CN114338081A

CN114338081A - Multi-block chain unified identity authentication method and device and computer equipment

Info

Publication number: CN114338081A
Application number: CN202111432251.3A
Authority: CN
Inventors: 罗梅琴; 王露莹; 郭林海; 张琛; 万化
Original assignee: Shanghai Pudong Development Bank Co Ltd
Current assignee: Shanghai Pudong Development Bank Co Ltd
Priority date: 2021-11-29
Filing date: 2021-11-29
Publication date: 2022-04-12
Anticipated expiration: 2041-11-29
Also published as: CN114338081B

Abstract

The disclosure relates to a multi-block chain unified identity authentication method, a device and computer equipment. The method comprises the following steps: under the condition of receiving identity registration information, generating a unified identity by using an identity authentication system and a multi-block chain, wherein the multi-block chain comprises at least two block chains; generating an identity master certificate corresponding to the unified identity according to the public and private key pair of the unified identity, and storing the identity master certificate into an intelligent contract of an identity verification block chain in the multi-block chain; when a third party accesses at least one blockchain of the multi-blockchain, the identity of the third party is verified by a smart contract for the authentication blockchain. By adopting the method, the unified identity can be used for authentication aiming at the plurality of block chains, the problem of hardware resource consumption in frequent identity authentication is reduced, the difference of identity verification systems of different block chains is shielded, and the identity authentication of the plurality of block chains is realized.

Description

Multi-block chain unified identity authentication method and device and computer equipment

Technical Field

The present disclosure relates to the field of block chain technologies, and in particular, to a method, an apparatus, and a computer device for unified identity authentication of multiple block chains.

Background

With the development of information data technology, a blockchain technology appears, and the blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. At present, the condition of tens of thousands of block chains exists, and each block chain has an account generation system corresponding to the block chain. At present, when the application of each large main flow block chain falls to the ground, the situation that one application scene is in butt joint with a plurality of block chains exists. When a request of an application side is accessed to a block chain, for different block chains, an identity authentication system corresponding to different block chains needs to be used, a corresponding identity account needs to be acquired for each different block chain, and then the identity account is authenticated through the block chain, so that the method is relatively complex to implement.

In addition, for an enterprise-level blockchain service platform, under the condition of managing multiple blockchains, different identity accounts need to be used for authentication aiming at different blockchains, and frequent identity authentication consumes a large amount of software and hardware resources.

Disclosure of Invention

In view of the foregoing, it is desirable to provide a method, an apparatus, and a computer device for multi-blockchain unified identity authentication, which can perform unified identity authentication for a plurality of blockchains.

In a first aspect, the present disclosure provides a method for multi-block chain unified identity authentication, the method including:

under the condition of receiving identity registration information, generating a unified identity by using an identity authentication system and a multi-block chain, wherein the multi-block chain comprises at least two block chains;

generating an identity master certificate corresponding to the unified identity according to the public and private key pair of the unified identity, and storing the identity master certificate into an intelligent contract of an identity verification block chain in the multi-block chain;

when a third party accesses at least one blockchain of the multi-blockchain, the identity of the third party is verified by a smart contract for the authentication blockchain.

In one embodiment, the generating a unified identity using an identity authentication system and a multi-block chain further includes:

acquiring a pre-established identity identification number and pre-provided application information in the identity registration information;

and binding a private key corresponding to each block chain in the multi-block chain with the identity number.

In one embodiment, the generating a unified identity using an identity authentication system and a multi-block chain includes:

the identity generating blockchain in the multi-blockchain generates the unified identity according to the identity identification number, the application information and the information of the identity verifying blockchain and by utilizing an identity authentication system of the identity generating blockchain,

or the third-party organization generates the uniform identity according to the identity identification number, the application information and the information of the identity verification block chain by utilizing an identity authentication system of the third-party organization;

and storing the unified identity into the identity verification block chain, wherein the unified identity comprises issuer information, issuing time information, valid period time information, a mapping relation with a digital identity, a public and private key pair of the unified identity, an identity identification number, application information provided in advance, a binding relation with a private key corresponding to each block chain and a private key authority.

In one embodiment, the generating an identity master credential corresponding to the unified identity according to the public-private key pair of the unified identity, and storing the identity master credential in an intelligent contract of an authentication blockchain in the multi-blockchain includes:

generating an identity main certificate corresponding to the uniform identity according to the generated public and private key pair corresponding to the uniform identity through the identity generation block chain;

and storing the identity master certificate into an intelligent contract of the identity verification block chain, wherein the identity master certificate comprises a signature summary of a private key in the generated public and private key pair with the uniform identity.

In one embodiment, the verifying the identity of the third party by the smart contract of the authentication blockchain previously comprises:

and matching the unified identity of the third party through the private key under the condition that the third party carries the private key.

In one embodiment, the verifying the identity of the third party by the smart contract of the authentication blockchain further comprises:

and matching the unified identity of the third party through the digital identity under the condition that the third party carries the digital identity.

In one embodiment, the verifying the identity of the third party by the smart contract of the authentication blockchain includes:

inquiring the state of the unified identity of the third party through the identification information of the identity verification block chain and the address of the intelligent contract;

acquiring the identity master certificate corresponding to the unified identity of the third party under the condition that the state of the unified identity is an effective state;

verifying the identity master certificate corresponding to the identity of the third party according to the identity master certificate in the intelligent contract of the identity verification block chain;

and after the identity master certificate corresponding to the identity of the third party passes the verification, judging the access authority of the third party through the service intelligent contract of the accessed block chain and the unified identity of the third party.

In one embodiment, the method further comprises:

and setting the authority of each private key bound with the identity identification number.

In one embodiment, the determining, by the service intelligence contract of the accessed blockchain and the unified identity of the third party, the access right of the third party includes:

acquiring the private keys bound in the unified identity of the third party and the authority of each private key;

matching a private key bound in the unified identity of the third party with a private key of the accessed block chain through a service intelligent contract to obtain an access private key;

and acquiring the authority corresponding to the access private key in the unified identity of the third party, and judging the access authority of the third party according to the authority corresponding to the access private key.

In one embodiment, the method further comprises:

the third party applies for a verification credential to the third party authority;

storing the authentication credentials in an intelligent contract of the authentication blockchain;

verifying an identity of the third party with the verification credential when the third party accesses at least one of the multi-blockchain.

In a second aspect, the present disclosure also provides a multi-block chain unified identity authentication apparatus. The device comprises:

the unified identity generating module is used for generating a unified identity by utilizing an identity authentication system and the multi-block chain under the condition of receiving identity registration information;

the identity master certificate generating module is used for generating an identity master certificate corresponding to the unified identity according to the public and private key pair of the unified identity;

the identity master certificate storage module is used for storing the identity master certificate into an intelligent contract of an identity verification block chain in the multi-block chain;

and the identity verification module is used for verifying the identity of a third party through an intelligent contract of the identity verification blockchain when the third party accesses at least one blockchain in the multi-blockchain.

In one embodiment, the apparatus further comprises:

the information acquisition module is used for acquiring the identity identification number created in advance in the identity registration information and the application information provided in advance;

and the private key binding module is used for binding the private key corresponding to each block chain in the multi-block chain with the identity number.

In one embodiment, the unified identity generation module comprises: the system comprises a block chain generating module, a third party generating module and a unified identity storage module;

the block chain generating module is used for enabling the identity generating block chain in the multi-block chain to generate the unified identity according to the identity identification number, the application information and the information of the identity verifying block chain and by utilizing an identity authentication system of the identity generating block chain;

the third-party generating module is used for enabling a third-party mechanism to generate the unified identity according to the identity identification number, the application information and the information of the identity verification block chain and by utilizing an identity authentication system of the third-party mechanism;

the unified identity storage module is used for storing the unified identity into the identity verification block chain, wherein the unified identity comprises issuer information, issuing time information, expiry date time information, a mapping relation with a digital identity, a public and private key pair of the unified identity, an identity identification number, pre-provided application information, a binding relation of a private key corresponding to each block chain and a private key authority.

In one embodiment, the identity master certificate generation module is further configured to generate, through the identity generation blockchain and according to the generated public-private key pair corresponding to the unified identity, the identity master certificate corresponding to the unified identity, where the identity master certificate includes a signature digest of a private key in the generated public-private key pair of the unified identity.

In one embodiment, the apparatus further comprises: a private key matching module and a digital identity matching module;

the private key matching module is used for matching the uniform identity of the third party through the private key under the condition that the third party carries the private key;

and the digital identity matching module is used for matching the unified identity of the third party through the digital identity under the condition that the third party carries the digital identity.

In one embodiment, the identity verification module comprises: the system comprises a state query module, an identity master certificate acquisition module and a certificate verification module;

the status query module is used for querying the status of the unified identity in the identity verification block chain through the identification information of the identity verification block chain and the address of the intelligent contract;

the identity master certificate acquisition module is used for acquiring the identity master certificate corresponding to the unified identity of the third party under the condition that the state of the unified identity is an effective state;

the certificate verification module is used for verifying the identity master certificate corresponding to the identity of the third party according to the identity master certificate in the intelligent contract of the identity verification block chain;

and the permission judging module is used for judging the access permission of the third party through the service intelligent contract of the accessed block chain and the unified identity of the third party after the identity master certificate corresponding to the identity of the third party is verified to pass.

In one embodiment, the permission determination module includes: the system comprises a private key acquisition module, an access private key determination module and an access authority judgment module;

the private key acquisition module is used for acquiring the private keys bound in the unified identity of the third party and the authority of each private key;

the access private key determining module is used for matching a private key bound in the unified identity of the third party with a private key of the accessed block chain through a service intelligent contract to obtain an access private key;

the access authority judging module is used for acquiring the authority corresponding to the access private key in the unified identity of the third party and judging the access authority of the third party according to the authority corresponding to the access private key.

In one embodiment, the apparatus further comprises: the system comprises an authority adding module, a verification certificate applying module, a verification certificate storage module and a verification certificate verifying module;

the authority adding module is used for setting the authority of each private key bound with the identity identification number;

the third party applies for a verification certificate to the third party organization through a verification certificate application module;

the verification certificate storage module is used for storing the verification certificate into an intelligent contract of the identity verification block chain;

the verification certificate verification module is used for verifying the identity of the third party through the verification certificate when the third party accesses at least one block chain in the multi-block chains.

In a third aspect, the present disclosure also provides a computer device. The computer device comprises a memory storing a computer program and a processor implementing the steps of the above method when executing the computer program.

In a fourth aspect, the present disclosure also provides a computer-readable storage medium. The computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method.

In a fifth aspect, the present disclosure also provides a computer program product. The computer program product comprises a computer program which, when being executed by a processor, carries out the steps of the above-mentioned method.

According to the multi-block chain unified identity authentication method, the device and the computer equipment, the unified identity corresponding to the multi-block chain is generated through the identity authentication system and the multi-block chain, any one of the multi-block chains can be accessed through the unified identity, the unified identity can be used for authenticating aiming at the multi-block chains under the condition of managing the multi-block chain, the problem of hardware resource consumption during frequent identity authentication is reduced, when a third party needs to access the multi-block chain, the identity of the third party is verified through an intelligent contract of the identity verification block chain, the difference of the identity authentication systems of different block chains can be shielded, and the identity authentication of the multi-block chain is realized.

Drawings

FIG. 1 is a diagram of an exemplary embodiment of a multi-blockchain unified identity authentication method;

FIG. 2 is a flow diagram of a multi-blockchain unified identity authentication method in an embodiment;

FIG. 3 is a flowchart illustrating a step S202 according to an embodiment;

FIG. 4 is a flowchart illustrating the step S202 according to an embodiment;

FIG. 5 is a diagram illustrating relationships between unified identities, digital identities, private keys, and blockchains, in accordance with one embodiment;

FIG. 6 is a flowchart illustrating the step S204 according to an embodiment;

FIG. 7 is a flowchart illustrating the step S206 according to an embodiment;

FIG. 8 is a flowchart illustrating a multi-blockchain unified identity authentication method according to another embodiment;

FIG. 9 is a flowchart illustrating a multi-blockchain unified identity authentication method according to another embodiment;

FIG. 10 is a block diagram of a multi-blockchain unified identity authentication device in one embodiment;

FIG. 11 is a diagram showing an internal configuration of a computer device according to an embodiment.

Detailed Description

In order to make the objects, technical solutions and advantages of the present disclosure more clearly understood, the present disclosure is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the disclosure and are not intended to limit the disclosure.

It should be noted that the terms "first," "second," and the like in the description and claims herein and in the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments herein described are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, apparatus, article, or device that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or device.

In this document, the term "and/or" is only one kind of association relationship describing the associated object, meaning that three kinds of relationships may exist. For example, a and/or B, may represent: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.

It should be noted that the most important three elements of the blockchain account are a private key, a public key, and an address. The relation of the three is that the private key generates a public key, and the public key generates an address.

The multi-block chain unified identity authentication method provided by the embodiment of the disclosure can be applied to the application environment shown in fig. 1. Wherein the terminal 102 communicates with the blockchain server 104 over a network. The data storage system may store data that blockchain server 104 needs to use and/or process. The data storage system may be integrated on the blockchain server 104, or may be located on the cloud or other network server. The terminal 102 sends identity registration information to the blockchain server 104. The blockchain server comprises at least two different blockchains. In the event that blockchain server 104 receives identity registration information, any blockchain in blockchain server 104 may generate a unified identity using its own identity authentication system. The blockchain server 104 may generate a corresponding identity master credential according to the public-private key pair in the generated unified identity, and store the identity master credential in an intelligent contract of an authentication blockchain in the multi-blockchain. When a third party needs to access at least one arbitrary blockchain in the multi-blockchain server 104, the multi-blockchain server 104 verifies the identity of the third party through an intelligent contract in the authentication blockchain. The terminal 102 and the third party may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices. The portable wearable device can be a smart watch, a smart bracelet, and the like. The server 104 may be implemented as a stand-alone server or as a server cluster comprised of multiple servers.

In one embodiment, as shown in fig. 2, a method for multi-blockchain unified identity authentication is provided, which is described by taking the method as an example for the blockchain server 104 in fig. 1, and includes the following steps:

s202, under the condition that the identity registration information is received, generating a unified identity by utilizing an identity authentication system and a multi-block chain, wherein the multi-block chain comprises at least two block chains.

The identity registration information may be information sent by the terminal or the user when the terminal or the user needs to apply for a unified identity. The identity authentication system is typically a blockchain or digital identity generation system of a third party authority. A multi-blockchain may generally be a collection comprising several blockchains, of which at least two are present. The unified identity may generally be an identification or identity through which any of the blockchains in the multi-blockchain can be accessed.

Specifically, when receiving the identity registration information sent by the user, the unified identity generation system that receives the identity registration information generates a unified identity using its own identity authentication system and a certain blockchain specified in the multi-blockchain.

And S204, generating an identity master certificate corresponding to the unified identity according to the public and private key pair of the unified identity, and storing the identity master certificate into an intelligent contract of an identity verification block chain in the multi-block chain.

A public-private key pair is typically a key pair that includes a public key and a corresponding private key. The identity master credential may typically be a private key signature digest of a uniform identity, which is a claim for a uniform identity over a blockchain. An intelligent contract is a computer protocol intended to propagate, validate or execute contracts in an informational manner. The identity authentication blockchain can be a blockchain which needs to store the identity master certificate, and can be any one blockchain in a multi-blockchain.

Specifically, each generated unified identity has its own public-private key pair. And generating a signature digest of a private key in the public and private key pair according to the public and private key pair with the uniform identity, wherein the signature digest of the private key can be an identity master certificate corresponding to the uniform identity. And storing the identity master certificate into an intelligent contract of any one of the block chains in the multi-block chain, wherein the block chain in which the identity master certificate is stored can be an identity verification block chain.

S206, when a third party accesses at least one block chain in the multi-block chain, the identity of the third party is verified through the intelligent contract of the identity verification block chain.

The third party may be a single user, a certain organization, or a certain block chain. The third party may typically be a user or organization that generates a unified identity.

Specifically, when a third party needs to access any one or several blockchains in the multi-blockchain, the identity of the third party can be verified through an intelligent contract of the identity verification blockchain, and when the identity of the third party is verified through the intelligent contract of the identity verification blockchain, the third party can access the blockchain needing to be accessed and execute corresponding business operation. In the event that the identity of the third party is not verified, the third party cannot access the blockchain that needs access.

In the multi-block chain unified identity authentication method, the unified identity corresponding to the multi-block chain is generated through the identity authentication system and the multi-block chain, any one of the multi-block chains can be accessed through the unified identity, the unified identity can be used for authentication aiming at the multi-block chains under the condition of managing the multi-block chain, the problem of hardware resource consumption in frequent identity authentication is reduced, when a third party needs to access the multi-block chain, the identity of the third party is verified through an intelligent contract of the identity verification block chain, the difference of the identity verification systems of different block chains can be shielded, and the identity authentication of the multi-block chain is realized.

In one embodiment, as shown in fig. 3, the generating a unified identity using an identity authentication system and a multi-block chain further includes:

s302, acquiring the identity identification number created in advance in the identity registration information and the application information provided in advance.

The application information provided in advance may generally be application information of an application system connected with the multi-blockchain corresponding to a user applying for a unified identity or a third-party organization or an enterprise, and the application information may include a digital identity of the user applying for the unified identity or the third-party organization or the enterprise. The identification number may be information set in the identity registration information by the user or the third-party organization when applying for the unified identity, and created by the user or the third-party organization and stored in the identity registration information when applying for the unified identity.

S304, binding a private key corresponding to each block chain in the multi-block chain with the identity number.

Specifically, each private key corresponding to each block chain in the multi-block chain is respectively bound with the identity number, and any encryption algorithm can be compatible during binding.

In this embodiment, the application system or the user applying for registering the unified identity can be determined by obtaining the identity identification number created in advance in the identity registration information and the application information provided in advance, and the unified identity can also store the corresponding information after applying for the unified identity, which application system or user unified identity can be known through the application information and the digital identity, so that management is facilitated, each block chain is bound with the identity identification number, the identity identification number can be authorized on each block chain, and the unified identity can be matched and the identity can be verified subsequently through the private key or the digital identity.

In one embodiment, as shown in fig. 4, the generating a unified identity using an identity authentication system and a multi-block chain includes:

s402, the identity generation block chain in the multi-block chain generates the unified identity according to the identity identification number, the application information and the information of the identity verification block chain and by utilizing an identity authentication system of the identity generation block chain.

Or the like, or, alternatively,

s404, the third-party organization generates the uniform identity according to the identity identification number, the application information and the information of the identity verification block chain and by utilizing an identity authentication system of the third-party organization.

The unified identity may be generated by any one of the blockchains in the multi-blockchain, or may be generated by a third-party organization, where the third-party organization is usually an authoritative organization, such as a bank, a public security bureau, and the like. The information of the authentication block chain may include a location where the authentication block chain is located, identification information, and the like.

Specifically, in the case where the unified identity is generated by any one of the blockchains in the multi-blockchain, the blockchain generating the unified identity may be an identity generation blockchain. The identity generation blockchain can generate a unified identity according to the identity identification number, the application information and the information of the identity verification blockchain by utilizing an identity authentication system of the identity generation blockchain.

When the unified identity is generated by the third-party organization, the third-party organization can generate the unified identity by utilizing the identity authentication system of the third-party organization according to the identity identification number, the application information and the information of the identity verification block chain.

S406, storing the unified identity into the identity verification block chain, where the unified identity includes issuer information, issue time information, valid time information, mapping relationship with digital identity, public and private key pair of unified identity, identity identification number, pre-provided application information, binding relationship with the private key corresponding to each block chain, and private key authority. The unified identity also comprises an identity identification number, application information and the like.

Specifically, after the unified identity is generated, the unified identity may be stored in the authentication block chain by the mechanism that generates the unified identity, where the unified identity includes: the system comprises issuer information, issuing time information, valid period time information, a mapping relation with a digital identity, a public and private key pair with unified identity, a private key binding relation corresponding to each blockchain and private key authority. An issuer may typically be an organization that issues a unified identity, such as a third party organization, some of the multi-blockchain, and so on. The issue time information may be a time at which the unified identity is issued. The validity time information refers to the validity period of the unified identity. In some embodiments, if the time for issuing the unified identity is 2021, 11 and 11 days, and the validity period of the unified identity is 10 days, the unified identity is invalid after 11 and 21 days 2021, and cannot pass the authentication. The mapping relationship with the digital identity may be to which application system's digital identity the unified identity is bound. After the unified identity is stored in the identity verification block chain, deploying a unified identity intelligence contract in the identity verification block chain, where the unified identity intelligence contract may include: and the functions of identity registration, authority authorization, inquiry, authority verification, identity state modification and the like are unified.

In some embodiments, as shown in FIG. 5, the relationship between the unified identity, the digital identity, the private key, and the blockchain. The uniform identity in the uniform identity is the minimum unit and is globally unique. The application system A comprises an identity control main body with an identity type of a person. The application system B comprises an identity control main body with an identity type as an object. The application system A and the application system B apply for sending identity registration information to generate a unified identity, wherein the unified identity can comprise identity identification numbers in the identity registration information of the application system A and the application system B (the unified identities of the application system A and the application system B are the same, and the unified identities of the application system A and the application system B are different and can be digital identities of the application system A and the application system B and a bound block chain or a private key); a public and private key pair with uniform identity; a mapping relationship with a digital identity of an identity control subject in the application system A; a mapping relationship with a digital identity of an identity control subject in the application system B; the binding relationship between the unified identity and the account (which can be a private key, or a private key, a public key, or an address) on the following block chain network A, block chain network B, or block chain network N can be unified, so that the corresponding digital identity in each application system can be bound with each corresponding private key in each block chain in the multi-block chain; the block chains are correspondingly connected with the application system A and the application system B; and the application system A and the application system B corresponding to the unified identity. Each of the blockchain network a, the blockchain network B, and the blockchain network N has an independent account (which may be a private key, or a private key, a public key, or an address) on the chain. The block chain network A comprises a service intelligent contract of the application system A, and when the application system A accesses the block chain network A through the identity verification block chain, the corresponding service intelligent contract of the application system A can be executed. When the application system B accesses the blockchain network B through the identity authentication blockchain, the corresponding business intelligent contract of the application system B can be executed. When the application system A and/or the application system B accesses the blockchain network N through the identity verification blockchain, the service intelligent contract of the corresponding application system A and/or application system B can be executed.

In the embodiment, the unified identity can be generated through any one of the multi-block chains or a third-party mechanism, the unified identity can be generated through multiple modes, various information is contained in the unified identity, when the unified identity needs to be maintained, only various information in the unified identity is changed, the unified identity is more convenient, and the operability of the unified identity is improved.

In one embodiment, as shown in fig. 6, the generating an identity master credential corresponding to the unified identity according to the public-private key pair of the unified identity, and storing the identity master credential in an intelligent contract of an authentication blockchain in the multi-blockchain includes:

and S602, generating an identity master certificate corresponding to the uniform identity through the identity generation block chain and according to the generated public and private key pair corresponding to the uniform identity.

Specifically, the corresponding identity master certificate of the unified identity may be generated by the identity generation blockchain and a private key of a corresponding public and private key pair in the generated unified identity.

S604, storing the identity master certificate into the intelligent contract of the identity verification block chain, wherein the identity master certificate comprises a signature summary of a private key in the generated public and private key pair with the uniform identity.

Specifically, after generating the identity master credential, the identity master credential may be stored in the intelligent contract of the authentication block chain. The identity master certificate can include a signature digest of a private key in the generated public and private key pair of the unified identity.

In this embodiment, after the identity master credential is generated, the identity master credential is a statement of a unified identity, and therefore, identity verification can be performed through the identity master credential and the block chain, so that the identity of a third party is verified, and the identity authentication operation of the multi-block chain is realized. Since the identity master certificate includes the signature digest of the private key of the uniform identity, and the private key is the most important of the three elements of the blockchain account, the identity of the third party can be verified only by the private key.

In one embodiment, as shown in fig. 7, the verifying the identity of the third party by the intelligent contract of the authentication blockchain previously comprises one of:

s702, under the condition that the third party carries a private key, matching the uniform identity of the third party through the private key.

Specifically, because the third party carries a private key and the unified identity includes the binding relationship between the private key and the public-private key pair corresponding to each blockchain, the information included in the unified identity can be matched with the carried private key, so that the unified identity corresponding to the private key carried by the third party can be found in the authentication blockchain.

S704, under the condition that the third party carries the digital identity, the digital identity is matched with the unified identity of the third party.

Specifically, because the third party carries the digital identity and the unified identity includes the mapping relationship with the digital identity, the unified identity of the third party corresponding to the mapping relationship with the digital identity in the digital identity of the third party and the unified identity stored in the authentication blockchain can be matched, and then the unified identity corresponding to the digital identity carried by the third party can be found in the authentication blockchain.

It should be noted that the example is only carried out by carrying the private key and the unified identity, and those skilled in the art may also match the unified identity of the authentication block chain according to other data carried by the third party, such as an identity number.

The verifying the identity of the third party by the intelligent contract of the authentication blockchain includes:

s706, inquiring the state of the unified identity of the third party through the identification information of the identity verification block chain and the address of the intelligent contract.

The identification information may be an ID (identity document) of the authentication block chain, and the corresponding block chain can be found by the ID. The state of the unified identity may include: valid, logged off, frozen, etc.

In particular, an issuer of the unified identity (which may be the identity generation blockchain or a third party authority) may query or maintain the status of the unified identity through the ID in the authentication blockchain and the address of the smart contract of the authentication blockchain.

S708, when the status of the unified identity is valid, obtaining the identity master certificate corresponding to the unified identity of the third party.

Specifically, in the case that the unified identity state is found to be a valid state, the proof may be used to verify the unified identity. And acquiring an identity master certificate corresponding to the unified identity of the third party in the intelligent contract, wherein the identity master certificate corresponding to the unified identity can be generated by the third party.

And under the condition that the unified identity state is not found to be the valid state, the unified identity is proved to be incapable of being verified, and the identity of the third party cannot be verified.

S710, verifying the identity master certificate corresponding to the identity of the third party according to the identity master certificate in the intelligent contract of the identity verification block chain.

Specifically, after the identity master certificate of the unified identity of the third party is acquired, the identity master certificate in the intelligent contract of the identity verification blockchain may be compared with the identity master certificate corresponding to the identity of the third party, so as to verify the identity of the third party according to the comparison result.

And under the condition that the identity master certificate corresponding to the identity of the third party is the same as the identity master certificate in the intelligent contract, verifying that the identity master certificate corresponding to the identity of the third party passes through, and enabling the third party to access the block chain in the multi-block chain.

And S712, after the identity master certificate corresponding to the identity of the third party passes the verification, judging the access authority through the service intelligent contract of the accessed block chain and the unified identity of the third party.

Specifically, after the verification passes, it is proved that the block chain can be accessed through the unified identity of the third party, but whether the function corresponding to the block chain can be operated or used or whether the authority of accessing the intelligent contract of the service in the block chain by the third party is verified through the intelligent contract of the service and the unified identity of the third party according to the intelligent contract of the service on the block chain.

In this embodiment, the unified identity of the third party can be matched through the private key and the data identity, and then the state of the corresponding unified identity can be queried or maintained through the identification information of the identity verification block chain and the address query of the intelligent contract, and the identity authentication can be performed only when the state of the unified identity is in an effective state, so that the problem that the software and hardware resources are consumed by verifying the identity of the third party again due to the unified identity failure is solved.

In one embodiment, the method further comprises:

Specifically, different permissions for each private key bound to the identification number can be set, and the permissions for the private key can include authorizing others, issuing verifiable credentials, adding, deleting, modifying, and the like. And the bound authorities of different private keys can further access the corresponding block chains according to different private keys in the unified identity, and the functions in different block chains can be realized according to the authorities corresponding to the different private keys.

In one embodiment, the determining the access right of the third party by the service intelligent contract of the accessed blockchain and the unified identity of the third party includes:

Specifically, a unified identity of a third party is obtained, and private keys of a plurality of block chains bound with the identity identification number in the unified identity are obtained. And combining a plurality of private keys of the blockchain and acquiring the authority of each private key. And finding the private key of the accessed blockchain from the private keys of the plurality of blockchains through the service intelligent contract, wherein the found private key can be the access private key. And acquiring the authority of accessing the private keys according to the authority of each private key, and judging the access authority of a third party according to the access authority.

In this embodiment, because the private keys of different block chains are bound in each unified identity, and each private key has a corresponding authority, the authority of the third party can be determined according to different authorities, and the authority of the third party in a certain block chain can be controlled, so that the unified identity can have different functions in different block chains, and the functions of the third party can be controlled.

In one embodiment, the method further comprises:

In particular, the verification of the identity of the third party may also be performed by a third party authority. When the third-party authority is required to verify the identity of the third-party, the third-party needs to apply for a verification certificate to the third-party authority, and the verification certificate may include one or more claims, such as a claim that a certain digital identity is a certain person, a certain digital identity is a student of a certain university, and the like. The authentication voucher content structure may comprise: and unifying the identification corresponding to the identity, the name, the type, the information and the like of the statement. The name of the claim may be the name of the subject of the digital identity. The type may be an individual or a company. The information may be other supplementary information of the person or company. After applying for the authentication credential, the authentication credential may be stored in the intelligent contract of the identity authentication block chain, and it should be noted that the authentication credential may also be stored in any block chain in the multi-block chain. When a third party needs to access any one of the multi-block chains, the identity of the third party can be verified through the verification credential. In the case where the authentication credential includes third party identity information, the authentication is passed if the name of the principal including the digital identity of the third party is included. In the case that the third party identity information is not included in the authentication credential, the authentication is not passed.

In this embodiment, the identity of the third party may also be verified through a third party organization, and the verification is performed in a certificate verification manner, so that the unified identity authentication of the multi-block chain to the third party can be realized in the certificate verification manner.

In an embodiment, the present disclosure further provides a multi-block chain unified identity authentication method, as shown in fig. 8, including the following steps:

s802, under the condition of receiving identity registration information, the identity generation block chain in the multi-block chain generates the uniform identity according to the identity identification number, the application information and the information of the identity verification block chain and by utilizing an identity authentication system of the identity generation block chain.

S804, storing the uniform identity into the identity verification block chain.

And S806, generating an identity master certificate corresponding to the unified identity according to the public and private key pair of the unified identity, and storing the identity master certificate into an intelligent contract of an identity verification block chain in the multi-block chain.

And S808, under the condition that the third party carries a private key, matching the uniform identity of the third party through the private key, and verifying the identity of the third party through the intelligent contract of the identity verification block chain.

S810, under the condition that the third party carries the digital identity, the identity of the third party is verified through the intelligent contract of the identity verification block chain by matching the digital identity with the unified identity of the third party.

For specific implementation of this embodiment, reference may be made to the above embodiments, which are not described herein in detail.

In an embodiment, the present disclosure further provides a multi-block chain unified identity authentication method, as shown in fig. 9, including the following steps:

and S902, under the condition of receiving identity registration information, the third-party mechanism generates the uniform identity according to the identity identification number, the application information and the information of the identity verification block chain and by utilizing an identity authentication system of the third-party mechanism.

S904, storing the uniform identity into the identity verification block chain.

S906, the third party applies for a verification certificate to the third party organization.

S908, storing the authentication voucher to the intelligent contract of the identity authentication block chain.

S910, when the third party accesses at least one block chain in the multi-block chains, the identity of the third party is verified through the verification certificate.

It should be understood that, although the steps in the flowcharts related to the embodiments as described above are sequentially displayed as indicated by arrows, the steps are not necessarily performed sequentially as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a part of the steps in the flowcharts related to the embodiments described above may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the execution order of the steps or stages is not necessarily sequential, but may be rotated or alternated with other steps or at least a part of the steps or stages in other steps.

Based on the same inventive concept, the embodiment of the disclosure also provides a multi-block chain unified identity authentication device for implementing the multi-block chain unified identity authentication method. The implementation scheme for solving the problem provided by the apparatus is similar to the implementation scheme described in the above method, so specific limitations in one or more embodiments of the multi-blockchain unified identity authentication apparatus provided below can be referred to the above limitations on the multi-blockchain unified identity authentication method, and are not described herein again.

In one embodiment, as shown in fig. 10, there is provided a multi-block chain unified identity authentication device 1000, comprising: unified identity generation module 1002, identity master credential generation module 1004, identity master credential storage module 1006, identity verification module 1008, wherein:

the unified identity generating module 1002 is configured to generate a unified identity by using an identity authentication system and a multi-block chain when the identity registration information is received.

And an identity master certificate generation module 1004, configured to generate an identity master certificate corresponding to the unified identity according to the public and private key pair of the unified identity.

An identity master credential storage module 1006, configured to store the identity master credential in an intelligent contract of an authentication blockchain in the multi-blockchain.

An identity verification module 1008 for verifying an identity of a third party by a smart contract for the identity verification blockchain when the third party accesses at least one of the multi-blockchain.

In one embodiment of the apparatus, the apparatus further comprises: information acquisition module, private key bind the module, wherein:

and the information acquisition module is used for acquiring the identity identification number created in advance in the identity registration information and the application information provided in advance.

In one embodiment of the apparatus, unified identity generation module 1002 comprises: the system comprises a block chain generating module, a third party generating module and a unified identity storage module;

and the block chain generating module is used for enabling the identity generating block chain in the multi-block chain to generate the unified identity according to the identity identification number, the application information and the information of the identity verifying block chain and by utilizing an identity authentication system of the identity generating block chain.

A third party generating module for enabling a third party organization to generate the unified identity according to the identity identification number, the application information and the information of the identity verification block chain and by utilizing an identity authentication system of the third party organization

And the unified identity storage module is used for storing the unified identity into the identity verification block chain, wherein the unified identity comprises issuer information, issuing time information, expiry date time information, a mapping relation with a digital identity, a public and private key pair of the unified identity, an identity identification number, pre-provided application information, a binding relation of a private key corresponding to each block chain and a private key authority.

In an embodiment of the apparatus, the identity master credential generating module 1004 is further configured to generate, through the identity generation blockchain and according to the generated public-private key pair corresponding to the unified identity, an identity master credential corresponding to the unified identity, where the identity master credential includes a signature digest of a private key in the generated public-private key pair of the unified identity.

In one embodiment of the apparatus, the apparatus further comprises: a private key matching module and a digital identity matching module;

and the private key matching module is used for matching the uniform identity of the third party through the private key under the condition that the third party carries the private key.

In one embodiment of the apparatus, the identity verification module 1008 comprises: state inquiry module, identity owner's voucher acquisition module, voucher verification module, wherein:

and the state query module is used for querying the state of the unified identity in the identity verification block chain through the identification information of the identity verification block chain and the address of the intelligent contract.

And the identity master certificate acquisition module is used for acquiring the identity master certificate corresponding to the unified identity of the third party under the condition that the state of the unified identity is an effective state.

and the permission judgment module is used for judging the access permission of the third party through the service intelligent contract of the accessed block chain and the unified identity of the third party after the identity master certificate corresponding to the identity of the third party is verified to pass.

In one embodiment of the apparatus, the apparatus further comprises: the authority adds module, verifies voucher application module, verifies voucher storage module, verifies the voucher module, wherein:

and the authority adding module is used for setting the authority of each private key bound with the identity identification number.

And the third party applies for the verification certificate to the third party organization through the verification certificate application module.

And the verification certificate storage module is used for storing the verification certificate into the intelligent contract of the identity verification block chain.

A verification credential verification module to verify an identity of the third party with the verification credential when the third party accesses at least one of the multi-blockchain.

In an embodiment of the apparatus, the permission determination module includes: the system comprises a private key acquisition module, an access private key determination module and an access authority judgment module;

and the private key acquisition module is used for acquiring the private keys bound in the unified identity of the third party and the authority of each private key.

And the access private key determining module is used for matching a private key bound in the unified identity of the third party with a private key of the accessed block chain through a service intelligent contract to obtain an access private key.

And the access authority judging module is used for acquiring the authority corresponding to the access private key in the unified identity of the third party and judging the access authority of the third party according to the authority corresponding to the access private key.

The modules in the multi-block chain unified identity authentication device can be wholly or partially realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.

In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 11. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing unified identity data, identity master certificate data, verification certificate data and the like. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method for multi-blockchain unified identity authentication.

Those skilled in the art will appreciate that the architecture shown in FIG. 11 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices in which the disclosed aspects apply, as a particular computing device may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.

In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the above-described method embodiments when executing the computer program.

In an embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.

In an embodiment, a computer program product is provided, comprising a computer program which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.

It should be noted that the information (including but not limited to application information, identification information, etc.) and data (including but not limited to data for digital identity, authentication credential data, etc.) referred to in this disclosure are information and data that are authorized by the user or sufficiently authorized by various parties.

It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, databases, or other media used in the embodiments provided by the present disclosure may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high-density embedded nonvolatile Memory, resistive Random Access Memory (ReRAM), Magnetic Random Access Memory (MRAM), Ferroelectric Random Access Memory (FRAM), Phase Change Memory (PCM), graphene Memory, and the like. Volatile Memory can include Random Access Memory (RAM), external cache Memory, and the like. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others. The databases involved in embodiments provided by the present disclosure may include at least one of relational and non-relational databases. The non-relational database may include, but is not limited to, a block chain based distributed database, and the like. The processors referred to in the embodiments provided in this disclosure may be general purpose processors, central processing units, graphics processors, digital signal processors, programmable logic, quantum computing based data processing logic, etc., without limitation.

The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.

The above-mentioned embodiments only express several embodiments of the present disclosure, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present disclosure. It should be noted that, for those skilled in the art, various changes and modifications can be made without departing from the concept of the present disclosure, and these changes and modifications are all within the scope of the present disclosure. Therefore, the protection scope of the present disclosure should be subject to the appended claims.

Claims

1. A multi-blockchain unified identity authentication method is characterized by comprising the following steps:

2. The method of claim 1, wherein generating the unified identity using the identity authentication system and the multi-blockchain further comprises:

3. The method of claim 2, wherein generating the unified identity using the identity authentication system and the multi-blockchain comprises:

4. The method of claim 3, wherein generating an identity principal credential corresponding to the unified identity from a public-private key pair of the unified identity, and storing the identity principal credential in an intelligent contract of an authentication blockchain in the multi-blockchain comprises:

5. The method of claim 4, wherein the verifying the identity of the third party by the smart contract of the authentication blockchain previously comprises:

6. The method of claim 4, wherein the verifying the identity of the third party by the smart contract of the authentication blockchain further comprises:

7. The method of claim 5 or 6, wherein the verifying the identity of the third party by the smart contract of the authentication blockchain comprises:

8. The method of multi-blockchain unified identity authentication according to claim 2, further comprising:

9. The method of claim 7, wherein the determining the access rights of the third party by the accessed service intelligent contract of the blockchain and the unified identity of the third party comprises:

10. The method of multi-blockchain unified identity authentication according to claim 2, further comprising:

11. A multi-blockchain unified identity authentication apparatus, the apparatus comprising:

12. The multi-blockchain unified identity authentication device according to claim 11, further comprising:

13. The multi-blockchain unified identity authentication device according to claim 11, wherein said unified identity generation module comprises: the system comprises a block chain generating module, a third party generating module and a unified identity storage module;

14. The apparatus of claim 11, wherein the identity master credential generation module is further configured to generate an identity master credential corresponding to the unified identity from the generated public-private key pair corresponding to the unified identity through the identity generation blockchain, the identity master credential including a signature digest of a private key of the generated public-private key pair corresponding to the unified identity.

15. The multi-blockchain unified identity authentication device according to claim 11, further comprising: a private key matching module and a digital identity matching module;

16. The multi-blockchain unified identity authentication device according to claim 15, wherein said identity verification module comprises: the system comprises a state query module, an identity master certificate acquisition module and a certificate verification module;

17. The apparatus of claim 16, wherein the permission determination module comprises: the system comprises a private key acquisition module, an access private key determination module and an access authority judgment module;

18. The multi-blockchain unified identity authentication device according to claim 11, further comprising: the system comprises an authority adding module, a verification certificate applying module, a verification certificate storage module and a verification certificate verifying module;

19. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor realizes the steps of the method of any one of claims 1 to 10 when executing the computer program.

20. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 10.

21. A computer program product comprising a computer program, characterized in that the computer program realizes the steps of the method of any one of claims 1 to 10 when executed by a processor.