CN114157414A - Identity certificate generation method, identity certificate verification method and identity certificate verification system related to digital currency - Google Patents

Identity certificate generation method, identity certificate verification method and identity certificate verification system related to digital currency Download PDF

Info

Publication number
CN114157414A
CN114157414A CN202010948246.7A CN202010948246A CN114157414A CN 114157414 A CN114157414 A CN 114157414A CN 202010948246 A CN202010948246 A CN 202010948246A CN 114157414 A CN114157414 A CN 114157414A
Authority
CN
China
Prior art keywords
identity
abstract
transaction
request
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010948246.7A
Other languages
Chinese (zh)
Inventor
杜辉强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Rendong Holding Co ltd
Original Assignee
Rendong Holding Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Rendong Holding Co ltd filed Critical Rendong Holding Co ltd
Publication of CN114157414A publication Critical patent/CN114157414A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention discloses a method for generating and verifying an identity certificate of digital currency and a system thereof, relating to the technical field of Internet. A specific implementation mode of the method is applied to an authentication end and comprises the following steps: receiving a generation request of an identity certificate, wherein the generation request comprises identity information of a user and a first abstract generated after the identity information is signed by a first private key of the user; verifying the first abstract by using a first public key corresponding to the first private key, and authenticating the identity information when the verification is passed; when the authentication is passed, the second private key is used for signing the identity information and the first abstract to generate a second abstract; and generating an identity certificate according to the identity information, the first abstract and the second abstract, and sending the identity certificate to the user. The embodiment can add the incidence relation between the user and the identity certificate into the identity certificate, and further can determine whether the holder of the identity certificate uses the identity certificate of other people or not when the identity certificate is verified.

Description

Identity certificate generation method, identity certificate verification method and identity certificate verification system related to digital currency
Technical Field
The invention relates to the technical field of internet, in particular to an identity certificate generation method, an identity certificate verification method and an identity certificate verification system for digital currency.
Background
An identity credential is essentially an electronic document that identifies the identity information of the parties to a communication in an internet communication, which people can use to identify a user on a network. The identity certificate is issued by an authoritative issuing organization, and in the communication process, the verifying party determines whether the identity of the holder is real or not by verifying whether the identity certificate is legal or not.
In the process of implementing the invention, the inventor finds that at least the following problems exist in the prior art:
the verifying party only verifies that the identity certificate is legal and then confirms that the identity of the holder is real. However, after the identity certificate is issued by the issuing authority, the identity certificate may be falsely used by other people except the user to which the identity certificate belongs, and at this time, the situations that the identity certificate is legal, the identity of the holder is not actually real, but the authentication party determines that the identity of the holder is real occur.
Disclosure of Invention
In view of the above, embodiments of the present invention provide an identity certificate generation method, an identity certificate verification method, and an identity certificate verification system for digital currency, in which when an identity certificate is generated, a first digest generated after a first private key of a user signs identity information of the user and a second digest generated after a second private key of an authentication end signs the identity information of the user and the first digest are added, so that an association relationship between the user and the identity certificate can be added to the identity certificate, and when the identity certificate is verified, it is possible to verify whether the identity certificate is authentic by verifying the second digest in the identity certificate, and also verify whether a holder and the identity certificate have the association relationship by the first digest in the identity certificate, so that it is possible to determine whether the holder uses the identity certificates of other people.
To achieve the above object, according to an aspect of an embodiment of the present invention, there is provided a method of generating an identity certificate with respect to digital money.
The identity certificate generation method related to digital currency of the embodiment of the invention is applied to an authentication end and comprises the following steps:
receiving a generation request of an identity certificate, wherein the generation request comprises identity information of a user and a first abstract generated after the identity information is signed by a first private key of the user;
verifying the first abstract by using a first public key corresponding to the first private key, and authenticating the identity information when the verification is passed;
when the authentication is passed, the second private key is used for signing the identity information and the first abstract to generate a second abstract;
and generating an identity certificate according to the identity information, the first abstract and the second abstract, and sending the identity certificate to the user.
Alternatively,
the first public key and the first private key are generated according to identity information of the user.
Alternatively,
the first public key is identity information of the user.
Alternatively,
before signing the identity information and the first digest using the second private key, generating a second digest, the method further comprises:
initiating a key generation request to a key generation system, wherein the key generation request comprises public information of a request end;
and receiving a second public key and a second private key returned by the key generation system according to the public information in the key generation request.
To achieve the above object, according to another aspect of the embodiments of the present invention, there is provided an authentication method for digital currency.
The identity certificate verification method related to digital currency of the embodiment of the invention is applied to a transaction end and comprises the following steps:
receiving a transaction request about digital currency, wherein the transaction request comprises an identity certificate and transaction information, the identity certificate comprises identity information of a user, a first abstract generated after the identity information is signed by a first private key of the user, and a second abstract generated after an authentication end uses an authentication second private key to sign the identity information and the first abstract;
verifying the identity certificate by using a first public key and a second public key corresponding to the first private key and the second private key respectively;
when the authentication is passed, a transaction with respect to the digital money is effected according to the transaction information.
Alternatively,
the method for verifying the identity certificate by utilizing the first public key and the second public key respectively corresponding to the first private key and the second private key comprises the following steps:
generating a third abstract according to the second public key, the first abstract and the identity information;
when the third abstract is the same as the second abstract, generating a fourth abstract according to the first public key and the identity information;
and when the fourth digest is the same as the first digest, determining that the identity certificate is verified.
To achieve the above object, according to still another aspect of the embodiments of the present invention, there is provided an identity certificate generation method for digital currency.
The identity certificate generation method related to digital currency of the embodiment of the invention is applied to a request end and comprises the following steps:
signing the identity information of the user according to a first private key of the user to generate a first abstract;
generating a generation request of the identity certificate according to the first abstract and the identity information, and sending the generation request to an authentication end of the identity certificate;
and receiving the identity certificate returned by the authentication terminal after the first abstract and the identity information in the verification generation request pass.
Alternatively,
after receiving the identity credential returned by the authentication end after the first digest and the identity information in the request for generating are verified to pass, the method further comprises:
and generating a transaction request related to the digital currency according to the identity voucher and the transaction information, and sending the transaction request to the transaction terminal so as to perform a transaction related to the digital currency with the transaction terminal according to the transaction request.
To achieve the above object, according to still another aspect of the embodiments of the present invention, there is provided an authentication peer.
The authentication terminal of the embodiment of the invention comprises a generation request receiving module, an authentication module, a second abstract generation module and an identity certificate generation module; wherein:
the generation request receiving module is used for receiving a generation request of the identity certificate, wherein the generation request comprises identity information of a user and a first abstract generated after the identity information is signed by a first private key of the user;
the authentication module is used for verifying the first abstract by using a first public key corresponding to the first private key received by the generation request receiving module, and authenticating the identity information when the verification is passed;
the second abstract generating module is used for signing the identity information and the first abstract by using a second private key to generate a second abstract when the authentication of the authentication module is passed;
and the identity certificate generating module is used for generating the identity certificate according to the identity information received by the generating request receiving module, the first abstract and the second abstract generated by the second abstract generating module, and sending the identity certificate to the user.
Alternatively,
the first public key and the first private key are generated according to identity information of the user.
Alternatively,
the first public key is identity information of the user.
Alternatively,
the authentication end also comprises a key request module and a key receiving module; wherein:
the key generation system comprises a key request module, a key generation module and a key generation module, wherein the key request module is used for initiating a key generation request to the key generation system, and the key generation request comprises public information of a request end;
and the key receiving module is used for receiving a second public key and a second private key which are returned by the key generation system according to the public information in the key generation request initiated by the key request module.
To achieve the above object, according to another aspect of the embodiments of the present invention, a transaction terminal is provided.
The transaction terminal of the embodiment of the invention comprises a transaction request receiving module, a verification module and a transaction execution module; wherein:
the transaction request receiving module is used for receiving a transaction request related to the digital currency, wherein the transaction request comprises an identity certificate and transaction information, the identity certificate comprises identity information of a user, a first abstract generated after a first private key of the user signs the identity information, and a second abstract generated after an authentication end uses an authentication second private key to sign the identity information and the first abstract;
the verification module is used for verifying the identity certificate by utilizing a first public key and a second public key which respectively correspond to the first private key and the second private key received by the transaction request receiving module;
and the transaction execution module is used for realizing the transaction related to the digital currency according to the transaction information received by the transaction request receiving module when the verification module passes the verification.
Alternatively,
the verification module is to: generating a third abstract according to the second public key, the first abstract and the identity information; when the third abstract is the same as the second abstract, generating a fourth abstract according to the first public key and the identity information; and when the fourth digest is the same as the first digest, determining that the identity certificate is verified.
To achieve the above object, according to still another aspect of the embodiments of the present invention, a request side is provided.
The request end of the embodiment of the invention comprises a first abstract generating module, a generating request sending module and an identity certificate receiving module; wherein:
the first abstract generating module is used for signing the identity information of the user according to a first private key of the user to generate a first abstract;
the generation request sending module is used for generating a generation request of the identity certificate according to the first abstract generated by the first abstract generating module and the identity information and sending the generation request to an authentication end of the identity certificate;
and the identity certificate receiving module is used for receiving the identity certificate returned by the authentication terminal after the first abstract and the identity information in the generation request sent by the verification generation request sending module pass.
Alternatively,
the request end also comprises a transaction request sending module; wherein:
and the transaction request sending module is used for generating a transaction request related to the digital currency according to the identity voucher and the transaction information, and sending the transaction request to the transaction end so as to carry out transaction related to the digital currency with the transaction end according to the transaction request.
To achieve the above object, according to still another aspect of an embodiment of the present invention, there is provided an identity credential generation system with respect to digital currency.
The system for generating the identity certificate of the embodiment of the invention comprises: any one authentication end, any one transaction end and any one request end provided in the embodiments of the present invention are provided.
To achieve the above object, according to still another aspect of the embodiments of the present invention, there is provided an apparatus for generating an identity certificate with respect to digital money.
The identity certificate generation device of the embodiment of the invention comprises: one or more processors; a storage device for storing one or more programs which, when executed by one or more processors, cause the one or more processors to implement a method for generating an identity credential in digital currency or a method for verifying an identity credential in digital currency according to an embodiment of the present invention.
To achieve the above object, according to still another aspect of embodiments of the present invention, there is provided a computer-readable storage medium.
A computer-readable storage medium of an embodiment of the present invention stores thereon a computer program, and when executed by a processor, the computer program implements a method for generating an identity credential or a method for verifying an identity credential of an embodiment of the present invention.
One embodiment of the above invention has the following advantages or benefits:
1. and after the authentication passes, a second private key is used for signing the identity information and the first abstract to generate a second abstract, and the second abstract, the identity information and the first abstract are used as the identity certificate and are sent to the user. It can be seen from the above description that, when generating an identity certificate, a first digest generated after a first private key of a user signs identity information of the user and a second digest generated after a second private key of an authentication end signs the identity information of the user and the first digest are added, and an association relationship between the user and the identity certificate can be added to the identity certificate, so that when verifying the identity certificate, it can be verified whether the identity certificate is authentic by verifying the second digest in the identity certificate, and it can be verified whether a holder and the identity certificate have the association relationship by verifying the first digest in the identity certificate, thereby determining whether the holder uses the identity certificates of other people.
2. At a transaction end, after receiving a transaction request about digital currency including an identity certificate and transaction information, a second abstract in the identity certificate is verified by using a second public key to determine whether the identity certificate is a trusty certificate, a first abstract in the identity certificate is verified by using a first public key to determine whether a holder is a user to which the identity certificate belongs, and if the two verifications are passed, the transaction about the digital currency is completed according to the transaction information. As can be seen from the above description, when the identity certificate is verified, the second digest is verified according to the second public key to determine whether the identity certificate is trusted, and the first digest is verified according to the first public key to determine whether the person initiating the transaction, that is, the holder of the identity certificate is trusted, so that whether the holder uses the identity certificates of other persons can be determined, and the security of the transaction is further improved.
3. The method comprises the steps that at one side of a request end, identity information of a user is signed according to a first private key of the user to generate a first abstract, and then the identity information and the first abstract are used as a generation request of an identity certificate and sent to an authentication end to obtain the identity certificate of the user. As can be seen from the above description, when an identity credential is requested to be generated, a requesting terminal signs identity information of a user by using a first private key of the user, and sends a first digest generated after the signing to an authenticating terminal, so that the identity credential generated by the authenticating terminal includes an association relationship between the user and the identity credential, and further, when the identity credential is verified, whether a holder and the identity credential have the association relationship can be verified through the first digest in the identity credential, so that whether the holder uses the identity credentials of other people can be determined.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
fig. 1 is a schematic diagram of the main steps of an identity credential generation method for digital currency applied to an authentication end according to an embodiment of the present invention;
FIG. 2 is a diagram of the main steps of an authentication method for digital currency applied to a transaction end according to an embodiment of the present invention;
FIG. 3 is a diagram of the main steps of an identity document generation method for digital currency applied to a requesting end according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of the main modules of an authentication end according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of the major modules of a transaction end according to an embodiment of the invention;
FIG. 6 is a diagram illustrating major modules of a requester according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of an identity credential generation system in relation to digital currency in accordance with an embodiment of the invention;
FIG. 8 is an exemplary system architecture diagram in which embodiments of the present invention may be employed;
fig. 9 is a schematic structural diagram of a computer system suitable for implementing a terminal device or a server according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
It should be noted that the embodiments of the present invention and the technical features of the embodiments may be combined with each other without conflict.
Fig. 1 is a schematic diagram of the main steps of an identity credential generation method for digital currency applied to an authentication end according to an embodiment of the present invention.
As shown in fig. 1, an identity credential generation method related to digital currency according to an embodiment of the present invention mainly includes the following steps:
step S101: and receiving a generation request of the identity certificate, wherein the generation request comprises identity information of the user and a first digest generated after the identity information is signed by a first private key of the user.
In the embodiment of the invention, the identity certificate is an electronic document which comprises user identity information and is used for identifying the identity of a user, and comprises an electronic identity card, a medical insurance electronic certificate and the like of a natural person, an electronic business license, an electronic signature and the like of an enterprise, a digital certificate of software or a website and the like.
In the embodiment of the invention, before the user provides the identity information to the authentication terminal, the identity information is signed by using the first private key special for the user to generate the first abstract so as to establish the association relationship between the user and the identity information. When the authentication end generates the identity certificate according to the identity information, the first abstract can be written into the identity certificate so as to establish the association relationship between the user and the identity certificate. Based on the association relationship between the user and the identity certificate established by the first abstract, when other people illegally hold the identity certificate of the user to carry out transaction, the transaction end can identify that the holder is inconsistent with the user to which the identity certificate belongs, so that the opposite party of the transaction is judged to falsely use the identity certificate, and the transaction with the identity certificate is refused.
Step S102: and verifying the first abstract by using a first public key corresponding to the first private key, and authenticating the identity information when the verification is passed.
In the embodiment of the invention, the first public key and the first private key of the user can be generated by adopting an IBC (Identity-Based Cryptograph, password Based on Identity) system, so that the user can directly use own Identity information as the first public key, or modify the own Identity information according to a certain rule and then use the modified Identity information as the first public key, and then generate the corresponding first private key according to the first public key, thereby the virtual currency system for docking a bank in the future is more efficient. The identity information may be an identity card number of the user or a mobile phone number of the user, and if the user is an enterprise, the identity information may also be a unified social credit code of the enterprise, which is not limited in the embodiment of the present invention. For example, a user selects to use his/her mobile phone number to generate a first public key, the last digit of the mobile phone number may be changed to the letter "a" according to a preset rule and then used as the first public key, and then a corresponding first private key is generated to sign identity information, a first digest is generated, and then the identity information, the first digest and the first public key are sent to an authentication end, and the authentication end verifies the first digest according to the first public key.
In the embodiment of the present invention, the process of obtaining the first public key according to the identity information of the user and generating the first private key according to the first public key may be completed by the key generation system. Specifically, the method comprises the following steps: a user initiates a key generation request to a key generation system, wherein the key generation request comprises identity information of the user; and receiving a first public key and a first private key returned by the key generation system according to the key generation request, wherein the first public key and the first private key are related to the identity information.
In a preferred embodiment of the invention, the first public key is identity information of the user. For example, a user initiates a key generation request to a key generation system, where the key generation request includes a mobile phone number of the user, and after receiving the key generation request, the key generation system substitutes the mobile phone number as a first public key into a preset function, uses an output character string as a first private key corresponding to the first public key, and then returns the first private key to the user. As can be seen from the above description, based on the IBC system, the user may select to directly use the identity information as the first public key, or may select to change the identity information to some extent and then use the changed identity information as the first public key, so that the obtained first public key has fewer digits, and the amount of data transmitted during the process of generating and verifying the identity credential is reduced.
In the embodiment of the invention, the generation request of the identity certificate can comprise a first public key, and the first public key, the identity information and the first abstract I are sent to the authentication end; or when a request sent by the authentication end to acquire the first public key is received, the first public key is independently sent to the authentication end so as to increase the security of data transmission; the first public key can be identified in the identity information under the condition that the identity information of the user is directly used as the first public key, or the authentication end is independently informed of which piece of identity information is used as the first public key, so that the data volume transmitted in the process of generating the identity certificate is further reduced. The method for the authentication end to obtain the first public key is not specifically limited in this scheme.
In the embodiment of the invention, the authentication end authenticates the identity information of the user after verifying that the first abstract is correct according to the first public key, and the authentication can be completed by automatically comparing the first abstract with data in a database on line or manually retrieving the database off line to perform data comparison.
Step S103: and when the authentication is passed, the second private key is used for signing the identity information and the first abstract, and a second abstract is generated.
In the embodiment of the invention, the authentication end uses a second private key exclusive to the authentication end to sign the identity information of the user and the first abstract, and generates a second abstract, wherein the second abstract is a proof that the authentication end passes the identity information authentication of the user. Since the certification authority is generally a government or a large enterprise and has high public credibility, the users who pass the certification authority also have credibility.
In an embodiment of the present invention, before signing the identity information and the first digest using the second private key and generating the second digest, the method further includes: initiating a key generation request to a key generation system, wherein the key generation request comprises public information of a request end; and receiving a second public key and a second private key returned by the key generation system according to the public information in the key generation request.
In the embodiment of the invention, the second public key and the second private key of the authentication end can also be generated by adopting an IBC system, so that the authentication end can directly use the own public information as the second public key, also can modify the own public information according to a certain rule and then use the modified public information as the second public key, and then generate the corresponding second private key according to the second public key, thus the virtual currency system for docking a bank in the future is more efficient. Since the certification authority is generally a government or a large-scale enterprise, the public information is generally a name of the government or a unified social credit code of the enterprise, and the embodiment of the present invention is not particularly limited. For example, an enterprise may choose to use its own unified social credit code to generate a second public key, and may change the last digit of the code into the letter "a" according to a preset rule to serve as the second public key, and then generate a corresponding second private key to sign the user's identity information and the first digest, and generate a second digest.
In a preferred embodiment of the invention, the second public key is public information of the authenticator. For example, a government may directly use its own name as the second public key, and a second private key generated based on the second public key may be unknown to others. Therefore, the number of bits of the second public key is reduced, and the second public key is public because the government name is public information, so that the authentication end does not need to provide the second public key to the request end when returning the identity certificate to the request end, and does not need to provide the second public key when the request end sends the identity certificate to the transaction end, and the data volume transmitted in the process of generating and verifying the identity certificate is greatly reduced.
Step S104: and generating an identity certificate according to the identity information, the first abstract and the second abstract, and sending the identity certificate to the user.
According to the method for generating the identity certificate, provided by the embodiment of the invention, on the authentication end side, after the generation request of the identity certificate is received, the first abstract included in the generation request is verified, after the verification is passed, the identity information included in the generation request is authenticated, after the authentication is passed, the second private key is used for signing the identity information and the first abstract, the second abstract is generated, and the second abstract, the identity information and the first abstract are used as the identity certificate to be sent to the user. It can be seen from the above description that, when generating an identity certificate, a first digest generated after a first private key of a user signs identity information of the user and a second digest generated after a second private key of an authentication end signs the identity information of the user and the first digest are added, and an association relationship between the user and the identity certificate can be added to the identity certificate, so that when verifying the identity certificate, it can be verified whether the identity certificate is authentic by verifying the second digest in the identity certificate, and it can be verified whether a holder and the identity certificate have the association relationship by verifying the first digest in the identity certificate, thereby determining whether the holder uses the identity certificates of other people.
Fig. 2 is a schematic diagram of the main steps of an identity credential verification method for digital currency applied to a transaction end according to an embodiment of the present invention.
As shown in fig. 2, an identity certificate verification method for digital currency according to an embodiment of the present invention mainly includes the following steps:
step S201: the method comprises the steps of receiving a transaction request related to the digital currency, wherein the transaction request comprises an identity certificate and transaction information, the identity certificate comprises identity information of a user, a first abstract generated after the identity information is signed by a first private key of the user, and a second abstract generated after an authentication end uses an authentication second private key to sign the identity information and the first abstract.
Step S202: and verifying the identity certificate by using a first public key and a second public key which respectively correspond to the first private key and the second private key.
In the embodiment of the present invention, when the first public key and the second public key corresponding to the first private key and the second private key are used to verify the identity credential, the preferred verification sequence is as follows: firstly, decrypting the first abstract and the identity information according to the second public key and carrying out hash operation to generate a third abstract, wherein if the third abstract is the same as the second abstract, the identity certificate is issued by a trusted authentication end, so that the identity certificate is trusted; and then, the identity information is decrypted according to the first public key and subjected to hash operation to generate a fourth digest, and if the fourth digest is the same as the first digest, the holder of the identity certificate can be trusted, so that the identity certificate is determined to be verified.
In the embodiment of the invention, the first public key and the second public key can be sent to the transaction end together with the identity certificate and the transaction information by the request end through the transaction request, or can be sent by the request end after receiving the transaction request. If the first public key is the identity information of the user, the request end can also identify the first public key in the identity information, or independently inform the transaction end which identity information is used as the first public key, so as to further reduce the data volume transmitted in the process of verifying the identity certificate. If the second public key is the public information of the authentication end, the transaction end can also directly acquire the second public key from the authentication end in advance, so that the data volume transmitted in the process of verifying the identity certificate is reduced. The method for the transaction end to obtain the first public key and the second public key is not specifically limited in this scheme.
Step S203: when the authentication is passed, a transaction requested by the transaction request with respect to the digital money is effected according to the transaction information.
According to the authentication method of the identity certificate of the embodiment of the invention, after a transaction request which comprises the identity certificate and transaction information and relates to digital currency is received at one side of a transaction end, a second abstract in the identity certificate is firstly authenticated by using a second public key so as to determine whether the identity certificate is a trusty certificate, a first abstract in the identity certificate is then authenticated by using a first public key so as to determine whether a holder is a user to which the identity certificate belongs, and if the two authentications are both passed, the transaction relating to the digital currency is completed according to the transaction information. As can be seen from the above description, when the identity certificate is verified, the second digest is verified according to the second public key to determine whether the identity certificate is trusted, and the first digest is verified according to the first public key to determine whether the person initiating the transaction, that is, the holder of the identity certificate is trusted, so that whether the holder uses the identity certificates of other persons can be determined, and the security of the transaction is further improved.
Fig. 3 is a schematic diagram of the main steps of an identity credential generation method for digital currency applied to a requesting end according to an embodiment of the present invention.
As shown in fig. 3, an identity credential generation method related to digital currency according to an embodiment of the present invention mainly includes the following steps:
step S301: and signing the identity information of the user according to a first private key of the user to generate a first abstract.
In the embodiment of the invention, the user can input the identity information and the first private key in the browser or app page, then the request terminal is triggered by clicking the page button to sign the identity information according to the first private key, and a first abstract is generated, wherein the first abstract can be displayed to the user in the browser or app page or can not be displayed to the user.
Step S302: and generating a generation request of the identity certificate according to the first abstract and the identity information, and sending the generation request to an authentication end of the identity certificate.
Step S303: and receiving the identity certificate returned by the authentication terminal after the first abstract and the identity information in the verification generation request pass.
In the embodiment of the present invention, receiving the identity credential returned by the authentication end includes: the identity information of the user, the first abstract and a second abstract generated after the authentication end signs the identity information and the first abstract by using a second private key.
In the embodiment of the present invention, after receiving an identity credential returned by an authentication end after a first digest and identity information in a verification generation request pass, the method further includes: and generating a transaction request related to the digital currency according to the identity voucher and the transaction information, and sending the transaction request to the transaction terminal so as to perform a transaction related to the digital currency with the transaction terminal according to the transaction request.
According to the identity certificate generation method related to the digital currency, disclosed by the embodiment of the invention, at the side of a request end, the identity information of a user is signed according to a first private key of the user to generate a first abstract, and then the identity information and the first abstract are used as a generation request of the identity certificate and sent to an authentication end to obtain the identity certificate of the user. As can be seen from the above description, when an identity credential is requested to be generated, a requesting terminal signs identity information of a user by using a first private key of the user, and sends a first digest generated after the signing to an authenticating terminal, so that the identity credential generated by the authenticating terminal includes an association relationship between the user and the identity credential, and further, when the identity credential is verified, whether a holder and the identity credential have the association relationship can be verified through the first digest in the identity credential, so that whether the holder uses the identity credentials of other people can be determined.
Fig. 4 is a schematic diagram of main modules of an authentication end according to an embodiment of the present invention.
As shown in fig. 4, an authentication peer 400 according to an embodiment of the present invention includes: a generation request receiving module 401, an authentication module 402, a second digest generation module 403 and an identity credential generation module 404; wherein:
a generation request receiving module 401, configured to receive a generation request of an identity credential, where the generation request includes identity information of a user and a first digest generated after the identity information is signed by a first private key of the user;
an authentication module 402, configured to verify the first digest by using a first public key corresponding to the first private key received by the generation request receiving module 401, and authenticate the identity information when the verification passes;
a second digest generation module 403, configured to sign the identity information and the first digest by using a second private key to generate a second digest when the authentication module 402 passes the authentication;
the identity credential generating module 404 is configured to generate an identity credential according to the identity information received by the generation request receiving module 401, the first digest and the second digest generated by the second digest generating module 403, and send the identity credential to the user.
In the embodiment of the invention, the first public key and the first private key are generated according to the identity information of the user.
In the embodiment of the present invention, the first public key is the identity information of the user.
In the embodiment of the present invention, the authentication end 400 further includes a key request module and a key receiving module; wherein: the key generation system comprises a key request module, a key generation module and a key generation module, wherein the key request module is used for initiating a key generation request to the key generation system, and the key generation request comprises public information of a request end; and the key receiving module is used for receiving a second public key and a second private key which are returned by the key generation system according to the public information in the key generation request initiated by the key request module.
According to the authentication terminal of the embodiment of the invention, after receiving the generation request of the identity certificate, the authentication terminal verifies the first abstract included in the generation request, after the verification is passed, the authentication is performed on the identity information included in the generation request, after the authentication is passed, the second private key is used for signing the identity information and the first abstract, the second abstract is generated, and the second abstract, the identity information and the first abstract are used as the identity certificate and are sent to the user. It can be seen from the above description that, when generating an identity certificate, a first digest generated after a first private key of a user signs identity information of the user and a second digest generated after a second private key of an authentication end signs the identity information of the user and the first digest are added, and an association relationship between the user and the identity certificate can be added to the identity certificate, so that when verifying the identity certificate, it can be verified whether the identity certificate is authentic by verifying the second digest in the identity certificate, and it can be verified whether a holder and the identity certificate have the association relationship by verifying the first digest in the identity certificate, thereby determining whether the holder uses the identity certificates of other people.
Fig. 5 is a schematic diagram of main modules of a transaction terminal according to an embodiment of the invention.
As shown in fig. 5, a transaction terminal 500 according to an embodiment of the present invention includes: a transaction request receiving module 501, a verification module 502 and a transaction execution module 503; wherein:
a transaction request receiving module 501, configured to receive a transaction request related to digital currency, where the transaction request includes an identity credential and transaction information, the identity credential includes identity information of a user, a first digest generated after the identity information is signed by a first private key of the user, and a second digest generated after an authentication end uses an authentication second private key to sign the identity information and the first digest;
the verification module 502 is configured to verify the identity credential by using a first public key and a second public key corresponding to the first private key and the second private key received by the transaction request receiving module 501, respectively;
a transaction executing module 503, configured to implement a transaction with respect to the digital currency according to the transaction information received by the transaction request receiving module 501 when the verification module 502 verifies the pass.
In this embodiment of the present invention, the verification module 502 is configured to: generating a third abstract according to the second public key, the first abstract and the identity information; when the third abstract is the same as the second abstract, generating a fourth abstract according to the first public key and the identity information; and when the fourth digest is the same as the first digest, determining that the identity certificate is verified.
According to the transaction terminal of the embodiment of the invention, after a transaction request which comprises an identity certificate and transaction information and relates to digital currency is received at one side of the transaction terminal, a second abstract in the identity certificate is firstly verified by using a second public key to determine whether the identity certificate is a trusty certificate, a first abstract in the identity certificate is verified by using a first public key to determine whether a holder is a user to which the identity certificate belongs, and if the two verifications are passed, the transaction relating to the digital currency is completed according to the transaction information. As can be seen from the above description, when the identity certificate is verified, the second digest is verified according to the second public key to determine whether the identity certificate is trusted, and the first digest is verified according to the first public key to determine whether the person initiating the transaction, that is, the holder of the identity certificate is trusted, so that whether the holder uses the identity certificates of other persons can be determined, and the security of the transaction is further improved.
Fig. 6 is a schematic diagram of main modules of a request end according to an embodiment of the present invention.
As shown in fig. 6, a request end 600 according to an embodiment of the present invention includes: a first abstract generating module 601, a generating request sending module 602 and an identity credential receiving module 603; wherein:
the first digest generation module 601 is configured to sign identity information of a user according to a first private key of the user, and generate a first digest;
a generation request sending module 602, configured to generate a generation request of the identity credential according to the first digest and the identity information generated by the first digest generation module 601, and send the generation request to an authentication end of the identity credential;
the identity credential receiving module 603 is configured to receive an identity credential returned by the authentication end after the first digest and the identity information in the generation request sent by the verification generation request sending module 602 pass.
In the embodiment of the present invention, the request end 600 further includes a transaction request sending module; wherein: and the transaction request sending module is used for generating a transaction request related to the digital currency according to the identity voucher and the transaction information, and sending the transaction request to the transaction end so as to carry out transaction related to the digital currency with the transaction end according to the transaction request.
According to the request terminal of the embodiment of the invention, the identity information of the user is signed according to the first private key of the user at one side of the request terminal to generate the first abstract, and then the identity information and the first abstract are used as the generation request of the identity certificate and sent to the authentication terminal to obtain the identity certificate of the user. As can be seen from the above description, when an identity credential is requested to be generated, a requesting terminal signs identity information of a user by using a first private key of the user, and sends a first digest generated after the signing to an authenticating terminal, so that the identity credential generated by the authenticating terminal includes an association relationship between the user and the identity credential, and further, when the identity credential is verified, whether a holder and the identity credential have the association relationship can be verified through the first digest in the identity credential, so that whether the holder uses the identity credentials of other people can be determined.
Fig. 7 is a schematic diagram of an identity credential generation system according to an embodiment of the present invention.
As shown in fig. 7, an identity credential generation system 700 for digital currency according to an embodiment of the present invention includes: any one of the authentication end 400, any one of the transaction end 500, and any one of the request end 600 provided in the embodiments of the present invention described above.
Fig. 8 illustrates an exemplary system architecture 800 of an identity credential generation method, verification method, or an authentication side, transaction side, or request side with respect to digital currency, to which embodiments of the present invention may be applied.
As shown in fig. 8, the system architecture 800 may include terminal devices 801, 802, 803, a network 804, and a server 805. The network 804 serves to provide a medium for communication links between the terminal devices 801, 802, 803 and the server 805. Network 804 may include various types of connections, such as wire, wireless communication links, or fiber optic cables, to name a few.
A user may use the terminal devices 801, 802, 803 to interact with a server 805 over a network 804 to receive or send messages or the like. The terminal devices 801, 802, 803 may have installed thereon various communication client applications, such as shopping applications, web browser applications, search applications, instant messaging tools, mailbox clients, social platform software, and the like.
The terminal devices 801, 802, 803 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 805 may be a server that provides various services, such as a background management server that supports shopping websites browsed by users using the terminal devices 801, 802, 803. The background management server may analyze and perform other processing on the received data such as the product information query request, and feed back a processing result (e.g., target push information and product information) to the terminal device.
It should be understood that the number of terminal devices, networks, and servers in fig. 8 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 9, shown is a block diagram of a computer system 900 suitable for use with a terminal device implementing an embodiment of the present invention. The terminal device shown in fig. 9 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 9, the computer system 900 includes a Central Processing Unit (CPU)901 that can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)902 or a program loaded from a storage section 908 into a Random Access Memory (RAM) 903. In the RAM 903, various programs and data necessary for the operation of the system 900 are also stored. The CPU 901, ROM 902, and RAM 903 are connected to each other via a bus 904. An input/output (I/O) interface 905 is also connected to bus 904.
The following components are connected to the I/O interface 905: an input portion 906 including a keyboard, a mouse, and the like; an output section 907 including components such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 908 including a hard disk and the like; and a communication section 909 including a network interface card such as a LAN card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 905 as necessary. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 910 as necessary, so that a computer program read out therefrom is mounted into the storage section 908 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 909, and/or installed from the removable medium 911. The above-described functions defined in the system of the present invention are executed when the computer program is executed by a Central Processing Unit (CPU) 901.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present invention may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: a processor includes a generation request receiving module, an authentication module, a second digest generation module, and an identity credential generation module. Where the names of these modules do not in some cases constitute a limitation on the module itself, for example, the generation request receiving module may also be described as a "module that receives a generation request for an identity credential".
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise: receiving a generation request of an identity certificate, wherein the generation request comprises identity information of a user and a first abstract generated after the identity information is signed by a first private key of the user; verifying the first abstract by using a first public key corresponding to the first private key, and authenticating the identity information when the verification is passed; when the authentication is passed, the second private key is used for signing the identity information and the first abstract to generate a second abstract; and generating an identity certificate according to the identity information, the first abstract and the second abstract, and sending the identity certificate to the user.
The computer readable medium carries one or more programs which, when executed by a device, cause the device to further include: receiving a transaction request about digital currency, wherein the transaction request comprises an identity certificate and transaction information, the identity certificate comprises identity information of a user, a first abstract generated after the identity information is signed by a first private key of the user, and a second abstract generated after an authentication end uses an authentication second private key to sign the identity information and the first abstract; verifying the identity certificate by using a first public key and a second public key corresponding to the first private key and the second private key respectively; when the authentication is passed, a transaction with respect to the digital money is effected according to the transaction information.
The computer readable medium carries one or more programs which, when executed by a device, cause the device to further include: signing the identity information of the user according to a first private key of the user to generate a first abstract; generating a generation request of the identity certificate according to the first abstract and the identity information, and sending the generation request to an authentication end of the identity certificate; and receiving the identity certificate returned by the authentication terminal after the first abstract and the identity information in the verification generation request pass.
According to the technical scheme of the embodiment of the invention, the following advantages or beneficial effects can be obtained:
1. and after the authentication passes, a second private key is used for signing the identity information and the first abstract to generate a second abstract, and the second abstract, the identity information and the first abstract are used as the identity certificate and are sent to the user. It can be seen from the above description that, when generating an identity certificate, a first digest generated after a first private key of a user signs identity information of the user and a second digest generated after a second private key of an authentication end signs the identity information of the user and the first digest are added, and an association relationship between the user and the identity certificate can be added to the identity certificate, so that when verifying the identity certificate, it can be verified whether the identity certificate is authentic by verifying the second digest in the identity certificate, and it can be verified whether a holder and the identity certificate have the association relationship by verifying the first digest in the identity certificate, thereby determining whether the holder uses the identity certificates of other people.
2. At a transaction end, after receiving a transaction request about digital currency including an identity certificate and transaction information, a second abstract in the identity certificate is verified by using a second public key to determine whether the identity certificate is a trusty certificate, a first abstract in the identity certificate is verified by using a first public key to determine whether a holder is a user to which the identity certificate belongs, and if the two verifications are passed, the transaction about the digital currency is completed according to the transaction information. As can be seen from the above description, when the identity certificate is verified, the second digest is verified according to the second public key to determine whether the identity certificate is trusted, and the first digest is verified according to the first public key to determine whether the person initiating the transaction, that is, the holder of the identity certificate is trusted, so that whether the holder uses the identity certificates of other persons can be determined, and the security of the transaction is further improved.
3. The method comprises the steps that at one side of a request end, identity information of a user is signed according to a first private key of the user to generate a first abstract, and then the identity information and the first abstract are used as a generation request of an identity certificate and sent to an authentication end to obtain the identity certificate of the user. As can be seen from the above description, when an identity credential is requested to be generated, a requesting terminal signs identity information of a user by using a first private key of the user, and sends a first digest generated after the signing to an authenticating terminal, so that the identity credential generated by the authenticating terminal includes an association relationship between the user and the identity credential, and further, when the identity credential is verified, whether a holder and the identity credential have the association relationship can be verified through the first digest in the identity credential, so that whether the holder uses the identity credentials of other people can be determined.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (19)

1. An identity certificate generation method for digital currency is applied to an authentication end and comprises the following steps:
receiving a generation request of an identity certificate, wherein the generation request comprises identity information of a user and a first digest generated after the identity information is signed by a first private key of the user;
verifying the first abstract by using a first public key corresponding to the first private key, and authenticating the identity information when the verification is passed;
when the authentication is passed, a second private key is used for signing the identity information and the first abstract to generate a second abstract;
and generating the identity certificate according to the identity information, the first abstract and the second abstract, and sending the identity certificate to a user.
2. The method of claim 1,
the first public key and the first private key are generated according to identity information of the user.
3. The method of claim 2,
the first public key is identity information of the user.
4. The method of claim 1, wherein prior to said signing the identity information and the first digest using a second private key to generate a second digest, the method further comprises:
initiating a key generation request to a key generation system, wherein the key generation request comprises public information of the request terminal;
and receiving a second public key and a second private key returned by the key generation system according to the public information in the key generation request.
5. An identity certificate verification method for digital currency is applied to a transaction end and comprises the following steps:
receiving a transaction request about digital currency, wherein the transaction request comprises an identity certificate and transaction information, the identity certificate comprises identity information of a user, a first digest generated after a first private key of the user signs the identity information, and a second digest generated after an authentication end signs the identity information and the first digest by using an authentication second private key;
verifying the identity certificate by using a first public key and a second public key respectively corresponding to the first private key and the second private key;
when the verification is passed, a transaction is effected with respect to the digital currency according to the transaction information.
6. The method according to claim 5, wherein the verifying the identity credential by using the first public key and the second public key respectively corresponding to the first private key and the second private key comprises:
generating a third abstract according to the second public key, the first abstract and the identity information;
when the third abstract is the same as the second abstract, generating a fourth abstract according to the first public key and the identity information;
and when the fourth digest is the same as the first digest, determining that the identity certificate is verified.
7. An identity certificate generation method for digital currency, which is applied to a request end and comprises the following steps:
signing the identity information of the user according to a first private key of the user to generate a first abstract;
generating a generation request of the identity certificate according to the first abstract and the identity information, and sending the generation request to an authentication end of the identity certificate;
and receiving the identity certificate returned by the authentication end after the first abstract and the identity information in the generation request are verified to pass.
8. The method according to claim 7, further comprising, after the receiving the identity credential returned by the authentication end after verifying that the first digest and the identity information in the generation request pass, the method further comprising:
and generating a transaction request related to the digital currency according to the identity voucher and the transaction information, and sending the transaction request to a transaction terminal so as to perform a transaction related to the digital currency with the transaction terminal according to the transaction request.
9. An authentication terminal is characterized by comprising a generation request receiving module, an authentication module, a second abstract generation module and an identity certificate generation module; wherein:
the generation request receiving module is used for receiving a generation request of an identity certificate, wherein the generation request comprises identity information of a user and a first abstract generated after the identity information is signed by a first private key of the user;
the authentication module is configured to verify the first digest by using a first public key corresponding to the first private key received by the generation request receiving module, and authenticate the identity information when the verification passes;
the second abstract generating module is used for signing the identity information and the first abstract by using a second private key to generate a second abstract when the authentication of the authentication module is passed;
and the identity certificate generation module is used for generating the identity certificate according to the identity information received by the generation request receiving module, the first abstract and the second abstract generated by the second abstract generation module, and sending the identity certificate to a user.
10. The authentication peer according to claim 9,
the first public key and the first private key are generated according to identity information of the user.
11. The authentication peer according to claim 10,
the first public key is identity information of the user.
12. The authenticator according to claim 9, characterized in that the authenticator further comprises a key request module and a key receiving module; wherein:
the key request module is used for initiating a key generation request to a key generation system, wherein the key generation request comprises public information of the request terminal;
the key receiving module is configured to receive a second public key and a second private key that are returned by the key generation system according to the public information in the key generation request initiated by the key request module.
13. A transaction terminal is characterized by comprising a transaction request receiving module, a verification module and a transaction execution module; wherein:
the transaction request receiving module is used for receiving a transaction request about digital currency, wherein the transaction request comprises an identity certificate and transaction information, the identity certificate comprises identity information of a user, a first abstract generated after a first private key of the user signs the identity information, and a second abstract generated after an authentication end signs the identity information and the first abstract by using an authentication second private key;
the verification module is used for verifying the identity certificate by using a first public key and a second public key which respectively correspond to the first private key and the second private key and are received by the transaction request receiving module;
and the transaction execution module is used for realizing the transaction of digital currency according to the transaction information received by the transaction request receiving module when the verification module passes the verification.
14. The transaction terminal of claim 13,
the verification module is to: generating a third abstract according to the second public key, the first abstract and the identity information; when the third abstract is the same as the second abstract, generating a fourth abstract according to the first public key and the identity information; and when the fourth digest is the same as the first digest, determining that the identity certificate is verified.
15. A request terminal is characterized by comprising a first abstract generating module, a generating request sending module and an identity certificate receiving module; wherein:
the first abstract generating module is used for signing the identity information of the user according to a first private key of the user to generate a first abstract;
the generation request sending module is used for generating a generation request of the identity certificate according to the first abstract generated by the first abstract generating module and the identity information, and sending the generation request to an authentication end of the identity certificate;
and the identity certificate receiving module is used for receiving the identity certificate returned by the authentication terminal after the first abstract and the identity information in the generation request sent by the generation request sending module are verified to pass.
16. The client of claim 15, wherein the client further comprises a transaction request sending module; wherein:
and the transaction request sending module is used for generating a transaction request related to digital currency according to the identity voucher and the transaction information, and sending the transaction request to a transaction end so as to carry out transaction related to the digital currency with the transaction end according to the transaction request.
17. An identity credential generation system in respect of digital currency, comprising: an authentication peer as claimed in any of claims 9 to 12, a transaction peer as claimed in claim 13 or 14 and a requesting peer as claimed in claim 15 or 16.
18. An apparatus for generating an identity certificate for digital currency, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-4 or 5-6 or 7-8.
19. A computer-readable medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the method of any one of claims 1-4 or 5-6 or 7-8.
CN202010948246.7A 2020-09-07 2020-09-10 Identity certificate generation method, identity certificate verification method and identity certificate verification system related to digital currency Pending CN114157414A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2020109306200 2020-09-07
CN202010930620 2020-09-07

Publications (1)

Publication Number Publication Date
CN114157414A true CN114157414A (en) 2022-03-08

Family

ID=80462192

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010948246.7A Pending CN114157414A (en) 2020-09-07 2020-09-10 Identity certificate generation method, identity certificate verification method and identity certificate verification system related to digital currency

Country Status (1)

Country Link
CN (1) CN114157414A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050257057A1 (en) * 2004-05-12 2005-11-17 Viatcheslav Ivanov System, method and computer product for sending encrypted messages to recipients where the sender does not possess the credentials of the recipient
CN104993930A (en) * 2015-05-19 2015-10-21 吴晗 Digital voucher generation method and system, and digital voucher verifying method and system
CN105427099A (en) * 2014-09-16 2016-03-23 卡巴斯克 Network authentication method for secure electronic transactions
CN107257284A (en) * 2016-06-24 2017-10-17 收付宝科技有限公司 A kind of method and apparatus for carrying out virtual card transaction
CN107274183A (en) * 2017-03-21 2017-10-20 中国银联股份有限公司 Transaction verification method and system
CN110930150A (en) * 2019-11-28 2020-03-27 吉林亿联银行股份有限公司 Voucher generation method, voucher signature device, voucher verification method, voucher generation device, voucher verification device, and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050257057A1 (en) * 2004-05-12 2005-11-17 Viatcheslav Ivanov System, method and computer product for sending encrypted messages to recipients where the sender does not possess the credentials of the recipient
CN105427099A (en) * 2014-09-16 2016-03-23 卡巴斯克 Network authentication method for secure electronic transactions
CN104993930A (en) * 2015-05-19 2015-10-21 吴晗 Digital voucher generation method and system, and digital voucher verifying method and system
CN107257284A (en) * 2016-06-24 2017-10-17 收付宝科技有限公司 A kind of method and apparatus for carrying out virtual card transaction
CN107274183A (en) * 2017-03-21 2017-10-20 中国银联股份有限公司 Transaction verification method and system
CN110930150A (en) * 2019-11-28 2020-03-27 吉林亿联银行股份有限公司 Voucher generation method, voucher signature device, voucher verification method, voucher generation device, voucher verification device, and storage medium

Similar Documents

Publication Publication Date Title
US11683187B2 (en) User authentication with self-signed certificate and identity verification and migration
US11223614B2 (en) Single sign on with multiple authentication factors
US20210367795A1 (en) Identity-Linked Authentication Through A User Certificate System
US9992189B2 (en) Generation and validation of derived credentials
US20210319132A1 (en) Methods and Devices For Managing User Identity Authentication Data
US10574648B2 (en) Methods and systems for user authentication
US9100171B1 (en) Computer-implemented forum for enabling secure exchange of information
CN109981287B (en) Code signing method and storage medium thereof
CN111641605B (en) Electronic signature method and system based on dynamic password
CN111784887A (en) Authorization releasing method, device and system for user access
CN113918899A (en) Identity authentication method, certificate holding system and verification system
CN112905990A (en) Access method, client, server and access system
CN112332980A (en) Digital certificate signing and verifying method, equipment and storage medium
CN114157414A (en) Identity certificate generation method, identity certificate verification method and identity certificate verification system related to digital currency
CN110611656B (en) Identity management method, device and system based on master identity multiple mapping
CN114154978A (en) Key management method, transaction method and device for digital currency on block chain
CN116781366A (en) Data transmission method and device
CN117097472A (en) Identity authentication method of collaborative signature
CN115150831A (en) Processing method, device, server and medium for network access request
CN115222391A (en) Method and terminal for verifying digital currency in transaction process
CN115222528A (en) Method, terminal and system for splitting digital currency in transaction process
CN112767142A (en) Processing method, device, computing equipment and medium for transaction file

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination