CN115022039B - Information processing method, apparatus, device and storage medium - Google Patents
Information processing method, apparatus, device and storage medium Download PDFInfo
- Publication number
- CN115022039B CN115022039B CN202210619665.5A CN202210619665A CN115022039B CN 115022039 B CN115022039 B CN 115022039B CN 202210619665 A CN202210619665 A CN 202210619665A CN 115022039 B CN115022039 B CN 115022039B
- Authority
- CN
- China
- Prior art keywords
- attribute
- information
- identity
- certificate
- blockchain network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000010365 information processing Effects 0.000 title claims abstract description 31
- 238000003672 processing method Methods 0.000 title claims abstract description 13
- 230000007246 mechanism Effects 0.000 claims abstract description 146
- 238000012795 verification Methods 0.000 claims abstract description 128
- 238000000034 method Methods 0.000 claims abstract description 37
- 238000004590 computer program Methods 0.000 claims abstract description 23
- 238000012545 processing Methods 0.000 claims description 23
- 238000005516 engineering process Methods 0.000 abstract description 5
- 230000002688 persistence Effects 0.000 description 9
- 238000013475 authorization Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 4
- 230000008520 organization Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000013507 mapping Methods 0.000 description 3
- 238000004422 calculation algorithm Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 2
- 238000011217 control strategy Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 239000003999 initiator Substances 0.000 description 2
- 238000002360 preparation method Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 101100426970 Caenorhabditis elegans ttr-1 gene Proteins 0.000 description 1
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- RWSOTUBLDIXVET-UHFFFAOYSA-N Dihydrogen sulfide Chemical compound S RWSOTUBLDIXVET-UHFFFAOYSA-N 0.000 description 1
- 244000035744 Hura crepitans Species 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Abstract
The present application relates to the field of blockchain technology, and provides an information processing method, an apparatus, a computer device, a storage medium and a computer program product, which can be applied to the financial field or other related fields. The method and the device can prevent the information of the target object from being unnecessarily disclosed or revealed, and effectively protect the privacy of the target object. The method comprises the following steps: object attribute information of a target object is obtained, a pre-stored attribute encryption key and an attribute encryption list are obtained from a blockchain network, the object attribute information is encrypted according to the attribute encryption key and the attribute encryption list to obtain an object certificate corresponding to the object attribute information, an attribute decryption key corresponding to the object certificate is generated according to an attribute authority condition set and the attribute encryption key corresponding to the identity verification mechanism, and the attribute decryption key is sent to a terminal corresponding to the identity verification mechanism, so that the terminal decrypts the object certificate by using the attribute decryption key to obtain corresponding target attribute information.
Description
Technical Field
The present application relates to the field of blockchain technology, and in particular, to an information processing method, an apparatus, a computer device, a storage medium, and a computer program product.
Background
With the development of information technology, the convenience of business handling is gradually improved. When a target object (such as a user) needs to prove the identity of the target object to different identity verification institutions so as to obtain the authorization of using a certain service, the target object can apply for issuing a credential file to an identity provider such as an authority institution to obtain the authoritative identity document, and when the target object needs to use the certain service, the target object only needs to provide the corresponding credential file to the service institution without transmitting the information of the target object.
However, since different service institutions require different information to be verified when providing services, the different service institutions only need to verify part of the information in the credentials, so that the information of the target object is unnecessarily disclosed or revealed, and thus the privacy of the target object cannot be effectively protected by the information processing through the conventional technology.
Disclosure of Invention
Based on this, it is necessary to provide an information processing method, an apparatus, a computer device, a computer-readable storage medium, and a computer program product in view of the above-described technical problems.
In a first aspect, the present application provides an information processing method. The method comprises the following steps:
acquiring object attribute information of a target object; the object attribute information comprises attribute information of each preset attribute;
Acquiring a pre-stored attribute encryption key and an attribute encryption list from a blockchain network; attribute authority conditions corresponding to all preset attributes are recorded in the attribute encryption list;
according to the attribute encryption key and the attribute encryption list, carrying out encryption processing on the object attribute information to obtain an object certificate corresponding to the object attribute information; the object certificate is used for uploading to an identity verification mechanism associated with the target object in the blockchain network;
generating an attribute decryption key corresponding to the object certificate according to the attribute authority condition set and the attribute encryption key corresponding to the identity verification mechanism, and sending the attribute decryption key to a terminal corresponding to the identity verification mechanism, so that the terminal decrypts the object certificate by using the attribute decryption key to obtain target attribute information; the target attribute information is attribute information of preset attributes of the attribute authority condition set, wherein the corresponding attribute authority condition satisfies the preset attribute information of the attribute authority condition set.
In one embodiment, according to the attribute encryption key and the attribute encryption list, encrypting the object attribute information to obtain an object credential corresponding to the object attribute information, including:
according to the attribute encryption key and the attribute encryption list, carrying out encryption processing on the object attribute information to obtain a ciphertext corresponding to the object attribute information;
Signing the ciphertext by using first private key information corresponding to the identity information of the identity providing mechanism, and taking the ciphertext comprising the first private key signature as an object certificate; the first private key signature is used for acquiring first public key information corresponding to the identity information of the identity providing mechanism from the blockchain network by the terminal, the first private key signature is verified by utilizing the first public key information, and the step of decrypting the object certificate by utilizing the attribute decryption key is executed under the condition that verification is passed.
In one embodiment, after obtaining the object credential corresponding to the object attribute information, the method further comprises:
uploading a first hash value corresponding to the object certificate to the blockchain network, enabling the terminal to acquire the first hash value from the blockchain network, verifying a second hash value corresponding to the object certificate by using the first hash value, and executing the step of decrypting the object certificate by using the attribute decryption key under the condition that verification is passed.
In one embodiment, after obtaining the object attribute information of the target object, the method further includes:
according to the object attribute information, carrying out digital identity registration on the target object to obtain second private key information and second public key information corresponding to the identity information of the target object;
The second private key information is sent to a terminal corresponding to the target object, and the second public key information is uploaded to a blockchain network; the second private key information is used for signing the object certificate by the target object through the second private key information to obtain a second private key signature corresponding to the object certificate, the second private key signature is sent to a terminal corresponding to the identity verification mechanism, the terminal corresponding to the identity verification mechanism obtains second public key information from the blockchain network, the second private key signature is verified through the second public key information, and the step of decrypting the object certificate through the attribute decryption key is executed under the condition that verification is passed.
In one embodiment, after generating the attribute decryption key corresponding to the object credential according to the attribute permission condition set and the attribute encryption key corresponding to the authentication mechanism, the method further includes:
transmitting identity information corresponding to the identity verification mechanism to a blockchain network, so that the blockchain network records the identity information corresponding to the identity verification mechanism in a permission mechanism set; the set of authority is used in the blockchain network to allow each authentication authority in the set of authority to obtain first public key information, or a first hash value, or second public key information from the blockchain network.
In one embodiment, obtaining object attribute information of a target object includes:
acquiring object information of a target object;
and performing attribute information classification processing on the object information to obtain object attribute information.
In a second aspect, the present application also provides an information processing apparatus. The device comprises:
the object attribute information acquisition module is used for acquiring object attribute information of a target object; the object attribute information comprises attribute information of each preset attribute;
the key and list acquisition module is used for acquiring a pre-stored attribute encryption key and an attribute encryption list from the blockchain network; the attribute authority conditions corresponding to the preset attributes are recorded in the attribute encryption list;
the object certificate obtaining module is used for carrying out encryption processing on the object attribute information according to the attribute encryption key and the attribute encryption list to obtain an object certificate corresponding to the object attribute information; the object credential is used for uploading to an identity verification mechanism associated with the target object in the blockchain network;
the attribute decryption key sending module is used for generating an attribute decryption key corresponding to the object certificate according to the attribute authority condition set corresponding to the identity verification mechanism and the attribute encryption key, and sending the attribute decryption key to a terminal corresponding to the identity verification mechanism, so that the terminal decrypts the object certificate by using the attribute decryption key to obtain target attribute information; the target attribute information is attribute information of preset attributes of the attribute authority condition set, wherein the corresponding attribute authority condition satisfies the preset attribute of the attribute authority condition set.
In a third aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor which when executing the computer program performs the steps of:
acquiring object attribute information of a target object; the object attribute information comprises attribute information of each preset attribute; acquiring a pre-stored attribute encryption key and an attribute encryption list from a blockchain network; attribute authority conditions corresponding to all preset attributes are recorded in the attribute encryption list; according to the attribute encryption key and the attribute encryption list, carrying out encryption processing on the object attribute information to obtain an object certificate corresponding to the object attribute information; the object certificate is used for uploading to an identity verification mechanism associated with the target object in the blockchain network; generating an attribute decryption key corresponding to the object certificate according to the attribute authority condition set and the attribute encryption key corresponding to the identity verification mechanism, and sending the attribute decryption key to a terminal corresponding to the identity verification mechanism, so that the terminal decrypts the object certificate by using the attribute decryption key to obtain target attribute information; the target attribute information is attribute information of preset attributes of the attribute authority condition set, wherein the corresponding attribute authority condition satisfies the preset attribute information of the attribute authority condition set.
In a fourth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:
acquiring object attribute information of a target object; the object attribute information comprises attribute information of each preset attribute; acquiring a pre-stored attribute encryption key and an attribute encryption list from a blockchain network; attribute authority conditions corresponding to all preset attributes are recorded in the attribute encryption list; according to the attribute encryption key and the attribute encryption list, carrying out encryption processing on the object attribute information to obtain an object certificate corresponding to the object attribute information; the object certificate is used for uploading to an identity verification mechanism associated with the target object in the blockchain network; generating an attribute decryption key corresponding to the object certificate according to the attribute authority condition set and the attribute encryption key corresponding to the identity verification mechanism, and sending the attribute decryption key to a terminal corresponding to the identity verification mechanism, so that the terminal decrypts the object certificate by using the attribute decryption key to obtain target attribute information; the target attribute information is attribute information of preset attributes of the attribute authority condition set, wherein the corresponding attribute authority condition satisfies the preset attribute information of the attribute authority condition set.
In a fifth aspect, the present application also provides a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps of:
acquiring object attribute information of a target object; the object attribute information comprises attribute information of each preset attribute; acquiring a pre-stored attribute encryption key and an attribute encryption list from a blockchain network; attribute authority conditions corresponding to all preset attributes are recorded in the attribute encryption list; according to the attribute encryption key and the attribute encryption list, carrying out encryption processing on the object attribute information to obtain an object certificate corresponding to the object attribute information; the object certificate is used for uploading to an identity verification mechanism associated with the target object in the blockchain network; generating an attribute decryption key corresponding to the object certificate according to the attribute authority condition set and the attribute encryption key corresponding to the identity verification mechanism, and sending the attribute decryption key to a terminal corresponding to the identity verification mechanism, so that the terminal decrypts the object certificate by using the attribute decryption key to obtain target attribute information; the target attribute information is attribute information of preset attributes of the attribute authority condition set, wherein the corresponding attribute authority condition satisfies the preset attribute information of the attribute authority condition set.
The information processing method, the device, the computer equipment, the storage medium and the computer program product acquire object attribute information of a target object, the object attribute information comprises attribute information of each preset attribute, a pre-stored attribute encryption key and an attribute encryption list are acquired from a blockchain network, attribute authority conditions corresponding to each preset attribute are recorded in the attribute encryption list, the object attribute information is encrypted according to the attribute encryption key and the attribute encryption list to acquire an object certificate corresponding to the object attribute information, the object certificate is used for being uploaded to an identity verification mechanism associated with the target object in the blockchain network, an attribute decryption key corresponding to the object certificate is generated according to an attribute authority condition set and the attribute encryption key corresponding to the identity verification mechanism, and the attribute decryption key is sent to a terminal corresponding to the identity verification mechanism, so that the terminal decrypts the object certificate by using the attribute decryption key to acquire the target attribute information, and the target attribute information is the attribute information of the preset attribute information of each preset attribute, and the corresponding attribute authority conditions meet the attribute information of the preset attribute of the attribute authority condition set. The terminal of the identity providing mechanism of the scheme obtains attribute information of each preset attribute of the target object, obtains a pre-stored attribute encryption key and an attribute encryption list from the blockchain network, performs attribute encryption on the attribute information according to the attribute encryption key and the attribute encryption list to obtain an object certificate, generates an attribute decryption key according to an attribute authority condition set corresponding to the identity verifying mechanism and the attribute encryption key, and sends the attribute decryption key to the terminal corresponding to the identity verifying mechanism.
Drawings
FIG. 1 is a flow chart of a method of processing information in one embodiment;
FIG. 2 is a system architecture diagram of a method of information processing in one embodiment;
FIG. 3 is an internal block diagram of block chain nodes in one embodiment;
FIG. 4 is a block diagram showing the structure of an information processing apparatus in one embodiment;
fig. 5 is an internal structural diagram of a computer device in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.
In one embodiment, as shown in fig. 1, an information processing method is provided, and this embodiment is illustrated by applying the method to a terminal (such as a terminal corresponding to an identity providing mechanism), and includes the following steps:
step S101, object attribute information of a target object is acquired.
In this step, the target object may be a user; the object attribute information includes attribute information of each preset attribute, wherein each preset attribute may be each preset attribute type, such as a name, a certificate type, a certificate number, a location area, and the like.
Specifically, object attribute information of the target object provided by the target object is obtained, verification of the object attribute information is performed, and the object attribute information is ensured to be free of errors.
Step S102, a pre-stored attribute encryption key and an attribute encryption list are obtained from the blockchain network.
In the step, attribute authority conditions corresponding to all preset attributes are recorded in an attribute encryption list; as shown in fig. 2, the blockchain network may be a federation chain (federation chain network), for example, a digital identity federation chain 1, where the digital identity federation chain 1 is formed by building cross-institution identity mutual-recognition requirements according to an external federation service system 4, the chain includes a plurality of blockchain nodes 2, each of which belongs to member nodes of the digital identity federation chain and belongs to different federation institutions, each of the member nodes is deployed with a digital identity smart contract that interacts with a digital identity service node 3 for digital identity ID (name) management and credential management services, the digital identity service node 3 is also a distributed deployment architecture, each of the federation institutions has a deployment, the federation service system 4 invokes a corresponding digital identity management and credential management service through the digital identity service node 3 (it can also be understood that the corresponding terminal of the identity providing institution includes the corresponding federation service system 4 and the digital identity service node 3, similarly, the terminal corresponding to the identity verification mechanism can also comprise a alliance mechanism business system 4 and a digital identity service node 3 corresponding to the identity verification mechanism, the total number of block chain nodes in the digital identity alliance chain 1 can be 3f+1, f represents the number of supportable fault-tolerant nodes, the minimum value is 1, the request and the business request are both identified by adopting a pbft (Bayesian fault tolerance) algorithm, one identification request must be identified after each verification node in the business chain receives at least 2f+1 identical confirmation messages from other verification nodes (other block chain nodes 2), the transaction can complete the identification of the current stage, the identification is successful after the identification of the three stages of the Bayesian fault tolerance algorithm is completed, the system data access control strategy updating request and the service request are executed, and the execution result can be used as legal data to generate a new block and perform persistence; the block chain node 2 is used for receiving digital identity ID registration, digital identity certificate issue and verification and certificate attribute encryption control strategy update requests initiated by the digital identity service node 3, all verification nodes have consistent internal structures, carrying out authority verification on transactions and completing repetition and parameter legitimacy verification, broadcasting the transactions to all other block chain nodes 2 in the digital identity alliance chain 1 after the verification is passed, receiving block broadcast notification to be mutually matched of other block chain nodes 2, carrying out parameter legitimacy verification on the transaction to be mutually matched, entering a three-section type consensus process after the verification is passed, wherein the first stage is pre-preparation consensus, the second stage is preparation consensus, the third stage is guarantee consensus, the three stages are sequentially executed, the consensus of the current stage is completed after the current stage has totally received the coincidence confirmation messages of 2f+1 other transaction consensus nodes and enters the next stage, the consensus of the three stages is completed and represents block consensus messages, generating new block data after the logic processing in contracts is completed, and executing related system contract flows are executed; the digital identity service node 3 is a service node facing each alliance organization on the digital identity alliance chain 1 and matched with the blockchain node 2 to provide inter-organization identity mutual recognition, and generally supports the respective access of different digital identity alliance chain 1 alliance operation membership parties, the digital identity service node 3 provides digital identity related digital identity ID registration, digital identity credential issuing and verification, credential attribute encryption control policy updating and other basic services, and the alliance organization service system 4 triggers service invocation, the internal structure of each digital identity service node 3 is consistent, but service authority control is required according to different alliance roles of the alliance organization, such as the authority of the credential issuing only by the identity providing organization; the alliance business system 4 is a business system which needs to carry out mutual identity authentication of cross-institutions and provide service to the outside according to the mutual identity authentication result, and is formed by different alliances on the digital identity alliance chain 1, wherein the business system comprises two different roles of an identity issuer (identity providing institution) and an identity verifier (identity verifying institution), the identity issuer is generally an authoritative institution capable of carrying out authoritative authentication on the actual identity of a user, corresponding identity credential information is issued for a target object and serves as an alliance manager identity to issue corresponding attribute encryption keys for the identity verifier in the alliance, different authorities control different knowledge rights of the attribute information of the target object, the identity verifier is a service institution which provides service for the target object, the identity credential information issued by the authoritative institution is used for identifying whether the corresponding service can be provided for the target object, the identity credential of the target object is disclosed according to a minimum disclosure principle, the attribute privacy of the target object is protected by attribute encryption, the identity verifying institution decrypts the corresponding attribute encryption keys in the certificate through applying different attribute decryption keys to obtain the corresponding attribute encryption keys, and the corresponding attribute information and the certificate can be used for the target object attribute information, and the corresponding service can be provided by the corresponding service for the target object, and the certificate can be traced by the authority, and the certificate of the target object can be used for the corresponding service in the whole process of the target object, and the target object.
As shown in fig. 3, which is an internal structure diagram of the blockchain node 2, each blockchain node 2 includes a transaction routing and data processing device 11 and an intelligent contract consensus and execution device 12, the transaction routing and data processing device 11 is configured to receive a digital identity DID (Decentralized Identity, de-centralized identity, abbreviated as DID) initiated by the digital identity service node 3 and an endorsement request of a credential management service, to verify a transaction according to a transaction certificate, to detect whether a related intelligent contract has been normally deployed and operated on a current network node, and to start transaction timeout calculation, and to return transaction timeout information to the digital identity service node 3 if a processing result of the transaction is not received within a timeout waiting window, and to perform routing determination on the intelligent contract at the same time, and to master the entry of the transaction into a corresponding contract consensus route, wherein the intelligent contract call request format is composed of a secure sandbox number corresponding to the intelligent contract, the function is a transaction type, and the args is an input parameter corresponding to a contract function, and each intelligent contract call has a unique transaction id of a full service chain; the intelligent contract consensus and execution device 12 is a device for analyzing, consensus and persistence of attribute encryption rules of service contracts according to attribute encryption authority adjustment requirements initiated by the digital identity service node 3, and comprises a ciphertext encryption strategy of target object attributes in certificates, issuing and canceling of target object attribute decryption keys, maintenance of digital identities and other information, and specifically comprises a transaction verification module 121, a transaction consensus module 122, an attribute encryption control module 123 and a persistence module 124; the transaction verification module 121 is a module for verifying and preprocessing the service request parameters, and is responsible for verifying information such as the service request parameters and sources, and verifying whether the transaction initiator has corresponding transaction authorities, if the transaction initiator is within the authority permission range, judging whether the transaction is a query type or an update type according to the method type in the service request parameters, if the transaction is the query type transaction, acquiring corresponding data from the data persistence module 124 through the persistence module 124, if the transaction is the update type transaction, storing the hash value of the service request block and the block consensus message in a local disk, adding 1 to the block serial number, and broadcasting the block consensus message to all verification nodes 2 in the digital identity alliance chain 1.
Specifically, as shown in fig. 2, an authoritative identity providing mechanism capable of providing identity proof and an identity verification mechanism for providing service for a target object form a digital identity alliance chain 1 capable of mutually identifying across mechanism identities, a terminal of the identity providing mechanism initiates mechanism digital identity registration and role authority initialization to a blockchain node in a blockchain network, the blockchain node in the blockchain network registers credential verification authorities for the identity verification mechanism, the blockchain node simultaneously completes an attribute encryption control authority initialization request, namely, the blockchain network initialization generates an attribute encryption key (the attribute encryption key can be an attribute encryption master key and a public key, the attribute encryption master key and the public key can be respectively called a MainKey and a public key), an intelligent contract consensus and execution device 12 of a verification node 2 can generate a corresponding attribute encryption list map < event > according to attribute encryption request data after an operator of the digital identity alliance chain 1 completes auditing, wherein the attribute encryption request data can be each attribute, the event represents an attribute encryption control event (can be understood as each preset attribute), the attribute encryption control event (can be understood as each preset attribute in a preset credential set), the attribute encryption control authority can be split into an attribute encryption control attribute (can be understood attribute 1, an attribute name can be corresponding to each attribute 1, an attribute can be understood attribute 1 can be represented by attribute 1, an attribute 1 can be corresponding to an attribute 1, an attribute name can be represented by attribute 1, and an attribute 1 can be represented by attribute 1, and an attribute can be represented by attribute name can be respectively, and an attribute 1 can be represented by attribute 1, for example, (ttr 1 and attr 2) and (attr 3 or attr 4) indicate that the request needs to have both attr1 and attr2 and one of attr3 and attr4 at the same time, and then the request needs to be recognized by the transaction recognition module 122 and persisted to world state data by the persistence module 123, as shown in fig. 3.
Step S103, according to the attribute encryption key and the attribute encryption list, the object attribute information is encrypted to obtain an object certificate corresponding to the object attribute information.
In the step, the object certificate is used for uploading to an identity verification mechanism associated with a target object in a blockchain network; the encryption process may be an attribute encryption process; the object credential may be an electronic credential or an entity credential.
Specifically, according to the preset attribute (which may be referred to as eventID) corresponding to each attribute information in the object attribute information of the target object, the access control structure associated with the access policy is accessed from the attribute encryption list map < event, attrList >, the object attribute information is subjected to attribute encryption processing by using the public key PublicKey, a ciphertext (which may be referred to as encryptedClaim) based on attribute encryption is output, the ciphertext may be used as an object credential corresponding to the object attribute information, private key information corresponding to the identity providing mechanism DID may be used to sign the credential, a hash (hash value) of the credential may be uploaded to the blockchain network, the transaction consensus module 122 consensus is performed, the world state data is persisted by the persistence module 124, the object attribute information of the target object, the identity providing mechanism DID, the signature of the object attribute information of the target object after attribute encryption, and the signature of the credential by the identity providing mechanism may be included in the credential, and the target object may be provided to the identity verifying mechanism (e.g. a terminal) when the target object needs to perform service handling (e.g. needs to obtain authorization using a certain service).
Step S104, according to the attribute authority condition set and the attribute encryption key corresponding to the identity verification mechanism, generating an attribute decryption key corresponding to the object certificate, and sending the attribute decryption key to the terminal corresponding to the identity verification mechanism, so that the terminal decrypts the object certificate by using the attribute decryption key, and target attribute information is obtained.
In this step, the target attribute information is attribute information of preset attributes, where the corresponding attribute permission condition satisfies the preset attribute information of the attribute permission condition set, where the attribute permission condition set indicates rights of which object attribute information in the object certificate can be checked or obtained by the identity verification mechanism (terminal of the identity verification mechanism), for example, three attributes (event) are included in the attribute encryption list, or each preset attribute has three attributes (event) in total, respectively, namely, attribute 1 (event 1), attribute 2 (event 2), attribute 3 (event 3), respectively, indicates names, certificates, and information corresponding to the located area in the object attribute information of the target object, and the corresponding rights are respectively, namely, rights 1 (attr 1), rights 2 (attr 2), and rights 3 (attr 3), and the attribute permission condition set of the identity verification mechanism includes rights corresponding to rights 1 (attr 1), rights 3 (attr 3), so that the identity verification mechanism can check or obtain information corresponding to the attributes 1 (event 1), attribute 3 (event 3), that is, or obtain information corresponding to the names and the located area.
Specifically, according to the attribute authority condition set corresponding to the identity verification mechanism provided by the identity verification mechanism (may be referred to as userAttrList, for example, the attribute authority condition set may be sent to a terminal or a server corresponding to the identity providing mechanism by a terminal corresponding to the identity verification mechanism, or the terminal corresponding to the identity verification mechanism uploads the attribute authority condition set to a blockchain network, the terminal corresponding to the identity providing mechanism obtains the attribute authority condition set from the blockchain network, and an attribute encryption key (such as an attribute encryption master key and a public key publicKey, may be obtained from a blockchain node in the blockchain network by a terminal corresponding to the identity providing mechanism) generates an attribute decryption key (may be referred to as privateKey) associated with the attribute authority condition set for the identity verification mechanism, and sends the attribute decryption key privateKey to the terminal corresponding to the identity verification mechanism.
In the information processing method, object attribute information of a target object is acquired, the object attribute information comprises attribute information of each preset attribute, a pre-stored attribute encryption key and an attribute encryption list are acquired from a blockchain network, attribute authority conditions corresponding to each preset attribute are recorded in the attribute encryption list, the object attribute information is subjected to encryption processing according to the attribute encryption key and the attribute encryption list to obtain an object certificate corresponding to the object attribute information, the object certificate is used for uploading to an identity verification mechanism associated with the target object in the blockchain network, an attribute decryption key corresponding to the object certificate is generated according to an attribute authority condition set and the attribute encryption key corresponding to the identity verification mechanism, the attribute decryption key is sent to a terminal corresponding to the identity verification mechanism, the terminal decrypts the object certificate by using the attribute decryption key to obtain target attribute information, and the target attribute information is the attribute information of each preset attribute, and the corresponding attribute authority conditions meet the attribute information of the preset attribute of the attribute authority condition set. The terminal of the identity providing mechanism of the scheme obtains attribute information of each preset attribute of the target object, obtains a pre-stored attribute encryption key and an attribute encryption list from the blockchain network, performs attribute encryption on the attribute information according to the attribute encryption key and the attribute encryption list to obtain an object certificate, generates an attribute decryption key according to an attribute authority condition set corresponding to the identity verifying mechanism and the attribute encryption key, and sends the attribute decryption key to the terminal corresponding to the identity verifying mechanism.
In one embodiment, the obtaining object attribute information of the target object in step S101 specifically includes: acquiring object information of a target object; and performing attribute information classification processing on the object information to obtain object attribute information.
Specifically, the target object may apply for issuing an object credential to a terminal corresponding to the identity providing mechanism (e.g., a federation mechanism service system 4 of the identity providing mechanism), where the terminal corresponding to the identity providing mechanism obtains object information of the target object provided by the target object, and performs attribute information classification processing on the object information according to an attribute security tag, such as top-secret, common, which needs to be set by the blockchain network, to obtain object attribute information.
According to the technical scheme, the object information is obtained through attribute information classification processing of the object information, so that the object information provided by the target object is integrated and classified, the format requirement of the subsequently formed object certificate is met, the privacy of the target object is effectively protected, and the accuracy of information processing is improved.
In one embodiment, the method may further include the steps of sending the second private key information to a terminal corresponding to the target object, and uploading the second public key information to the blockchain network, where the method specifically includes: according to the object attribute information, carrying out digital identity registration on the target object to obtain second private key information and second public key information corresponding to the identity information of the target object; and sending the second private key information to a terminal corresponding to the target object, and uploading the second public key information to the blockchain network.
In this embodiment, the second private key information is used for signing the object certificate by the target object using the second private key information, to obtain a second private key signature corresponding to the object certificate, and send the second private key signature to the terminal corresponding to the identity verification mechanism, so that the terminal corresponding to the identity verification mechanism obtains the second public key information from the blockchain network, verifies the second private key signature by using the second public key information, and executes the step of decrypting the object certificate by using the attribute decryption key under the condition that verification passes.
Specifically, after obtaining the object attribute information of the target object, the terminal corresponding to the identity providing mechanism verifies the object attribute information, if the verification is correct, the digital identity service node 3 corresponding to the identity providing mechanism completes digital identity registration for the target object, generates the target object identity DID of the target object, the second private key information and the second public key information corresponding to the target object identity DID, sends the second private key information to the terminal corresponding to the target object (i.e., the target object keeps the second private key information corresponding to the target object identity DID by itself), and uploads the second public key information to the blockchain network (uplink), where the request needs to be subjected to the consensus of the transaction consensus module 122 and persisted into world state data by the persistence module 124, which is exemplary, when the target object needs to conduct business handling (if the authorization of using a certain service needs to be obtained) at the identity verification mechanism, the target object (the terminal corresponding to the target object) signs the object certificate by utilizing the second private key information to obtain a second private key signature corresponding to the object certificate, and sends the second private key signature and the object certificate (the object certificate containing the second private key signature) to the terminal corresponding to the identity verification mechanism, when the terminal corresponding to the identity verification mechanism receives the object certificate, the terminal corresponding to the identity verification mechanism can acquire the second public key information corresponding to the target object identity DID from the blockchain network before decrypting the object certificate by utilizing the attribute decryption key, verifies the second private key signature by utilizing the second public key information, verifies whether the object certificate is sent by the target object, if the verification fails, the object certificate is provided for a non-target object, the service is denied and if the verification is successful, indicating that the object credential is provided for the target object, the step of decrypting the object credential using the attribute decryption key may be performed.
According to the technical scheme, the second private key information is sent to the terminal corresponding to the target object, and the second public key information is uploaded to the blockchain network, so that the identity verification mechanism can verify whether the object certificate is provided by the target object, and the information processing safety is improved.
In one embodiment, the encrypting the object attribute information according to the attribute encryption key and the attribute encryption list in step S102 to obtain the object credential corresponding to the object attribute information specifically includes: according to the attribute encryption key and the attribute encryption list, carrying out encryption processing on the object attribute information to obtain a ciphertext corresponding to the object attribute information; and signing the ciphertext by using first private key information corresponding to the identity information of the identity providing mechanism, and taking the ciphertext comprising the first private key signature as an object certificate.
In this embodiment, the first private key signature is used for the terminal to obtain first public key information corresponding to the identity information of the identity providing mechanism from the blockchain network, the first private key signature is verified by using the first public key information, and the step of decrypting the object certificate by using the attribute decryption key is executed when the verification passes.
Specifically, according to the attribute encryption key and the attribute encryption list, the object attribute information is encrypted to obtain a ciphertext corresponding to the object attribute information (or an object credential not including a first private key signature), the ciphertext is signed by using first private key information corresponding to identity information DID of the identity provider, the ciphertext including the first private key signature is used as an object credential (including the object credential signed by the first private key), when the target object needs to perform service handling at the identity verifier (if it is required to obtain authorization for using a certain service), for example, the target object may provide an object credential to the identity verifier (e.g., a terminal corresponding to the identity verifier), when the terminal corresponding to the identity verifier receives the object credential, may obtain first public key information corresponding to the identity information DID of the pre-stored identity provider from the blockchain network before decrypting the object credential by using the attribute decryption key, verify the first private key signature by using the first public key information, and according to the verification result, if the object attribute information in the object credential is required to be processed by the identity verifier (if the authority is understood as a pre-authentication authority), if the authority is not required to provide the object credential by the object credential, and if the object credential is not required to be decrypted by the authority, the object credential is generated by the object credential.
According to the technical scheme, the first private key signature is added into the object certificate, so that the identity verification mechanism can verify whether the object certificate is authenticated (or generated) by the authority mechanism, and the information processing safety and accuracy are improved.
In one embodiment, the method may further upload the first hash value corresponding to the object credential to the blockchain network by: uploading a first hash value corresponding to the object certificate to the blockchain network, enabling the terminal to acquire the first hash value from the blockchain network, verifying a second hash value corresponding to the object certificate by using the first hash value, and executing the step of decrypting the object certificate by using the attribute decryption key under the condition that verification is passed.
Specifically, after the terminal corresponding to the identity providing mechanism obtains the object credential corresponding to the object attribute information, a first hash value corresponding to the first object credential (i.e., a hash value corresponding to the correct object credential) is generated, the first hash value corresponding to the first object credential is uploaded to the blockchain network, and when the target object needs to transact a service (if an authorization for using a certain service needs to be obtained) at the identity verifying mechanism, the target object (the terminal corresponding to the target object) can provide a second object credential to be verified to the identity verifying mechanism (e.g., the terminal corresponding to the identity verifying mechanism), when the terminal corresponding to the identity verifying mechanism receives the second object credential, the terminal corresponding to the identity verifying mechanism can generate a second hash value corresponding to the second object credential before decrypting the object credential by using the attribute decryption key, and verify the second hash value by using the first hash value, if the verification result is that the first hash value is not matched with the second hash value (is not the same), the second credential to be verified is tampered (i.e., if the first hash value is not matched with the first hash value is provided), and if the verification result is that the first hash value is not matched with the second hash value is not provided by the identity verifying mechanism, and the first hash value is not provided by the identity decrypting key (if the first hash value is not matched with the first hash value).
According to the technical scheme, the first hash value corresponding to the object certificate is uploaded to the blockchain network, so that the identity verification mechanism can verify whether the object certificate is tampered with violations, and the information processing safety and accuracy are improved.
In one embodiment, the method may further send identity information corresponding to the authentication mechanism to the blockchain network through the following steps: and sending the identity information corresponding to the identity verification mechanism to the blockchain network, so that the blockchain network records the identity information corresponding to the identity verification mechanism in the authority mechanism set.
In this embodiment, the authority set is used for the blockchain network to allow each identity verification mechanism in the authority set to obtain first public key information, or first hash value, or second public key information from the blockchain network, where the authority set may be a mapping table map < userID, userPrime >, where userID may represent a DID of the identity verification mechanism, and userPrime may represent a prime number, where all prime numbers are recorded in the prime number domain P.
Specifically, after generating the attribute decryption key corresponding to the object certificate according to the attribute authority condition set and the attribute encryption key corresponding to the identity verification mechanism, the terminal corresponding to the identity providing mechanism can apply a prime number userPrime for the identity verification mechanism in a prime number domain P (for example, the prime number domain P contains different prime numbers, only one prime number is contained in each prime number) pre-stored in the blockchain network, then can delete the allocated prime number userPrime from the prime number domain P, ensure that the prime numbers userprimes corresponding to different identity verification mechanisms are different, then the blockchain network stores the prime number userPrime in a mapping table map < userID, and the prime numbers corresponding to different authorized identity verification mechanisms are recorded in the mapping table map, for example, when the target object needs to conduct business handling (such as obtaining authorization to use a certain service) at the identity verification mechanism, the target object (the terminal corresponding to the target object) can provide the object certificate for the identity verification mechanism (such as the terminal corresponding to the identity verification mechanism), when the terminal corresponding to the identity verification mechanism receives the object certificate, the terminal corresponding to the identity verification mechanism can apply for obtaining the first public key information, the first hash value and/or the second public key information (such as sending an instruction for obtaining corresponding information to the blockchain network) to the blockchain network (the blockchain node in the blockchain network) before decrypting the object certificate by using the attribute decryption key, and the blockchain network (the blockchain node in the blockchain network) checks whether the DID of the identity verification mechanism is registered in the map < userID, userPrime > or not, and after the verification is passed, the first public key information is allowed to be fed back, the first hash value and/or the second public key information are/is sent to an identity verification mechanism (such as a terminal corresponding to the identity verification mechanism), optionally, the terminal corresponding to the identity providing mechanism may send an attribute encryption revocation request to a blockchain network (a blockchain node in the blockchain network), where the request needs to be recognized by the instruction recognition module 122 and persisted into world state data by the persistence module 123, so that the blockchain network deletes the DID of the corresponding identity verification mechanism from the map < userID, userPrime > and restores the prime number userPrime originally corresponding to the DID of the identity verification mechanism in the prime number domain P.
According to the technical scheme, the identity information corresponding to the identity verification mechanism is sent to the blockchain network, so that whether the blockchain network has the authority of acquiring the related information or not can be verified, unnecessary disclosure or disclosure of the information of the target object is prevented, the privacy of the target object is effectively protected, and the safety of information processing is improved.
It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.
Based on the same inventive concept, the embodiments of the present application also provide an information processing apparatus for implementing the above-mentioned related information processing method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation of one or more embodiments of the information processing device provided below may refer to the limitation of the information processing method hereinabove, and will not be repeated herein.
In one embodiment, as shown in fig. 4, there is provided an information processing apparatus 400, which may include:
an object attribute information obtaining module 401, configured to obtain object attribute information of a target object; the object attribute information comprises attribute information of each preset attribute;
a key and list obtaining module 402, configured to obtain a pre-stored attribute encryption key and attribute encryption list from the blockchain network; the attribute authority conditions corresponding to the preset attributes are recorded in the attribute encryption list;
an object credential obtaining module 403, configured to encrypt the object attribute information according to the attribute encryption key and the attribute encryption list, to obtain an object credential corresponding to the object attribute information; the object credential is used for uploading to an identity verification mechanism associated with the target object in the blockchain network;
The attribute decryption key sending module 404 is configured to generate an attribute decryption key corresponding to the object credential according to the attribute authority condition set corresponding to the identity verification mechanism and the attribute encryption key, and send the attribute decryption key to a terminal corresponding to the identity verification mechanism, so that the terminal decrypts the object credential by using the attribute decryption key to obtain target attribute information; the target attribute information is attribute information of preset attributes of the attribute authority condition set, wherein the corresponding attribute authority condition satisfies the preset attribute of the attribute authority condition set.
In one embodiment, the object credential obtaining module 403 is further configured to encrypt the object attribute information according to the attribute encryption key and the attribute encryption list to obtain a ciphertext corresponding to the object attribute information; signing the ciphertext by using first private key information corresponding to the identity information of the identity providing mechanism, and taking the ciphertext containing the first private key signature as the object certificate; the first private key signature is used for the terminal to acquire first public key information corresponding to the identity information of the identity providing mechanism from the blockchain network, the first private key signature is verified by using the first public key information, and the step of decrypting the object certificate by using the attribute decryption key is executed under the condition that verification is passed.
In one embodiment, the apparatus 400 further comprises: and the first hash value uploading module is used for uploading a first hash value corresponding to the object certificate to the blockchain network, so that the terminal obtains the first hash value from the blockchain network, verifies a second hash value corresponding to the object certificate by using the first hash value, and executes the step of decrypting the object certificate by using the attribute decryption key under the condition that the verification is passed.
In one embodiment, the apparatus 400 further comprises: the second public key information uploading module is used for carrying out digital identity registration on the target object according to the object attribute information to obtain second private key information and second public key information corresponding to the identity information of the target object; the second private key information is sent to a terminal corresponding to the target object, and the second public key information is uploaded to the blockchain network; the second private key information is used for signing the object certificate by the target object through the second private key information, obtaining a second private key signature corresponding to the object certificate, sending the second private key signature to a terminal corresponding to the identity verification mechanism, enabling the terminal corresponding to the identity verification mechanism to acquire the second public key information from the blockchain network, verifying the second private key signature through the second public key information, and executing the step of decrypting the object certificate through the attribute decryption key under the condition that verification passes.
In one embodiment, the apparatus 400 further comprises: the identity information sending module is used for sending the identity information corresponding to the identity verification mechanism to the blockchain network, so that the blockchain network records the identity information corresponding to the identity verification mechanism in the authority mechanism set; the set of authority mechanisms is used for the blockchain network to allow each identity verification mechanism in the set of authority mechanisms to acquire the first public key information, the first hash value or the second public key information from the blockchain network.
In one embodiment, the object attribute information obtaining module 401 is further configured to obtain object information of the target object; and carrying out attribute information classification processing on the object information to obtain the object attribute information.
Each of the modules in the above-described information processing apparatus may be implemented in whole or in part by software, hardware, and a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
It should be noted that the method and apparatus for information processing provided in the present application may be used in the application field related to information processing in the financial field, and may also be used in any field related to information processing other than the financial field, where the application field of the method and apparatus for information processing provided in the present application is not limited.
In one embodiment, a computer device is provided, which may be a terminal, and the internal structure of which may be as shown in fig. 5. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, a mobile cellular network, NFC (near field communication) or other technologies. The computer equipment also comprises an input/output interface, wherein the input/output interface is a connecting circuit for exchanging information between the processor and the external equipment, and the input/output interface is connected with the processor through a bus and is called as an I/O interface for short. The computer program is executed by a processor to implement an information processing method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.
It will be appreciated by those skilled in the art that the structure shown in fig. 5 is merely a block diagram of some of the structures associated with the present application and is not limiting of the computer device to which the present application may be applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
In an embodiment, there is also provided a computer device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the method embodiments described above when the computer program is executed.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when executed by a processor, carries out the steps of the method embodiments described above.
In an embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.
It should be noted that, user information (including but not limited to user equipment information, user personal information, etc.) and data (including but not limited to data for analysis, stored data, presented data, etc.) referred to in the present application are information and data authorized by the user or sufficiently authorized by each party.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in the various embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the various embodiments provided herein may include at least one of relational databases and non-relational databases. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processors referred to in the embodiments provided herein may be general purpose processors, central processing units, graphics processors, digital signal processors, programmable logic units, quantum computing-based data processing logic units, etc., without being limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples only represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the present application. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application shall be subject to the appended claims.
Claims (10)
1. An information processing method, characterized in that the method comprises:
acquiring object attribute information of a target object; the object attribute information comprises attribute information of each preset attribute;
acquiring a pre-stored attribute encryption key and an attribute encryption list from a blockchain network; the attribute authority conditions corresponding to the preset attributes are recorded in the attribute encryption list;
Encrypting the object attribute information according to the attribute encryption key and the attribute encryption list to obtain a ciphertext corresponding to the object attribute information; signing the ciphertext by using first private key information corresponding to the identity information of the identity providing mechanism, and taking the ciphertext containing the first private key signature as an object certificate corresponding to the object attribute information; the object credential is used for uploading to an identity verification mechanism associated with the target object in the blockchain network;
generating an attribute decryption key corresponding to the object certificate according to the attribute authority condition set corresponding to the identity verification mechanism and the attribute encryption key, and sending the attribute decryption key to a terminal corresponding to the identity verification mechanism, so that the terminal decrypts the object certificate by using the attribute decryption key to obtain target attribute information; the target attribute information is attribute information of preset attributes of the attribute authority condition set, wherein the corresponding attribute authority condition satisfies the preset attribute of the attribute authority condition set.
2. The method according to claim 1, wherein the first private key signature is used for the terminal to obtain first public key information corresponding to identity information of the identity providing mechanism from the blockchain network, the first private key signature is verified by using the first public key information, and the step of decrypting the object certificate by using the attribute decryption key is performed if verification is passed.
3. The method of claim 1, wherein after obtaining the object credential corresponding to the object attribute information, the method further comprises:
uploading the first hash value corresponding to the object certificate to the blockchain network, enabling the terminal to acquire the first hash value from the blockchain network, verifying the second hash value corresponding to the object certificate by using the first hash value, and executing the step of decrypting the object certificate by using the attribute decryption key under the condition that verification is passed.
4. The method according to claim 1, wherein after the object attribute information of the target object is acquired, the method further comprises:
according to the object attribute information, carrying out digital identity registration on the target object to obtain second private key information and second public key information corresponding to the identity information of the target object;
the second private key information is sent to a terminal corresponding to the target object, and the second public key information is uploaded to the blockchain network; the second private key information is used for signing the object certificate by the target object through the second private key information, obtaining a second private key signature corresponding to the object certificate, sending the second private key signature to a terminal corresponding to the identity verification mechanism, enabling the terminal corresponding to the identity verification mechanism to acquire the second public key information from the blockchain network, verifying the second private key signature through the second public key information, and executing the step of decrypting the object certificate through the attribute decryption key under the condition that verification passes.
5. The method according to any one of claims 2 to 4, wherein after generating an attribute decryption key corresponding to the object credential from the set of attribute rights conditions corresponding to the authentication mechanism and the attribute encryption key, the method further comprises:
transmitting the identity information corresponding to the identity verification mechanism to the blockchain network, so that the blockchain network records the identity information corresponding to the identity verification mechanism in a permission mechanism set; the set of authority mechanisms is used for the blockchain network to allow each identity verification mechanism in the set of authority mechanisms to acquire the first public key information, the first hash value or the second public key information from the blockchain network.
6. The method according to claim 1, wherein the acquiring object attribute information of the target object includes:
acquiring object information of the target object;
and carrying out attribute information classification processing on the object information to obtain the object attribute information.
7. An information processing apparatus, characterized in that the apparatus comprises:
the object attribute information acquisition module is used for acquiring object attribute information of a target object; the object attribute information comprises attribute information of each preset attribute;
The key and list acquisition module is used for acquiring a pre-stored attribute encryption key and an attribute encryption list from the blockchain network; the attribute authority conditions corresponding to the preset attributes are recorded in the attribute encryption list;
the object certificate obtaining module is used for carrying out encryption processing on the object attribute information according to the attribute encryption key and the attribute encryption list to obtain a ciphertext corresponding to the object attribute information; signing the ciphertext by using first private key information corresponding to the identity information of the identity providing mechanism, and taking the ciphertext containing the first private key signature as an object certificate corresponding to the object attribute information; the object credential is used for uploading to an identity verification mechanism associated with the target object in the blockchain network;
the attribute decryption key sending module is used for generating an attribute decryption key corresponding to the object certificate according to the attribute authority condition set corresponding to the identity verification mechanism and the attribute encryption key, and sending the attribute decryption key to a terminal corresponding to the identity verification mechanism, so that the terminal decrypts the object certificate by using the attribute decryption key to obtain target attribute information; the target attribute information is attribute information of preset attributes of the attribute authority condition set, wherein the corresponding attribute authority condition satisfies the preset attribute of the attribute authority condition set.
8. The apparatus of claim 7, wherein the apparatus further comprises: and the first hash value uploading module is used for uploading a first hash value corresponding to the object certificate to the blockchain network, so that the terminal obtains the first hash value from the blockchain network, verifies a second hash value corresponding to the object certificate by using the first hash value, and executes the step of decrypting the object certificate by using the attribute decryption key under the condition that the verification is passed.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 6 when the computer program is executed.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210619665.5A CN115022039B (en) | 2022-06-02 | 2022-06-02 | Information processing method, apparatus, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210619665.5A CN115022039B (en) | 2022-06-02 | 2022-06-02 | Information processing method, apparatus, device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115022039A CN115022039A (en) | 2022-09-06 |
| CN115022039B true CN115022039B (en) | 2024-03-15 |
Family
ID=83073185
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210619665.5A Active CN115022039B (en) | 2022-06-02 | 2022-06-02 | Information processing method, apparatus, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115022039B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111147460A (en) * | 2019-12-16 | 2020-05-12 | 重庆邮电大学 | Block chain-based cooperative fine-grained access control method |
| CN112637278A (en) * | 2020-12-09 | 2021-04-09 | 云南财经大学 | Data sharing method and system based on block chain and attribute-based encryption and computer readable storage medium |
| CN114528601A (en) * | 2022-04-25 | 2022-05-24 | 中国工商银行股份有限公司 | Access method and device based on block chain data, processor and electronic equipment |
-
2022
- 2022-06-02 CN CN202210619665.5A patent/CN115022039B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111147460A (en) * | 2019-12-16 | 2020-05-12 | 重庆邮电大学 | Block chain-based cooperative fine-grained access control method |
| CN112637278A (en) * | 2020-12-09 | 2021-04-09 | 云南财经大学 | Data sharing method and system based on block chain and attribute-based encryption and computer readable storage medium |
| CN114528601A (en) * | 2022-04-25 | 2022-05-24 | 中国工商银行股份有限公司 | Access method and device based on block chain data, processor and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115022039A (en) | 2022-09-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11025435B2 (en) | System and method for blockchain-based cross-entity authentication | |
| US11533164B2 (en) | System and method for blockchain-based cross-entity authentication | |
| US10924284B2 (en) | System and method for decentralized-identifier authentication | |
| CN108701276B (en) | System and method for managing digital identities | |
| Yavari et al. | An improved blockchain-based authentication protocol for IoT network management | |
| WO2021000337A1 (en) | System and method for mapping decentralized identifiers to real-world entities | |
| US11244054B2 (en) | Method and apparatus for trusted computing | |
| US20180336554A1 (en) | Secure electronic transaction authentication | |
| CN111651794A (en) | Alliance chain-based electronic data management method and device and storage medium | |
| WO2022042371A1 (en) | Method and apparatus for managing business licenses | |
| CN111460457A (en) | Real estate property registration supervision method, device, electronic equipment and storage medium | |
| CN112712372A (en) | Alliance chain cross-chain system and information calling method | |
| Kwame et al. | V-chain: A blockchain-based car lease platform | |
| EP3817320B1 (en) | Blockchain-based system for issuing and validating certificates | |
| Xu et al. | Blockchain-based transparency framework for privacy preserving third-party services | |
| CN115022039B (en) | Information processing method, apparatus, device and storage medium | |
| US20210150058A1 (en) | Control method, server, recording medium, and data structure | |
| CN117280346A (en) | Method and apparatus for generating, providing and forwarding trusted electronic data sets or certificates based on electronic files associated with a user | |
| Toth et al. | Privacy by design architecture composed of identity agents decentralizing control over digital identity | |
| CN114567444B (en) | Digital signature verification method, device, computer equipment and storage medium | |
| CN115599773B (en) | Distributed resource transfer method, device and system and computer equipment | |
| TWI766430B (en) | De-centralized data authorization control system capable of dynamically adjusting data authorization policy | |
| CN114978668B (en) | Cross-chain data entity identity management and authentication method and system | |
| TWI829215B (en) | De-centralized data authorization control system capable of inspecting transfer history of read token to verify activity of read token | |
| US20220301376A1 (en) | Method and System for Deployment of Authentication Seal in Secure Digital Voting |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |