A non-transitory computer readable storage medium, wherein instructions in the storage medium, when executed by a processor of a blockchain based digital identity verification apparatus, enable the blockchain based digital identity verification apparatus to perform the blockchain based digital identity verification method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111256587.9A CN113704723B (en) | 2021-10-27 | 2021-10-27 | Block chain-based digital identity verification method and device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111256587.9A CN113704723B (en) | 2021-10-27 | 2021-10-27 | Block chain-based digital identity verification method and device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113704723A CN113704723A (en) | 2021-11-26 |
| CN113704723B true CN113704723B (en) | 2022-02-08 |
Family
ID=78647095
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111256587.9A Active CN113704723B (en) | 2021-10-27 | 2021-10-27 | Block chain-based digital identity verification method and device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113704723B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103139181A (en) * | 2011-12-01 | 2013-06-05 | 华为技术有限公司 | Authorization method, authorization device and authorization system of open type authentication |
| CN104125201A (en) * | 2013-04-26 | 2014-10-29 | 达创科技股份有限公司 | Communication transmission system and method |
| CN110602114A (en) * | 2019-09-19 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Block chain-based identity authentication method and device, storage medium and electronic equipment |
| CN112291245A (en) * | 2020-10-30 | 2021-01-29 | 北京华弘集成电路设计有限责任公司 | Identity authorization method, identity authorization device, storage medium and equipment |
| CN112822162A (en) * | 2020-12-29 | 2021-05-18 | 重庆川仪自动化股份有限公司 | Block chain-based equipment verification connection method and system |
| CN113297560A (en) * | 2021-05-06 | 2021-08-24 | 北京奇虎科技有限公司 | Identity authentication method, device and equipment based on block chain and readable storage medium |
| CN113343204A (en) * | 2021-08-06 | 2021-09-03 | 北京微芯感知科技有限公司 | Digital identity management system and method based on block chain |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190141026A1 (en) * | 2017-11-07 | 2019-05-09 | General Electric Company | Blockchain based device authentication |
| CN113420277B (en) * | 2021-08-24 | 2022-02-15 | 北京微芯感知科技有限公司 | Digital identity management and verification method based on intelligent contract |
-
2021
- 2021-10-27 CN CN202111256587.9A patent/CN113704723B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103139181A (en) * | 2011-12-01 | 2013-06-05 | 华为技术有限公司 | Authorization method, authorization device and authorization system of open type authentication |
| CN104125201A (en) * | 2013-04-26 | 2014-10-29 | 达创科技股份有限公司 | Communication transmission system and method |
| CN110602114A (en) * | 2019-09-19 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Block chain-based identity authentication method and device, storage medium and electronic equipment |
| CN112291245A (en) * | 2020-10-30 | 2021-01-29 | 北京华弘集成电路设计有限责任公司 | Identity authorization method, identity authorization device, storage medium and equipment |
| CN112822162A (en) * | 2020-12-29 | 2021-05-18 | 重庆川仪自动化股份有限公司 | Block chain-based equipment verification connection method and system |
| CN113297560A (en) * | 2021-05-06 | 2021-08-24 | 北京奇虎科技有限公司 | Identity authentication method, device and equipment based on block chain and readable storage medium |
| CN113343204A (en) * | 2021-08-06 | 2021-09-03 | 北京微芯感知科技有限公司 | Digital identity management system and method based on block chain |
Non-Patent Citations (2)
| Title |
|---|
| A Study on Distributed Consensus Protocols and Algorithms: The Backbone of Blockchain Networks;Jayapriya Jayabalan 等;《2021 International Conference on Computer Communication and Informatics (ICCCI)》;20210421;第1-10页 * |
| 基于区块链的身份认证系统的设计与实现;常泽天;《中国优秀硕士学位论文全文数据库 信息科技辑》;20200615(第6期);第I138-107页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113704723A (en) | 2021-11-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10939295B1 (en) | Secure mobile initiated authentications to web-services | |
| US11963006B2 (en) | Secure mobile initiated authentication | |
| US10237254B2 (en) | Conditional login promotion | |
| CN112651011B (en) | Login verification method, device and equipment for operation and maintenance system and computer storage medium | |
| WO2022247359A1 (en) | Cluster access method and apparatus, electronic device, and medium | |
| CN108259438A (en) | A kind of method and apparatus of the certification based on block chain technology | |
| WO2021127577A1 (en) | Secure mobile initiated authentications to web-services | |
| US11874905B2 (en) | Establishing access sessions | |
| WO2021127575A1 (en) | Secure mobile initiated authentication | |
| CN114513350A (en) | Identity verification method, system and storage medium | |
| US20240007457A1 (en) | Time-based token trust depreciation | |
| US8910260B2 (en) | System and method for real time secure image based key generation using partial polygons assembled into a master composite image | |
| CN113704723B (en) | Block chain-based digital identity verification method and device and storage medium | |
| US11914697B2 (en) | System and method for a trusted digital identity platform | |
| CN112422534B (en) | Credit evaluation method and equipment for electronic certificate | |
| CN114580665B (en) | Federal learning system, method, device, equipment and storage medium | |
| CN115801286A (en) | Calling method, device, equipment and storage medium of microservice | |
| CN117336092A (en) | Client login method and device, electronic equipment and storage medium | |
| CN116226932A (en) | Service data verification method and device, computer medium and electronic equipment | |
| CN117097508A (en) | Method and device for cross-device security management of NFT (network File transfer protocol) | |
| CN117370954A (en) | Password resource pool management method, device, equipment and storage medium | |
| CN116015770A (en) | Communication method, communication system, communication device and electronic equipment for server | |
| CN116614268A (en) | Identity authentication method, identity authentication device, electronic equipment and computer readable storage medium | |
| CN117061229A (en) | Key management method, device, system, equipment and storage medium | |
| CN116248368A (en) | Identity authentication method, system, equipment and storage medium based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |