CN113746640B - Digital certificate using method, device, computer equipment and storage medium - Google Patents

Digital certificate using method, device, computer equipment and storage medium Download PDF

Info

Publication number
CN113746640B
CN113746640B CN202111130134.1A CN202111130134A CN113746640B CN 113746640 B CN113746640 B CN 113746640B CN 202111130134 A CN202111130134 A CN 202111130134A CN 113746640 B CN113746640 B CN 113746640B
Authority
CN
China
Prior art keywords
credential
target
certificate
verification
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111130134.1A
Other languages
Chinese (zh)
Other versions
CN113746640A (en
Inventor
曹崇瑞
胡志鹏
王挺
顾费勇
李刚锐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Netease Hangzhou Network Co Ltd
Original Assignee
Netease Hangzhou Network Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Netease Hangzhou Network Co Ltd filed Critical Netease Hangzhou Network Co Ltd
Priority to CN202111130134.1A priority Critical patent/CN113746640B/en
Publication of CN113746640A publication Critical patent/CN113746640A/en
Application granted granted Critical
Publication of CN113746640B publication Critical patent/CN113746640B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the application discloses a digital certificate using method, a digital certificate using device, computer equipment and a storage medium. The method comprises the following steps: receiving a target certificate to be verified, which is sent by a certificate holding end, through the certificate verification end, wherein the target certificate comprises a first alliance chain identifier of the certificate holding end in an alliance chain network, so that the certificate verification end confirms the holding authenticity of the certificate holding end to the target certificate according to the first alliance chain identifier; receiving a credential verification request sent by a credential verification terminal, wherein the credential verification request comprises a target credential and a target credential identifier in a alliance chain network; based on the target credential identification, acquiring a target credential validity condition of the target credential in an intelligent contract deployed by the alliance chain network; acquiring the use information of the certificate holding end on the target certificate based on the target certificate identifier; if the usage information meets the target credential validity condition, the authentication success information is sent to the credential authentication end so that the credential authentication end honors the usage rights and interests of the target credential to the credential holding end.

Description

Digital certificate using method, device, computer equipment and storage medium
Technical Field
The application relates to the technical field of blockchain, in particular to a digital certificate using method, a digital certificate using device, computer equipment and a storage medium.
Background
Under the existing distributed identity and credential verification model, the credential issuer can issue verifiable credentials to the credential holder, and then the credential holder can provide the owned verifiable credentials to various credential verifiable ends, so that the credential verifier verifies the validity of the credentials, thereby enabling the credential holder to honor the rights and interests of the credentials, and the credential holder can confirm the identity of the credential holder and the validity of the credentials by only presenting the credentials to the credential verifier for verification each time. However, the data between different credential verification ends and the data between credential issuing ends are independent, and each credential verification end cannot know the service condition of the credential, which can lead to misuse of the credential by the credential holding end.
Disclosure of Invention
The embodiment of the application provides a digital certificate using method, a device, computer equipment and a storage medium, so that each certificate verification terminal can acquire whether the service condition of the certificate meets the certificate validity condition that the certificate can be honored or not when verifying the certificate, and the misuse of the certificate by the certificate holding terminal is avoided.
The embodiment of the application provides a digital certificate using method, which comprises the following steps:
receiving a target credential to be verified, which is sent by a credential holding end, through a credential verification end, wherein the target credential comprises a first alliance chain identifier of the credential holding end in an alliance chain network, so that the credential verification end confirms the holding authenticity of the credential holding end on the target credential according to the first alliance chain identifier;
receiving a credential verification request sent by the credential verification terminal, wherein the credential verification request comprises the target credential, and the target credential further comprises a target credential identifier in the alliance chain network;
acquiring a target credential validity condition of the target credential in an intelligent contract deployed by the alliance chain network based on the target credential identifier;
acquiring the use information of a credential holding end on the target credential based on the target credential identifier;
and if the using information meets the target credential validity condition, sending verification success information to the credential verification terminal so that the credential verification terminal honors the using rights and interests of the target credential to the credential holding terminal.
Correspondingly, the embodiment of the application also provides a digital certificate using device, which comprises:
The first receiving unit is used for receiving a target certificate to be verified, which is sent by a certificate holding end, through a certificate verification end, wherein the target certificate comprises a first alliance chain identifier of the certificate holding end in an alliance chain network, so that the certificate verification end confirms the holding authenticity of the certificate holding end to the target certificate according to the first alliance chain identifier;
the second receiving unit is used for receiving a credential verification request sent by a credential verification terminal, wherein the credential verification request comprises a target credential to be verified, and the target credential comprises a target credential identifier in a alliance chain network;
a first obtaining unit, configured to obtain, based on the target credential identifier, a target credential validity condition of the target credential in an intelligent contract deployed by the federation chain network;
the second acquisition unit is used for acquiring the use information of the certificate holding end on the target certificate based on the target certificate identifier;
and the sending unit is used for sending verification success information to the certificate verification terminal if the use information meets the target certificate validity condition so that the certificate verification terminal honors the use rights and interests of the target certificate to the certificate holding terminal.
Optionally, the first obtaining unit is further configured to:
receiving a credential issuance request for the target credential sent by a credential issuer, the credential issuance request including a target credential topic of the target credential, the target credential identifier, and a first federation chain identifier of the credential holder in the federation chain network;
acquiring a target intelligent contract corresponding to the target credential theme from the intelligent contracts deployed by the alliance chain network;
acquiring validity conditions corresponding to the target certificate subject in the target intelligent contract as the target certificate validity conditions;
and setting the corresponding relation between the target credential identification and the target credential validity condition in the alliance chain network.
Optionally, the first obtaining unit is further configured to:
receiving a contract deployment request sent by the certificate issuing end, wherein the contract deployment request comprises certificate topics of certificates to be deployed in an intelligent contract and validity conditions of certificates corresponding to the certificate topics;
deploying intelligent contracts corresponding to the certificate topics in the alliance chain network according to the contract deployment request, wherein each intelligent contract comprises validity conditions of certificates corresponding to the certificate topics.
Optionally, the credential verification request includes a current number of uses of the target credential by the credential holding end, and the second obtaining unit is further configured to:
based on the certificate verification request, acquiring the current use times of the certificate holding end to the target certificate;
determining the target credential validity condition corresponding to the target credential identifier based on the correspondence, and determining the target intelligent contract for recording the target credential validity condition;
acquiring historical use times of the certificate holding end on the target certificate from target transaction information generated based on the target intelligent contract;
and calculating the sum of the historical use times and the current use times as the use information.
Optionally, the target credential validity condition includes a maximum number of valid uses of the target credential by the credential holding end, and the sending unit is further configured to:
and if the sum of the using times is smaller than or equal to the maximum effective using times, determining that the using information meets the target credential validity condition, and sending the verification success information to the credential verification terminal.
Optionally, the first obtaining unit is further configured to:
When the usage information is determined to meet the target credential validity condition, updating the historical usage times by using the sum of the usage times to form updated historical usage times;
transaction information including updated historical usage times is generated as the target transaction information.
Optionally, the first obtaining unit is further configured to:
sending the issuing confirmation information of the target certificate to the certificate issuing end so that the certificate issuing end issues the target certificate to the certificate holding end;
and receiving the certificate issuing information sent by the certificate issuing end, wherein the certificate issuing information comprises the issuing time of the certificate issuing end for issuing the target certificate to the certificate holding end.
Optionally, the second obtaining unit is further configured to:
and acquiring the issuing time of the target certificate from the certificate issuing information corresponding to the target certificate based on the target certificate identifier as the using information.
Optionally, the target credential validity condition includes a validity time limit for the credential holder to use the target credential, and the sending unit is further configured to:
acquiring the current time of receiving the credential verification request;
Calculating a time difference between the current time and the release time;
and if the time difference value does not exceed the effective time limit, determining that the use information meets the target credential validity condition, and sending the verification success information to the credential verification terminal.
Optionally, the device is further configured to:
and if the using information does not meet the target credential validity condition, sending verification failure information to the credential verification terminal so that the credential verification terminal confirms that the credential holding terminal cannot honor the using rights and interests of the target credential.
Optionally, the device is further configured to:
receiving the certificate inquiry information sent by a certificate issuing end, wherein the certificate inquiry information comprises certificate identifications of all certificates issued by the certificate issuing end to the certificate holding end;
acquiring a reference intelligent contract corresponding to each certificate identifier from the intelligent contracts deployed by the alliance chain network;
acquiring a second alliance chain identification of each credential verification terminal for redeeming each credential and the number of times each credential verification terminal redeems each credential from transaction information generated based on each reference intelligent contract;
and feeding back the second alliance chain identification of each certificate verification end and the times of each certificate verification end redemption of each certificate to the certificate issuing end.
Also, an embodiment of the present application further provides a computer device, including:
a memory for storing a computer program;
a processor for executing the steps of any of the digital voucher usage methods.
Furthermore, embodiments of the present application provide a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of any of the digital voucher usage methods.
The embodiment of the application provides a digital certificate using method, a device, computer equipment and a storage medium, when a certificate verification end verifies a target certificate sent by a certificate holding end, after confirming that the certificate holding end is a truly held target certificate according to a first alliance chain identification, a certificate verification request is sent to other node equipment in an alliance chain network, so that the node equipment can acquire using information of the target certificate and target certificate validity conditions capable of being effectively used, and therefore when the using condition of the target certificate is determined to meet the target certificate validity conditions, the certificate verification end can honor the using rights of the target certificate to the certificate holding end, and the using rights and interests of the target certificate are prevented from being abused by the certificate holding end.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that need to be redeemed in the description of the embodiments will be briefly introduced below, it being obvious that the drawings in the description below are only some embodiments of the invention, and that other drawings can be obtained according to these drawings without the need for inventive effort for a person skilled in the art.
FIG. 1 is a system diagram of a digital credential usage device provided in an embodiment of the present application;
FIG. 2 is a flow chart of a method for using digital certificates provided in an embodiment of the present application;
FIG. 3 is another flow chart of a method for using digital certificates provided in an embodiment of the present application;
FIG. 4 is a schematic diagram of a digital certificate usage apparatus according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a computer device according to an embodiment of the present application;
fig. 6 is an interaction schematic provided in an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. It will be apparent that the described embodiments are only some, but not all, embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to fall within the scope of the invention.
The embodiment of the application provides a digital certificate using method, a digital certificate using device, computer equipment and a storage medium. Specifically, the digital certificate using method of the embodiment of the application may be executed by a computer device, where the computer device may be a terminal or a server. The terminal can be a terminal device such as a smart phone, a tablet computer, a notebook computer, a touch screen, a game machine, a personal computer (Personal Computer, PC), a personal digital assistant (Personal Digital Assistant, PDA) and the like, and the terminal can also comprise a client, wherein the client can be a game application client, a browser client carrying a game program, an instant messaging client or the like. The server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, content distribution network services, basic cloud computing services such as big data and an artificial intelligence platform.
Referring to fig. 1, fig. 1 is a schematic system diagram of a digital certificate usage device according to an embodiment of the present application. The system is applied to a federated chain network, which may include a credential verification end, a credential issuance end, and a credential holding end, the credential issuance end having data of the credential holding end and being capable of issuing entities of the VC (Verifiable Credential, verifiable credentials), such as government, banking, university, etc. institutions and organizations. The credential holder is an entity that requests a credential from a credential issuer, receives the credential, and holds the credential, and presents the credential to a credential verifier. The certificate verification terminal can self-store the held certificate, so that the certificate is convenient to use for multiple times, for example, the certificate is stored in a memory. The certificate verification terminal receives the certificate and verifies the certificate, and when the verification is successful, the certificate holder is redeemed with the use rights and interests of the certificate. When the certificate verification terminal verifies the target certificate provided by the certificate holding terminal, the certificate verification terminal sends a certificate verification request to other node equipment in the alliance chain network, the other node equipment receives the certificate verification request sent by the certificate verification terminal, the certificate verification request comprises a target certificate to be verified, and the target certificate comprises a target certificate identifier in the alliance chain network; based on the target credential identification, acquiring a target credential validity condition of the target credential in an intelligent contract deployed by the alliance chain network; acquiring the use information of the certificate holding end on the target certificate based on the target certificate identifier; if the usage information meets the target credential validity condition, the authentication success information is sent to the credential authentication end so that the credential authentication end honors the usage rights and interests of the target credential to the credential holding end.
The certificate verification end, the certificate holding end and the certificate issuing end are the published digital identities of the corresponding entities, and the entities of the published digital identities can not only comprise people, organizations, but also even comprise articles. The published digital identity is authenticated by a centralized authority, cannot be taken away or deleted, and is a lifelong carried identity. The entity with the published digital identity has a distributed identity identifier (Decentralized Identifiers, DID), which is a decentralised verifiable digital identifier and has the characteristics of being distributed, independently controllable, cross-chain multiplexing and the like. The entity can autonomously complete the registration, resolution, update or revocation operation of the DID. The distributed identity includes the unique identification code of the DID, the list of public keys and detailed information of the public keys (e.g., holder, encryption algorithm, key status, etc.), and other attribute descriptions of the DID holder. For example, in embodiments of the present application, the distributed identity may include a first federation chain identification, a second federation chain identification, and so on. In addition, the verifiable credential provides a specification describing certain attributes that an entity has, enabling evidence-based trust. The DID holder may prove to other entities (e.g., individuals, organizations, or concrete things, etc.) that certain properties of himself may be trusted by verifiable credentials. Meanwhile, by combining cryptography technologies such as digital signature, zero knowledge proof and the like, the certificate can be safer and more reliable, and the privacy of the user is further ensured not to be infringed.
Furthermore, embodiments of the present application relate to blockchain technology, which is a decentralized, distributed database technology involving nodes. The blockchain does not have a central mechanism, and the consistency of the information of each node is ensured by a consensus mechanism of the blockchain. Blockchains can be generally divided into three general categories, public chains, private chains, and federated chains. Where a federated chain refers to a blockchain that is commonly participated in management by a pre-selected plurality of organizations or organizations, each of which may manage one or more nodes. One or more nodes managed by each organization or organization form a cluster of nodes.
The following will describe in detail. The following description of the embodiments is not intended to limit the preferred embodiments.
The present embodiment will be described in terms of a digital certificate usage apparatus, which may be integrated in a terminal device, and the terminal device may include a smart phone, a notebook computer, a tablet computer, a personal computer, and the like.
The embodiment of the application provides a digital certificate usage method, which can be executed by a processor of a terminal, as shown in fig. 2, and the specific flow of the digital certificate usage method mainly includes steps 201 to 205, and the detailed description is as follows:
Step 201, receiving, by a credential verification terminal, a target credential to be verified sent by a credential holder, where the target credential includes a first federation chain identifier of the credential holder in a federation chain network, so that the credential verification terminal confirms the holding authenticity of the credential holder to the target credential according to the first federation chain identifier.
In the embodiment of the application, holding authenticity is used for indicating whether the certificate holding end is a terminal for actually holding the target certificate.
In the embodiment of the application, when a user uses an issued target credential, the user needs to send the target credential to a credential verification terminal through a credential holding terminal, the credential verification terminal obtains a first alliance chain identifier of the credential verification terminal in an alliance chain network in the target credential after receiving the target credential, and when the credential verification terminal confirms that the first alliance chain identifier extracted from the received target credential is consistent with an alliance chain identifier corresponding to an issuing object when the credential issuing terminal issues the target credential, the credential holding terminal is a terminal which truly holds the target credential.
Step 202, receiving a credential verification request sent by a credential verification terminal, wherein the credential verification request comprises a target credential to be verified, and the target credential comprises a target credential identifier in a alliance chain network.
In this embodiment of the present application, when the credential holder uses the target credential, the credential holder needs to provide the credential to the credential verifier, and the credential verifier verifies the validity of the target credential, and confirms that the target credential is valid in this use, so that the credential holder can be honored with the usage rights of the target credential. When the credential verification terminal performs validity verification on the target credential, the credential verification terminal initiates a transaction, sends a credential verification request to other nodes in the alliance chain network, node equipment in the alliance chain network receives the credential verification request sent by the credential verification terminal, the credential verification request comprises a target credential to be verified, the target credential comprises a target credential identifier of the target credential in the alliance chain network, the node equipment acquires the target credential identifier according to the credential verification request, acquires a target credential validity condition according to the target credential identifier, further judges whether the target credential is valid or not, realizes consensus of all nodes in the alliance chain network based on the credential verification request, and enables node equipment in the alliance chain network to realize verification of the target credential validity based on the credential verification request.
In embodiments of the present application, the target credential may indicate an attribute that the credential verifier has, e.g., the target credential may be an electronic ticket, a ticket, and/or a purchase qualification, etc.
In the embodiment of the application, the target credential identifier is a unique identification identifier of the target credential, and is a basis for distinguishing the target credential from other credentials, for example, the identifier may be a number of the credential, a name of the credential, and the like.
In the embodiment of the application, the credential verification end may be one node device in the federation chain network, or may be a plurality of node devices in the federation chain network, and when the credential verification end includes a plurality of node devices in the federation chain network, one of the node devices may issue a credential verification request.
Step 203, based on the target credential identification, obtaining a target credential validity condition of the target credential in the intelligent contract deployed by the federation chain network.
In the embodiment of the application, the target credential validity condition is a condition that the target credential can honor the usage rights, for example, the target credential validity condition may be a total number of valid uses of the target credential, a deadline of valid uses of the target credential, or a total duration of valid uses of the target credential, etc.
In this embodiment of the present application, before obtaining the target credential validity condition from the intelligent contract deployed by the federated chain network based on the target credential identifier, an association between the target credential identifier and the target credential validity condition needs to be established, specifically, step 203 "before obtaining the target credential validity condition of the target credential in the intelligent contract deployed by the federated chain network based on the target credential identifier" further includes:
Receiving a credential issuance request for a target credential sent by a credential issuer, the credential issuance request including a target credential topic of the target credential, a target credential identifier, and a first federation chain identifier of a credential holder in a federation chain network;
acquiring a target intelligent contract corresponding to a target credential theme from the intelligent contracts deployed by the alliance chain network;
acquiring a validity condition corresponding to a target credential theme in a target intelligent contract as a target credential validity condition;
and setting a corresponding relation between the target credential identification and the target credential validity condition in the alliance chain network.
In the embodiment of the application, when the credential holding end requests to issue the credential to the credential issuing end, before the credential issuing end issues the credential to the credential holding end, the credential issuing end sends a credential issue request to other node devices in the alliance chain network, so that the other node devices in the alliance chain network agree on the basis of the credential issue request, and the corresponding relation between the credential identifier of the credential to be issued and the corresponding validity condition is set in the alliance chain network.
Wherein, the target voucher topic refers to the category to which the content of the target voucher belongs, for example, the target voucher topic can be a ticket category, a purchase qualification category and the like. One target credential topic may correspond to multiple target credentials with different target credential identifications.
In addition, the first federation chain identifier is a unique identification identifier of the credential holder in the federation chain network, and is a basis for distinguishing each credential holder from other node devices, for example, the first federation chain identifier may be a blockchain address of each credential holder in a federation chain, an IP address of each credential holder, and so on.
In the embodiment of the application, when the credential issuance request is received, in order to determine the authenticity of the credential issuance, it is necessary to verify whether the credential issuance request is sent by the credential issuer, and if so, execute the relevant instruction of the credential issuance request. If not, the credential issuance request is ignored.
In the embodiment of the present application, the target smart contract is a smart contract related to a target credential, including a target credential theme, a target credential validity condition, and the like, and before the target credential validity condition is acquired from the target smart contract, a plurality of contracts including the target smart contract have been deployed in the blockchain network, specifically, in the above step, "in the smart contract deployed in the coalition chain network, the target smart contract corresponding to the target credential theme is acquired as the target credential validity condition", before the step "further includes:
Receiving a contract deployment request sent by a certificate issuing end, wherein the contract deployment request comprises certificate topics of all certificates to be deployed in the intelligent contract and validity conditions of the certificates corresponding to the certificate topics;
and deploying intelligent contracts corresponding to the certificate topics in the alliance chain network according to the contract deployment request, wherein each intelligent contract comprises validity conditions of the certificates corresponding to the certificate topics.
In the embodiment of the application, when a credential theme is generated, the credential issuer deploys an intelligent contract corresponding to the credential theme in the coalition chain network in advance, that is, the credential issuer sends a contract deployment request to other nodes in the coalition chain network, so that the other nodes in the coalition chain network agree on the basis of the contract deployment request, an instruction of the contract deployment request is executed, and deployment of the intelligent contract corresponding to the credential theme is completed in the coalition chain network.
For example, when the ticket subject is a ticket of an event, the ticket issuing end deploys the content of the ticket (i.e. the ticket participating in the event) in the coalition chain network, and the ticket is used for a time, at most, the number of times of use, and the like, and the content related to the ticket form an intelligent contract corresponding to the ticket.
In the embodiment of the application, when a contract deployment request is received, in order to ensure the validity and authenticity of intelligent contract deployment, whether the contract deployment request is sent by a certificate issuing end needs to be verified, and if yes, relevant instructions of the contract deployment request are executed. If not, the contract deployment request is ignored.
Step 204, based on the target credential identification, obtaining the usage information of the credential holding end on the target credential.
In this embodiment of the present application, the usage information may be a history accumulated usage of the target credential by the credential holder before the time of receiving the credential verification request, for example, the date of receiving the credential verification request is a, the history accumulated usage may be a total number of times the credential holder uses the target credential before a, and the history accumulated usage may also be an accumulated usage duration of the target credential by the credential holder before a. The usage information may be a time when the credential holder obtains the issuing time of the target credential, and the like.
In this embodiment of the present application, when the usage information is the number of times the credential verification terminal uses the target credential, the credential verification request includes the current number of times the credential holder uses the target credential, and in the step 204, the "obtaining the usage information of the credential holder to the target credential based on the target credential identifier" may be:
based on the certificate verification request, acquiring the current use times of the certificate holding end to the target certificate;
determining a target credential validity condition corresponding to the target credential identifier based on the correspondence, and determining a target intelligent contract for recording the target credential validity condition;
Acquiring historical use times of a certificate holding end on a target certificate from target transaction information generated based on a target intelligent contract;
the sum of the number of times of use of the history number of times of use and the current number of times of use is calculated as the use information.
In this embodiment of the present application, the current usage number may be the number of times the credential holding end uses the target credential when verifying the target credential that the credential holding end presents. The current use times can be 1 time or multiple times.
In this embodiment of the present application, each time when the usage information satisfies the target credential validity condition, the current usage number of times is accumulated into the historical usage number of times to form a new historical usage number of times for the next acquisition, and specifically, before the step of "acquiring the historical usage number of times of the credential holding end for the target credential from the target transaction information generated based on the target smart contract", the method further includes:
when the usage information is determined to meet the target credential validity condition, updating the historical usage times by using the sum of the usage times to form updated historical usage times;
transaction information including the updated historical number of uses is generated as target transaction information.
In the embodiment of the present application, when the validity condition of the target credential is the validity time limit of the credential holder using the target credential, the step 204 "obtaining the usage information of the credential holder for the target credential based on the target credential identifier" includes:
based on the target credential identification, the issuing time of the target credential is obtained from the credential issuing information corresponding to the target credential and is used as the use information.
In the embodiment of the present application, in order to determine whether the time of using the target credential by the credential holder exceeds the valid time limit, it is necessary to obtain the time of issuing the target credential by the credential issuer to the credential holder, that is, record the time of issuing the target credential by the credential issuer to the credential holder in the federation chain network. Specifically, after setting the corresponding relation between the target credential identifier and the target credential validity condition in the coalition chain network, the issuing confirmation information of the target credential can be sent to the credential issuing end, so that the credential issuing end issues the target credential to the credential holding end; and receiving the certificate issuing information sent by the certificate issuing end, wherein the certificate issuing information comprises the issuing time of the target certificate issued by the certificate issuing end to the certificate holding end.
In the embodiment of the application, the credential release information is used for indicating that the credential end confirms that the target credential is released to the credential holder.
Step 205, if the usage information meets the target credential validity condition, sending verification success information to the credential verification terminal, so that the credential verification terminal honors the usage rights and interests of the target credential to the credential holder.
In this embodiment of the present application, when the usage information is the number of times the credential verification terminal uses the target credential, the target credential validity condition includes the maximum number of times the credential holding terminal uses the target credential, and "if the usage information satisfies the target credential validity condition, sending verification success information to the credential verification terminal" in step 205 includes: if the sum of the using times is smaller than or equal to the maximum effective using times, determining that the using information meets the validity condition of the target certificate, and sending the verification success information to the certificate verification terminal.
In this embodiment of the present application, when the usage information is the issue time of the target credential, the target credential validity condition is the validity time limit of the credential holding end using the target credential, and "if the usage information satisfies the target credential validity condition, sending the authentication success information to the credential authentication end" in step 205 includes:
Acquiring the current time of receiving a credential verification request;
calculating a time difference between the current time and the release time;
if the time difference value does not exceed the effective time limit, determining that the using information meets the target credential validity condition, and sending the verification success information to the credential verification terminal.
In the embodiment of the application, the valid time limit is that the credential holder can use the target credential for a period of time, and when the valid time limit is exceeded, the target credential cannot be used.
In this embodiment of the present application, the target credential validity condition may also be a use expiration time of the target credential, where the use information is a current time of receiving the credential verification request, and "if the use information satisfies the target credential validity condition, sending verification success information to the credential verification terminal" in step 205 includes: if the current time does not exceed the use deadline, determining that the use information meets the target credential validity condition, and sending verification success information to a credential verification terminal.
In the embodiment of the application, if the usage information does not meet the target credential validity condition, the authentication failure information is sent to the credential authentication end, so that the credential authentication end confirms that the credential holding end cannot honor the usage rights and interests of the target credential. Thus avoiding the abuse of the target credential usage rights by the credential holder.
In the embodiment of the application, the certificate issuing end can also query the issued certificate information in the alliance chain network, so that the use condition of the issued certificates, for example, the second alliance chain identification of the certificate verification end for verifying the certificates, the verification times of each certificate verification end and the like, can be known, and the certificate issuing end can further determine the use effect and the user activity of each certificate according to the use condition of the issued certificates.
Specifically, the credential issuer querying step may include:
receiving the certificate inquiry information sent by the certificate issuing end, wherein the certificate inquiry information comprises certificate identifications of all certificates issued by the certificate issuing end to the certificate holding end;
acquiring a reference intelligent contract corresponding to each certificate identifier from the intelligent contracts deployed by the alliance chain network;
acquiring a second alliance chain identification of each certificate verification end for cashing each certificate and the times of cashing each certificate by each certificate verification end from transaction information generated based on each reference intelligent contract;
and feeding back the second alliance chain identification of each certificate verification end and the times of each certificate verification end redemption of each certificate to the certificate issuing end.
In this embodiment of the present application, the credential holding end may also obtain the credential information held by itself in the federated chain network, for example, the number of credentials of the held credential, the second federated chain identifier of the credential verification end corresponding to each credential, or the number of times each credential verification end verifies, and so on.
All the above technical solutions may be combined to form an optional embodiment of the present application, which is not described here in detail.
According to the digital certificate using method provided by the embodiment of the application, when the certificate verification end verifies the target certificate sent by the certificate holding end, after the certificate holding end is confirmed to truly hold the target certificate according to the first alliance chain identification, a certificate verification request is sent to other node equipment in the alliance chain network, so that the node equipment can acquire the using information of the target certificate and the target certificate validity condition which can be effectively used, and when the using condition of the target certificate is confirmed to meet the target certificate validity condition, the certificate verification end can honor the using rights and interests of the target certificate to the certificate holding end, and the certificate holding end is prevented from abusing the using rights and interests of the target certificate.
Referring to fig. 3, fig. 3 is another flow chart of a digital certificate using method according to an embodiment of the present application. The specific flow of the method can be as follows:
step 301, receiving a contract deployment request sent by a certificate issuing end.
For example, the contract deployment request includes a credential topic for each credential to be deployed in the smart contract, and a validity condition for each credential topic corresponding to the credential. When a credential theme is generated, the credential issuer deploys an intelligent contract corresponding to the credential theme in the alliance chain network in advance, namely, the credential issuer sends a contract deployment request to other nodes in the alliance chain network, so that the other nodes in the alliance chain network agree on the basis of the contract deployment request, an instruction of the contract deployment request is executed, and deployment of the intelligent contract corresponding to the credential theme is completed in the alliance chain network.
Step 302, deploying intelligent contracts corresponding to each certificate topic in a alliance chain network according to the contract deployment request, wherein each intelligent contract comprises validity conditions of certificates corresponding to each certificate topic.
For example, when a contract deployment request is received, in order to ensure validity and authenticity of the intelligent contract deployment, it needs to be verified whether the contract deployment request is sent by the credential issuer, and if so, relevant instructions of the contract deployment request are executed. If not, the contract deployment request is ignored.
Step 303, receiving a request for issuing a certificate for the target certificate sent by the certificate issuing end.
For example, the credential issuance request includes a target credential topic for the target credential, a target credential identification, and a first federation chain identification of the credential holder in the federation chain network.
Step 304, obtaining a target intelligent contract corresponding to the target credential theme from the deployed intelligent contracts of the alliance chain network.
For example, after intelligent contracts corresponding to a plurality of credential topics have been deployed in the federated chain network, a target credential topic corresponding to a target credential may be obtained, and then an intelligent contract corresponding to the target credential topic may be obtained as a target intelligent contract.
Step 305, receiving a credential verification request sent by a credential verification terminal, where the credential verification request includes a target credential to be verified, and the target credential includes a target credential identifier in a federated chain network.
For example, when the credential holder uses the target credential, the credential holder needs to be provided with the target credential, and after the credential holder confirms that the credential holder is a terminal that actually holds the target credential, the credential holder performs validity verification on the target credential, and confirms that the target credential is valid in this use, so that the usage rights and interests of the target credential can be redeemed for the credential holder.
Step 306, based on the target credential identification, obtaining the maximum effective use times of the target credential in the intelligent contracts deployed by the alliance chain network.
For example, the validity condition corresponding to the target credential theme may be obtained in advance in the target intelligent contract, as the target credential validity condition, and the correspondence between the target credential identifier and the target credential validity condition is set in the federation chain network, so that when the target credential identifier is obtained, the target credential validity condition corresponding to the target credential identifier may be obtained according to the correspondence, that is, the maximum valid use times of the target credential.
Step 307, obtaining the sum of the using times of the certificate holding end to the target certificate.
For example, based on the credential verification request, obtaining the current number of uses of the target credential by the credential holder; determining a target credential validity condition corresponding to the target credential identifier based on the correspondence, and determining a target intelligent contract for recording the target credential validity condition; acquiring historical use times of a certificate holding end on a target certificate from target transaction information generated based on a target intelligent contract; and calculating the sum of the historical use times and the current use times as the sum of the use times.
And 308, if the sum of the using times is smaller than or equal to the maximum effective using times, determining that the using information meets the validity condition of the target certificate, and sending the verification success information to the certificate verification terminal.
For example, if the sum of the usage times is greater than the maximum valid usage times, it is determined that the usage information does not satisfy the target credential validity condition, and verification failure information is sent to the credential verification terminal, so that the credential verification terminal confirms that the credential holder cannot honor the usage rights of the target credential.
All the above technical solutions may be combined to form an optional embodiment of the present application, which is not described here in detail.
According to the digital certificate using method provided by the embodiment of the application, when the certificate verification end verifies the target certificate sent by the certificate holding end, after the certificate holding end is confirmed to truly hold the target certificate according to the first alliance chain identification, a certificate verification request is sent to other node equipment in the alliance chain network, so that the node equipment can acquire the using information of the target certificate and the target certificate validity condition which can be effectively used, and when the using condition of the target certificate is confirmed to meet the target certificate validity condition, the certificate verification end can honor the using rights and interests of the target certificate to the certificate holding end, and the certificate holding end is prevented from abusing the using rights and interests of the target certificate.
In the interaction diagram shown in fig. 6, the interaction diagram includes a credential issuer, a terminal providing a verifiable credential registration service, a blockchain node providing a distributed identity blockchain service, a credential holder applying for credentials, and at least one credential verifier, first, the credential issuer registers a distributed identity corresponding to the credential issuer in the terminal providing the verifiable credential registration service, thereby indicating that the credential issuer has a right to issue credentials to a user, after the credential issuer completes registration, an intelligent contract recording credential validity conditions is deployed in the blockchain node providing the distributed identity blockchain service, after the contract deployment is completed, the credential issuer sends a transaction request configuring credential validity conditions corresponding to each topic credential to a blockchain point, and the blockchain point invokes the registered credential issuer of a DID related contract verification sending transaction request according to the received transaction request, if the credential issuer passes verification, deploys credential validity conditions corresponding to each topic credential (e.g., maximum number of uses of credentials, etc.) in the intelligent contract corresponding to each topic credential.
Secondly, when the certificate holding end applies for the certificate to the certificate issuing end, the certificate issuing end initiates the certificate application transaction to the block chain point, after the block chain point receives the certificate application transaction, the DID related contract is called to verify that the terminal for sending the certificate application transaction is the certificate issuing end, if the certificate issuing end passes the verification, the block chain point obtains the certificate validity condition corresponding to the certificate theme type in the deployed intelligent contract according to the certificate theme type sent by the certificate issuing end, and then, the block chain node records the association relationship among the certificate identification, the certificate holding end identification and the corresponding certificate validity condition according to the certificate identification sent by the certificate issuing end and the certificate holding end identification for applying for the certificate, and after the block chain point completes the record of the association relationship, the certificate issuing end sends the certificate to the certificate holding end for applying for the certificate.
And when the credential holding end possessing the credential verifies the credential to the credential verification end, after the credential verification end verifies the authenticity of the credential, transmitting a transaction to the block chain link point to verify the credential holding end, wherein the block chain link point acquires the credential validity condition corresponding to the credential to be verified, so as to verify whether the use condition of the credential to be verified meets the credential validity condition, if not, the transaction fails, if yes, the block chain link point registers the current use condition of the credential to update the use condition of the credential (for example, the current use times are accumulated on the basis of the used times), the block chain node transmits a transaction result to the credential verification end, and the credential verification end analyzes the transaction result to determine whether the use condition of the credential to be verified meets the credential validity condition, and if yes, the credential is honored to the credential holding end.
In addition, the credential issuer can query the blockchain node for the use condition of each issued credential, so as to know the use effect of each credential, and the credential holder can query the blockchain node for the use condition of each owned credential (e.g., credential identifier for verifying the credential, number of credential uses, etc.).
In order to facilitate better implementation of the digital certificate using method of the embodiment of the application, the embodiment of the application also provides a digital certificate using device. Referring to fig. 4, fig. 4 is a schematic structural diagram of a digital certificate usage device according to an embodiment of the present application. The digital certificate usage apparatus may include a first receiving unit 401, a second receiving unit 402, a first acquiring unit 403, a second acquiring unit 404, and a transmitting unit 405.
The first receiving unit 401 is configured to receive, by using the credential verifying terminal, a target credential to be verified, where the target credential is sent by the credential holding terminal and includes a first federation chain identifier of the credential holding terminal in a federation chain network, so that the credential verifying terminal confirms the holding authenticity of the credential holding terminal to the target credential according to the first federation chain identifier;
a second receiving unit 402, configured to receive a credential verification request sent by a credential verification end, where the credential verification request includes a target credential to be verified, and the target credential includes a target credential identifier in a federated link network;
a first obtaining unit 403, configured to obtain, based on the target credential identifier, a target credential validity condition of the target credential in the intelligent contract deployed by the federation chain network;
A second obtaining unit 404, configured to obtain, based on the target credential identifier, usage information of the target credential by the credential holding end;
and the sending unit 405 is configured to send verification success information to the credential verification terminal if the usage information meets the target credential validity condition, so that the credential verification terminal honors the usage rights and interests of the target credential to the credential holder.
Optionally, the first obtaining unit 403 is further configured to:
receiving a credential issuance request for a target credential sent by a credential issuer, the credential issuance request including a target credential topic of the target credential, a target credential identifier, and a first federation chain identifier of a credential holder in a federation chain network;
acquiring a target intelligent contract corresponding to a target credential theme from the intelligent contracts deployed by the alliance chain network;
acquiring a validity condition corresponding to a target credential theme in a target intelligent contract as a target credential validity condition;
and setting a corresponding relation between the target credential identification and the target credential validity condition in the alliance chain network.
Optionally, the first obtaining unit 403 is further configured to:
receiving a contract deployment request sent by a certificate issuing end, wherein the contract deployment request comprises certificate topics of all certificates to be deployed in the intelligent contract and validity conditions of the certificates corresponding to the certificate topics;
And deploying intelligent contracts corresponding to the certificate topics in the alliance chain network according to the contract deployment request, wherein each intelligent contract comprises validity conditions of the certificates corresponding to the certificate topics.
Optionally, the credential verification request includes the current number of uses of the target credential by the credential holder, and the second obtaining unit 404 is further configured to:
based on the certificate verification request, acquiring the current use times of the certificate holding end to the target certificate;
determining a target credential validity condition corresponding to the target credential identifier based on the correspondence, and determining a target intelligent contract for recording the target credential validity condition;
acquiring historical use times of a certificate holding end on a target certificate from target transaction information generated based on a target intelligent contract;
the sum of the number of times of use of the history number of times of use and the current number of times of use is calculated as the use information.
Optionally, the target credential validity condition includes a maximum number of valid uses of the target credential by the credential holder, and the sending unit 405 is further configured to:
if the sum of the using times is smaller than or equal to the maximum effective using times, determining that the using information meets the validity condition of the target certificate, and sending the verification success information to the certificate verification terminal.
Optionally, the first obtaining unit 403 is further configured to:
When the usage information is determined to meet the target credential validity condition, updating the historical usage times by using the sum of the usage times to form updated historical usage times;
transaction information including the updated historical number of uses is generated as target transaction information.
Optionally, the first obtaining unit 403 is further configured to:
sending the issuing confirmation information of the target certificate to the certificate issuing end so that the certificate issuing end issues the target certificate to the certificate holding end;
and receiving the certificate issuing information sent by the certificate issuing end, wherein the certificate issuing information comprises the issuing time of the target certificate issued by the certificate issuing end to the certificate holding end.
Optionally, the second obtaining unit 404 is further configured to:
based on the target credential identification, the issuing time of the target credential is obtained from the credential issuing information corresponding to the target credential and is used as the use information.
Optionally, the target credential validity condition includes a validity time limit for the credential holder to use the target credential, and the sending unit 405 is further configured to:
acquiring the current time of receiving a credential verification request;
calculating a time difference between the current time and the release time;
if the time difference value does not exceed the effective time limit, determining that the using information meets the target credential validity condition, and sending the verification success information to the credential verification terminal.
Optionally, the device is further configured to:
if the usage information does not meet the target credential validity condition, sending verification failure information to the credential verification terminal, so that the credential verification terminal confirms that the credential holder cannot honor the usage rights and interests of the target credential.
Optionally, the device is further configured to:
receiving the certificate inquiry information sent by the certificate issuing end, wherein the certificate inquiry information comprises certificate identifications of all certificates issued by the certificate issuing end to the certificate holding end;
acquiring a reference intelligent contract corresponding to each certificate identifier from the intelligent contracts deployed by the alliance chain network;
acquiring a second alliance chain identification of each certificate verification end for cashing each certificate and the times of cashing each certificate by each certificate verification end from transaction information generated based on each reference intelligent contract;
and feeding back the second alliance chain identification of each certificate verification end and the times of each certificate verification end redemption of each certificate to the certificate issuing end.
All the above technical solutions may be combined to form an optional embodiment of the present application, which is not described here in detail.
In the digital certificate using device provided by the embodiment of the application, the first receiving unit 401 receives, through the certificate verification end, a target certificate to be verified sent by the certificate holding end, where the target certificate includes a first federation chain identifier of the certificate holding end in a federation chain network, so that the certificate verification end confirms the holding authenticity of the certificate holding end to the target certificate according to the first federation chain identifier; the second receiving unit 402 receives a credential verification request sent by the credential verification terminal, where the credential verification request includes a target credential to be verified, the target credential includes a target credential identifier in the federated chain network, then, based on the target credential identifier, the first obtaining unit 403 obtains a target credential validity condition of the target credential in an intelligent contract deployed in the federated chain network, then, based on the target credential identifier, the second obtaining unit 404 obtains usage information of the target credential by the credential holder, and finally, the sending unit 405 determines that if the usage information meets the target credential validity condition, sends verification success information to the credential verification terminal, so that the credential verification terminal honors the usage rights of the target credential to the credential holder. When the use condition of the target certificate is determined to meet the validity condition of the target certificate, the certificate verification end honors the use rights and interests of the target certificate to the certificate holding end, and the certificate holding end is prevented from abusing the use rights and interests of the target certificate.
Correspondingly, the embodiment of the application also provides computer equipment, which can be a terminal, and the terminal can be terminal equipment such as a smart phone, a tablet personal computer, a notebook computer, a touch screen, a game machine, a personal computer, a personal digital assistant and the like. Fig. 5 is a schematic structural diagram of a computer device according to an embodiment of the present application, as shown in fig. 5. The computer device 500 includes a processor 501 having one or more processing cores, a memory 502 having one or more computer readable storage media, and a computer program stored on the memory 502 and executable on the processor. The processor 501 is electrically connected to the memory 502. It will be appreciated by those skilled in the art that the computer device structure shown in the figures is not limiting of the computer device and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.
The processor 501 is a control center of the computer device 500, connects various parts of the entire computer device 500 using various interfaces and lines, and performs various functions of the computer device 500 and processes data by running or loading software programs and/or modules stored in the memory 502, and calling data stored in the memory 502, thereby performing overall monitoring of the computer device 500.
In the embodiment of the present application, the processor 501 in the computer device 500 loads the instructions corresponding to the processes of one or more application programs into the memory 502 according to the following steps, and the processor 501 executes the application programs stored in the memory 502, so as to implement various functions:
receiving a target certificate to be verified, which is sent by a certificate holding end, through the certificate verification end, wherein the target certificate comprises a first alliance chain identifier of the certificate holding end in an alliance chain network, so that the certificate verification end confirms the holding authenticity of the certificate holding end to the target certificate according to the first alliance chain identifier; receiving a credential verification request sent by a credential verification terminal, wherein the credential verification request comprises a target credential to be verified, and the target credential comprises a target credential identifier in a alliance chain network; based on the target credential identification, acquiring a target credential validity condition of the target credential in an intelligent contract deployed by the alliance chain network; acquiring the use information of the certificate holding end on the target certificate based on the target certificate identifier; if the usage information meets the target credential validity condition, the authentication success information is sent to the credential authentication end so that the credential authentication end honors the usage rights and interests of the target credential to the credential holding end.
The specific implementation of each operation above may be referred to the previous embodiments, and will not be described herein.
Optionally, as shown in fig. 5, the computer device 500 further includes: a touch display screen 503, a radio frequency circuit 504, an audio circuit 505, an input unit 506, and a power supply 507. The processor 501 is electrically connected to the touch display 503, the radio frequency circuit 504, the audio circuit 505, the input unit 506, and the power supply 507, respectively. Those skilled in the art will appreciate that the computer device structure shown in FIG. 5 is not limiting of the computer device and may include more or fewer components than shown, or may be combined with certain components, or a different arrangement of components.
The touch display screen 503 may be used to display a graphical user interface and receive operation instructions generated by a user acting on the graphical user interface. The touch display screen 503 may include a display panel and a touch panel. Wherein the display panel may be used to display information entered by a user or provided to a user as well as various graphical user interfaces of a computer device, which may be composed of graphics, text, icons, video, and any combination thereof. Alternatively, the display panel may be configured in the form of a liquid crystal display (Liquid Crystal Display, LCD), an Organic Light-Emitting Diode (OLED), or the like. The touch panel may be used to collect touch operations on or near the user (such as the user redeeming a finger, stylus, or any other suitable object or accessory on or near the touch panel) and generate corresponding operational instructions, and the operational instructions execute a corresponding program. Alternatively, the touch panel may include two parts, a touch detection device and a touch controller. The touch detection device detects the touch azimuth of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch detection device and converts it into touch point coordinates, which are then sent to the processor 501, and can receive commands from the processor 501 and execute them. The touch panel may overlay the display panel, and upon detection of a touch operation thereon or thereabout, the touch panel is passed to the processor 501 to determine the type of touch event, and the processor 501 then provides a corresponding visual output on the display panel based on the type of touch event. In the embodiment of the present application, the touch panel and the display panel may be integrated into the touch display screen 503 to implement the input and output functions. In some embodiments, however, the touch panel and the touch panel may be implemented as two separate components to perform the input and output functions. I.e. the touch sensitive display 503 may also implement an input function as part of the input unit 506.
The radio frequency circuitry 504 may be used to transceive radio frequency signals to establish wireless communications with a network device or other computer device via wireless communications.
The audio circuitry 505 may be used to provide an audio interface between a user and a computer device through speakers, microphones, and so on. The audio circuit 505 may transmit the received electrical signal after audio data conversion to a speaker, and convert the electrical signal into a sound signal for output by the speaker; on the other hand, the microphone converts the collected sound signals into electrical signals, which are received by the audio circuit 505 and converted into audio data, which are processed by the audio data output processor 501 for transmission to, for example, another computer device via the radio frequency circuit 504, or which are output to the memory 502 for further processing. The audio circuit 505 may also include an ear bud jack to provide communication of the peripheral ear bud with the computer device.
The input unit 506 may be used to receive input numbers, character information, or user characteristic information (e.g., fingerprint, iris, facial information, etc.), and to generate keyboard, mouse, joystick, optical, or trackball signal inputs related to user settings and function control.
The power supply 507 is used to power the various components of the computer device 500. Alternatively, the power supply 507 may be logically connected to the processor 501 through a power management system, so as to implement functions of managing charging, discharging, and power consumption management through the power management system. The power supply 507 may also include one or more of any components, such as a direct current or alternating current power supply, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like.
Although not shown in fig. 5, the computer device 500 may further include a camera, a sensor, a wireless fidelity module, a bluetooth module, etc., which are not described herein.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to related descriptions of other embodiments.
As can be seen from the above, when the credential verification terminal verifies the target credential sent by the credential holding terminal, after confirming that the credential holding terminal is actually holding the target credential according to the first federation chain identifier, the computer device provided in this embodiment sends a credential verification request to other node devices in the federation chain network, so that the node device can obtain the use information of the target credential and the target credential validity condition that can be effectively used, and when determining that the use condition of the target credential meets the target credential validity condition, the credential verification terminal honors the use rights of the target credential to the credential holding terminal, thereby avoiding the credential holding terminal from abusing the use rights of the target credential.
Those of ordinary skill in the art will appreciate that all or a portion of the steps of the various methods of the above embodiments may be performed by instructions, or by instructions controlling associated hardware, which may be stored in a computer-readable storage medium and loaded and executed by a processor.
To this end, embodiments of the present application provide a computer readable storage medium having stored therein a plurality of computer programs that can be loaded by a processor to perform steps in any of the digital credential usage methods provided by embodiments of the present application. For example, the computer program may perform the steps of:
receiving a target certificate to be verified, which is sent by a certificate holding end, through the certificate verification end, wherein the target certificate comprises a first alliance chain identifier of the certificate holding end in an alliance chain network, so that the certificate verification end confirms the holding authenticity of the certificate holding end to the target certificate according to the first alliance chain identifier; receiving a credential verification request sent by a credential verification terminal, wherein the credential verification request comprises a target credential to be verified, and the target credential comprises a target credential identifier in a alliance chain network; based on the target credential identification, acquiring a target credential validity condition of the target credential in an intelligent contract deployed by the alliance chain network; acquiring the use information of the certificate holding end on the target certificate based on the target certificate identifier; if the usage information meets the target credential validity condition, the authentication success information is sent to the credential authentication end so that the credential authentication end honors the usage rights and interests of the target credential to the credential holding end.
The specific implementation of each operation above may be referred to the previous embodiments, and will not be described herein.
Wherein the storage medium may include: read Only Memory (ROM), random access Memory (Random Access Memory, RAM), magnetic or optical disk, and the like.
The steps in any digital certificate using method provided in the embodiment of the present application may be executed by the computer program stored in the storage medium, so that the beneficial effects that any digital certificate using method provided in the embodiment of the present application may be achieved, which are detailed in the previous embodiments and will not be described herein.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to related descriptions of other embodiments.
The above detailed description of a digital certificate usage method, device, computer equipment and storage medium provided in the embodiments of the present application applies specific examples to illustrate the principles and embodiments of the present invention, and the above description of the embodiments is only used to help understand the technical solution and core ideas of the present invention; those of ordinary skill in the art will appreciate that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention.

Claims (13)

1. A method of using digital certificates, comprising:
receiving a target credential to be verified, which is sent by a credential holding end, through a credential verification end, wherein the target credential comprises a first alliance chain identifier of the credential holding end in an alliance chain network, so that the credential verification end confirms the holding authenticity of the credential holding end on the target credential according to the first alliance chain identifier;
receiving a credential verification request sent by the credential verification terminal, wherein the credential verification request comprises the target credential, and the target credential further comprises a target credential identifier in the alliance chain network;
receiving a contract deployment request sent by a certificate issuing end, wherein the contract deployment request comprises certificate topics of certificates to be deployed in an intelligent contract and validity conditions of certificates corresponding to the certificate topics;
deploying intelligent contracts corresponding to the certificate topics in the alliance chain network according to the contract deployment request, wherein each intelligent contract comprises validity conditions of certificates corresponding to the certificate topics;
acquiring a target credential validity condition of the target credential in an intelligent contract deployed by the alliance chain network based on the target credential identifier;
Acquiring the use information of a credential holding end on the target credential based on the target credential identifier;
and if the using information meets the target credential validity condition, sending verification success information to the credential verification terminal so that the credential verification terminal honors the using rights and interests of the target credential to the credential holding terminal.
2. The method of claim 1, wherein the obtaining, based on the target credential identification, a target credential validity condition for the target credential in a smart contract deployed by the federation chain network is preceded by:
receiving a voucher issuing request aiming at the target voucher, which is sent by a voucher issuing end, wherein the voucher issuing request comprises a target voucher theme of the target voucher and the target voucher identifier;
acquiring a target intelligent contract corresponding to the target credential theme from the intelligent contracts deployed by the alliance chain network;
acquiring validity conditions corresponding to the target certificate subject in the target intelligent contract as the target certificate validity conditions;
and setting the corresponding relation between the target credential identification and the target credential validity condition in the alliance chain network.
3. The method of claim 2, wherein the credential verification request includes a current number of uses of the target credential by the credential holder, the obtaining, based on the target credential identification, use information of the target credential by the credential holder, comprising:
based on the certificate verification request, acquiring the current use times of the certificate holding end to the target certificate;
determining the target credential validity condition corresponding to the target credential identifier based on the correspondence, and determining the target intelligent contract for recording the target credential validity condition;
acquiring historical use times of the certificate holding end on the target certificate from target transaction information generated based on the target intelligent contract;
and calculating the sum of the historical use times and the current use times as the use information.
4. A method according to claim 3, wherein the target credential validity condition includes a maximum number of valid uses of the target credential by the credential holding terminal, and wherein if the use information satisfies the target credential validity condition, sending authentication success information to the credential authentication terminal comprises:
And if the sum of the using times is smaller than or equal to the maximum effective using times, determining that the using information meets the target credential validity condition, and sending the verification success information to the credential verification terminal.
5. The method of claim 4, wherein prior to obtaining the historical number of uses of the target credential by the credential holding terminal from target transaction information generated based on the target smart contract, further comprising:
when the usage information is determined to meet the target credential validity condition, updating the historical usage times by using the sum of the usage times to form updated historical usage times;
transaction information including updated historical usage times is generated as the target transaction information.
6. The method according to claim 2, wherein the method further comprises:
sending the issuing confirmation information of the target certificate to the certificate issuing end so that the certificate issuing end issues the target certificate to the certificate holding end;
and receiving the certificate issuing information sent by the certificate issuing end, wherein the certificate issuing information comprises the issuing time of the certificate issuing end for issuing the target certificate to the certificate holding end.
7. The method of claim 6, wherein the obtaining, based on the target credential identification, usage information of the target credential by the credential holder includes:
and acquiring the issuing time of the target certificate from the certificate issuing information corresponding to the target certificate based on the target certificate identifier as the using information.
8. The method of claim 7, wherein the target credential validity condition includes a validity time limit for the credential holder to use the target credential, and wherein if the use information satisfies the target credential validity condition, sending authentication success information to the credential verifier comprises:
acquiring the current time of receiving the credential verification request;
calculating a time difference between the current time and the release time;
and if the time difference value does not exceed the effective time limit, determining that the use information meets the target credential validity condition, and sending the verification success information to the credential verification terminal.
9. The method according to claim 1, wherein the method further comprises:
and if the using information does not meet the target credential validity condition, sending verification failure information to the credential verification terminal so that the credential verification terminal confirms that the credential holding terminal cannot honor the using rights and interests of the target credential.
10. The method according to claim 1, wherein the method further comprises:
receiving the certificate inquiry information sent by a certificate issuing end, wherein the certificate inquiry information comprises certificate identifications of all certificates issued by the certificate issuing end to the certificate holding end;
acquiring a reference intelligent contract corresponding to each certificate identifier from the intelligent contracts deployed by the alliance chain network;
acquiring a second alliance chain identification of each credential verification terminal for redeeming each credential and the number of times each credential verification terminal redeems each credential from transaction information generated based on each reference intelligent contract;
and feeding back the second alliance chain identification of each certificate verification end and the times of each certificate verification end redemption of each certificate to the certificate issuing end.
11. A digital certificate usage apparatus, comprising:
the first receiving unit is used for receiving a target certificate to be verified, which is sent by a certificate holding end, through a certificate verification end, wherein the target certificate comprises a first alliance chain identifier of the certificate holding end in an alliance chain network, so that the certificate verification end confirms the holding authenticity of the certificate holding end to the target certificate according to the first alliance chain identifier;
The second receiving unit is used for receiving a credential verification request sent by a credential verification terminal, wherein the credential verification request comprises the target credential, and the target credential comprises a target credential identifier in the alliance chain network;
the system comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for receiving a contract deployment request sent by a certificate issuing end, the contract deployment request comprises a certificate subject of each certificate to be deployed in an intelligent contract and a validity condition of a certificate corresponding to each certificate subject; deploying intelligent contracts corresponding to the certificate topics in the alliance chain network according to the contract deployment request, wherein each intelligent contract comprises validity conditions of certificates corresponding to the certificate topics; acquiring a target credential validity condition of the target credential in an intelligent contract deployed by the alliance chain network based on the target credential identifier;
the second acquisition unit is used for acquiring the use information of the certificate holding end on the target certificate based on the target certificate identifier;
and the sending unit is used for sending verification success information to the certificate verification terminal if the use information meets the target certificate validity condition so that the certificate verification terminal honors the use rights and interests of the target certificate to the certificate holding terminal.
12. A computer device, comprising:
a memory for storing a computer program;
a processor for implementing the steps in a digital voucher usage method according to any one of claims 1 to 10 when said computer program is executed.
13. A computer readable storage medium, having stored thereon a computer program which when executed by a processor performs the steps in the digital voucher usage method according to any one of claims 1 to 10.
CN202111130134.1A 2021-09-26 2021-09-26 Digital certificate using method, device, computer equipment and storage medium Active CN113746640B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111130134.1A CN113746640B (en) 2021-09-26 2021-09-26 Digital certificate using method, device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111130134.1A CN113746640B (en) 2021-09-26 2021-09-26 Digital certificate using method, device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113746640A CN113746640A (en) 2021-12-03
CN113746640B true CN113746640B (en) 2024-03-01

Family

ID=78741136

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111130134.1A Active CN113746640B (en) 2021-09-26 2021-09-26 Digital certificate using method, device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113746640B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114826653B (en) * 2022-03-10 2024-04-16 蚂蚁区块链科技(上海)有限公司 Credential verification method, system, device, equipment and storage medium based on blockchain network

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017096768A1 (en) * 2015-12-08 2017-06-15 腾讯科技(深圳)有限公司 Method, device and system for processing service credential, and storage medium
CN110445612A (en) * 2018-05-02 2019-11-12 万事达卡国际公司 For the method and system via the enhancing logging on authentication safety of block chain
CN110472438A (en) * 2019-07-31 2019-11-19 阿里巴巴集团控股有限公司 Transaction data processing based on block chain, Transaction Inquiries method, device and equipment
CN110490741A (en) * 2019-08-13 2019-11-22 山大地纬软件股份有限公司 Data validity and the apparatus and method of controllability management in a kind of block chain
CN110555772A (en) * 2019-09-06 2019-12-10 深圳前海微众银行股份有限公司 Certificate verification method, device, equipment and readable storage medium
CN111191212A (en) * 2019-12-31 2020-05-22 卓尔智联(武汉)研究院有限公司 Block chain-based digital certificate processing method, device, equipment and storage medium
CN111669386A (en) * 2020-05-29 2020-09-15 武汉理工大学 Access control method and device based on token and supporting object attribute
US10919497B1 (en) * 2019-10-09 2021-02-16 Ford Global Technologies, Llc Systems and methods for starting a vehicle using a secure password entry system
CN112470424A (en) * 2018-06-01 2021-03-09 贝宝公司 Verifying and authenticating identity using a key with target access to a blockchain
CN112508578A (en) * 2021-02-04 2021-03-16 支付宝(杭州)信息技术有限公司 Resource transfer request verification and sending method and device based on block chain
WO2021063045A1 (en) * 2019-09-30 2021-04-08 支付宝(杭州)信息技术有限公司 Blockchain-based transaction query method, apparatus and device, and blockchain-based transaction data processing method, apparatus and device
CN112702323A (en) * 2020-12-14 2021-04-23 杭州溪塔科技有限公司 Method and device for verifying license issue of block chain software and electronic equipment
KR20210051077A (en) * 2019-10-29 2021-05-10 성균관대학교산학협력단 Methods and systems for managing identification based on blockchain
WO2021173266A1 (en) * 2020-02-28 2021-09-02 Microsoft Technology Licensing, Llc Presentation of a verifiable credential having usage data
CN113343208A (en) * 2021-05-20 2021-09-03 网易(杭州)网络有限公司 Certificate authorization method, device, terminal and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110383757B (en) * 2016-12-16 2022-08-30 维萨国际服务协会 System and method for secure processing of electronic identities
JP6570768B2 (en) * 2017-06-28 2019-09-04 特定非営利活動法人サイバー・キャンパス・コンソーシアムTies Content distribution program, content management system using the same, and content providing method
US11132704B2 (en) * 2017-07-06 2021-09-28 Mastercard International Incorporated Method and system for electronic vouchers via blockchain

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017096768A1 (en) * 2015-12-08 2017-06-15 腾讯科技(深圳)有限公司 Method, device and system for processing service credential, and storage medium
CN110445612A (en) * 2018-05-02 2019-11-12 万事达卡国际公司 For the method and system via the enhancing logging on authentication safety of block chain
CN112470424A (en) * 2018-06-01 2021-03-09 贝宝公司 Verifying and authenticating identity using a key with target access to a blockchain
CN110472438A (en) * 2019-07-31 2019-11-19 阿里巴巴集团控股有限公司 Transaction data processing based on block chain, Transaction Inquiries method, device and equipment
CN110490741A (en) * 2019-08-13 2019-11-22 山大地纬软件股份有限公司 Data validity and the apparatus and method of controllability management in a kind of block chain
CN110555772A (en) * 2019-09-06 2019-12-10 深圳前海微众银行股份有限公司 Certificate verification method, device, equipment and readable storage medium
WO2021043063A1 (en) * 2019-09-06 2021-03-11 深圳前海微众银行股份有限公司 Certificate verification method, apparatus, and device, and readable storage medium
WO2021063045A1 (en) * 2019-09-30 2021-04-08 支付宝(杭州)信息技术有限公司 Blockchain-based transaction query method, apparatus and device, and blockchain-based transaction data processing method, apparatus and device
US10919497B1 (en) * 2019-10-09 2021-02-16 Ford Global Technologies, Llc Systems and methods for starting a vehicle using a secure password entry system
KR20210051077A (en) * 2019-10-29 2021-05-10 성균관대학교산학협력단 Methods and systems for managing identification based on blockchain
CN111191212A (en) * 2019-12-31 2020-05-22 卓尔智联(武汉)研究院有限公司 Block chain-based digital certificate processing method, device, equipment and storage medium
WO2021173266A1 (en) * 2020-02-28 2021-09-02 Microsoft Technology Licensing, Llc Presentation of a verifiable credential having usage data
CN111669386A (en) * 2020-05-29 2020-09-15 武汉理工大学 Access control method and device based on token and supporting object attribute
CN112702323A (en) * 2020-12-14 2021-04-23 杭州溪塔科技有限公司 Method and device for verifying license issue of block chain software and electronic equipment
CN112508578A (en) * 2021-02-04 2021-03-16 支付宝(杭州)信息技术有限公司 Resource transfer request verification and sending method and device based on block chain
CN113343208A (en) * 2021-05-20 2021-09-03 网易(杭州)网络有限公司 Certificate authorization method, device, terminal and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于区块链的科学数据标识技术创新应用模式;王姝;晏敏;刘佳;周启惠;郭志斌;王雅哲;周园春;;数据与计算发展前沿(第06期);全文 *

Also Published As

Publication number Publication date
CN113746640A (en) 2021-12-03

Similar Documents

Publication Publication Date Title
TWI713855B (en) Certificate management method and system
US10091184B2 (en) Continuous multi-factor authentication
CN110598482B (en) Digital certificate management method, device, equipment and storage medium based on blockchain
WO2017186100A1 (en) Identity authentication method, system and device
US8572701B2 (en) Authenticating via mobile device
CN110826043B (en) Digital identity application system and method, identity authentication system and method
US9571494B2 (en) Authorization server and client apparatus, server cooperative system, and token management method
CN108293045A (en) Single sign-on identity management between local and remote systems
CA3026227A1 (en) Biometric identification and verification among iot devices and applications
CN113273133B (en) Token management layer for automatic authentication during communication channel interactions
CN110601858B (en) Certificate management method and device
US20210014064A1 (en) Method and apparatus for managing user authentication in a blockchain network
CN113343208A (en) Certificate authorization method, device, terminal and storage medium
CN111488596A (en) Data processing permission verification method and device, electronic equipment and storage medium
CN106464502A (en) Methods and systems for authentication of a communication device
CN108369614A (en) User authen method and system for carrying out the process
WO2018233584A1 (en) Method, device, computer apparatus, and storage medium for transferring account value
WO2018140832A1 (en) Managing distributed content using layered permissions
CN114844629A (en) Verification method and device of block chain account, computer equipment and storage medium
CN113746640B (en) Digital certificate using method, device, computer equipment and storage medium
CN113506100B (en) Alliance chain data processing method, device, computer equipment and storage medium
CN109428725A (en) Information processing equipment, control method and storage medium
Mustafić et al. Behavioral biometrics for persistent single sign-on
CN113506108A (en) Account management method, device, terminal and storage medium
US12014363B2 (en) Apparatus and methods for non-fungible tokens as universal digital identification

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant