CN114418573A - Certificate issuing method and certificate verifying method in block chain - Google Patents
Certificate issuing method and certificate verifying method in block chain Download PDFInfo
- Publication number
- CN114418573A CN114418573A CN202210056657.4A CN202210056657A CN114418573A CN 114418573 A CN114418573 A CN 114418573A CN 202210056657 A CN202210056657 A CN 202210056657A CN 114418573 A CN114418573 A CN 114418573A
- Authority
- CN
- China
- Prior art keywords
- certificate
- issuer
- credential
- information
- contract
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the application discloses a certificate issuing method and a certificate verifying method in a block chain; the method for issuing the certificate obtains a certificate application request initiated by a user and a certificate contract, wherein the certificate application request carries information to be verified, and the certificate contract comprises an authentication sequence of an issuer participating in certificate issuing; acquiring a current authentication sequence corresponding to a current issuer from a credential contract; according to the current authentication sequence, determining a target issuer from the certificate issuers, wherein the certificate issuer is an issuer participating in certificate issuance, and the target issuer comprises an issuer with the authentication sequence before the current authentication sequence and the current issuer; verifying the information to be verified according to the target issuer to obtain a verification result; and generating a certificate corresponding to the certificate application request according to the verification result, and issuing the certificate to the user. In the embodiment of the application, the generation of the certificates participated in by a plurality of issuers can be satisfied.
Description
Technical Field
The application relates to the field of computers, in particular to a certificate issuing method and a certificate verification method in a block chain.
Background
The Verifiable Credential (VC) provides a specification to describe some attributes that an entity has, and a user can prove to other users (individuals, organizations, specific things, etc.) that some attributes of the user are credible through the Verifiable Credential.
At present, the issue of the verifiable certificate is single authentication, however, the single authentication has the condition that the verification material is single, so that the user attribute proved by the verifiable certificate is single, and the multiple attributes of the user are difficult to be proved by the verifiable certificate.
Disclosure of Invention
The embodiment of the application provides a certificate issuing method and a certificate verifying method in a block chain, and a certificate can prove multiple attributes of a user.
The embodiment of the application provides a certificate issuing method in a block chain, which comprises the following steps:
acquiring a certificate application request and a certificate contract initiated by a user, wherein the certificate application request carries information to be verified, and the certificate contract comprises an authentication sequence of an issuer participating in certificate issuance;
acquiring a current authentication sequence corresponding to a current issuer from a certificate contract, wherein the current issuer is an issuer corresponding to a request for receiving a certificate application;
according to the current authentication sequence, determining a target issuer from the certificate issuers, wherein the certificate issuer is an issuer participating in certificate issuance, and the target issuer comprises an issuer with the authentication sequence before the current authentication sequence and the current issuer;
verifying the information to be verified according to the target issuer to obtain a verification result;
and generating a certificate corresponding to the certificate application request according to the verification result, and issuing the certificate to the user.
An embodiment of the present application further provides a device for issuing a credential in a blockchain, including:
the system comprises an acquisition unit, a verification unit and a verification unit, wherein the acquisition unit is used for acquiring a certificate application request initiated by a user and a certificate contract, the certificate application request carries information to be verified, and the certificate contract comprises an authentication sequence of an issuer participating in certificate issuance;
the order determining unit is used for acquiring a current authentication order corresponding to an issuer from the certificate contract, wherein the current issuer is the issuer corresponding to the request for receiving the certificate application;
the certificate issuing system comprises an issuer determining unit, a certificate issuing unit and a certificate issuing unit, wherein the issuer determining unit is used for determining a target issuer from certificate issuers according to a current authentication sequence, the certificate issuer is an issuer participating in certificate issuing, and the target issuer comprises an issuer with the authentication sequence before the current authentication sequence and the current issuer;
the information verification unit is used for verifying the information to be verified according to the target issuer to obtain a verification result;
and the generation and issuing unit is used for generating a certificate corresponding to the certificate application request according to the verification result and issuing the certificate to the user.
In some embodiments, the current authentication order is a first-ranked authentication order, and determining the target issuer from the credential issuers according to the current authentication order comprises:
and according to the first authentication sequence, determining the target issuer as the current issuer from the certificate issuers.
In some embodiments, the current authentication order is a last-ranked authentication order, and determining the target issuer from the credential issuers according to the current authentication order comprises:
and according to the last authentication sequence, determining the target issuer as all issuers and current issuers before the last authentication sequence from the certificate issuers.
In some embodiments, the target issuer includes an issuer corresponding to an authentication sequence before a current authentication sequence, the information to be verified includes first information to be verified and second information to be verified, the first information to be verified is a certificate issued by the issuer corresponding to the authentication sequence before the current authentication sequence, the second information to be verified is user data that needs to be verified by the current issuer, and the information verification unit is configured to:
verifying the certificate in the first information to be verified to obtain a certificate verification result;
and verifying the user data in the second information to be verified according to the certificate verification result to obtain a verification result.
In some embodiments, the target issuer does not include an issuer corresponding to an authentication sequence before the current authentication sequence, the information to be verified is user data that needs to be verified by the current issuer, and the information verification unit is configured to:
and verifying the user data in the information to be verified to obtain a verification result.
In some embodiments, an issue unit is generated to:
acquiring the identity of the current issuer and the current authentication sequence according to the verification result;
and authenticating the information to be verified by adopting the identity of the current issuer and the current authentication sequence to obtain the certificate corresponding to the certificate application request.
In some embodiments, authenticating the information to be verified by using the identity of the current issuer and the current authentication sequence to obtain a credential corresponding to the credential application request includes:
generating a voucher creation time and a voucher expiration time;
and authenticating the information to be verified by adopting the voucher creating time, the voucher expiration time, the identity of the current issuer and the current authentication sequence to obtain the voucher corresponding to the voucher application request.
In some embodiments, the obtaining unit is configured to:
and obtaining a credential contract from the blockchain, wherein the credential contract comprises a subject of the credential, issuers participating in the issuance of the credential and an authentication sequence corresponding to each issuer.
In some embodiments, after issuing the credential to the user, further comprising:
rechecking the information to be verified corresponding to the certificate to obtain a rechecking result;
when the rechecking result does not meet the preset condition, carrying out revocation authentication on the certificate contract corresponding to the certificate to obtain revocation information;
and uploading the revocation information so that the verifier determines that the certificate corresponding to the certificate contract is invalid according to the revocation information.
In some embodiments, performing revocation authentication on a credential contract corresponding to a credential to obtain revocation information includes:
acquiring the identity of the current issuer and the contract number of the certificate contract corresponding to the certificate;
and carrying out revocation authentication on the contract number by adopting the identity of the current issuer to obtain revocation information.
In some embodiments, the revocation information is uploaded, the apparatus being configured to:
and uploading the revocation information to a revocation contract in the block chain, wherein the revocation contract is associated with the certificate contract.
The embodiment of the present application further provides a credential verification method in a blockchain, including:
obtaining a certificate in any certificate issuing method in a block chain, wherein the certificate is sent by a user and comprises authentication information and an authentication sequence of an issuer;
inquiring a certificate contract corresponding to the certificate;
verifying the authentication information in the certificate and the authentication sequence of the issuer according to the certificate contract to obtain a certificate verification result;
and determining that the certificate is valid according to the certificate verification result so that the verifying party passes the application request of the user according to the certificate.
An embodiment of the present application further provides a credential verification apparatus in a blockchain, including:
the system comprises a certificate acquisition unit, a certificate issuing unit and a certificate processing unit, wherein the certificate acquisition unit is used for acquiring a certificate in any certificate issuing method in a block chain, which is sent by a user and provided by the embodiment of the application, and the certificate comprises authentication information and an authentication sequence of an issuer;
the contract inquiry unit is used for inquiring the certificate contract corresponding to the certificate;
the certificate verification unit is used for verifying the authentication information in the certificate and the authentication sequence of the issuer according to the certificate contract to obtain a certificate verification result;
and the certificate determining unit is used for determining that the certificate is valid according to the certificate verification result so that the verifying party can pass the application request of the user according to the certificate.
In some embodiments, a credential determination unit to:
obtaining revocation information associated with a credential contract;
and determining that the certificate corresponding to the certificate contract is valid according to the revocation information and the certificate verification result.
In some embodiments, the credential further comprises an identification of the user and the issuer, the credential determination unit to:
acquiring an identity information cluster, wherein the identity information cluster is composed of identity marks of a user and an issuer;
verifying the identity of the user and the issuer in the certificate by adopting the identity information cluster to obtain an identity verification result;
and determining that the certificate is valid according to the identity identification verification result and the certificate verification result.
The embodiment of the application also provides a terminal, which comprises a memory and a control unit, wherein the memory stores a plurality of instructions; the processor loads instructions from the memory to perform the steps of any of the blockchain credential issuance methods provided by the embodiments of the present application and to perform the steps of any of the blockchain credential verification methods provided by the embodiments of the present application.
Embodiments of the present application also provide a computer-readable storage medium storing a plurality of instructions, which are suitable for being loaded by a processor, to perform the steps of any one of the methods for issuing a credential in a blockchain provided by embodiments of the present application and to perform the steps of any one of the methods for verifying a credential in a blockchain provided by embodiments of the present application.
The method and the device can obtain a certificate application request initiated by a user and a certificate contract, wherein the certificate application request carries information to be verified, and the certificate contract comprises an authentication sequence of an issuer participating in certificate issuance; acquiring a current authentication sequence corresponding to a current issuer from a certificate contract, wherein the current issuer is an issuer corresponding to a request for receiving a certificate application; according to the current authentication sequence, determining a target issuer from the certificate issuers, wherein the certificate issuer is an issuer participating in certificate issuance, and the target issuer comprises an issuer with the authentication sequence before the current authentication sequence and the current issuer; verifying the information to be verified according to the target issuer to obtain a verification result; and generating a certificate corresponding to the certificate application request according to the verification result, and issuing the certificate to the user.
In the application, the verification process of a plurality of issuers when participating in issuing a certificate is limited according to the certificate contract, so that the issuing process of the certificate can be limited through the certificate contract, the process of issuing the certificate is more standard and convenient to trace, the certificate can reflect the participation of a plurality of issuers, the generation of the certificate by the plurality of issuers can be realized, and the certificate can prove multiple attributes of a user.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1a is an interaction diagram of a prior art credential issuance and authentication credential;
FIG. 1b is a schematic diagram of a scenario for issuing and verifying a credential in the prior art;
FIG. 1c is an interaction diagram of a credential issuance method provided by an embodiment of the present application;
FIG. 1d is a schematic flowchart of a credential issuance method provided in an embodiment of the present application;
FIG. 2 is a flowchart illustrating a credential validation method provided by an embodiment of the present application;
FIG. 3 is an interaction diagram of a system for issuing and verifying credentials as provided by an embodiment of the present application;
FIG. 4 is a schematic structural diagram of a certificate issuing apparatus according to an embodiment of the present application;
FIG. 5 is a schematic structural diagram of a credential validation device according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device provided in an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application provides a certificate issuing method and a certificate verifying method in a block chain.
The certificate issuing device and the certificate verifying device may be integrated in an electronic device, and the electronic device may be a terminal, a server, or other devices. The terminal can be a mobile phone, a tablet Computer, an intelligent bluetooth device, a notebook Computer, or a Personal Computer (PC), and the like; the server may be a single server or a server cluster composed of a plurality of servers.
In some embodiments, the credential issuing apparatus and the credential verifying apparatus may be integrated into a plurality of electronic devices, for example, the credential issuing apparatus and the credential verifying apparatus may be integrated into a plurality of servers, and the credential issuing method and the credential verifying method of the present application are implemented by the plurality of servers.
In some embodiments, the server may also be implemented in the form of a terminal.
For example, referring to fig. 1a, currently, a user can only apply for a certificate to a single issuer, the issuer authenticates information to be authenticated sent by the user through a blockchain, and after the authentication is passed, the issuer generates the certificate and sends the certificate to the user. At the moment, the user makes a service request to a verifier, the verifier verifies the certificate according to the service request, the verifier verifies the identity information of the user and the issuer on the certificate and the authentication information on the certificate through the blockchain, and after the verification is passed, the issuer provides the service corresponding to the service request to the user.
For example, referring to fig. 1b, take the example that the user applies for the voucher and uses the voucher to go to the shopping website for shopping:
1. the user registers identity information with the blockchain before applying for a credential and obtains the identity information.
2. The user will apply for the credential to an issuer (credential issuer) and send the identity information for the credential issuer to verify.
3. The credential issuer verifies the validity of the user's identity information.
4: after the certificate issuing authority passes the verification, a certificate is issued to the user.
5: the credential issuer returns the credential to the user, who makes a local save and keeps himself.
6: the user goes to an authenticator (shopping site) to shop before the user needs to register, at which time the user provides credentials to the shopping site.
7: the shopping website verifies whether the identity information of the user and the certificate issuing organization on the certificate is valid on the blockchain.
8: if the verification of the step 7 is passed, the shopping website verifies whether the certification information of the issuer on the certificate exists.
9: after the certificate passes the verification, the validity of the user can be determined, and the verifier provides shopping service for the user.
Because the mode is a single authentication mode at present, the certificate can not prove multiple attributes of the user, the embodiment of the application provides a certificate application request and a certificate contract which are initiated by the user, the certificate application request carries information to be verified, and the certificate contract comprises an authentication sequence of an issuer participating in certificate issuance; acquiring a current authentication sequence corresponding to a current issuer from a certificate contract, wherein the current issuer is an issuer corresponding to a request for receiving a certificate application; according to the current authentication sequence, determining a target issuer from the certificate issuers, wherein the certificate issuer is an issuer participating in certificate issuance, and the target issuer comprises an issuer with the authentication sequence before the current authentication sequence and the current issuer; verifying the information to be verified according to the target issuer to obtain a verification result; and generating a certificate corresponding to the certificate application request according to the verification result, and issuing the certificate to the user.
Referring to fig. 1c, if the generation of the voucher B requires the participation of the issuer a and the issuer B, the authentication order of the issuer a and the authentication order of the issuer B described in the voucher contract are 1 and 2, respectively. When the current issuer is issuer B, issuer B determines that the current authentication order is 2 according to the credential contract, and based on the current authentication order being 2, issuer B may determine issuer a corresponding to authentication order 1 that is before the current authentication order 2. The issuer B verifies the information to be verified and the data of the issuer A and the user data, and the issuer B generates a certificate B according to the verification result and sends the certificate B to the user, so that the generation of the certificate B involves the participation of the issuer A and the issuer B. As described above, the credential contract enables multiple issuers to participate in the generation of the credential, and the credential can prove multiple attributes of the user.
The following are detailed below. The numbers in the following examples are not intended to limit the order of preference of the examples.
In this embodiment, a method for issuing a credential in a blockchain is provided, as shown in fig. 1d, the specific process of the method for issuing a credential may be as follows:
110. the method comprises the steps of obtaining a certificate application request and a certificate contract initiated by a user, wherein the certificate application request carries information to be verified, and the certificate contract comprises an authentication sequence of an issuer participating in certificate issuance.
Where a credential is text that describes a user as having certain attributes, for example, the text may prove to other users that certain attributes of the user themselves are authentic. For example, the credential may be an identification card, passport, personal asset, and the like.
Wherein the user is the person applying for the credentials. For example, the user may be an individual, a business principal, an organization principal, and so on.
The certificate application request is a request initiated by applying for a certificate. For example, the credential application request may be an identification card application request, a passport application request, a personal asset authentication request, and so forth.
Wherein the voucher contract is a text that restricts voucher generation. For example, a credential contract may restrict issuers involved in credential generation, may also restrict the order of authentication of the issuers required to generate the credential, may also restrict the content of authentication of each issuer, and so forth.
The information to be verified is information waiting to be verified. For example, the information to be verified may be information related to identity, information related to academic records, information related to assets, and the like.
Where an issuer is used to issue credentials that are authenticated by the party to some attribute of the user. For example, the issuer may be a government agency, certification company, or the like.
Wherein the authentication order is used to restrict the order of issuer authentication.
The acquisition of the credential application request is to receive a credential application request initiated by a user through a user terminal.
Wherein the credential contract may be obtained by the issuer from local, blockchain, server, cloud server, and the like.
In some embodiments, any one of the issuers involved in the issuance of the credential establishes a credential contract.
120. And acquiring a current authentication sequence corresponding to a current issuer from the certificate contract, wherein the current issuer is the issuer corresponding to the request for receiving the certificate application.
The current issuer is the sender which receives the credential application request sent by the user at this time.
Wherein the current authentication sequence is the sequence in which the current issuer participates in the issuance of the voucher.
For example, the generation of the voucher requires the participation of an issuer a and an issuer B, the voucher B issued by the issuer B requires the participation of the issuer a, and the voucher contract describes the authentication sequence of the issuer a and the issuer B required for generating the voucher B, wherein the authentication sequence of the issuer a is 1, the authentication sequence of the issuer B is 2, and the issuer B can acquire the current authentication sequence from the voucher contract as 2.
130. And according to the current authentication sequence, determining a target issuer from the certificate issuers, wherein the certificate issuer is an issuer participating in certificate issuance, and the target issuer comprises an issuer with the authentication sequence before the current authentication sequence and the current issuer.
Wherein the target issuer is the issuer required to generate the voucher.
For example, if the current authentication order is 2, issuer a and issuer B are required to participate in generating the credential, and the target issuers are issuer a and issuer B.
In some embodiments, to achieve the effect of determining a target issuer when the authentication order is first ranked, the current authentication order being a first ranked authentication order, determining the target issuer from among the credential issuers according to the current authentication order, comprises:
and according to the first authentication sequence, determining the target issuer as the current issuer from the certificate issuers.
For example, to generate the credential requires issuer a and issuer B to participate, the authentication order of issuer a is first, the authentication order of issuer B is second, and if the current issuer is issuer a, there are no remaining issuers before issuer a, and the target issuer is issuer a.
In some embodiments, to achieve the effect of determining a target issuer when the authentication order is ranked first, the current authentication order being the ranked last authentication order, determining the target issuer from among the credential issuers according to the current authentication order, comprises:
and according to the last authentication sequence, determining the target issuer as all issuers and current issuers before the last authentication sequence from the certificate issuers.
For example, to generate the credential requires the issuer a, the issuer B, and the issuer C to participate, the authentication order of the issuer a is first, the authentication order of the issuer B is second, and the authentication order of the issuer C is last, and if the current issuer is the issuer C, the issuer a and the issuer B are before the issuer C, and the target issuers are the issuer a, the issuer B, and the issuer C.
140. And verifying the information to be verified according to the target issuer to obtain a verification result.
And the verification result is used for reflecting the verified information to be verified. For example, the verification result may be valid or invalid, the valid is used to represent that the information to be verified is verified, and the invalid is used to represent that the information to be verified is not verified.
In some embodiments, in order to achieve the effect of verifying the information to be verified by the issuer, the target issuer includes an issuer corresponding to an authentication sequence before the current authentication sequence, and the information to be verified includes first information to be verified and second information to be verified, where the first information to be verified is a certificate issued by an issuer corresponding to an authentication sequence before the current authentication sequence, and the second information to be verified is user data that needs to be verified by the current issuer, the information verifying unit is configured to:
verifying the certificate in the first information to be verified to obtain a certificate verification result;
and verifying the user data in the second information to be verified according to the certificate verification result to obtain a verification result.
And the certificate verification result is used for reflecting the result of the certificate after verification. For example, the credential verification result may be valid or invalid, the credential verification result being valid to indicate that the credential is verified, and the credential verification result being invalid to indicate that the credential is not verified.
Wherein the user profile is a profile associated with the user. For example, the user profile may be a family directory when applying for an identification card.
In some embodiments, the issuer signature in the credential is verified, resulting in a credential verification result.
Wherein the issuer signature is used to characterize the credential as being verified by the corresponding issuer. For example, the issuer signature may be an issuer's official seal, the issuer's principal's signature, and so on.
For example, if there is an issuer with an authentication sequence before the current authentication sequence in the target issuer, the target issuer includes issuer a and issuer B, where the current issuer is issuer B, issuer B needs to verify the credential a issued by issuer a, and when the credential a passes verification, the user profile is verified to obtain the verification result.
In some embodiments, in order to achieve the effect that the issuer verifies the information to be verified, the target issuer does not include the issuer corresponding to the authentication sequence before the current authentication sequence, and the information to be verified is the user profile that needs to be verified by the current issuer, the information verification unit is configured to:
and verifying the user data in the information to be verified to obtain a verification result.
For example, if there is no issuer with the authentication sequence before the current authentication sequence in the target issuer, the target issuer is issuer a, and issuer a only needs to verify the user profile submitted by the user to obtain the verification result.
150. And generating a certificate corresponding to the certificate application request according to the verification result, and issuing the certificate to the user.
In some embodiments, in order to protect the credential, generating a credential corresponding to the credential application request and issuing the credential to the user includes:
acquiring an encryption key;
encrypting the certificate corresponding to the certificate application request by adopting an encryption key to obtain an encrypted certificate;
the user is issued an encrypted credential.
Wherein the encryption key is used to encrypt the credential. For example, the encryption key may be a private key, and so on.
Wherein, the encrypted certificate is the encrypted certificate. For example, the encrypted credential is a credential encrypted with a private key.
For example, if the current issuer is issuer B, issuer B issues credential B to the user.
In some embodiments, to effect generation of a credential, an issuing unit is generated to:
acquiring the identity of the current issuer and the current authentication sequence according to the verification result;
and authenticating the information to be verified by adopting the identity of the current issuer and the current authentication sequence to obtain the certificate corresponding to the certificate application request.
Wherein, the identity of the current issuer is used for representing the identity of the current issuer. For example, the identity of the current issuer may be the name of the issuer, a number representing the identity of the issuer, and so on.
Wherein, the authentication is used for proving the authenticity of the information to be verified.
For example, when the verification structure is valid, the current issuer is issuer B, and issuer B obtains its own id and current authentication order 2, performs signature authentication on the information to be verified using the id of issuer B and current authentication order 2, and records the id of issuer B and current authentication order 2 on the certificate thus obtained.
In some embodiments, in order to generate a credential, authenticating the information to be verified by using the identity of the current issuer and the current authentication sequence to obtain a credential corresponding to the credential application request, including:
generating a voucher creation time and a voucher expiration time;
and authenticating the information to be verified by adopting the voucher creating time, the voucher expiration time, the identity of the current issuer and the current authentication sequence to obtain the voucher corresponding to the voucher application request.
Wherein the credential creation time is the time at which the credential was created.
Wherein, the voucher expiration time is the voucher expiration time.
For example, when the information to be verified is authenticated by adopting the certificate creation time and the certificate expiration time, the obtained certificate has timeliness.
In some embodiments, the obtaining unit is configured to:
and obtaining a credential contract from the blockchain, wherein the credential contract comprises a subject of the credential, issuers participating in the issuance of the credential and an authentication sequence corresponding to each issuer.
Wherein the subject matter of the voucher is used to characterize the content of the voucher.
For example, an issuer participating in the issuance of a credential may access a blockchain and retrieve a credential contract from the blockchain.
In some embodiments, in order to ensure that any issuer can control the validity of the voucher, after issuing the voucher to the user, the method further comprises:
rechecking the information to be verified corresponding to the certificate to obtain a rechecking result;
when the rechecking result does not meet the preset condition, carrying out revocation authentication on the certificate contract corresponding to the certificate to obtain revocation information;
and uploading the revocation information so that the verifier determines that the certificate corresponding to the certificate contract is invalid according to the revocation information.
Wherein, the re-verification is the verification after the last verification. For example, the issuer performs the second authentication on the information to be authenticated again after performing the first authentication on the information to be authenticated.
And the rechecking result is a corresponding result after the information to be verified is rechecked.
The preset condition is used for limiting the result of the double-check. For example, the preset condition may be that the result of the double check is doubtful, or that the result of the double check is doubtful.
The revocation certificate is used for performing credit guarantee on the revocation behavior. For example, when an issuer invalidates a credential contract corresponding to a credential, the issuer ensures that the credential is invalid through its own authentication.
Wherein the revocation information is used to characterize revocation of the credential.
Wherein the revocation information may be uploaded on a blockchain, on a cloud server, on a server, locally, and/or the like.
For example, after a certificate is issued, an issuer participating in the certificate issue performs a review of the certificate, and if the review result does not meet a preset condition, the issuer issues a revocation certificate for canceling the link participating in the certificate generation, so that the certificate is invalid. For example, the issuer of the credential B includes an issuer a and an issuer B, the generation of the credential B requires the credential a issued by the issuer a, that is, the credential contract is associated with the credential a, the issuer a performs a retest on the information to be verified sent by the user, and after the retest result does not meet the preset condition, the issuer a performs revocation authentication on the credential contract corresponding to the credential a, so that the credential B corresponding to the credential contract is invalid.
In some embodiments, the revocation information is uploaded, the apparatus being further configured to:
and uploading the revocation information to a revocation contract in the block chain, wherein the revocation contract is associated with the certificate contract.
Wherein the revocation contract is used to characterize an issuer's assertion of revocation information.
For example, when there is revocation information in a revocation contract, the credential contract associated with the revocation contract is invalid, and thus, the credential associated with the credential contract is invalid.
In some embodiments, revocation contracts are created for issuers participating in the issuance of credentials.
In some embodiments, in order to invalidate the credential, revocation authentication is performed on a credential contract corresponding to the credential, and revocation information is obtained, including:
acquiring the identity of the current issuer and the contract number of the certificate contract corresponding to the certificate;
and carrying out revocation authentication on the contract number by adopting the identity of the current issuer to obtain revocation information.
Wherein the contract number is an identification of the credential contract.
For example, the certificate corresponding to the certificate contract is the certificate B, and the certificate contract relates to the authentication of the issuer a and the issuer B when participating in the generation of the certificate B, and the generation of the certificate B requires the certificate a issued by the issuer a.
The certificate issuing scheme provided by the embodiment of the application can be applied to various certificate generating scenes. For example, taking issuing an identity certificate as an example, a certificate application request initiated by a user and a certificate contract are obtained, the certificate application request carries information to be verified, and the certificate contract comprises an authentication sequence of an issuer participating in certificate issuing; acquiring a current authentication sequence corresponding to a current issuer from a certificate contract, wherein the current issuer is an issuer corresponding to a request for receiving a certificate application; according to the current authentication sequence, determining a target issuer from the certificate issuers, wherein the certificate issuer is an issuer participating in certificate issuance, and the target issuer comprises an issuer with the authentication sequence before the current authentication sequence and the current issuer; verifying the information to be verified according to the target issuer to obtain a verification result; and generating a certificate corresponding to the certificate application request according to the verification result, and issuing the certificate to the user. By adopting the scheme provided by the embodiment of the application, the generation of the voucher participated by a plurality of issuers can be met, and meanwhile, the voucher generation process can be traced.
Therefore, the authentication sequence of each issuer in the credential generation process is limited by the credential contract when the credential is generated, and the generation of multiple issuers and credentials can be met, so that the credential can prove multiple attributes of a user, and the credential can be conveniently traced according to the credential contract.
In this embodiment, a credential verification method in a blockchain is provided, as shown in fig. 2, a specific flow of the credential verification method may be as follows:
210. the method includes the steps of obtaining a certificate in any certificate issuing method in a blockchain, wherein the certificate is sent by a user and comprises authentication information and an authentication sequence of an issuer.
Wherein the authentication information is used for representing that the certificate is valid. For example, the authentication information may include an issuer's official seal, identification, a signature of the issuer's principal, and so forth.
220. And inquiring a certificate contract corresponding to the certificate.
In some embodiments, the apparatus is configured to query a credential contract for credentials, the apparatus being configured to:
a credential contract corresponding to the credential is queried from the blockchain.
230. And verifying the authentication information in the certificate and the authentication sequence of the issuer according to the certificate contract to obtain a certificate verification result.
In some embodiments, after the certificate is encrypted by the encryption key, verifying the authentication information in the certificate and the authentication sequence of the issuer according to the certificate contract to obtain a certificate verification result, including:
acquiring a decryption key;
decrypting the certificate by adopting the decryption key to obtain the decrypted certificate;
and verifying the authentication information in the decrypted certificate and the authentication sequence of the issuer according to the certificate contract to obtain a certificate verification result.
Wherein the decryption key is used to decrypt the credential. For example, the decryption key may be a public key, and so on.
240. And determining that the certificate is valid according to the certificate verification result so that the verifying party passes the application request of the user according to the certificate.
Wherein the authenticator is used for authenticating the credential. For example, the verifying party may be a government, a business, an organization, and so on.
In some embodiments, to effect the authentication party verifying the credential, a credential determination unit to:
obtaining revocation information associated with a credential contract;
and determining that the certificate corresponding to the certificate contract is valid according to the revocation information and the certificate verification result.
For example, after the verifier verifies the certificate, revocation information associated with the certificate contract of the certificate is acquired, and when the revocation information includes revocation authentication of the issuer, it can be determined that the certificate corresponding to the certificate contract is invalid.
In some embodiments, revocation information associated with a credential contract is obtained, the apparatus to:
determining a revocation contract associated with the credential contract according to the blockchain;
revocation information is obtained from a revocation contract.
In some embodiments, to effect the verifier verifying the credential, the credential further comprises an identification of the user and the issuer, the credential determination unit to:
acquiring an identity information cluster, wherein the identity information cluster is composed of identity marks of a user and an issuer;
verifying the identity of the user and the issuer in the certificate by adopting the identity information cluster to obtain an identity verification result;
and determining that the certificate is valid according to the identity identification verification result and the certificate verification result.
The identity information cluster is a cluster formed by identity information.
The identity mark is used for representing identity information.
For example, the verifier may query identity information of the user and the issuer in the identity information cluster, so that the verifier may determine the correctness of the identities of the user and the issuer in the credential.
The certificate verification scheme provided by the embodiment of the application can be applied to various certificate verification scenes. For example, a shopping website verification certificate is used, specifically, when a user purchases at a website, the user needs to register a shopping identity at the website, the user needs to provide a certificate to the website at this time, the website verifies the certificate through a block chain, and after the certificate is verified to be valid, the website sends the shopping identity to the user as an example, to obtain a certificate in any certificate issuing method in the block chain as provided by the embodiment of the present application, which is sent by the user, where the certificate includes authentication information and an authentication sequence of an issuer; inquiring a certificate contract corresponding to the certificate; verifying the authentication information in the certificate and the authentication sequence of the issuer according to the certificate contract to obtain a certificate verification result; and determining that the certificate is valid according to the certificate verification result so that the verifying party passes the application request of the user according to the certificate. By adopting the scheme provided by the embodiment of the application, the verifying party can verify the certificates issued by a plurality of issuing parties according to the certificate contract, and the verifying capability of the verifying party on the certificates is improved.
As can be seen from the above, the present embodiment of the application enables the verifier to verify the certificates issued by a plurality of issuers, i.e. to verify the certificates with multiple attributes. Therefore, the scheme can improve the verification capability of the verifier on the certificate.
The method described in the above embodiments is further described in detail below.
In this embodiment, the method of the embodiment of the present application will be described in detail by taking a certificate issuing and verifying system as an example.
In the system scheme for issuing and verifying the voucher, provided by the embodiment of the application, the voucher issued by a plurality of issuers can be traced. As shown in fig. 3, the interaction between the issuing and verifying systems of the certificate can be known, and the specific interaction flow is as follows:
a plurality of issuers form a federation, and a credential contract is agreed to register, wherein the credential contract is used for the issuer issuing the credential and the authentication sequence of the issuer participating in the issuance of the credential.
In some embodiments, a credential contract is registered on the blockchain by any issuer participating in the issuance of credentials.
In some embodiments, registering a credential contract requires including the contract name, each issuer address, and the authentication order of the issuers participating in the issuance of the credential.
And (II) each issuer participating in the issuance of the certificate acquires the certificate contract from the blockchain.
And (III) the user initiates a certificate application request to the first issuer, wherein the certificate application request carries the information to be verified.
For example, if the user first makes a request for a credential application to the village commission issuer, the information to be authenticated may be information related to the user's identity.
And (IV) the first issuing party authenticates the information to be verified according to the certificate application request to obtain a certificate V0, and issues a certificate V0 to the user.
In some embodiments, the issuer authenticates the information to be verified, the first issuer's authentication order, the credential creation time, and the credential expiration time, resulting in credential V0.
In some embodiments, an elliptic curve signature algorithm is employed to authenticate the information to be verified.
In some embodiments, credential V0 is encrypted with an encryption key.
And (V) the user initiates a certificate application request to the next issuer, wherein the certificate application request carries information to be verified, and the information to be verified comprises the certificate V0 and the user profile.
And (sixthly), the next issuer authenticates the certificate V0 and the user profile in the information to be verified to obtain a certificate V1, and issues the certificate V1 to the user.
And (seventhly) obtaining a certificate V2 until the last issuer authenticates the information to be verified sent by the user, and issuing the certificate V2 to the user.
In some embodiments, if any of the issuers involved in the issuance of the credential V2 has a question about the information to be verified, that issuer de-authenticates the credential number of the credential contract, obtains the revocation information, and uploads the revocation information to the blockchain.
In some embodiments, when an issuer uploads revocation information, the blockchain needs to determine that the upload address is the address of the issuer.
(eighth), the user holds the certificate V2 and authenticates with the authenticator.
(nine) the verifier determines from the credential contract a list of issuers to participate in the credential V2.
In some embodiments, the verifier obtains the credential contract from the blockchain.
(ten) the verifier verifies whether the issuer in the credential V2 matches the issuer name in the credential contract and whether the authentication order of the issuer matches the authentication order in the credential contract, and verifies the identity information of each issuer in the credential V2 and the identity information of the user to obtain a credential verification result.
In some embodiments, after the result of the certificate verification, further comprising:
the verifying party acquires revocation information related to the certificate contract from the block chain and verifies the revocation information;
if the revocation information is valid, the credential V2 is revoked;
if the revocation information is invalid, the authenticator determines that the certificate V2 is valid according to the certificate verification result.
And (eleventh) after the certificate verification result passes, the authentication party provides service for the user.
As can be seen from the above, ensuring that a credential is issued by a credential contract requires multiple issuers to jointly control, no longer a single issuer. By means of the revocation information, the certificate can be guaranteed to be revoked after any one of the issuers participating in the certificate issuance doubts the certificate. The verifier does not verify one authentication information singly any more, the certificate needs to be verified according to the name of the issuer agreed by the certificate contract, and the revocation information associated with the certificate needs to be verified, so that the validity of the certificate can be determined, and the tracing of issuing the certificate by a plurality of issuers is realized.
In order to better implement the above method, the embodiment of the present application further provides a credential issuing apparatus in a blockchain, where the credential issuing apparatus may be specifically integrated in an electronic device, and the electronic device may be a terminal, a server, or the like. The terminal can be a mobile phone, a tablet computer, an intelligent Bluetooth device, a notebook computer, a personal computer and other devices; the server may be a single server or a server cluster composed of a plurality of servers.
For example, in the present embodiment, the method of the present embodiment will be described in detail by taking an example in which the credential issuing device in the blockchain is specifically integrated in one terminal.
For example, as shown in fig. 4, the credential issuing apparatus in the block chain may include an acquisition unit, an order determination unit, an issuer determination unit, an information verification unit, and a generation issuing unit for generating a credential in which a plurality of issuers participate, as follows:
an acquisition unit 410;
the obtaining unit 410 is configured to obtain a credential application request initiated by a user and a credential contract, where the credential application request carries information to be verified, and the credential contract includes an authentication sequence of an issuer participating in credential issuance.
(II) an order determination unit 420;
the order determining unit 420 is configured to obtain a current authentication order corresponding to an issuer from the credential contract, where the current issuer is an issuer corresponding to the request for receiving the credential application.
(iii) issuer determining unit 430;
the issuer determining unit 430 is configured to determine a target issuer from the credential issuers according to the current authentication sequence, where the credential issuer is an issuer participating in credential issuance, and the target issuer includes an issuer with an authentication sequence before the current authentication sequence and the current issuer.
(iv) an information verifying unit 440;
and an information verification unit 440, configured to verify the information to be verified according to the target issuer, so as to obtain a verification result.
In some embodiments, the target issuer includes an issuer corresponding to an authentication sequence before a current authentication sequence, the information to be verified includes first information to be verified and second information to be verified, the first information to be verified is a certificate issued by the issuer corresponding to the authentication sequence before the current authentication sequence, the second information to be verified is user data that needs to be verified by the current issuer, and the information verification unit is configured to:
verifying the certificate in the first information to be verified to obtain a certificate verification result;
and verifying the user data in the second information to be verified according to the certificate verification result to obtain a verification result.
In some embodiments, the target issuer does not include an issuer corresponding to an authentication sequence before the current authentication sequence, the information to be verified is user data that needs to be verified by the current issuer, and the information verification unit is configured to:
and verifying the user data in the information to be verified to obtain a verification result.
(V) generating and issuing unit 450;
the generating and issuing unit 450 is configured to generate a credential corresponding to the credential application request according to the verification result, and issue the credential to the user.
In some embodiments, an issue unit is generated to:
acquiring the identity of the current issuer and the current authentication sequence according to the verification result;
and authenticating the information to be verified by adopting the identity of the current issuer and the current authentication sequence to obtain the certificate corresponding to the certificate application request.
In some embodiments, authenticating the information to be verified by using the identity of the current issuer and the current authentication sequence to obtain a credential corresponding to the credential application request includes:
generating a voucher creation time and a voucher expiration time;
and authenticating the information to be verified by adopting the voucher creating time, the voucher expiration time, the identity of the current issuer and the current authentication sequence to obtain the voucher corresponding to the voucher application request.
In some embodiments, the obtaining unit is configured to:
and obtaining a credential contract from the blockchain, wherein the credential contract comprises a subject of the credential, issuers participating in the issuance of the credential and an authentication sequence corresponding to each issuer.
In some embodiments, after issuing the credential to the user, further comprising:
rechecking the information to be verified corresponding to the certificate to obtain a rechecking result;
when the rechecking result does not meet the preset condition, carrying out revocation authentication on the certificate contract corresponding to the certificate to obtain revocation information;
and uploading the revocation information so that the verifier determines that the certificate corresponding to the certificate contract is invalid according to the revocation information.
In some embodiments, performing revocation authentication on a credential contract corresponding to a credential to obtain revocation information includes:
acquiring the identity of the current issuer and the contract number of the certificate contract corresponding to the certificate;
and carrying out revocation authentication on the contract number by adopting the identity of the current issuer to obtain revocation information.
In some embodiments, the revocation information is uploaded, the apparatus being configured to:
and uploading the revocation information to a revocation contract in the block chain, wherein the revocation contract is associated with the certificate contract.
In some embodiments, revocation contracts are created for issuers participating in the issuance of credentials.
In a specific implementation, the above units may be implemented as independent entities, or may be combined arbitrarily to be implemented as the same or several entities, and the specific implementation of the above units may refer to the foregoing method embodiments, which are not described herein again.
As can be seen from the above, in the credential issuing apparatus in the blockchain of this embodiment, the obtaining unit obtains the credential application request initiated by the user and the credential contract, where the credential application request carries information to be verified, and the credential contract includes the authentication sequence of the issuer participating in credential issuing; the order determining unit acquires a current authentication order corresponding to an issuer from the certificate contract, wherein the current issuer is the issuer corresponding to the received certificate application request; the method comprises the steps that an issuer determining unit determines a target issuer from certificate issuers according to a current authentication sequence, wherein the certificate issuer is an issuer participating in certificate issuance, and the target issuer comprises an issuer with the authentication sequence before the current authentication sequence and the current issuer; the information verification unit verifies the information to be verified according to the target issuer to obtain a verification result; and the generation and issuance unit generates a certificate corresponding to the certificate application request according to the verification result and issues the certificate to the user.
Therefore, the embodiment of the application can satisfy the generation of the certificates participated by a plurality of issuers, so that the certificates can prove multiple attributes of the user.
In order to better implement the above method, an embodiment of the present application further provides a credential verifying apparatus in a blockchain, where the credential verifying apparatus may be specifically integrated in an electronic device, and the electronic device may be a terminal, a server, or the like. The terminal can be a mobile phone, a tablet computer, an intelligent Bluetooth device, a notebook computer, a personal computer and other devices; the server may be a single server or a server cluster composed of a plurality of servers.
For example, in the present embodiment, the method of the present embodiment will be described in detail by taking an example in which the credential verifying device in the blockchain is specifically integrated in a terminal.
For example, as shown in fig. 5, the credential verifying apparatus in the blockchain may include a credential obtaining unit, a contract inquiring unit, a credential verifying unit, and a credential determining unit, which are used to verify the credential issued by the issuer, as follows:
a credential obtaining unit 510;
a credential obtaining unit 510, configured to obtain a credential in any one of the credential issuing methods in the blockchain as provided in the embodiments of the present application, where the credential includes authentication information and an authentication order of an issuer;
(II) contract query unit 520;
a contract inquiry unit 520, configured to inquire a credential contract corresponding to the credential;
in some embodiments, the apparatus is configured to query a credential contract for credentials, the apparatus being configured to:
a credential contract corresponding to the credential is queried from the blockchain.
(iii) a credential verification unit 530;
a certificate verification unit 530, configured to verify the authentication information in the certificate and the authentication sequence of the issuer according to the certificate contract, to obtain a certificate verification result;
(iv) a credential determination unit 540;
the credential determining unit 540 is configured to determine that the credential is valid according to the credential verification result, so that the verifying party passes the application request of the user according to the credential.
In some embodiments, a credential determination unit to:
obtaining revocation information associated with the credential contract;
and determining that the certificate corresponding to the certificate contract is valid according to the revocation information and the certificate verification result.
In some embodiments, revocation information associated with a credential contract is obtained, the apparatus to:
determining a revocation contract associated with the credential contract according to the blockchain;
revocation information is obtained from a revocation contract.
In some embodiments, the credential further comprises an identification of the user and the issuer, the credential determination unit to:
acquiring an identity information cluster, wherein the identity information cluster is composed of identity marks of a user and an issuer;
verifying the identity of the user and the issuer in the certificate by adopting the identity information cluster to obtain an identity verification result;
and determining that the certificate is valid according to the identity identification verification result and the certificate verification result.
In a specific implementation, the above units may be implemented as independent entities, or may be combined arbitrarily to be implemented as the same or several entities, and the specific implementation of the above units may refer to the foregoing method embodiments, which are not described herein again.
As can be seen from the above, in the credential verifying apparatus of the present embodiment, the credential obtaining unit obtains the credential in any one of the credential issuing methods in the blockchain as provided in the embodiments of the present application, where the credential includes the authentication information and the authentication sequence of the issuer; inquiring a certificate contract corresponding to the certificate by a contract inquiry unit; verifying the authentication information in the certificate and the authentication sequence of the issuer by the certificate verification unit according to the certificate contract to obtain a certificate verification result; and the certificate determining unit determines that the certificate is valid according to the certificate verification result so that the verifying party can pass the application request of the user according to the certificate.
Therefore, the method and the device enable the verifier to verify the certificates issued by a plurality of issuers, and enable the certificates to prove multiple attributes of the user.
Correspondingly, the embodiment of the present application further provides an electronic device, where the electronic device may be a terminal or a server, and the terminal may be a terminal device such as a smart phone, a tablet computer, a notebook computer, a touch screen, a game machine, a Personal computer, and a Personal Digital Assistant (PDA).
As shown in fig. 6, fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application, where the electronic device 600 includes a processor 610 having one or more processing cores, a memory 620 having one or more computer-readable storage media, and a computer program stored in the memory 620 and capable of running on the processor. The processor 610 is electrically connected to the memory 620. Those skilled in the art will appreciate that the electronic device configurations shown in the figures do not constitute limitations of the electronic device, and may include more or fewer components than shown, or some components in combination, or a different arrangement of components.
The processor 610 is a control center of the electronic device 600, connects various parts of the entire electronic device 600 using various interfaces and lines, and performs various functions of the electronic device 600 and processes data by running or loading software programs and/or modules stored in the memory 620 and calling data stored in the memory 620, thereby performing overall monitoring of the electronic device 600.
In this embodiment of the present application, the processor 610 in the electronic device 600 loads instructions corresponding to processes of one or more applications into the memory 620, and the processor 610 executes the applications stored in the memory 620, so as to implement the functions of credential issuance and credential verification in the blockchain, as follows:
functionality for credential issuance in blockchains, including:
acquiring a certificate application request and a certificate contract initiated by a user, wherein the certificate application request carries information to be verified, and the certificate contract comprises an authentication sequence of an issuer participating in certificate issuance;
acquiring a current authentication sequence corresponding to a current issuer from a certificate contract, wherein the current issuer is an issuer corresponding to a request for receiving a certificate application;
according to the current authentication sequence, determining a target issuer from the certificate issuers, wherein the certificate issuer is an issuer participating in certificate issuance, and the target issuer comprises an issuer with the authentication sequence before the current authentication sequence and the current issuer;
verifying the information to be verified according to the target issuer to obtain a verification result;
and generating a certificate corresponding to the certificate application request according to the verification result, and issuing the certificate to the user.
The functions of credential validation include:
obtaining a certificate in any certificate issuing method in a block chain, wherein the certificate is sent by a user and comprises authentication information and an authentication sequence of an issuer;
inquiring a certificate contract corresponding to the certificate;
verifying the authentication information in the certificate and the authentication sequence of the issuer according to the certificate contract to obtain a certificate verification result;
and determining that the certificate is valid according to the certificate verification result so that the verifying party passes the application request of the user according to the certificate.
The above operations can be implemented in the foregoing embodiments, and are not described in detail herein.
Optionally, as shown in fig. 6, the electronic device 600 further includes: touch display 630, radio circuit 640, audio circuit 650, input unit 660 and power supply 670. The processor 610 is electrically connected to the touch display 630, the rf circuit 640, the audio circuit 650, the input unit 660, and the power source 670. Those skilled in the art will appreciate that the electronic device configuration shown in fig. 6 does not constitute a limitation of the electronic device and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
The touch display screen 630 may be used for displaying a graphical user interface and receiving operation instructions generated by a user acting on the graphical user interface. Touch display screen 630 may include a display panel and a touch panel. The display panel may be used, among other things, to display information entered by or provided to a user and various graphical user interfaces of the electronic device, which may be made up of graphics, text, icons, video, and any combination thereof. Alternatively, the Display panel may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like. The touch panel may be used to collect touch operations of a user on or near the touch panel (for example, operations of the user on or near the touch panel using any suitable object or accessory such as a finger, a stylus pen, and the like), and generate corresponding operation instructions, and the operation instructions execute corresponding programs. Alternatively, the touch panel may include two parts, a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 610, and can receive and execute commands sent by the processor 610. The touch panel may cover the display panel, and when the touch panel detects a touch operation thereon or nearby, the touch panel transmits the touch operation to the processor 610 to determine the type of the touch event, and then the processor 610 provides a corresponding visual output on the display panel according to the type of the touch event. In the embodiment of the present application, the touch panel and the display panel may be integrated into the touch display screen 630 to realize input and output functions. However, in some embodiments, the touch panel and the touch panel can be implemented as two separate components to perform the input and output functions. That is, the touch display 630 may also be used as a part of the input unit 660 to implement an input function.
In the embodiment of the present application, the processor 610 executes the command for generating or verifying the credential transmitted through the touch display 630.
The rf circuit 640 may be used for transceiving rf signals to establish wireless communication with a network device or other electronic devices through wireless communication, and for transceiving signals with the network device or other electronic devices.
The audio circuitry 650 may be used to provide an audio interface between a user and an electronic device through a speaker, microphone. The audio circuit 650 may transmit the electrical signal converted from the received audio data to a speaker, and convert the electrical signal into an audio signal for output; on the other hand, the microphone converts the collected sound signal into an electrical signal, which is received by the audio circuit 650 and converted into audio data, which is then processed by the audio data output processor 610 and then transmitted to, for example, another electronic device via the rf circuit 640, or output to the memory 620 for further processing. The audio circuitry 650 may also include an earbud jack to provide communication of a peripheral headset with the electronic device.
The input unit 660 may be used to receive input numbers, character information, or user characteristic information (e.g., fingerprint, iris, facial information, etc.), and generate keyboard, mouse, joystick, optical, or trackball signal inputs related to user settings and function control.
The power supply 670 is used to power various components of the electronic device 600. Optionally, the power supply 670 may be logically connected to the processor 610 through a power management system, so as to implement functions of managing charging, discharging, and power consumption management through the power management system. The power supply 670 may also include one or more dc or ac power sources, recharging systems, power failure detection circuitry, power converters or inverters, power status indicators, or any other component.
Although not shown in fig. 6, the electronic device 600 may further include a camera, a sensor, a wireless fidelity module, a bluetooth module, etc., which are not described in detail herein.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
As can be seen from the above, the electronic device provided in this embodiment can satisfy the generation of multiple issuers and vouchers, and can enable the verifier to verify vouchers issued by multiple issuers.
It will be understood by those skilled in the art that all or part of the steps of the methods of the above embodiments may be performed by instructions or by associated hardware controlled by the instructions, which may be stored in a computer readable storage medium and loaded and executed by a processor.
To this end, the embodiments of the present application provide a computer-readable storage medium, in which a plurality of computer programs are stored, and the computer programs can be loaded by a processor to execute the steps of any one of the credential issuing method in blockchain and the credential verifying method in blockchain provided by the embodiments of the present application. For example, the computer program may perform the steps of:
a method of credential issuance in a blockchain, comprising:
acquiring a certificate application request and a certificate contract initiated by a user, wherein the certificate application request carries information to be verified, and the certificate contract comprises an authentication sequence of an issuer participating in certificate issuance;
acquiring a current authentication sequence corresponding to a current issuer from a certificate contract, wherein the current issuer is an issuer corresponding to a request for receiving a certificate application;
according to the current authentication sequence, determining a target issuer from the certificate issuers, wherein the certificate issuer is an issuer participating in certificate issuance, and the target issuer comprises an issuer with the authentication sequence before the current authentication sequence and the current issuer;
verifying the information to be verified according to the target issuer to obtain a verification result;
and generating a certificate corresponding to the certificate application request according to the verification result, and issuing the certificate to the user.
And a credential validation method in a blockchain, comprising:
obtaining a certificate in any certificate issuing method in a block chain, wherein the certificate is sent by a user and comprises authentication information and an authentication sequence of an issuer;
inquiring a certificate contract corresponding to the certificate;
verifying the authentication information in the certificate and the authentication sequence of the issuer according to the certificate contract to obtain a certificate verification result;
and determining that the certificate is valid according to the certificate verification result so that the verifying party passes the application request of the user according to the certificate.
The above operations can be implemented in the foregoing embodiments, and are not described in detail herein.
Wherein the storage medium may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.
Since the computer program stored in the storage medium can execute the steps in the credential issuing method and the steps in the credential verifying method in the blockchain provided in the embodiments of the present application, the beneficial effects that can be achieved by any of the credential issuing method and the credential verifying method in the blockchain provided in the embodiments of the present application can be achieved, which are detailed in the foregoing embodiments and will not be described again here.
The method for issuing a certificate and the method for verifying a certificate in a blockchain provided by the embodiment of the present application are described in detail above, and a specific example is applied in the description to explain the principle and the embodiment of the present application, and the description of the above embodiment is only used to help understanding the method and the core idea of the present application; meanwhile, for those skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (18)
1. A method of credential issuance in a blockchain, comprising:
obtaining a certificate application request initiated by a user and a certificate contract, wherein the certificate application request carries information to be verified, and the certificate contract comprises an authentication sequence of an issuer participating in certificate issuance;
obtaining a current authentication sequence corresponding to a current issuer from the certificate contract, wherein the current issuer is the issuer corresponding to the received certificate application request;
according to the current authentication sequence, determining a target issuer from the certificate issuers, wherein the certificate issuer is the issuer participating in certificate issuance, and the target issuer comprises the issuer with the authentication sequence before the current authentication sequence and the current issuer;
verifying the information to be verified according to the target issuer to obtain a verification result;
and generating a certificate corresponding to the certificate application request according to the verification result, and issuing the certificate to the user.
2. The method of claim 1, wherein the current authentication order is a first-ranked authentication order, and wherein determining the target issuer from among the credential issuers based on the current authentication order comprises:
and according to the first authentication sequence, determining the target issuer as the current issuer from the certificate issuer.
3. The method of claim 1, wherein the current authentication order is a last-ranked authentication order, and wherein determining the target issuer from among the credential issuers based on the current authentication order comprises:
and according to the last authentication sequence, determining target issuers as all issuers before the last authentication sequence and the current issuer from the certificate issuers.
4. The method of claim 1, wherein the target issuer comprises an issuer corresponding to an authentication sequence before the current authentication sequence, the to-be-verified information comprises first to-be-verified information and second to-be-verified information, the first to-be-verified information is a certificate issued by an issuer corresponding to the authentication sequence before the current authentication sequence, the second to-be-verified information is user data required to be verified by the current issuer, and verifying the to-be-verified information according to the target issuer to obtain a verification result comprises:
verifying the certificate in the first information to be verified to obtain a certificate verification result;
and verifying the user data in the second information to be verified according to the certificate verification result to obtain a verification result.
5. The method of claim 1, wherein the target issuer does not include an issuer corresponding to an authentication sequence before the current authentication sequence, the to-be-verified information is a user profile that the current issuer needs to verify, and the verifying the to-be-verified information according to the target issuer to obtain a verification result comprises:
and verifying the user data in the information to be verified to obtain a verification result.
6. The method of claim 1, wherein the generating the credential corresponding to the credential application request according to the verification result comprises:
acquiring the identity of the current issuer and the current authentication sequence according to the verification result;
and authenticating the information to be verified by adopting the identity of the current issuer and the current authentication sequence to obtain the certificate corresponding to the certificate application request.
7. The method of claim 6, wherein the authenticating the information to be verified using the identity of the current issuer and the current authentication sequence to obtain the credential corresponding to the credential application request comprises:
generating a voucher creation time and a voucher expiration time;
and authenticating the information to be verified by adopting the voucher creating time, the voucher expiration time, the identity of the current issuer and the current authentication sequence to obtain a voucher corresponding to the voucher application request.
8. The method of claim 1, wherein obtaining a credential contract comprises:
and obtaining a voucher contract from the blockchain, wherein the voucher contract comprises a voucher subject, issuers participating in voucher issuance and an authentication sequence corresponding to each issuer.
9. The method of claim 1, after said issuing said credential to said user, further comprising:
rechecking the information to be verified corresponding to the certificate to obtain a rechecking result;
when the rechecking result does not meet the preset condition, carrying out revocation authentication on the certificate contract corresponding to the certificate to obtain revocation information;
and uploading the revocation information so that a verifier determines that the certificate corresponding to the certificate contract is invalid according to the revocation information.
10. The method of claim 9, wherein said revoking the credential contract for the credential to obtain revocation information comprises:
acquiring the identity of the current issuer and a contract number of the certificate contract corresponding to the certificate;
and carrying out revocation authentication on the contract number by adopting the identity of the current issuer to obtain revocation information.
11. The method of claim 9, wherein said uploading the revocation information comprises:
and uploading the revocation information to a revocation contract in a block chain, wherein the revocation contract is associated with the credential contract.
12. A method for credential validation in a blockchain, comprising:
acquiring the certificate in the certificate issuing method in the blockchain according to any one of claims 1 to 8, wherein the certificate comprises authentication information and an authentication sequence of an issuer;
inquiring a certificate contract corresponding to the certificate;
verifying the authentication information in the certificate and the authentication sequence of the issuer according to the certificate contract to obtain a certificate verification result;
and determining that the certificate is valid according to the certificate verification result so that a verifier can pass the application request of the user according to the certificate.
13. The method of claim 12, wherein said determining that the credential is valid based on the verification result comprises:
obtaining revocation information associated with the credential contract;
and determining that the certificate corresponding to the certificate contract is valid according to the revocation information and the certificate verification result.
14. The method of claim 12, wherein the credential further includes an identification of the user and the issuer, and wherein determining that the credential is valid based on the credential validation result comprises:
acquiring an identity information cluster, wherein the identity information cluster is composed of identity identifications of a user and an issuer;
verifying the identity of the user and the issuer in the certificate by adopting the identity information cluster to obtain an identity verification result;
and determining that the certificate is valid according to the identity identification verification result and the certificate verification result.
15. A credential issuance apparatus in a blockchain, comprising:
the system comprises an acquisition unit and a verification unit, wherein the acquisition unit is used for acquiring a certificate application request initiated by a user and a certificate contract, the certificate application request carries information to be verified, and the certificate contract comprises an authentication sequence of an issuer participating in certificate issuance;
a sequence determining unit, configured to obtain, from the credential contract, a current authentication sequence corresponding to a current issuer, where the current issuer is an issuer corresponding to the credential application request;
an issuer determining unit, configured to determine a target issuer from credential issuers according to the current authentication sequence, where the credential issuer is the issuer participating in credential issuance, and the target issuer includes an issuer with an authentication sequence before the current authentication sequence and the current issuer;
the information verification unit is used for verifying the information to be verified according to the target issuer to obtain a verification result;
and the generation and issuance unit is used for generating a certificate corresponding to the certificate application request according to the verification result and issuing the certificate to the user.
16. A credential validation apparatus in a blockchain, comprising:
a credential acquiring unit, configured to acquire the credential in the method for issuing a credential in a blockchain according to any one of claims 1 to 8, where the credential includes authentication information and an authentication order of an issuer;
the contract inquiry unit is used for inquiring the certificate contract corresponding to the certificate;
the certificate verification unit is used for verifying the authentication information in the certificate and the authentication sequence of the issuer according to the certificate contract to obtain a certificate verification result;
and the certificate determining unit is used for determining that the certificate is valid according to the certificate verification result so that the verifying party can pass the application request of the user according to the validity of the certificate.
17. A terminal comprising a processor and a memory, said memory storing a plurality of instructions; the processor loads instructions from the memory to perform the steps of the method of issuing a credential in a blockchain according to any one of claims 1 to 11 or the steps of the method of validating a credential in a blockchain according to any one of claims 12 to 14.
18. A computer readable storage medium storing instructions adapted to be loaded by a processor to perform the steps of the method for issuing a credential in a blockchain according to any one of claims 1 to 11 or the steps of the method for validating a credential in a blockchain according to any one of claims 12 to 14.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210056657.4A CN114418573A (en) | 2022-01-18 | 2022-01-18 | Certificate issuing method and certificate verifying method in block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210056657.4A CN114418573A (en) | 2022-01-18 | 2022-01-18 | Certificate issuing method and certificate verifying method in block chain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114418573A true CN114418573A (en) | 2022-04-29 |
Family
ID=81273734
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210056657.4A Pending CN114418573A (en) | 2022-01-18 | 2022-01-18 | Certificate issuing method and certificate verifying method in block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114418573A (en) |
-
2022
- 2022-01-18 CN CN202210056657.4A patent/CN114418573A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11139978B2 (en) | Portable biometric identity on a distributed data storage layer | |
| US11665006B2 (en) | User authentication with self-signed certificate and identity verification | |
| US11671267B2 (en) | System and method for verifying an identity of a user using a cryptographic challenge based on a cryptographic operation | |
| US11522848B2 (en) | Systems and methods for providing digital identity records to verify identities of users | |
| CN109951489B (en) | Digital identity authentication method, equipment, device, system and storage medium | |
| CN110598482B (en) | Digital certificate management method, device, equipment and storage medium based on blockchain | |
| CN111475841B (en) | Access control method, related device, equipment, system and storage medium | |
| CN110300083B (en) | Method, terminal and verification server for acquiring identity information | |
| CN110826043B (en) | Digital identity application system and method, identity authentication system and method | |
| WO2017041599A1 (en) | Service processing method and electronic device | |
| CN110245144A (en) | Protocol data management method, device, storage medium and system | |
| CN113343208A (en) | Certificate authorization method, device, terminal and storage medium | |
| CN110601858B (en) | Certificate management method and device | |
| WO2019010669A1 (en) | Method, apparatus and system for identity validity verification | |
| CN108763967A (en) | Obtain system, method, apparatus and the storage medium of device certificate | |
| CN115001841A (en) | Identity authentication method, identity authentication device and storage medium | |
| CN107682160A (en) | The authentication method and device of a kind of production equipment, electronic equipment | |
| CN114844629A (en) | Verification method and device of block chain account, computer equipment and storage medium | |
| KR20200112229A (en) | Electronic device for providing personal information and operating method thereof | |
| JP2010152492A (en) | Device, system, and method for providing personal information | |
| JP5409871B2 (en) | Personal information providing apparatus and personal information providing method | |
| CN114418573A (en) | Certificate issuing method and certificate verifying method in block chain | |
| CN113746640A (en) | Digital certificate using method and device, computer equipment and storage medium | |
| KR101679183B1 (en) | Server and method for electronic signature | |
| CN114282270B (en) | Method, device, terminal and storage medium for managing certificates in block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |